Mcafee VIRUSSCAN TC 6 ADMINISTRATOR GUIDE

McAfee VirusScan TC
Administrator’s Guide
Version 6.0
COPYRIGHT
Copyright © 2000 Networks Associates Technology, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Networks Associates Technology, Inc., or its suppliers or affiliate companies. To obtain this permission, write to the attention of the Network Associates legal department at: 3965 Freedom Circle, Santa Clara, California 95054, or call (972) 308-9960.
LICENSE AGREEMENT
NOTICETOALLUSERS:FORTHESPECIFICTERMSOFYOURLICENSETOUSETHESOFTWARE THAT THIS DOCUMENTATION DESCRIBES, CONSULT THE README.1ST, LICENSE.TXT, OR OTHER LICENSE DOCUMENT THAT ACCOMPANIES YOUR SOFTWARE, EITHER AS A TEXT FILE ORASPART OF THESOFTWAREPACKAGING. IFYOU DO NOTAGREETO ALL OFTHE TERMS SET FORTH THEREIN, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO THE PLACE OF PURCHASE FOR A FULL REFUND.
NETWORK ASSOCIATES TRADEMARK ATTRIBUTIONS
* ActiveHelp, Bomb Shelter, Building a World of Trust, CipherLink, Clean-Up, Cloaking, CNX, Compass 7, CyberCop, CyberMedia, Data Security Letter, Discover, Distributed Sniffer System, Dr Solomon’s, Enterprise Secure Cast, First Aid, ForceField, Gauntlet, GMT, GroupShield, HelpDesk, Hunter, ISDN Tel/Scope, LM 1, LANGuru, Leading Help Desk Technology, Magic Solutions, MagicSpy, MagicTree, Magic University, MagicWin, MagicWord, McAfee, McAfee Associates, MoneyMagic, More Power To You, Multimedia Cloaking, NetCrypto, NetOctopus, NetRoom, NetScan, Net Shield, NetShield, NetStalker, Net Tools, Network Associates, Network General, Network Uptime!, NetXRay, Nuts & Bolts, PC Medic, PCNotary, PGP, PGP (Pretty Good Privacy), PocketScope, Pop-Up, PowerTelnet, Pretty Good Privacy, PrimeSupport, RecoverKey, RecoverKey-International, ReportMagic, RingFence, Router PM, Safe & Sound, SalesMagic, SecureCast, Service Level Manager, ServiceMagic, Site Meter, Sniffer, SniffMaster, SniffNet, Stalker, Statistical Information Retrieval (SIR), SupportMagic,Switch PM,TeleSniffer,TIS, TMach,TMeg,TotalNetworkSecurity,TotalNetworkVisibility,Total Service Desk, Total Virus Defense, T-POD, Trusted Mach, Trusted Mail, Uninstaller, Virex, Virex-PC, Virus Forum, ViruScan, VirusScan, VShield, WebScan, WebShield, WebSniffer, WebStalker WebWall, andZAC 2000 are
registered trademarks of Network Associates and/or its affiliates in the US and/or other countries. All other registered and unregistered trademarks in this document are the sole property of their r espective owners.
Issued September, 2000/McAfee VirusScan TC v6.0.0
Contents
Chapter1. Introduction ........................................5
Features .........................................................5
The deployment and installa tion scenarios . . .........................6
CompleteInstallation—Overview ...............................7
OptimizedInstallation—Overview ..............................8
ConfiguringelementsofVirusScanTCsoftware ......................10
Chapter 2. Deploying and Installing VirusScan TC . . ..............11
Overview .......................................................11
CompleteInstallation .............................................11
OptimizedInstallation.............................................14
Overview...............................................14
InstallePolicyOrchestratorsoftware .......................15
InstalltheePolicyOrchestratoragent .......................15
Copyprogramconfigurationfilestothesoftwarerepository....15
CopyInstallerandprogramfilestothenetwork ..............17
ConfiguretheVirusScanTCInstaller .......................18
Selectrebootoptions ....................................25
Set policy for the on-access scanner .......................25
Deployingtheinstallationpolicy ...........................25
UninstallingtheVirusScanTCprogram ..............................27
Chapter3. SettingPolicyforOn-AccessScanning ................29
Overview .......................................................29
Configuring on-access scan ning options ............................30
DetectionOptions ...........................................32
Actionoptions ..............................................36
Status of infected files after scanning .......................38
Reportoptions ..............................................39
Exclusionoptions ...........................................43
Deploying scanning policy to the ag ents .............................46
Administrator’s Guide iii
Contents
Chapter4. UpdatingandMirroringTasks .......................49
Whyupdate? ....................................................49
Overviewoftheupdatingandmirroringtasks ........................49
Configuring the AutoUpdate and Mirroring tasks ..................51
Setting schedule for tasks .....................................60
Settingbasicschedule ...................................60
Settingadvancedscheduleoptions ........................63
SelectingScheduleSettings...............................64
Editinganddeletingatask ....................................65
Dealingwithvirusoutbreaks.......................................65
Deployingroutine.DATfileupdates ............................66
DeployinganEXTRA.DATfile..................................66
Independentlyoftheweekly.DATupdate....................66
Withtheweekly.DATupdate ..............................67
AppendixA. Terminology .....................................71
Appendix B. Contact and
supportinformation ...................................73
Customerservice ................................................73
Technicalsupport................................................73
Internationalcontactinformation ...................................77
PrimeSupportoptions ............................................80
NetworkAssociatesconsultingandtraining..........................85
iv McAfee VirusScan TC

1Introduction

Features

McAfee VirusScan TC (Thin Client) is an anti-virus software application that includes:
On-Access Scanner Checks fo r viruses each time you open or copy a
Scanning engine The tool that recognizes viruses and malicious
Virus definition files *.DAT files include information that the scanning
AutoUpdate Keeps the virus definition files and the scann ing
1
file from, save a file to, or otherwise use any file stored on your server or client disk or hard drive.
code.
engine uses to recognize and act upon viruses.
engine up-to-date.
Site replication (mirroring) fe ature
Installer Installs the VirusScan TC program and the
Automatic uninstaller Removes previously installed anti-virus software,
This chapter provides an overview of the configuration, deployment and installation of the elements that are required to place the VirusScan TC softwareon your n etwork’s servers and workstations. These elements are separate, but intimately interconnected. See Appendix A for a discussion of the way the following terms are used in this Administrator’s Guide: configuration , deployment, installation, task, and policy.
Used in conjunction with AutoUpdate, creates a copy of the updating folder on the Network Associates FTP site for distribution of virus definition files on the network.
AutoUpdatefunction on the target computers.
including McAfee VirusScan v4.5, and other anti-virus software products produced by McAfee and most other major manufacturers.
Administrator’s Guide 5
Introduction

The deployment and installation scenarios

You can deploy the VirusScan TC software to the computers on your network using one of two installation scenarios—Complete Installation or Optimize d Installation. The major characteristics of the two approaches are described below:
Complete Installation Optimized Installation
Deployment
VirusScan TC is deployed by SMS, Windows NT login scripts.
The installation files that are deployed to target systems include all of the program files, including one versionof theMicrosoft Installer (MSI) foruse with Windows 95 and Windows 98, and another version for u se with Windows NT. This assures the availability of all files required for installation without regard to whether they are already present on the system.
VirusScanTC is deployed using the ePolicy Orches­trator Console.
Installation
Only one small installation file is deployed to the system, which, in turn, pulls only those program files that are required, but not already present, for installation and operation of VirusScan TC o n the target computers.
*
The compressed siz e of the installation files is approximately 6
The installation includes an executable file for eachof twoversionsof theMicrosoftInstaller v1.1 (MSI).
The space used on the client system af ter installa­tion is about10
VirusScan TC c a n only be configured using the ePolicy Orchestrator Console.
• You must be running ePolicy Orchestrator v1.1 on your network.
• The target computers must be running the ePolicy Orchestrator agent v1.1.
MB.
MB.
Configuration
The compressed size of the installation files ranges between approximately:
MB on a Windows 2000 system
•3.1 to
MB on a Windows 95 system without MSI
•4.6
previously installed.
The installation includes no more than one exe­cutable file for the single version of the Microsoft Installerv1.1thatyoursystemrequires.IfMSIis already present on the client, the installation rou­tine does not include either MSI file.
The space used on the client system after installation is about 10MB.
Same as C omplete Installation.
6 McAfee VirusScan TC
Introduction
Complete Installation Optimized Installation
Limitations
If you are not running ePolicy Orchestrator, or if the target computers are not running the ePolicy
Cannot be deployed by SMS o r Windows NT login scripts.
Orchestrator agent:
• You cannotchange the default configurationof the VirusScan TC software.
• You cannot update the virus definition files.
* In an Optimized Installation, ePolicy Orchestrator “pushes” a single small file, the Installer, to the target computers.
In turn,the Installer“pulls”all the other files requiredfrom locationsthat you designate on theInstallerconfiguration pages. SeeFigure 2-4 on page 19.

Complete Installation — Overview

The Complete Installation consists of all the program files included in the VSCAN_TCfolder that is located ontheCD-ROM. The following table lists the names of the program files with a description of their function and size:
Filename Function Approximate
INSTMSIW.EXE Installs MSI Service in Windows NT
environments.
INSTMSI.EXE Installs MSI Service in Windows 95 and
Windows 98 environments.
SETUP.EXE • Executes either INSTMSIW.EXE or
INSTMSI.EXE, as appropriate.
• Executes LWISETUP.EXE, (see below),
• Executes UNINST.EXE (which removes most previously installed anti-virus software.)
• Executes VSCANTC.MCS (see below).
LWISETUP.EXE • Installs AutoUpdate component.
• Installs UNINST.EXE Uninstaller.
VSCANTC.MCS • Installs the scanning engine.
• Installs the virus definition (.DAT) files.
• Installsand starts the on-access scanner.
Size
(compressed)
1.45
MB
1.45MB
KB
16
364KB
MB
2.74
When your SM S program or login script invokes SETUP.EXE, the Complete Installation procedure selects o nly those program files that it r equires to perform a successful installation.
Administrator’s Guide 7
Introduction
Keep in mind:
You can set and enforce policy for VirusScan TC centrally from the ePolicy Orchestrator Console as soon as you install the ePolicy Orchestrator agent on the target computers.
You cannot configure the program before deploying it across your network. The program is sent to the workstations with default settings.
If you are not running the ePolicy Orchestrator progra m, or if an ePolicy Orchestrator agentisnot present on the workstation,thereisno interface through which you can change the program’s default settings. Nor is there any functionality that allows you to update the program’s virus definitionfiles.
The C omplete Installation approach is useful where:
TheIT organization has rulesforbiddingsoftwaredeploymentbymeans other than approved deployment software, such as SMS or NT login scripts.
The administrator prefers using existing SMS or Windows NT login scripts.
The administrator does not intend to configure the VirusScan TC program w hen it is d eployed and installed, but rather intends to configure the anti-virus program at a later time.

Optimized Installation — Overview

The Optimized Instal lation consists of files that you sele ct from the VSCAN_TC folder that is located on the CD-ROM. (See the list of files on page
7.) Your selectionsare based on your network’s needs.
æ
IMPORTANT:The Optimized Installation is only possible if you are running McAfee ePolicy Orchestrator v1.1 on your network,an d if the ePolicy Orchestrator agent is present on the computers where the VirusScan TC software will be installed. For information on installing ePolicy Orchestrator v1.1; on upgrading your ePolicy Orchestrator software from v1.0; and on installing the ePolicy Orchestrator agent, see the Administrator’s Guide for the ePolicy Orchestrator software.
If you intend to use ePolicy Orchestrator to deploy and manage the VirusScan TC software,there are some advantagestousingthe Optimized Installation to do so, including:
8 McAfee VirusScan TC
Introduction
Econom y of bandwidth usage because the total size of the installat ion files is, in most ca ses, substantially less than the total size of the file s that make up a Complete installation.
Opportunity to configure the ePolicy Orchestrator agent to reboot the computeras required by the installationprocess withoutprompting you for a response.
Keep in mind:
You can set policy (configure) the VirusScan TC program’s scanning options before deploying it. After deployment, the policies are ready to be enforced when the agent receives them from the ePolicy Orchestrator server. That will happen at the time of the next communication between the server and the agent.
You can set a schedule for the AutoUpdate feature before deploying it.
When the Optim ized Installer program (LWISETUP.EXE) is deployed to the targetcomputers, it will calltheuninstaller program,which removes most previous installation of a virus-protection program that is resident on the target computer. The un installer will remove previous versions of McAfee or Dr Solomon’s anti-virus software, or the anti-virus software of other major manufacturers. Then, LWISETUP.EXE pulls the VirusScan TC program, and the MSI v1.1 installation files to the target computers, and pr o vides the functionality necessary for the AutoUpdate function that keeps the program’s v irus definition files up-to-date.
You must copy three files from the CD-ROM to a location on your network. The ePolicy Orchestrator agent uses these files to install the VirusScan TC program. The files are:
–VSCANTC.MCS –INSTMSI.EXE – INSTMSIW.EXE
Administrator’s Guide 9
Introduction

Confi guring element s of VirusS ca n TC softwa re

There are three aspects of VirusScan TC software that can be configured:
Installation process This proc ess must be c onfigured if you are
using the ePolicy Orchestrator software to deploy and install the VirusScan TC software. You cannot configure it using the ePolicy Orchestrator Consoleif you are using SMS or login scripts to de ploy the software. For additional information, see
Chapter 2, “Deploying and Installing VirusScan TC.” starting on page 11.
Anti-virus s oftw are This includes the on-access scanner, which
looks for viruses every time a file is written to disk or read from disk. For additional information, see Chapter 3 , “Setting Policy
for On-Access Scanning.” starting on page
29.
AutoUpdate function This allows you to schedule regular u pdates
of the virus definition f iles that the scanner requires to recognize and act o n viruses. This featurecanalso upgradethescanningengine when a new version is released. For additional information, see Chapter 4,
“Updating and Mirroring Tasks.” starting on page 49.
10 McAfee VirusScan TC
2Deploying and Installing
VirusScan TC

Overview

This section describes the procedures for deploying and installing the VirusScan TC program. You can do this in one of two ways, depending on your environment and the rules by which your enterprise operates. The two methods are:
Using SMS or Windows NT login scripts
Using ePolicy Orchestrator software v1.1
Chapter 1 of this manual describes the two installation scenarios available to you: the Complete Installation and the Optimized Installation. For a detailed description of each installation, see th e table on page 6.
2
If your enterprise requires this method for software deployment.See “Complete
Installation” on page 11.
If you use the McAfee management tool to deploy, install, and manage your anti-virus software. See “Optimized Installation” on
page14.

Complete Installation

This section describes the procedure for de ploying and installing the VirusScan TC program using SMS or Windows NT login scripts.
If you are running McAfee ePolicy Orchestrator v1.1 on your network, and if theePolicyOrchestratoragent is present on the computersthataretargeted for installation of the anti-virus program, you can use the ePolicy Orchestrator software to configure the on-access scanner and auto-update functions after the program has been installed. See Chapter 3, “Setting Policy for
On-Access Scanning,” starting on page 29,andChapter 4, “U pdating an d Mirroring Tasks,” starting on page 49 for information on configuring those
program components. If you are not ye t running McAfee ePolicy Orchestrator v1.1 on you r network,
or if th e ePolic y Orchestrator agent is not present on the computers that are targeted for installation of the anti-virus program, you cannot configurethe on-access scanner or autoupdate functions.The VirusScan TC program will run using its unalterable default settings, and you will not be able to update the v irus definition files that the scanner depends on for identification of viruses. For a description of the default settings, see page 29 .
Administrator’s Guide 11
Deploying and Installing VirusScan TC
To deploy and install the VirusScan TC program on your computer, follow these steps:
1. Place the CD-ROM in your server’s drive.
2. On your network, create a shared folder where you will copy the program files for the target computers to share. The shared folder must provide “read” access to every computer on which VirusScan TC will be installed .
æ
IMPORTANT:On Windows 9 5 and Windows 98 systems, the share mustbeinthesamedomainasthecurrentlylogged-inuser.
3. Copy the following files from the VSCAN_TC folder on the CD-ROM to the shared folder:
INSTMSIW.EXE LWISETUP.EXE VSCANTC.MCS INSTMSI.EXE SETUP.EXE
4. Creat e an SMS or Windows NT login script to perform the following actions:
Copy the five VirusScan T C filesfrom the shared network folder to a temporary location on the target computer.
•InvokeSETUP.EXE.
Reboot the target computer if SETUP.EXE returns 3010. Rebooting is required if:
– T he Microsoft Installer(MSI) demands it. – Previously installed anti-virus software was removed during
the installation.
– The product was installed ina Windows NT environment, thus
introducing McAfee file system drivers to the operating system.
+
WARNING:If a reboot is necessary, the system will not be protected against virus infection until rebooted.
12 McAfee VirusScan TC
Deploying and Installing VirusScan TC

What next?

If you have installed the ePolicy Orchestrator v1.1 program, you can now configurethe VirusScan TC software before deploying it to the target computers. The features t hat you can c ustomize are:
The On-Access Scanner. See Chapter 3, “Setting Policy for
On-Access Scanning,” starting on page 29.
AutoUpdate.SeeChapter 4, “Updating and Mirroring Tasks,” starting
on page 49.
After configuring these fea tures, you can run the SMS or Windows NT login scripts to complete the deployment and installation on the target computers.
æ
IMPORTANT:If you are not yet running McAfee ePolicy Orchestrator v1.1 on your network, or if the ePolicy Orchestratoragent is not present on the targeted computers,you cannot conf igure the on-access scanner or updating functions. The VirusScan TC program will run using its unalterable default settings, and you will not be able to update its virus definitionfiles. For a description of the default settings, see page 29.
Administrator’s Guide 13
Deploying and Installing VirusScan TC

Optimi zed Install a tion

This section describes the procedures for placing the program files onto the server, then deploying and installing the Installer and V irusScan TC programs via the ePolicy Orchestrator software.

Overview

Optimized installation and deployment consists of these seven basic tasks, which are described in detail later in this chapter:
1. Install the ePolicy Orchestrator v1.1 server software o n your s erver.
2. Install the ePolicy Orchestrator agent on the target computers.
æ
IMPORTANT:You must install the ePolicy Orchestrator v1.1 server software and the agent before attempting to deploy or install the VirusScan TC program files. The software and its documenta tion are include d on the CD-ROM. See the ePolicy Orchestrator v1.1 Administrator’s Guide for instructions on installing or upgrading to version 1.1 of the program.
3. Copy the required program configuration files for the VirusScan TC Installer and the on-access scanner from the CD-ROM to the ePolicy Orchestrator software repository.
4. Copy the required Microsoft Installer filesand the VirusScan TC program installation file from the CD-ROM to one or several commonly accessiblelocations on the network. These locations might be shared folders or FTP sites.
5. Configur e the VirusScan TC Installer:
Designate the locat ions where the Ins taller finds the VirusScan TC program installation file.
Designate the locations where the Installer finds the files that insta ll MSI on the target computers.
Define the way you want the Installer to record its activity in a log file, and the characteristics of the log file (name, size, and content).
6. Select reboot options for the ePolicy Orchestrator agent to enforce when rebooting is required during installation.
14 McAfee VirusScan TC
¥
NOTE: You can designate up to eight sites for the VirusScan TC program installation file, and for the files that install MSI. This helps assure that the installation procedure will be able to locate the required files, even if one or more of the locations is temporarily off-line. Listing the sites in order of proximity helps assure that the installation procedu re will contact the most preferred location first.
7. Set policy for (configure) the on-access scanner.
8. Deplo y the installation po licy and install the VirusScan TC program.
For tasks 1, 2, and 6, see the ePolicy Orchestratorv1.1 Administrator’sGuide.For tasks 3–7, see the following sections in this chapter.

1. Install ePolicy Orchestra torsoftware

Before you can perform the Optimized Installation, you must first install and configure the ePolicy O rchestrator v1.1 software on your server. For complete instructions, see the ePolicy Orchestrator v1.1 Administrator’s Guide,whichyou can find on the CD-ROM.
•Toinstall the program for the first time, follow the instructions for “First-time Installation.”
Deploying and Installing VirusScan TC
•Toupgrade the program from the previous version, follow the instructions for “Upgrading Version 1.0 to Version 1.1.”

2. Install the ePolicy Orchestrator agent

You must install the ePo licy Orc he strator agent on all the target computers before you can pe rform the Optimized Installation. For complete instructions, see the ePolicy Orchestrat or v1.1 Administrator’s Guide, which you can find on the CD-ROM.

3. Copy program configuration files to the software repository

In order to configure and deploy the VirusScan TC software, you must place the.NAP files (Network Associates Package) on the server where you installed and configured the ePolicy Orchestr ator sof tware. These files are identifiable by their extension, .NAP.
LWI100EN.NAP Installer
VTC600EN.NAP VirusScan TC
æ
IMPORTANT:In order to install LWI100EN.NAP in the software repository, it must be installed from a location that also includes LWISETUP.EXE. No user interaction with LWISETUP.EXE is required.
Administrator’s Guide 15
Deploying and Installing VirusScan TC
To place a .NAP file in the software repository, follow these steps:
1. In the ePolicy Orchestrator console tree, right-click on Software,and select Install (Figure 2-1).
Figure 2-1. Console Tree—Install software in repository
The Select a Software Package dialog box appears (Figure 2-2).
2. Click at the top of the dialog box to select the CD-ROM. Locate each of th e following .NAP files on the CD-ROM and click Open to place it in the software repository.
After you have placed the Installer and the VirusScan TC prog ram file s in the repository, they appear in two places on the ePolicy Orchestrator console (see
Figure 2-3 on p age 17):
In the upper portion of the details pane.
In the console tree under Software.
16 McAfee VirusScan TC
Figure 2-2. Select a Software Package dialog box
LWI100.NAP Installer
VTC600.NAP VirusScan TC
Deploying and Installing VirusScan TC
Figure 2-3. ePolicy Orchestrator Console
displaying the contents of the Software Repository

4. Copy Installer and program files to the network

In order for the I nstaller to f ind th e files needed for downloading, you must firstcopy those filesfrom the CD-ROMtoa place on the networkthat alltarget computers can access. This can be either an FTP site or a shared folder on the network.
The files include two MSI (Microsoft Installer) files: on e for Windows NT environments and one for Windows 95 and Windows 98 environments; and an MCS file, the VirusScan TC program file.
Follow these steps to copy the installation files from the CD-ROM:
1. On the CD-ROM, locate these files:
INSTMSIW.EXE for Windows NT
INSTMSI.EXE for Windows 95 an d Windows 98
VSCANTC.MCS VirusScan program file
Administrator’s Guide 17
Deploying and Installing VirusScan TC
2. Copy the appropriateMSI file or files for your Windows environmentto either an FTP site or to a shared folder on the network.
Ifyournetworkincludes bothtypes ofWindowsenvironment,copy both MSI files.
If you are operating in an exclusively Windows 2000 environment, you do not need to copy either of the MSI files.
If you are copying to a shared folder, you must use Universal Naming Convention (UNC) to target it.
æ
3. Copy the file named VSCANTC.MCS to either an FTP site or shared folderon the network.Youcanuse the same folderwhereyou copiedthe MSI installation files, or you can use a different folder.
If you are copying to a shared folder, you must use Universal Naming Convention (UNC) to target it.
IMPORTANT:OnWindows95and Windows98systems, the sharemustbeinthesamedomainasthecurrentlylogged-in user.
¥
NOTE:Although the *.MSIfilesandthe VSCANTC.MCS file canbe placed in the same location, some administrators may prefer to place them in different locations to control network traffic.
4. You can create up to eight FTP sites or shared network folders to hold these files. This enables large networks to provide fail-over pro tection and control network traffic.

5. Conf igure the VirusScan TC Install er

For installation to take place, the VirusScan TC Installer must be able to find the executable files that places the Microsoft Installer into the target computers, and t he install package that contains the VirusScan TC software. The files that install the Microsoft Installer are named INS TMSI.EXE and INSTMSIW.EXE. These have been described und er “4. Copy Installer and
program files to the network”. The package that contains the VirusScan TC
softwareis namedVSCANTC.MCS. You must place these files in one or more locations on your network, and then configure the VirusScan TC installer to look for them in the locations y ou have selected.
18 McAfee VirusScan TC
Deploying and Installing VirusScan TC
Setting policy for the installation files
Follow these steps to set policy for the installation files:
1. Verify that the Policies tab is s elected in the upper portion o f the details pane,on the rightside of the ePolicy Orchestrator console.
2. If you have not already done so, c lick the next to Installer for VirusScan TC in t he upper portion o f the details pane.
3. Select Configurations to display the Configurations property pages. By default, the Install Sites property page appears (see Figure 2-4 .) This is the property page on which you can designate up to eight locations where you placed VSCANTC.MCS. When you select the MSI tab, you can designate up to eight locations where you placed INSTMSI.EXE and INSTMSIW.EXE. The pro cedures for adding sites is identical for both Install Sites and MSI Sites property pages.
Figure 2-4. Installer Config urations pages—Install Sites and
MSI property pages
4. Deselect Inherit. The buttons on the right are activated.
Administrator’s Guide 19
Deploying and Installing VirusScan TC
¥
NOTE:Disabling the Inheritance feature lets you set new policy for the installation of the Installer program for the target (group or computer) that you have selected in the console tree. During future installation s to computers in other branches of your network , you might want to leave t his checkbox selected if you w ant the Site policies you set now to affect computers that are in subordinate positions in the console tree. See the ePolicy O rchestrator documentation for a completediscussion of Inheritance.
5. Click Add to designate a new site for the file. The Site Opt ions property page opens. By default, FTP Site is sele cted, and the dialog assumes that login credentials are required (see Figure 2-5.)
¥
NOTE: You can designate a maximum of eight sites, each with a unique name. The order in which the sites are listed on the Install Sites and MSI Sites pr operty pages is the order in wh ich the VirusScan TC installer softw are will look for the file.
20 McAfee VirusScan TC
Figure 2-5. Site Options property page
Deploying and Installing VirusScan TC
6. Enter a name for the site that you are defining. This is the name that will appearin themain Install Sites,o r M SI Sites page, shown in Figure 2-4 on
page 19, and in the installation log. See “Setting po licy for the installation files” on page 19 for information about the installation log.
7. Verify that Enable Site is selected.
8. Provide the ne cessary infor mation appropriate to the site where the files are located:
For an FTP site
a. Enter the name of the FTP server and the directory containing
the file or files. For example, ftp.myserver/install.
b. If, in Step 2 on page 18 you placed one or both MSI file s on a
File Transfer (FTP) site:
– that requires login credentials, enter the User Name and
Passwordinformation required for access to the server. Regardless of the number of characters in the password, eight asterisks appear in the password field.
– that accepts anonymous logins, select Use Anonymous
FTP Login. The boxes for login credentials are disabled.
¥
NOTE: You must also perform this step for VSCANTC.MCS if, in Step 3 on page 18 you placed that file on an FTP site.
c. Enter the path of the file or files. d. If your network requires use of a proxy server, selectUse
Proxy Server. Two previously disabled text boxes are now enabled. Enter the name of the proxy server, and the port it uses.
æ
IMPORTANT:If you are using proxy software, be certainthat you have the most current version, includinganyservicepacks that hav e been released for use w ith the proxy software.
For a UNC shared folder
a. Select the UNC path option. b. Using UNC notation,(\\servername\path), enter the path
of the location where youplaced the MSIfiles in Step 2 on page
18. On Windows 95 and W indows 98 systems, the currently
logged-in user must have “read” rights to the shared folder.
Administrator’s Guide 21
Deploying and Installing VirusScan TC
¥
c. Fill in the Use r Name and Password boxes. Regardless of the
• Forapathonthelocalcomputer
a. Select the UNC path option. b. Enter the path of the local folder in the field labeled En ter a
9. When you have finished setting options, click OK. Your changes are saved for deployment, and you are returned to Install Sites or MSI Sites property page.
+
WARNING:If you do not click OK, the options that you selected will be ignored.
NOTE:You must also perform this step for VSCANTC.MCS if, in Step 3 on page 18, you placed that file on a UNC shared folder.
number of charactersin the password, eight asterisks appear in the password field.
local path.
10. Use the buttons on the right side of the interface to modify previously configuredsites.
Click Edit to modify the configuration of a site already listed on the
Install Sites page.
Click Delete to remove a s elected site.
Click MoveUporMove Downto change the order in which the sites
are listed. In general, the first site on the list should be the nearest site. The last site on the list should be the most remote site.
11. When you have finished setting Site Options, click OK to save your site options selections and close the dialog box. You return to the Configurations property pages.
12. Click Apply to save your selections for Install Sites or MSI Sites.
+
WARNING: If you do not click OK and Apply, the options thatyou selected are ignored.
22 McAfee VirusScan TC
Deploying and Installing VirusScan TC
Setting policy for the Installer’s loggingfeature
This feature of the Installer allows you to configure the way in which the installer logs activity during installation. You can set the name and location of the log file, its size, and the level of detail that is reported.
æ
IMPORTANT:When deploying and installing the VirusScan TC program, the only report that an installation has failed is found in the local log file on the target machines. Such events are not reported by the Anti-Virus Informant module.
A failed installation is also reflected by the absence of information on the Properties tab about the o n-access scanner.
To configure the logging activity feature, follow these steps:
1. Select the Log Activity tab (Figure 2-6.)
Figure 2-6. Installer Configurations pages—Log Activity property
page
2. Deselect Inherit. The logging options are activated. See the NOTE on
page 20 for information about Inheritance.
Administrator’s Guide 23
Deploying and Installing VirusScan TC
3. Make sure that Logtofileis selected.
4. Bydefault,thenameofthelogfileisInstall.log.Thedefaultpathof the log file is:
<drive>:\Program Files\McAfee\VirusScan TC\Install.log
Here,<drive>refersto the clientdiskwhere the VirusScanTC software is installed .
If you prefer,you can enter a different file name or path.
5. By default, the maximum size for the log file is set to 1,024 can en ter any value between 10
ë
TIP: If the data in the log exceeds the file size you set, the oldest 20
KB and 32,767KB.
KB (1MB).You
percent of the log text is deleted to m a ke room for new information that is added to the end of the file. If you place no size restriction on the log file, you run the risk of it consuming all available space on the drive where it is located.
6. By default, Enable Verboseis selected. If you want the log to report every step in a procedure, leave it unc hanged. Otherwise, deselect it.
Figure 2-7and Figure 2-8 show samplesof an event recorded in verbose
and non-verbose mode, respectively.
Figure 2-7. Verbose Log
7. When you have finished setting Log Activity options , click Applyto save your selections for deployment. You ret urn to the Installer Configurations property pages.
24 McAfee VirusScan TC
Figure 2-8. Non-verbose Log
+
WARNING: Ifyoudo not click Apply, the optionsthat you selected are ign ored.

6. Sele ct reboot options

Using the ePolicy Orchestrator Agent Options page, you can specify the wa y you want the installer to respond to r ebooting requirement. The options are:
Prompt user when software installation requires reboot. and/or
Automatic reboot with timeout.
See Chapter 5 (The Agent) in the ePolicy Orchestrator Administrator’ s Guide
for information about selecting these options.

7. Set policy for the on-access scanner

You can set policy for the on-accessscannerat any time. Administrator’s may find it convenient to configure the scanner as part o f the initia l deployment and installation activity. However, it ca n be done at any time.
Deploying and Installing VirusScan TC
For a complete discussion of configuring the on-access scanner, see “Setting
Policy for On-Access Scanning” starting on page 29.

8. Dep loying the inst allat ion policy

After you have finished making configuration choices for the Install Sites, MSI Sites, and Log Activity property pages, youare ready to distribute the policies and install VirusScanTC on the target computers.
¥
NOTE: In most situations, you will want to configure the on-access
scanner before deploying and installingthe VirusScan TC program. For detailed information about configuring this component, see Chapter 3,
“Setting Policy for On-Access Scanning,” starting on page 29.
You can configure AutoUpdate before you deploy the VirusScan TC program. However, AutoUpdate cannot run until you have deployed the VirusScan TC program and it has been installed on the client machines. For information about configuring this component, see Chapter 4,
“Updating and Mirroring Tasks,” starting on page 49.
Administrator’s Guide 25
Deploying and Installing VirusScan TC
To deploy the policy and install VirusScan TC, follow these steps:
1. Select a target in the ePolicyO rchestrator consoletree where you will be installing the Installer and VirusScan TC program s. The target can be a group or a single computer (See Figure 2-9 on page 26).
2. Deselect Inherit on the Installation Options page, located in the lower portion of the details pane. See the NOTE on page 20 for information about Inheritance.
3. Make sure that E nforce Policies fo r Installer for VirusScan TC v6.0.0 for Windows is selected.
4. Select Force Install Installer for VirusScan TC v6.0.0 for Windows.
5. Verify that the Install Package box displays the path of the Installer, or click Select to locate the package.
26 McAfee VirusScan TC
Figure 2-9. ePolicy Orchestrator—Installation Options property
page
¥
NOTE: By default, when you placed the Installer program in the ePolicy Orchestrator software r epo sitory, its executable file was automatically placed on the ePolicy Orchestrator server at the following locati on:
<drive>:\Program Files\McAfee\EPO\Db\Software
\LWI___1000\1.0.0\English\InstallFiles
Deploying and Installing VirusScan TC
6. Click Apply. The policy is r eady for deployment to the computers that you selected in the console tree in Step 1 on page 26.TheVirusScanTC program will be transmitted when the ePolicy Orchestrator agent requests new policies from the server.
+
WARNING: Ifyoudo not click Apply, the optionsthat you selected are ign ored.

Uninstalling the VirusScan TC program

This chapter does not include instructions for the use of the Force Uninstall Installer for VirusScan TC v6.0.0 for Windows option. Thisfeature is useful
onlyaftertheprogramhasalreadybeen installed. Briefly,the Force Uninstall checkbox allowsyou to remove any previously installed versionorcopy of the Installer software, including VirusScan TC.
An alternative approach to uninstalling the prog ra m involves issuing the following command at the command line prompt on each client machine:
LWI /script uninstall.LWS
Administrator’s Guide 27
Deploying and Installing VirusScan TC
28 McAfee VirusScan TC
3Setting Policy for
On-Access Scanning

Overview

TheVirusScanTCprogramusesitsOn-AccessScannertoprovidecontinuous, real-time virus detection and response. The On-Access Sc anner checks for infections each time you open or copy a file from, savea file to, or otherwise use any file stor ed on the hard drive. The scanner starts when the computer starts up, and stays in memory until the c omputer shuts down. By default, the scanner:
Scans files when they are written to disk.
Scans files when they are read from disk.
Scans the boot sector of floppydisks when they are inserted,and when the computer is shut down.
Scans file types that are susceptible to virus infection.
Scans archive files with file name extensions: ARC, ARJ, CAB, LZH, RAR, TAR, ZIP, and their contents, if you are running Windows NT or Windows 2000.
3
Scans compressed executa ble files that the current scanning engine and virus definition (.DAT) files clas sify as susceptible to infection.
Cleans in fected files immediately upon access or when saved.
Records its activities in a log file.
Exclude s the Windows R ecycle Bin from scanning activities.
If you have installed the Vir u sScan TC program, the ePolicy Orchestrator software will enforce the default scanning policies without any further interaction with the administrator. However, if you want to modify a policy setting you can use the VirusScan TC On-Access Sc an Options property pages to do so.
¥
NOTE: The phrase setting policy for on-access scanning is synonymous with configuring on-access scanning options.
Administrator’s Guide 29
Setting Policy for On-Access Scanning

Configuring on-access scanning options

If you have the ePolicy Orchestrator softw are running on your network, you can change o r modify the default policy for the on-access scanner’s detection, action, reporting, and exclusion features. You cannot change the scanner’s default settings without the ePolicy Orchestrator software.
To configure the on-access scanner, follow these steps:
1. Make sure thatyouhaveplaced the VirusScan TC softwareint he ePolicy Orchestratorsoftwarerepository.For instructions, see“3. Copy program
configuration files to the software repository” on page 15.
After you have placed the software in the repository, it appears on the Policies ta b in the upper portion of t he details pane o f the ePolicy Orchestrator C onsole (Figure 3-1).
.
2. In the console tree, select a target Directory for which you want to set policy. The target could be a group or a single computer.
3. In the upper portion of thedetailspane,clickt he next to the VirusScan TC v6.0.0 for Windows icon. The expanded list, (Figure 3-2)showsthe on-accessscanner.
.
4. Select On-Access Scan Options.TheOn-Access Scan Options page appears in the lower details pane (Figure 3-3 on page 31).
30 McAfee VirusScan TC
Figure 3-1. Upper Details pane—Policies tab
Figure 3-2. Upper Details pane—with expanded software branch
Setting Policy for On-Access Scanning
Figure 3-3. On-Acc ess Scan Options—Detection property page
Each tab governs a set of options for the on-access scanning operation:
Detection
Optionsfor the scanner’sbehavior—whenandwhat to scan.
Action
Actions y ou want the scanner to take when it finds a virus.
Report Exclusions
Features that customize the output of the log files. Any item (file, folder or disk) that you want to
exclude from scanning.
The following sections describe each option tab in detail.
Administrator’s Guide 31
Setting Policy for On-Access Scanning

Detection Opti ons

To setthe Detection options, follow these steps:
1. Deselect Inherit to change the product’s current configuration settings.
¥
NOTE:Disabling the Inheritance feature lets you set new policy for scanning activities for the target (group or computer) that you have selected in the console tree. D urin g futureinstallations to computers in other branches of your network, you can leave this checkbox selected if you want the policies you set now to a ffect computers that are in subordinate positions in the Directory tree. See the ePolicy Orchestrator A dministrator’s Guide for a complete discussion of Inheritance.
2. Select Enable On -Access Scan to enable the options for on-access scanning. If you do not check t his box, the options on this page are grayed out.
3. Under Scan Files, select circumstances under which you want the program to scan the files.Your options are:
32 McAfee VirusScan TC
When writing to disk
When readingfrom disk
ë
TIP: If you select both options, any file that you can open and change will be scanned twice each time it is used—once when it is readfrom the di sk (outbo u nd) and aga in when it is written to the disk (inbound). This is the most comprehensive approach to scanning because it ensur e s that no infectionsarewritten to the hard disk. If an infected file was already on the disk before the anti-virus software was installed, the scanner will f ind the virus when the user takes some action on the file such as opening, moving, or deleting it.
If you elect to sc an inbound files only, or outbound file s only, it is importantthatall computers sharing files be configured identically. Otherwise , an infected file could be copied from a computer that scans only i nbound files to a server that scans only outbound files.
Files that are written to aharddrive, or other data storage device.
Files that are read from aharddrive, or other data storage device.
Setting Policy for On-Access Scanning
Scanning files only when they are read from disk can be a element of an effective virus protection program. However, under s ome circumstances, scanning files only when they are written to disk may not be equally effective. For additional information, see the footnote
page 39.
4. Under Scan Floppies, select At system shu tdow n to scan any floppy disk that is left in the dr ive when th e computer shuts down.
5. Under What to Scan,you can chooseto scan allfiles,defaultfiles, or only program files—those file types you can see by clicking Extension.
Select one of these three choices:
All files Scans every file, irrespective of the file type. Defaultfiles
Scans only those file types that the scanning engine recognizes as susceptible to virus infection. This list of file types is specific to the current scanning engine and t he current virus d efinition (.DAT) files in use. McAfee recommends selecting this opt ion.
Custom files Scans only those file types with a f ile name extension
that appears in the list of extensions. Click Extension to view or edit the list of Cus tom
Files included in scanning activities. The Program File E xtensions dialog box appears (Figure 3-4).
Figure 3-4. Program File Extensions dialog box
Administrator’s Guide 33
Setting Policy for On-Access Scanning
¥
NOTE: When the VirusScan TC product is shipped,thelist of Default filesis identicalwith the list of Custom files.However, over time, as you upgrade the scanning engine, the list of Default files may grow or s hrink dependingon the most current research on the susceptibility of certain file types to virus infection. Upgrading the scanning engine will not affect the list of Custom files, which is under the control of the user.
By default, the on-access scanner ex amines files with t hese extensions:
??_ 001 002 386 ACM ADT APP ARC ARJ ASP AX? BAT BIN BO? CAB CDR CHM CLA CMD CNV
COM CPL CSC DEV DLL DOC DOT DRV EXE GMS GZ? HLP HT? ICE IM? INI JS? LZH MB? MD?
MPP MPT MSG MSO OBD OBT OCX OLE OTM OV? PCI POT PP? QLB QPW RAR REG RTF SCR SHS
Select Netwo rk drives to include network resources that are
accessed by your system. This is a convenient way to extend virus protection to a resource that does not have virus protection. However, it can have a negativeeffectonoverallperformance of the system that is running the scan.
Select Comp ressed files t o include executable files that were
compres sed using the following utilities:
PkLite LZexe
MS Compressed Ice
Cryptcom Com2Exe
Diet Teledisk
SMM SYS TAR TD0 TGZ TLB TSP VBS VS? VXD VWP WBK WIZ WPC WPD WSI XL? XML XSL XTP
34 McAfee VirusScan TC
– I f you selectedAll files, every compressed file will be scanned.
Setting Policy for On-Access Scanning
–IfyouselectedDefault files,the compressed file types thatthe
current scanning engine and .DAT file s classify as susceptible to infection will be included in scanning activities.
– I f you selected Custom files, the scanner will examine only
those compressed file typesthatappearinthe listofextensions.
Select Boot sectors to scan the disk boot sector of a floppy disk or
hard disk when a file is first accessed.
Select Archive files for W indows N T or Windows 2000 if you want
the scanner to examine these archive file types and their contents:
ARC ARJ
CAB LZH
RAR TAR
ZIP
– To include these file types in scanning activities, you must
select this checkbox whether you selected All files, Default files or CustomFiles.
– I f you selected Custom files, you must also verify that these
file t ypes appear in the list of extensions.
6. Under Enable Heuristic Scanning Of, select the type o f heuristic scanning you prefer. Your options are:
Macros Identifies all Microsoft Word, Microsoft Excel, a nd
other Microsoft Office files that contain embedded macros,then compares the file characteristics against a list of known virus characteristics. The scanner identifies code signatures that resemble existing v iruses, and considers them to be potential macro virus.
Program Files Locatesnewvirusesinprogramfilesbyexamining
file characteristics and comp aring them against a list of known virus characteristics. The scanner identifies files with a sufficient number of these characteristics as potential viruses.
7. Under General, select Show i con in the taskbar to display the VirusScan icon in the workstation’s taskbar. If you deselect this item, the user sees no indication that virus scanning is active on t he workstation.
8. Click Apply to save your d etection policy settings.
+
WARNING: If you do not click Ap ply, you settings are ignored.
Administrator’s Guide 35
Setting Policy for On-Access Scanning

Action options

When VirusScan TC software detects a virus, it can respond either by automatically taking an action that you determine ahead of time. Use the Action tab to specify the scanner’s behavior when it finds a vir us.
To set the Action options, follow these steps:
1. Select the Action tab on the On-A ccess Scan Options page (Figure 3-5).
2. Deselect Inherit to change the product’s current configuration settings. See the NOTE on page 32 for more information about Inheritance.
36 McAfee VirusScan TC
Figure 3-5. On-Access S can Options — Action property page
Setting Policy for On-Access Scanning
3. Under When a Virus is Found, select one of these options:
Deny access to infected files and continue. Denies any user
access to an infected file. If you select this option, b e sure to enable the logging option so that you have a record of which files are infected. See “Report options” on page 39 for details.
ë
TIP: When you select this option, the scanner automatically stops read and copy operations for any file that it identifies as infected. As a result, the infection can notbe transmitted once it is identified. McAfee recommends that you select this option if you plan to leave your server unattended for long periods. When you are able to return your attentionto the server, you can then verify the infection, and decide whether to clean the infection, delete the file, or restore an earlier version of the file from backups.
Move infected files automatically. The scanner moves infected
files to a quarantine folder as soon as it finds them. By default, the first time that the scanner moves a file, it creates a
folder named Infected, which it uses to store qua rantined files. The default path of the quarantine file is:
<drive>:\Infected
Here,drive refers to the client disk on which the virus was detected. If you prefer,you can enter a different name or path.
Clean infected files immediately. The scanner removes the v irus
code from the infected file as soon as it finds it.
Delete infected files immediatel y. The scanner deletes every
infected file itfinds. Be sure to enablethe logging feature so that you have a recordof the files that the application deleted. You will need to resto re deleted files from backup copies. If the application cannot delete an infected file, it notes the incident in its log file.
For more information about the status of infected files relativeto the outcome of the scanning activity, see page 39.
4. If you want the scanner to warn users that the file they opened, copied from, or saved is infected, select Send message touser,then,inthebox provided, enter the message you want users to s ee.
Administrator’s Guide 37
Setting Policy for On-Access Scanning
5. Click Apply to save y our action policy settings. The settings are transmitted to the ePolicy Orchestrator agents for enforcement the next time that the agents request new policies and tasks from the server. See the ePolicy Orchestrator Administrator’s Guide for information about agent-server communication.
+
WARNING: If you do not click Ap ply, you settings are ignored.
Status of infected files after scanning
The status of an infected file after scanning depends upon anumber of factors:
Scanning action • Deny Access
• Delete
•Move
• Clean
Operating system • Windows 95 and Windows 98
• Windows NT and Windows 2000
Trigger • File read from disk
• File written to disk
Outcome • Success *
•Failure**
The table below shows, by factor, the status of infected files after scanning:
38 McAfee VirusScan TC
* Success means that the scanner took the action that the administrator specified and
the desired result was achieved,without incident.
** Failure means that the scanner was not able to take the action that the administrator
specified, but took a different action instead. Failure can occur for a varietyof reasons, suchas: no driveryet exists forcleaning a
new virus; the virus has characteristics that are uncleanable; timing conflicts exist between actions taken on a file by two different applications;timing conflictsexist relating to the way that an application, such as MicrosoftWorddeals with multiple versionsofafilewhenitisinuse.
Setting Policy for On-Access Scanning
Status of Infected File
Selected
Action
Deny Access
Delete
Move
Clean
* There are cases where an infected file is written to disk intact even if you have selected When writing to disk on the scanner’s
detection property page. This includes the extremely rare circumstances where the deletion command fails. In those cases the virus cannot be activated until a user attempts to open, copy, or move the infected file. At that time, the file will be scanned if you have selectedWhen reading from disk on the scanner’s detection property page.
Outcome
Read from disk Written to disk Read from disk Written to disk
Success
Failure Not applicable. Denial of access to the file is always available. Success Deleted
Failure
Success Movedtoquarantinefolder
Failure
Success Cleaned
Failure*
• Left intact
• Access denied
• Left intact
•AccessDenied
• Left intact
• Access denied
• File name acquires. extension.
• Access denied.
Windows 95 and
Windows 98
Left intact* • Left intact
VIR
Windows NT and
Deleted* • Left intact
•Accessdenied
•Accessdenied
Deleted* • Left intact
•Accessdenied
Deleted* •Filename
acquires. extension.
• Access denied.
Windows 2000
Deleted*
Left intact*
Left intact*
Deleted*
VIR

Report options

The scanner lists its current settings and summarizes all of the actions it takes during its scanning operations in a log file, which, by default is called VSHLOG.TXT. You can accept the defaults, or make selectionsto customize your log file, which you can open and print for later review.
You can use the log file to track virus activity on your system and to note which settings the program used to detect and respond to infections. You can also use the incident reports recorded in the file to determine which files you need t o examine in quarantine, or delete from your computer.
Administrator’s Guide 39
Setting Policy for On-Access Scanning
¥
NOTE: T he reporting function of the VirusScan TC program does not
replace, supersede, or affect the function of the McAfee Anti-Virus Informant applica tio n that is included with the ePolicy Orc hestrator software. See the ePolicy Orchestrator Administrator’s Guide fo r more information abou t the Anti-Virus Informant module.
Also, this reporting function does not replace or supersede the Alerting functions that might be present o n your network if you have installed the Alert Manager component of McAfee NetShield for Windows NT and Windows 2000 on your servers.
To set the Report options:
1. Select the Report tab on the On-Access Scan Options page (Figure 3-6).
40 McAfee VirusScan TC
Figure 3-6. On-Access Scan Options — Report property page
Setting Policy for On-Access Scanning
2. Deselect Inherit to change the product’s current configuration settings.
See the NOTE on page 32 for more information about this step.
3. Select Logtofileto save the log in a file that you sp ecify.
By default, the scanner writes log information to the file VSHLOG.TXT in the VirusScan program directory. The program creates the default fil e in the default path.
4. To minimize the size of the log file, click Limit size of log file to,then
enter a value for the file size, in kilobytes, in the text box. If you do not select this checkbox, the log file can continue growing without any limit.
Enter a value between 10 the file size to 1024
ë
TIP: If the data in the log exceeds the file size you set, the oldest 25
KB and 32767KB. By default, the scanner limits
KB.
percentofthe log text is deletedto make room for new information. If you place no size re striction on the log file, you run the risk of it consuming all available space on the drive where it is located.
5. Select the checkboxes that corresp ond to the information you w ant t o record in the log file. Deselect any box to om it the information from the log file. The options are:
Virus detection Virus cleaning
Records detection of a virus. Records the scanner’s attempt to clean an
infected file.
Infected files deleted
Infected files moved
Session settings
Session summary
Records deletion of an in fected file.
Records the relocation of an infected file to the quarantine folder.
Records the configuration settings that were in use when the VirusScan TC scanner was started.
Summarizethe actionsthat the scannertook.The log records all the options you select on this tab.
Dateandtime
Username
Records the date and time when the reported event occurred.
Records the name of the u ser that acces sed the file that precipitated the action being reported.
Administrator’s Guide 41
Setting Policy for On-Access Scanning
6. Select Enable Centralized Alerting if you have installed a McAfee product that includes Alert Manager, such as the NetShield or GroupShield software, on one o r more servers, and want to continue using it. This feature allows workstations to transmit alerts to a centralized folder from whichAlert Manager can retrieveanddistribute them, using the methods that you configured within Alert Manager.
7. In the box labeled Destination for alerts, enter the path of the shared folder. This is the share folder where the workstations w ill send their alerts, in the form of .ALR files. It is also the folder from which the NetShield program retrieves alerts,converts them into its own format, and distributes them via the methods yo u have configur ed for Alert Manager. Typically the shared folder is located on the NetShield server where Alert Manager is located. However, you can configure Alert Manager to look for the folder in a different location.
æ
IMPORTANT:Very careful planning is required to assure that
workstations have easy access to the shared folder without compromising overall network security.Achieving this combination requires that you a) designate the s hared folder as a NullSessionShare, and b) take advantage of appropriate Windows securities measure for NTFS systems to protect the N ullSessionShare.
a. Designate the shared folder that receives the .ALR files as a
NullSessionShare. This allows the workstations to have easy access to the shared folder without providing login credentials. To do so , create a name for the shared folder, and add the name to the value NullSessionShares located in the follo wing registry key on th e NetShield server where Alert Manager is located:
HKEY_LOCAL_MACHINE
SYSTEM
CurrentControlSet
Services
LanmanServer
Parameters
See your NetShield documentation for more information about configuring Alert Manager.
b. Because a NullSessionShare can result in a security vulnerability,
McAfee strongly recommends that you take advantage of all of the following security features available for Windows NTFS systems including:
• granting clients only “write” privileges to the shared folder.
• granting the Alert Manager server privileges for searching, reading, and deleting only.
42 McAfee VirusScan TC
8. Click Apply t o save your report policy settings. Th e settings are
transmitted to the ePolicy Orchestrator agents for enforcement the next time that the agents request new policies and tasks from the server. See the ePolicy Orchestrator Administrator’s Guide for information about agent-server communication.
+
WARNING: If you do not click Ap ply, you settings are ignored.

Exclusi on opti ons

Many of the files stored on your computer are not vulnerable to virus infection. Having the on-access scanner examine these files can take a long time and produce few r esults. You can reduce the time the scanner spends looking at each file you modify by restricting the scanner to examine only susceptible file types. You can also tell the sc anner to ignore files or entire folders that you know cannot become infected.
Setting Policy for On-Access Scanning
• establishing a quota for the number of messages that the shared fold er can accept.
• using the NTFS auditing feature.
The exclusion list identifies which items—disks, folders, or in dividual files— you want to exclud e from scanning activities. By default , the scanner does not examine files that are in the Recycle Bin because Windows will not run items stored there. This item appears in the exclusions list when you first open the property page.
Each entry in the exclusions list displays the path to the item, notes whether the module will also e xclude any nested folders, and expla ins whether the application will exclude the item when it scans files, when it scans your hard disk boot sector, or both.
To choose Exclusion options, follow these steps:
1. Click the Exclusions tab (Figure 3-7 on page 4 4.)
Administrator’s Guide 43
Setting Policy for On-Access Scanning
2. Deselect Inherit to change the product’s current configuration settings.
See the NOTE on page 32 for more information about Inheritance.
3. Specify the items you wa nt to exclude. Use the Add button to add a file or folder to the list; or use the Edit and Remove buttons to change o r remove existing items in this list.
44 McAfee VirusScan TC
Figure 3-7. On-Access Scan Options — Exclusions proper ty page
Add files, folders or volumes to the exclusion list. Click Add to
open the Add Exclusio n Item dialog box (Figure 3-8 on page 45).
Setting Policy for On-Access Scanning
Figure 3-8. Add E xclusion Item dialog box
Follow these steps to add items to the list:
a. I n the text box, enter the path of a folder or a file or folder that
you want to exclude from scanning activ ities.
¥
NOTE: If you have chosento move infected files to a quarantinefolder automatically,the moduleexcludes that folder fro m scan operations.
b. SelectInclude subfolders to tell the scanner to ignore all files
stored in any subfolders within the folder you specifie d in
Step a. Deselecting Include subfolders will exclude from
scanning the files located in the target folder, but will not exclude its subfolders.
+
WARNING:McAfee recommends that you do not exclude your system files during a scan session.
c. Repeat Steps a to b until you have listed all of the files and
folders t hat you do not want scanned.
Change the exclusion list. To change the settings for an exclusion item, select it in th e Exclusions list, then click Edit to open the Edit Exclusion Item dialog box. Make the changes you need, then click OK to closethe dialog box.
Remove an item from thelist. To deleteanexclusionitem,select it in the list, then click Remove. This means that the scanner will scan this file or folder during this scan session.
Administrator’s Guide 45
Setting Policy for On-Access Scanning
4. Click Apply to save y our exclusion policy settings. The settings are
transmitted to the ePolicy Orchestrator agents for enforcement the next time that the agents request new policies and tasks from the server. See the ePolicy Orchestrator Administrator’s Guide for information about agent-server communication.
+
WARNING: If you do not click Ap ply, you settings are ignored.

Deploying scanning policy to the agents

When you finished configuring each of the on-access scanner’s properties, (detection, actions, reports, and exclusions) you c licked Apply to save your policy c hoices. That step assured that your policies were ready for t ransmittal the ePo licy Orchestrator agents for enforcement. You m us t now prepare th e server to actually transmit the policies to the agents.
To prepare the server to deploy the policiesto the agents,follow these steps:
1. On the ePolicy Orchestrator console,select VirusScan TC v6.0.0 for Windows on the Policies tab in the upper details pane. The Installation
Options page appears (Figure 3-9 on page 46).
46 McAfee VirusScan TC
Figure 3-9. ePolicy Orchestrator Console
displaying the VirusScan TC Instal lation O ptions page
Setting Policy for On-Access Scanning
2. In the Directory tree, select a target group or computer to which you want to deploy scanning policy. The target could be a group or a single computer.
3. DeselectInherit to changethe installationsettings.SeetheNOTE on page
32 for information about Inheritance.
4. Verify that E nfor ce Pol icies fo r VirusScan TC v.6.0.0 f or W in dows is selected.
5. Click Apply. Your policiesaretransmitted to the agentsthe next time that the agents request new polici e s a nd tasks from the server. See the ePolicy Orchestrator Administrator’s Guide for information about agent-server communication.
¥
NOTE: If you deselect EnforcePolicies..., the agentswill not enforce your policies.
Administrator’s Guide 47
Setting Policy for On-Access Scanning
48 McAfee VirusScan TC

4 Updating and Mirroring Tasks

Why update?

To protect your network, the VirusScan TC software needs regular updates of its virus definition files (.DATfiles), improvements to its scanning engine, and other technical enhance ments. Without updated files, the VirusScan TC software m ight not detect new virus strains or respond to them effectively. McAfee r eleases new .DAT files weekly to pr ovide protection against the approximately 500 new viruses that appear each month. If new, dangerous virusesappearbetweenregularw eekly r eleases, McAfee issues a special .DAT file, known as EXTRA.DAT to deal with the outbreak. Periodically, McAfee releases upgrades to the scanningengine, incorporating improved technology for dealing with malicious code.
McAfee has introduced a new incremental .DAT technology, called iDAT. It consists of small file collections that contain only the virus definitions that have changed between weekly .DAT file releases—not the entire .DAT file set. This development means that you can download .DAT file updates much faster, and at a far lower c ost in bandwidth, than ever before. McAfee offers free .DAT file updates for the life of your product. McAfee also distributes updated .DAT files in a form known as SuperDAT, which includes periodic upgrades to the s canning engine.
4
VirusScan TC supports full updates of all .DAT files, incremental changes to the .DAT files currently in us e, and SuperDAT u p g rades of the scanning engine. T he update task includes functionality that determines which kind of update is required to achieve the maximum virus protection.

Overview of the updating and mirroring tasks

Revised virus definition files appear on the Network Associates FTP site as data file packages identified by the extension .DAT. (The update site is ftp.nai.com/virusdefs/4.x.) A .DAT package consists of a .ZIP archive file named DAT-XXXX.ZIP.The XXXX in the file name is a series number that changes with each .DAT file release. The Automatic DAT Update utility downloads these files, stops the on-access scanner t emporarily, installs the revisedfiles,then restarts the on-accessscanner. The scanner will then use the revised files immediately.
¥
NOTE: McAfee recommends that client have access to a utility for extracting .ZIP files.
Administrator’s Guide 49
Updating and Mirroring Tasks
In relatively small networks, where every computer has unlimited access to the int ern et, each computer could p ull the update files directly from the NetworkAssociatesFTP updatesite.However,suchan approachisimpractical in situations where some computers do not have access to the internet, and inefficient in situations where many computers are all downloading files from a r emote, external source, such as the Network Associates FTP site.
A typical approach to updating on networks that are managed by the ePolicy Orchestratorsoftwareinvolvesthecreationofone ormoremirror siteson your network. Each mirror site replicates the directory on the Network Associates FTP site that contains the .DAT files. The computers on your network then downloadthe update files from amirrorsite. Thisapproachis practicalbecause it permits updating of any computer on your network whether o r not it has internet access, and efficient because your workstations are communicating with a server that is probablycloser than a Network Associates FTP server, thus economizing access and download time.
If yo u are planning to use mirrored sites on your networ k, you must:
Configure the AutoUpdate task and the Mirroring task. The order in which you configure thesetasks is not important.
Schedule the AutoUpdate task and the Mirroring task to run at convenient times. It is essential that the Mirroring task run first,andthatit be completed before the AutoUpdating task begins.
The relationship between the AutoUpdate task and Mirroring task is summarized on the following table:
50 McAfee VirusScan TC
AutoUpdate Mirroring
Target
This task applies to a domain, and af fects all computers in the selected domain that have McAfee VirusScan TC installed. Any computer in the domain can AutoUpdate its .DAT files.
Pullstheupdatefilesfromapre-defined server to the workstation. The server can be the Network Associates FTP update site, or a mirror server on your network thatreplicatesthe contentsof theNetwork Associates FTP update site.
Configuration
Creates a list of servers where your client computers can pull the update files that the VirusScan TC program uses to detect viruses.
This task applies toa serverthatyou select asthesourceforupdatefiles.Any computer that can “see” the mirror folder can receive its updates.
Function
Replicates the f iles on the Network AssociatesFTP update site on one or more servers, or from one local server to another.
Defines a location that contains an image of the contents of the Network Associates FTP update site.
Updating and MirroringTasks
Results
A location, preferably nearby, is defined where yourcomputers canpull update files. The .DAT files and engine files on theclientcomputerareupdated.
A location, preferably nearby, is defined as a mirror image of the Network Associates FTP update site, and is available to your computers. . DAT files aremadeavailableforupdatetasks

Configuring the AutoUpdate and Mirroring tasks

Many of the steps for configuring the two tasks are identical, and others are similar. The order in which you configure the two tasks is irrelevant. Therefore, the two procedures are described simultaneously. Where the two procedures differ, they ar e clearly distinguished.
æ
IMPORTANT:Your configuration settings apply to the target (group, or computer) that is selected in the ePolicy O rchestrator console tree.
Administrator’s Guide 51
Updating and Mirroring Tasks
To configure the AutoUpdateand Mirroring tasks, follow these steps:
1. Select a target in the ePolicy Orchestrator Directory tree for which you want to configure an updating task. The target could be a group or a single computer.
2. Right-click and select Schedule Task. The ePolicy Orchestrator Schedulerdialog box appears (Figure 4-1).
52 McAfee VirusScan TC
Figure 4-1. Scheduler dialog box—Task page
¥
NOTE: There a r e three alternative ways to open the Scheduler.
• Select the Tasks tab at the top of the details pane, on the right
side of the console.
Figure 4-1. Tasks tab sel ected in details pane
Right-click anywhere in th e deta ils pane, and select Schedule Task. This approach is particularlyusefulwhenyouwanttoe di t
an existing task. Tasks are listed here as soon as you create and save them.
• Select Schedule Task from the ePolicy Orchestrator Action
menu.
Updating and MirroringTasks
• Select All Tasks from the ePolicy Orchestrator Action menu. Then selectSchedule Task from the drop-down menu.
3. Select the Task tab to define the activity you ar e configuring.
4. In the Name box, enter a descriptive name for the task that you are
creating. T asks can be saved for repeated u se. The name yo u assign to a particular updat e task might describe the group of computers you are targeting for update, and/or the frequency of the update task.
5. In theSoftwarebox,selectthe software thatyou wanttouseforthetask.
When operating the VirusScan TC software, the only available choice is Installer for Viru sScan TC v6.0.0 for Wi ndows.
6. In the Task Type box, click . From the drop-down menu, select the type of task that you are setting up. Your choices are: VirusScan TC AutoUpdate and Mirror AutoUpdate Site.
7. Click Settings. T he property page for the selected type of task appears (Figure 4-2).
AutoUpdate Mirroring
Figure 4-2. AutoUpdate and Mirroring property pages
8. Click Add
.The Site Options property page opens. By default, FTP site is
selected, and the dialog assumes that login credentials are required (see
Figure 4-3 on page 54.)
Administrator’s Guide 53
Updating and Mirroring Tasks
¥
NOTE: You can designate a maximum of eight sites, each with a unique name. The order in which the sites are listed on the Install Sites and MSI Sites pr operty pages is the order in wh ich the VirusScan TC installer softw are will look for the file.
9. Enter a name for the site that you are defining. This is the name that will appear in the main Update Sites or So urce Sites page seen in Figure 4-2
on page 53,andintheUpdatelog.
10. Verify that Enable Site is selected.
54 McAfee VirusScan TC
Figure4-3. Site Options property page
Updating and MirroringTasks
11. Provide the necessary information to identify the location of the update files. This might be the NAI update FTP site or a site on your network that mirrors the NAI update FTP site.
For an FTP site
a. Enter the name of the FTP server and the directory containing
the file or files. For example, ftp.myserver/install.
b. If theFTPlocation:
– requires login credentials, enter the User Name and
Passwordinformation required for access to the server. Regardless of the number of characters in the password, eight asterisks appear in the password field.
– accepts anonymous logins (like th e NAI FTP site,) select
Use Anonymous FTP Login.Theboxesforlogin credentials are disabled.
c. Enter the path of the file or files. d. If your network requires use of a proxy server, selectUse
Proxy Server. Two previously disabled text boxes are now enabled. Enter the name of the proxy server, and the port it uses.
æ
IMPORTANT:If you are using proxy software, be certainthat you have the most current version, includinganyservicepacks that hav e been released for use w ith the proxy software.
For a UNC shared folder
a. Select the UNC path option. b. Using UNC notation,(\\servername\path), enter the path
of the location where t h e update files are located.On Windows 95 and Windows98 systems,thecurrently logged-inusermust have “read” rights to the shared folder.
c. Fill in the User Name and Password boxes. Regardless of the
number of charactersin the password, eight asterisks appear in the password field.
Administrator’s Guide 55
Updating and Mirroring Tasks
æ
IMPORTANT:Very careful planning is required to assure that
workstations have easy access to the shared folder, using SYSTEMACCOUNT,without compromising overall network security. Achieving this combination requires that you a) designate the shared folder as a N ullSessionShare, and b) take advantage of appropriate Windows securities measure for NTFS systems to protect the NullSessionShare.
a. Designate the shared folder that receives the .ALR files as a
NullSessionShare. This allows the workstations to have easy access to the shared folder without providing login credentials. To do so, create a name for the shared folder, and add the name to the value NullSessionShares located in the follo wing registry key on th e NetShield server where Alert Manager is located:
HKEY_LOCAL_MACHINE
SYSTEM
CurrentControlSet
Services
LanmanServer
Parameters
See your NetShield documentation for more information about configuring Alert Manager.
56 McAfee VirusScan TC
b. Because a NullSessionShare can result in a security vulnerability,
McAfee strongly recommends that you take advantage of all of the following security features available for Windows NTFS systems including:
• granting clients only “read” and “search” privileges to the shared folder.
• granting the server that ho uses the shared folder “write” privileges to the shared folder.
• establishing a quota for the number of messages that the shared fold er can accept.
• using the NTFS auditing feature.
• Forapathonthelocalcomputer
a. Select the UNC path option. b. Enter the path of the local folder in the field labeled En ter a
local path. For example, C:\DATS\
Updating and MirroringTasks
12. When you have finished setting Site Option, click OK.Yourchangesare
saved for deployment,and you are returned to the AutoUpdate property page.
+
WARNING:If you do not click OK, the options that you selected will be ignored.
13. Select the second tab on the dialog box (Figure 4-4).
AutoUpdate Mirroring
Select the Advanced tab. Select the Destination tab.
Figure 4-4. AutoUpdate Advanced property page and Mirroring
Destination property page
14. Make the selections appropriate for each task:
Mirror AutoUpdate Site—Enter the path of the location where the
replicated .DAT files will be placed on the server that will run the mirroringtask. This is the location of the shared folder or FTP site that is accessible by the workstations that will update their .DAT files.The path must correspond to the precise location of the folder as it is displayed in Windows Explorer. Do not use an informal name by which the shared folder is known.
VirusScan TC AutoUpdate—Select on of the following options: – Backup the existing .DAT files . Select this checkbox to
rename existing .DAT files before installing new files. The original files are copied to a directory called DAT_XXXX.SAV.
Update Engine if newer Engine exists. Select this checkbox
to have the utility replace the scanning engine you are currently u sing with a mo re recent one, if one exists.
Administrator’s Guide 57
Updating and Mirroring Tasks
Force-update .DAT files. Select this checkbo x if:
You want to downgradethe current .DAT file to an earlier .DAT file that you h ave preserved. You may want to take this action as a tem porary step if the newer .DAT files are not behaving as e xp ected. Another situation inwhich you may want to select t his option is where you want to includean EXTRA.DAT file witha routineupdate of your virus definition files. See Deploying an EXTRA.DAT file
“With the weekly .DAT update” on page 67.
• The current .DAT file installation on a particular workstation has been corrupted, or rendered in effective because an essential file, such as CLEAN.DAT, has been inadvertently deleted.
Run a Program after a successful update. Select this for the
utility to start another program after it finishes installing new .DAT files.
¥
NOTE: Theexecutableprogramfilethatyouselectmust be located in the same folder as the VirusScan TC executable, a nd should not require a user interface.
17. Select the Log Activity tab (Figure 4-5).
Figure 4-5. Log Activity property page
58 McAfee VirusScan TC
Updating and MirroringTasks
18. Verify that Logtofileis selected.
19. The name of the log files are UPDATE.LOG and MIRROR.LOG.The default path of the logfiles is:
<drive>:\Program Files\McAfee\VirusScan TC\
Here,drive refers to the client disk where the VirusScan TC software is installed .
If you prefer,you can enter a different name or path.
20. By default, the maximum size for the log file is set to 1,024 can en ter any value between 10
ë
TIP: If the data in the log exceeds the file size you set, the oldest 20
KB and 32,767KB.
KB (1MB).You
percentofthe log text is deletedto make room for new information. If you place no size re striction on the log file, you run the risk of it consuming all available space on the drive where it is located.
21. Verify that Enable Verbose is selected if you want the log to rep ort every step in a procedure. A sample of an event recorded in verbose mode is:
Figure 4-6. Verbose log
Figure4-7. Non-verbose log
22. When you have finished setting Log Activity options, click OK.Your changes are saved for deployment, and you are returned to the ePolicy Orchestrator Scheduler dialog box (see Figure 4-8 on page 60).
Administrator’s Guide 59
Updating and Mirroring Tasks
23. ClickApply to save your settings and continueconfiguring the task with schedule settings. If you have finished configuring the task, click OK to save your settings and close the Scheduler dialog box. Your saved settings are transmitted to the ePolicy Orchestrator agents for enforcement the next time that the agents request new policies and tasks from the server. See the ePolicy Orchestrator Administrator’s Guide for information about agent-server communication.
Figure 4-8. ePolicy Orchestrator Agent Options property page

Setting schedule for tasks

Setting basic schedule
After you have set configuration policy for the updating and/or mirroring task, you must set a schedule for the task.
To set a schedule for a task, follow these steps:
1. TheePolicyOrchestratorconsoleshouldbeopen. To schedule a task, select the target in the console tree; verify that the
Tasks tab is selected; right-click the details pane; and select Schedule New Task. Whent he ePolicy Orchestrator Scheduler dialog box appears,
click in the Task Type box to select the task that you want to schedule.
60 McAfee VirusScan TC
Updating and MirroringTasks
For a more complete description of opening the Scheduler and naming a task, see Step 1 on page 52 through Step 4 on page 53.
2. Select the Schedule tab (Figure 4-9).
Figure 4-9. Scheduler dialog box—Scheduler page
3. In the box labe ledSchedule Task, click to select the frequency for t he task. Depending on your selection, the display in the lower portion of the dialog box changes, allowing you to further specify the scheduling details.
•ForDaily, click to specify the number of days that intervene
between r epetitions of t his activity.
•ForWeekly, specify the number of weeks that intervene between
repetitions of the scanning activity. Then specify the d ays of the week on which the task is to run.
•ForMonthly, select either Day or The __ day of the month. –ForDay, use to specify the day of the month on which the
task will run.
–ForThe__dayofthemonth,usethe inbothboxesand
select the monthly pattern that you want to apply to the scanning activity.
Next, click Select Months, and place a checkmark next to every month during which you want to apply the specified pattern.
•ForOnce, use to select a day and date from the drop-down
calendar that appears.
Administrator’s Guide 61
Updating and Mirroring Tasks
•ForAt System Startup, there is nothing more to configure. The task
•ForAt Logon, there is nothing more to configure. The task will run
•IfyouselectWhen Idle, use to specify the number of minutes of
•ForRun Immediately, there is n othing more to configure. The task
4. In the Start Timebox, specify the starting time for the task.
Select the two-digit figure in front of the colon, representing
will run when the system starts.
¥
NOTE: On Windows 95 and Windows 98 systems, the user must be logged-onfor this option to work.
when a user logs on.
idleness that will trigger the task. This option is useful for some kinds of tasks, but is not considered useful for an updatingor mirroring task.
will run when it is received by the c omputers that you selected in the ePolicy Orchestrator console tree.
the hour, then use to select a different hour.
Select the two-digit figure following the colon, representing the
minutes, then use to select a different minute setting on the clock.
Indicate whether the time setting refers toGMT (Greenwich Mean
Time) or Local T ime by selecting one of those options next to the Start Time box.
– GMT is useful if you want the task to run simult aneously in
multiple domains that are in different time zones. Th is is u seful in outbreak situations when you want all of you r ePo licy Orchestrator agents to run the task at exactly the same time.
– Local time is useful when youwant every ePolicy Orchestrator
agent to run the update task at the time specified for its own localtimezone.
5. You can set a pattern for randomizing the time at which the scheduled task is to run. Randomizationmeans that the event may not start at the time s pecified, but rather at a time, randomly selected by the program, within a specified time frame. This is especially useful if you want to control network trafficwhena task, such asAutoUpdate, isscheduledto affect multiple servers. By randomizing the s cheduled time,not all of the servers will attempt to connect simultaneouslyto the serverw here the update files are stored. If you want to employ randomization, follow these s teps:
62 McAfee VirusScan TC
Select Enable randomization.
In the two adj oining boxes, click to enter the time frame,inhours and minutes, wit hin which you want the updating task to start. For example, i f you set the randomization range to 1 hour and 30 minutes, updating may occur at any time during the 1.5 hours preceding or following the time specifie d in the Start at box .
6. Bydefault,Run missed task is se lected. As a result, any scheduled task
that failed to run due to a client computer being of fline at the scheduled time will run the next time the client machine is online.
Setting advanced schedule options
1. If you selected Daily, Weekly , Monthly,orOnce in Step 3 on page 61,
you can define a range of dates during which the task will run, and set a repetition pattern for t he scanning task. To do so, click Advanced.The Advanced Schedule Options dialog box opens (Figure 4-10).
Updating and MirroringTasks
Figure 4-10. Advanced Schedule Options dialog box
2. To specify a range of dates when you w ant the task to run, select End Date. Next,use the in the ad jacent boxes tospecifya starting date and
an end date.
3. If you want the task repeated on a regular basis, select Repeat Task. Next, use the two boxes adjoining the word Every to specify the repetition pattern in hours o r minutes.
Then, select either a specific local time when the task will run, or the number of hours and minutes that the scanning activity will run.
4. When you have finished setting Advanced options, click OK.Thissaves your settings for deployment, and returns you to the Schedule page.
Administrator’s Guide 63
Updating and Mirroring Tasks
Selecting Schedule Settings
After you have setaschedule for a task, and haveclicked OK,youarereturned to the ePolicy Orchestrator Sc hedu ler page to compl ete the Schedule Set tings portion of that dialog box (Figure 4-11).
Figure 4-11. Scheduler dialog box
There are two settings available:
Enable (sched ul ed task runs at specified time). Select this to run the task at the times and under the circumstances that you specified on the Scheduletab.
Stop the task if it runs for __hour (s) __minutes. Selec t this to limit the duration of the scheduledactivity. Use the buttons to specify the maximum number of hours and minutes that the task can run. Use this option with care so that the task does not end before the files have been downloaded.
5. Click Apply to save your settings and continueconfiguring the task with schedule settings. If you have finished configuring the task, click OK to save your settings and close the Scheduler dialog box. Your saved settings are transmitted to the ePolicy Orchestrator agents for enforcement the next time that the agents request new policies and tasks from the server. See the ePolicy Orchestrator Administrator’s Guide for information about agent-server communication.
64 McAfee VirusScan TC

Editing and deleting a task

When y ou have finished defining a task and setting its schedule, the task appears on the Tasks page of the ePolicy Orchestrator details pane.
Figure 4-12. Task List
Right-click a listed task and select an action from the menu t hat appears:
Delete. Select this option to remove the task from the list.
Schedule Task. Select this option t o schedule a n ew task.
Edit Task. Select this option to change the task’s settings.

Dealing with virus outbreaks

The McAfee AVERT research organization publishes new .DAT files when it determines that either of these conditions exists:
Updating and MirroringTasks
• A virus present s a “medium on-watch,” “ high ri sk threat of infection”, or “high risk outbreak“ situation. To learn a bout what constitutes a m edium on-watchor high risk,or to learn about McAfee AVERT risk assessmentin general,visit the AV ERT website at:
http://www.mcafeeb2b.com/asp_set/anti_virus/alerts/ara.asp
• A high-prevalence virus threatens an outbreak situation.
The new .DAT files are designed to detect the infection and, if possible, to clean the file. In the past, the only way to distribute a new ly developed driver between regular .DAT and SuperDAT release, was to distribute an EXTRA.D AT file. For information on distributing EXTRA.DAT files, see
“Deploying an EXTRA. DAT file ,” starting on page 66.
Now, a new method is available for distributing new drivers during an outbreak — by deploying routine .DAT file updates.
Administrator’s Guide 65
Updating and Mirroring Tasks

Deploying routin e .DAT file update s

When an outbreak condition exists, the new drivers are, as u sual, added tothe routine, weekly .DA T files. H owever, instead of waiting until the next weekly distribution day to incorporate the new virus definition, a new incremental .DAT file is created to deal with the new virus, and is included with the .DAT files availablefrom the McAfee FTP site. Thus, by performing a routineupdate at any time, you are assured of received the most current .DAT files, including the m o st current drivers. If variants of the original virus appear, additional incrementals are created, as needed, and added to the downloadable .DAT package. A dministrators can now schedule very frequent updates during an outbreak,even dailyor hourlyupdates,if requiredandfeasible in termsofthe size and topology of the network and its traffic.
This approach requires th at McAfee change the .DAT file naming convention thatcurrentusers already know. Inthepast, each weekly .DAT filereleasewas assigned anumberinseries.Fo r ex ample, if the .DAT set created on June 7 was designed 4.0.4081,you couldexpect the .DAT release of June 14 to be 4.0.4082, and the release of June 21 to be 4.0.4083, and so on.
In an outbreak situation,several releases may occur during a single week. For example, all three .DAT release described above (4.0.4081 through 4.0.4083) might all be released in a single week. In this case, the routine .DAT file released on the next weekly release day will be 4.0.4084.
Although McAfee has not yet discontinued issuing EXTRA .DAT files dur ing outbreaks, for many users, the new approach of simply deploying the standard .DAT file will replace the cu rrent practice of relying on EXTRA.DAT to protect their networks.

Deploying an EXTRA.DAT file

Independently of the weekly .DAT update
The McAfee AVERT research organization sometimes provides EXT R A.DAT files to combat high-risk viruses between regular .DAT and SuperDAT releases. In ordinary circumst ances, McAfee researchers publish these files when they determine that these situations warrant one:
• A virus presents a “medium on-watch, “high” risk threat of infe ction, or “high” risk outbreak situation. To learn about what constitutes a medium on-watchor high risk,or to learn about McAfee AVERT risk assessmentin general,visit the AV ERT website at:
http://www.mcafeeb2b.com/asp_set/anti_virus/alerts/ara.asp
• A high-prevalence virus threatens an outbreak situation.
66 McAfee VirusScan TC
Updating and MirroringTasks
When AVERT publishes an EXTRA.DAT file, they announce its availability and a location where you can download the file. If you subscribe to the Enterprise SecureCastupdateservice, you can receive all such alert messages.
The procedure for deploying EXTRA.DAT independently of the weekly.DAT updates is a six step process:
1. Download EXTRA.DAT from the location designated in the AVERT announcement .
2. Place EXTRA.DAT in the this folder on all client machines:
<drive>:\Program Files\Common F iles\McAfee\VirusScan Engine\4.0.xx\ This is the location that the scanner is programmed to look for EXTRA.DAT
3. Disable the on-access scanner temporarily. To do so:
Select a target Directory in the ePolicy Orchestrator console tree.
Deselect Enable On-Access Scan on the scanner’s detection propertypage (seeFigure3-3onpage 31),andclickApply.Thisnew policy will allow the scanner to stop operating while EXTRA.DAT is installing itself.
4. Perform an agent wakeup call so t hat the agent enforces t he new policy, and the scanner stops. To do so:
Verify that the target Directory is still selected in the Directory.
Right-click and sele ct Agent Wakeup Call.
Configure the agent wakeup call. Se e Agent Wakeup Call in the ePolicy Orchestrator administrator’s guide for detailed information.
5. Re-enable the on-access scanner. To do so, select Enable On-Access Scan on the s canner’s detection property page, and c lick Apply.This re-sets the policy for the scanner.
6. Repeat step4 . This second agent wakeup callenforcesthe new policy and the scanner restarts.
With the weekly .DAT update
You can also add an EXTRA.DAT file to the .ZIP file that contains the weekly updates.When you then run AutoUpdate,EXTRA.DAT is deployed with the other contents of the .ZIP file. Th e following procedure uses the ex ampl e of a weekly update file named DAT-4085. Substitute the number of the .DATs you are currently installing.
Administrator’s Guide 67
Updating and Mirroring Tasks
To deploy EXTRA.DAT with a weekly .DAT file, follow these steps:
1. Select the Advanced tab on the VirusScan TC AutoUpdate property pages. For information on navigating to this tab, see Step 1 through Step
7onpage53,andStep 12 on page 57 through Step 14 on page 57.
2. Select Force-update .DAT files. This will ensure that all .DAT files are included in the update activity.
3. Add EXTRA.DAT to the weekly .ZIP fil e containing the .DATs. To do so:
a. Place DAT-4085.ZIP and EXTRA.DAT in the same folder. b. Create a new archive that contains the two files. To do so, type the
4. Edit the UPDATE.INI file so that the file size a n d Check sum e ntries for the new archive correspond to the actual values that resulted from the addition of the EXTRA.DAT file to the DAT-4085.ZIP file.
¥
following at the command line:
pkzip dat-4085.zip extra.dat.
NOTE: UPDATE.INI is located in the folder on the FTP site where you found DAT-4085.ZIP.
To determine the new file size and Checksum, type the following at the command line:
The outputfrom that command includes the file size and Checksum for the original DAT file plus EXTRA.DAT. The output is:
5. In the UPDATE.INIfile, changethe FileSize and Checksum fields to matchtheinformationintheoutputdescribedinStep2,above.Todoso, use a text editor, open the file UPDATE.INI, and edit it, as follows:
68 McAfee VirusScan TC
validate dat-4085.zip
Validate v3.0.1
(c)1994-1999 Network Associates, Inc. and its Affiliated Companies.
All Rights Reserved.
Directory of C:\BLD\BUILDS\DATS
DAT-4085 ZIP 1707954 04-26-00 4:07a 9120 9B2F dat-4085.zip
1 file(s) were validated
Original text Edited text
[ZIP] EngineVersion=0 DATVersion=4085 FileName=dat-4085.zip FileSize=1707214 Checksum=42BE,D02E
[ZIP] EngineVersion=0 DATVersion=4085 FileName=dat-4085.zip FileSize=1707954 Checksum=9120,9B2F
Updating and MirroringTasks
Administrator’s Guide 69
Updating and Mirroring Tasks
70 McAfee VirusScan TC

ATerm i no logy

This appendix supplements the glossary found in the ePolicy Orchestrator Administrator’s Guide, elaborating on the usage of selected terms.
Deploying refers to sending a software program or utility to the target computers. Deployment does not include installation, although the two processes sometimes overlap. You can deploy installation software, such as the McAfee Installer for VirusScan TC, or anti-virus software packages, suc h as VirusScan TC. Some elements are deployed using “push” technology, while others are deployed using “pu ll” technology.
Installing refers to the process of making the software functional on the target c o mpu ter. It does not include deployment, a lthough the two processes som etimes overlap. You can install installation s oftware, anti-virus software packages, or updating software. I nstalling is sometimes used tomeanonlyplacement of a software packageina target location.
Configuring refers to the options that youchoose to create a policy or task that is customized to meet particular requirements or preferences. You can configure deployment procedures, installation procedures, or software functionality. When you configure the Installer, you are setting
installation policy. When you configure the on-access scanner, you are setting scanning po licy. However, w hen you configure the Au toUpdate
feature, or the site replicat ion feature, you aredefining a scheduled task,not setting a policy. See the comparison of Policy and Task,below.
A
Policy and Task both refer to the way that you specify and configure an activity for the software to carry out. However, the terms refer to different types of activity. A comparison of the two types appears in the following table:
Administrator’s Guide 71
Terminology
Policy Task
Enforced configuration settings for routine software operations that are triggered by users’ actions, such as on-access scanning. This term can refer to a particular rule,suchassetting a policy to scan files only when reading from disk,orto a strategy,suchassetting policy for on-access scanning, which includes policies for detection of viruses; scanner action when it detects a virus; reporting scanner activities; and excluding selected files from scanning activity.
Policies remain in effect until they are modified or reversed.
The ePolicy Orchestraor agentenforces the policy every time it receives new policies and tasks from the server.
Definition
A software operation that is triggered by clock or calendar settings, such as the periodic updatingof virus definition files used by the anti-virus scanner. Tasks are scheduled to occur at a particular time, or at specified intervals.
Duration
Tasks scheduled to occur at a particular time are obsolete after they take place. Tasks scheduled to occur at speci fied intervals remain in effect until they are mo dified or discontinued.
Action
Oncethe ePolicyOrchestrator agentreceivesthe task from the server, it makes the task happen based on the schedule that you set.
Number
One policy per computer for each installed software product. Here, policy refers to a strategy, rather than to the particular rules that comprise the strategy.
Unlimited number of tasks that the installed software products are capable of performing on the basis of a schedule.
Applicability
Applies to Installer and On-Access Scanner. The major tasks in VirusScan TC is the
AutoUpdate feature, with its associated Site Mirroring action.
Security
If the on-access scanner is deleted from a workstation, or its configurationmodified, the scanner will be reinstalled and the pol icy enforced again the next time the agent requests new policies.
The task is not visible at the workstation, so it cannot be deleted.
Disabling
Can be disabled by deselecting Enforce Policies for..., visi ble when a software package is selected on the Policies page of ePolicy Orchestrator details pane (see Figure 2-3 on
page 17.)
Can be disabled by deselectingEnable, visible when the ePolicy Orchestrator Scheduler is open to theTask page(see Figure 4-1 on page 52.)
72 McAfee VirusScan TC
BContact and
support information

Customer service

You may direct all ques tions, comments, or requests concerning the software you purchased, your registration status, or similar issues to the Network Associates Customer Service department at the following address:
Network AssociatesCustomer Service 4099 McEwen, Suite 500 Dallas, Texas 75244 U.S.A.
The department's hours of operation are 8:00 a.m. to 8:00 p.m. Central time, Monday through Friday
Other contact information for corporate-licensed customers: Phone: (972) 308-9960 Fax: (972) 619-7485 (24-hour, Group III fax) E-Mail: services_corporate_division@nai.com Web: http://www.nai.com
B
Other contact information for retail-licensed customers: Phone: (972) 308-9960 Fax: (972) 619-7485 (24-hour, Group III fax) E-Mail: cust_care@nai.com Web: http://www.mcafee.com/

Technical support

McAfee and Network Associates are famous for their dedication to customer satisfaction. The companies have continue d thistradition by making theirsites on the World Wide Web valuable resources for answersto technical support issues. McAfee encourages y ou to make this your first stop for a nswers to frequently asked questions, for updates to McAfee and Network Associates software,andforaccesstonewsandvirusinformation
WorldWideWeb http://www.nai.com/asp_set/services/technical_support
.
/tech_intro.asp
ManualName 73
Contact and support information
If you do not find what you need or do not have web access, try one of our automated services.
Internet techsupport@mcafee.com CompuServe GO NAI America Online keyword MCAFEE
If the a utomated services do not have the answers you need, contact N etwork Associates at one of the following numbers Monday through Friday between 8:00
A.M. and 8:00 P.M. Centraltime to find out aboutNetwork Associates
technical support plans. For corporate-licensed customers:
Phone (972) 308-9960 Fax (972) 619-7845
For retail-licensed customers:
Phone (972) 855-7044 Fax (972) 619-7845
This guide includes a summary of the PrimeSupport plans avail able to McAfee c ustomers. To learn more about plan features and other details, see
“PrimeSupport options” starting on page 80.
To provide the answers you need quickly and efficiently, the Network Associates technical support staff needs some information about your computerand your software. Please include this information in your correspondence:
• Product name and version number
• Computer brand and m odel
• Any additional har dware or peripherals connected to your computer
• Operating syst em type and version numbers
• Network type and version, if applicable
• Contents of your AUTOEXEC.BAT, CONFIG.SYS, and system LOGIN script
• Specific steps to reproduce the problem
74 Product Name
Download support
To get help with navigating or downloadingfilesfrom the Network Associates or McAfee websites or FTP sites, call:
Corporate customers (801) 492-2650 Retail customers (801) 492-2600
Network Associates training
For information about schedulingon-site trainingforany McAfee or Network Associates product, call Network Associates CustomerServiceat: (972) 308-9960.
Comments and feedback
McAfee appr eciates your comments a nd reserves the r ight to use a ny information you supply in any way it believes ap propriate without incurring any obligation whatsoever. Please address your comments about McAfee anti-virus product documentation to: McAfee, 20460 NW Von Neumann, Beaverton, OR 97006-6942, U.S.A. You can also send faxed comments to (503) 466-9671 or e-mail to tvd_documentation@nai.com.
Contact and support information
Reporting new items for anti-virus data fil e update s
McAfee anti-virus software offers y ou the best available d etection and removal capabilities, including advanced heuristic scanning that can detect new and unnamed viruses as they emerge. Occasionally, however, anentirely new t ype of virus that is not a variation on an older type can appear on your system and escape detection.
ManualName 75
Contact and support information
Because Mc Afee researchers are committed to providing you with effective andup-to-date toolsyou can use toprotectyour system,please tellthem about any new Java classes, ActiveX controls, dangerous websites, or viruses that yoursoftwaredoes not now detect. Note that McAfee reservesthe right to use any information you supply as it deems appropriate, without incurring any obligations whatsoever. Send your questions or virus samples to:
virus_research@nai.com Use this address to send questions or
vsample@nai.com Usethis address to send questions or
To report items to the McAfee European o r South Africa research office, use these e-mail addresses:
virus_research_europe@nai.com Use this address to s end questions or
virus_research_sa@nai.com Use this address to send questions or
virus samples to our North America and South America offices
virus samples gathered with Dr Solomon’s Anti-Virus Toolkit* software to our offices in the United Kingdom
virus samples to our offices in Western Europe
virus samples to our South Africa offices
76 Product Name
virus_research_de@nai.com Use this address to send questions or
virus samples gathered with Dr Solomon’s Anti-Virus Toolkit software to our offices in Germany
To report items to the McAfee Asia-Pacific research office, or the office in Japan, use one of these e-mail addresses:
virus_research_japan@nai.com Use this address to send questions or
virus samples to our offices in Japan and East Asia
virus_research_apac@nai.com U se this address to send questions or
virussamples to our offices in Australia and Southeast Asia

International contact information

To contact Network Associates outside the United States, use the addresses, phone numbers and fax numbers below.
Contact and support information
Network Associates Australia
Level 1, 500 Pacific Highway St. Leonards, NSW Sydney, Australia 2065 Phone: 61-2-8425-4200 Fax: 61-2-9439-5166
Network Associates Belgique
BDC Heyzel Esplanade, boîte 43 1020 Bruxelles Belgique
Phone: 0032-2 478.10.29 Fax: 0032-2 478.66.21
Network Associates Canada
139 Main Street, Suite 201 Unionville, Ontario Canada L3R 2G6 Phone: (905) 479-4189 Fax: (905) 479-4540
Network Associates Austria
Pulvermuehlstrasse 17 Linz, Austria Postal Code A-4040 Phone: 43-732-757-244 Fax: 43-732-757-244-20
Network Associates do Brasil
Rua GeraldoFlausino Gomez 78 Cj. - 51 Brooklin Novo - São Paulo SP - 04575-060 - Brasil
Phone: (55 11) 5505 1009 Fax: (55 11) 5505 1006
Network Associates People’s Republic of China
Room 913, Tower B Full Link Plaza No. 18 Chao Yang Men Wai Avenue Beijing People’s Republic of China 100020 Phone: 86-10-6538-3399 Fax: 86-10-6588-5601
Network Associates Denmark
Lautruphoej 1-3 2750 Ballerup Danmark Phone: 45 70 277 277 Fax: 45 44 209 910
NA Network Associates Oy
Mikonkatu9,5.krs. 00100 Helsinki Finland Phone: 358 9 5270 70 Fax: 358 9 5270 7100
ManualName 77
Contact and support information
Network Associates France S.A.
50 Rue de Londres 75008 Paris France Phone: 33 1 44 908 737 Fax: 33 1 45 227 554
Network Associates Hong Kong
14th Floor, Plaza 2000 2-4 Russell Way Causeway Bay, Hong Kong Phone: 852-2892-9500 Fax: 852-2832-9530
Network Associates Japan, Inc.
Shibuya Mark City West 20F 1-12-1 Dougenzaka, Shibuya-ku
Tokyo 150-0043, Japan Phone: 81 3 5428 1100 Fax: 81 3 5428 1480
Network Associates Deutschland GmbH
Ohmstraße 1 D-85716 Unterschleißheim Deutschland Phone: 49 (0)89/3707-0 Fax: 49 (0)89/3707-1199
Network Associates Srl
Centro Direzionale Summit Palazzo D/1 Via Brescia, 28 20063 - Cernusco sul Naviglio (MI) Italy Phone: 39 02 92 65 01 Fax: 39 02 92 14 16 44
Network Associates Latin America
1200 S. Pine Island Road, Suite 375 Plantation, Florida 33324 United States Phone: (954) 452-1731 Fax: (954) 236-8031
78 Product Name
Network Associates de Mexico
Andres Bello No. 10, 4 Piso 4th Floor Col. Polanco Mexico City, Mexico D.F. 11560 Phone: (525) 282-9180 Fax: (525) 282-9183
Network Associates International B.V.
Gatwickstraat 25 1043 GL Amsterdam The Netherlands Phone: 31 20 586 6100 Fax: 31 20 586 6101
Contact and support information
Network Associates Portugal
Av. da Liberdade, 114 1269-046 Lisboa Portugal Phone: 351 1 340 4543 Fax: 351 1 340 4575
Network Associates South East Asia
78 Shenton Way #29-02 Singapore 079120 Phone: 65-222-7555 Fax: 65-220-7255
Network Associates Sweden
Datavägen 3A Box 596 S-175 26 Järfälla Sweden Phone: 46 (0) 8 580 88 400 Fax: 46 (0) 8 580 88 405
Net Tools Network Associates South Af rica
Hawthorne House St. Andrews Business Park Meadowbrook Lane Bryanston, Johannesburg South Africa 2021 Phone: 27 11 700-8200 Fax: 27 11 706-1569
Network Associates Spain
a
Orense 4, 4
Planta. Edificio Trieste 28020 Madrid, Spain Phone: 34 9141 88 500 Fax: 34 9155 61 404
Network Associates AG
Baeulerwisenstrasse 3 8152 Glattbrugg Switzerland Phone: 0041 1 808 99 66 Fax: 0041 1 808 99 77
Network Associates Taiwan
Suite 6, 11F, No. 188, Sec. 5 NanKingE.Rd. Taipei, Taiwan, Republic of China Phone: 886-2-27-474-8800 Fax: 886-2-27-635-5864
Network Associates International Ltd.
227 Bath Road Slough, Berkshire SL1 5PP United Kingdom Phone: 44 (0)1753 217 500 Fax: 44 (0)1753 217 520
ManualName 79
Contact and support information

PrimeSupport options

Adding value to your McAfee produ ct
Choosing McAfee anti-virus, Sniffer Technologies network mana gement, and PGP s ecurity software helps to ensure that the critical technology you rely on functions smoothly and effectively. Taking advantage of a Network Associates support plan extends the protectionyou get from your softwareby giving you access to the expertise you need to install, monitor, maintain and upgrade your system with the latest Network Associates technology. With a support plan tailored to your needs, you can keep your system or your network wor king dependably in your computing environment for mo nths or yearstocome.
Network Associates support plans come under two general headings. If you areacorporate customer,you canchoosefrom fourlevelsof extendedsupport under the Network Associates Corporate PrimeSupport* program. If you are a home user, you can choose a plan gearedtoward your needs from the Home User PrimeSupport program.
PrimeSuppo rt options for corporate customers
The Corporate PrimeSupport program o ffers these four support plans:
• PrimeSupport KnowledgeCenter plan
• PrimeSupport Connect plan
• PrimeSupport Priority plan
• PrimeSupport Enterprise plan Each plan has a range of fea tures that provide you with cost-effective and
timely suppo rt geared to m eet your needs. The following sections describe each plan in detail.
The PrimeSupport KnowledgeCenter plan
The PrimeSupport KnowledgeCenter plan gives you access to an extensive array of technical support information via a Network Asso cia tes online knowledgebase, anddownloadaccess toproductupgradesfromthe Network
Associates website.If you purchasedyour Network Associates productwitha
subscription license, you receive the PrimeSupport KnowledgeCenter plan as part of the package, for the length of your subscription term.
If you purchased a perpetual license for your Network Associates product, you c an purchase a PrimeSupport KnowledgeCenter plan for an annual fee.
80 Product Name
To receive your KnowledgeCenter password or to register your PrimeSupport agreement with Network Associates, visit:
http://www.nai.com/asp_set/support/introduction/default.asp
Your c ompl eted form will go to the Network Associates Customer Service Center.You must submit this form before you connect to the PrimeSupport KnowledgeCenter site.
With the PrimeSupport KnowledgeCenter plan, you get:
• Unrestricted, 24-hour-per-day online access to technical solutions from a searchable knowledge base within the Network Associates website
• Electronic incident and query submission
• Technical documents, including user’s guides, FAQ lists, and release n otes
• Online data file updates a nd product upgrades
The PrimeSupport Connect plan
The Pr imeSupport Connect plan gives you telephone access to essential product assistance from experienced technical support staff members. With this plan, you get:
Contact and support information
• InN orth America, unlimited toll-free telephone access to technical support from Monday through Friday, 8: 00 a.m. to 8:00 p.m . Central Time
• In Europe, the Middle East, and Africa, unlimited telephone access to technicalsupport,atstandard long-distance orinternationalrates,Monday through Friday, from 9:00 a.m. to 6:00 p.m. local time
• In the Asia-Pacific region, unlimited toll-free, telephone access to technical support,Monday through Friday, from 8:00 a.m. to 6:00 p.m. AEST
• In Latin America, unlimited telephone access to t echnical support, at standard long-distance or international rates, Monda y through Friday, from 9:00 a.m. to 5:00 p.m. Central Time
• Unrestricted, 24-hour-per-day online access to technical solutions from a searchable knowledge base within the Network Associates website
• Electronic incident and query submission
• Technical documents, including user’s guides, FAQ lists, and release n otes
• Data file updates and product upgrades via the Network Associates
website
ManualName 81
Contact and support information
The PrimeSupport Priority plan
ThePrimeSupportPriorityplangivesyouround-the-clocktelephone access to essential product assistance from experienced NetworkAssociates technical support staff members. You can purchase the Pr imeSupport Priority plan on an annual basis when you purchase a Network Associates product , eitherwith a subscription license or a one-year license.
The Pr imeSupport Priority plan has these features:
• InN orth America, unlimited toll-free telephone access to technical support from Monday through Friday, 8: 00 a.m. to 8:00 p.m . Central Time
• In Europe, the Middle East, and Africa, unlimited telephone access to technicalsupport,atstandard long-distance orinternationalrates,Monday through Friday, from 9:00 a.m. to 6:00 p.m. local time
• In the Asia-Pacific region, unlimited toll-free, telephone access to technical support, Monday through Friday,from 8:00 a.m. to 6:00 p.m. AEST
• In Latin America, unlimited telephone access to t echnical support, at standard long-distance or international rates, Monda y through Friday, from 9:00 a.m. to 5:00 p.m. Central Time
• Priorityaccess to tech nical support staff m em bers during regular business hours
• Responses within one hour for urgent iss ues that happen outside regular business ho urs, including those that happen during w eekend s and local holidays
• Unrestricted, 24-hour-per-day online access to technical solutions from a searchable knowledge base within the Network Associates website
• Electronic incident and query submission
• Technical documents, including user’s guides, FAQ lists, and release n otes
• Data file updates and product upgrades via the Network Associates
website
The PrimeSupport Enterprise plan
The Pr im eSupport Enterprise plan gives you round-the-clock, per sonalized, proactive support from an assigned technical s upport engineer. You’ll enjoy a relationship with a support professional who is familiar with y our Network Associates product deployment and support history,and who will call you at an interval you designate to verify that you have the knowledge you need to use and maintain Network Associates products.
82 Product Name
Contact and support information
By calling in advance, your PrimeSupport Enterprise representative can help to prevent problems before they occur. If, however, an emergency arises, the PrimeSupport Enterprise plan givesyou a committed response time that assures you that help i s on the way. You may purchase the PrimeSupport Enterprise plan on an annual basis when you purchase a Network Associates product, either with a subscription license or a one-year license.
With the PrimeSupport Enterprise plan, you get:
• Unlimited, toll-free telephone access to an assigned technical s upport engineer on a 24-hour-per-day, seven-day-per-week basis, including during w eekends and local holidays.
¥
NOTE: The availability of toll-free telephone support varies by regionandi s not available in somepartsof Europe, the Middle East, Africa,and Latin America.
• Proactive support contacts from your as signed support engineer via telephone or e-mail, at intervals you designate
• Committed response times from your support engineer, who will respond to pages within half an hour, to voice mail within one hour, and to e-mail within fo ur hours
• Assignable customer contacts,which allow you todesignate five people in your organization who your s u pport engineer can contact in your abs ence
• Optional beta site status, which gives you access to the absolute latest Network Associates products and technology
• Unrestricted, 24-hour-per-day online access to technical solutions from a searchable knowledge base within the Network Associates website
• Electronic incident and query submission
• Technical documents, including user’s guides, FAQ lists, and release n otes
• Online data file updates a nd product upgrades
Ordering a corporate PrimeSuppor t plan
To order any PrimeSupport plan, contact your sales r epresentative, or
• In North America,call Network Associates at (972) 308-9960,Monday through Friday from 8:00 a.m. to 7:00 p.m. Central Time. Press 3 on your telephone keypad for sales assistance.
• In Europe, the Middle E ast, and Africa, c ontact your local Network Associates office. Contact information appears near the front of this guide.
ManualName 83
Contact and support information
Table B-1. Corporate PrimeSupport Plans at a Glance
Plan Feature
Technical support via website
Software updates
Technical support via telephone
Priority call handling
After-hours support
Knowledge Center Connect Priority Enterprise
Yes Yes Yes Yes
Yes Yes Yes Yes
Monday–Friday
North America: 8 a.m.–8 p.m. CT
Europe, Middle East, Africa: 9am-6pm local time
Asia-Pacific: 8 a.m .-6 p.m. AEST
Latin America: 9 a.m.-5 p.m. CT
—— Yes Yes
—— Yes Yes
Monday–Friday,after hours emergency access
North America: 8 a.m.–8 p.m. CT
Europe, Middle East, Africa: 9am-6pm local time
Asia-Pacific: 8 a.m.-6 p.m. AEST
Latin America: 9 a.m.-5 p.m. CT
Monday–Friday,af ter hours emergency access
North America: 8a.m.–8p.m.CT
Europe, Middle East, Africa: 9am-6pm local time
Asia-Pacific: 8 am-6 p.m. AEST
Latin America: 9a.m.-5p.m.CT
Assigned support engineer
Proactive support
Designated contacts
Response charter
84 Product Name
—— Yes
—— Yes
—— Atleast5
E-mail within one business day
Calls answered in 3 minutes, response in one business day
Within 1 hour for urgent issues af ter business hours
After hourspager:30 minutes
Voicemail: 1 hour E-mail: 4 hours
The Pr imeSupport options described in the r est of this chapter are available only in North America. To find out more about PrimeSupport, Training and Consultancy options available outside North America, contact your regio nal sales office. Contact information appears near the front of this g uide.<
Contact and support information

Network Associates consulting and training

The Network Associates Total Ser vice Solutions program provides you with expert consulting and comprehensive education t hat can help you maximize the security and performance of your network investments. The Total Service Solutions program includes the Network AssociatesProfessional C onsulting arm and the Total Education Services program.
Professional Services
Network Associates Professional Services i s ready to assist you during all stages of yo ur network gro wt h, from planning and design, through implementation, and with ongoing management. Network Associates consultants provide an expert’s independent per spective that you can use as a supplemental resource to resolve your problems. You’ll get help integrating Network Associates products into your environment, along with troubleshooting assistance or help in establi shing baselines for network performance. NetworkAssociates consultants also developand deliver custom solutions to help accomplish your project goals—from lengthy, large-scale implem entations to b rief problem-solving assignments.
Jumpstar t Services
For focused helpwith specific problem resolution or software implementation issues, Network Associates offers a Jumpstart Service that gives you the tools you need to manage your environment. This service can include these elements:
Installation and optimization. This service brings a Network Associates consultant onsite to install, configure, and optimize your new Network Associates product and give basic operational product knowledgeto your team.
Selfstart knowledge. Thisservice brings a NetworkAssociates consultant onsite to help prepare yo u to perform your new product implementation on your own and, in some cases,to install the product.
Proposal D ev elopme nt. This service helps you to evaluate which processes,pr ocedures, hardware and softwareyouneedbefore you roll out or upgrade Network Associates products, after which a Netwo rk Associates consultant prepares a custom proposal for your environment.
ManualName 85
Contact and support information
Network consulting
Network Associates consultants provide expertise in protocol analysis and offer a vendor-independent perspective to recommend unbiased solutions for troubleshooting and optimizing your network. Consultants can also bring their broad understanding o f network management bes t practices and industry relationships to speed problem escalation and resolution through vendor support.
You canordera custom consultation to helpyouplan, design,implement,and manage your network,which can enable you to assess the impactofrolling out new applications, network operating systems, or internetworking devices.
To learn more about the options available:
• Contact your regional sales representative.
• In North America, call Network Associates at (972) 308-9960,Monday through Friday from 8:00 a.m. to 7:00 p.m. Central Time.
• Visit the Network Associates website at:
http://www.nai.com/asp_set/services/introduction/default.asp
Total Education Services
Network Associates Total Education Services builds and enhances the skills of all network professionals through practical, hands-on instruction. The Total Education Services technology curriculum focuses on network fault and performance management and teaches problem-solving at alllevels. Network Associates also offers modular product trainingso that you understand the features and functionality of your new software.
You can enroll in Total Education Services courses year-round at Network Associates educational centers, or you can learn from customized courses conducted at your location. All courses follow educational steps along a learning path that ta kes you to the highest levels of expertise. Network Associates is a founding member of the Certified Network Expert (CNX) consortium. To learn more aboutthese programs:
• Contact your regional sales representative.
• Call Network Associates Total Education Services at (800) 395-3151 Ext. 2670 (for private course scheduling) or (888) 624-8724 (for public course scheduling).
• Visit the Network Associates website at:
http://www.nai.com/asp_set/services/educational_services/education_intro.asp
86 Product Name

Index

A
access, deny to infected files, 37 to 39 action
setting policy for scanner status of files after scanning
, 36 to 39
, 38 to 39
See also
clean infected files delete infected files deny access to infected files move in fected files
Action tab
, 36 to 39
advanced options
AutoUpdate
schedule Advanced tab Agent Wakeup Call Alert Manager alerts, destinationfolder .ALR file
, 42
archive file types
, 57 to 58
, 63
, 57 to 58
, 67
, 42, 56
, 42
, 35
AutoUpdate
compared to mirroring
configuring
, 51 to 60
advanced options schedule update sites
, 60 to 64
, 53 to 57
, 49 to 51
, 57 to 58
C
centralized alerting, 42 clean infected files Complete Installation
, 37 to 39
, 7, 11 to 12
compared to Optimized
Installation
, 6 to 7
configuring
AutoUpdate
advanced options logging activity scheduling site options update sites
defined
, 71
, 57 to 58
, 58 to 59
, 60 to 64
, 54 to 57
, 53 to 57
installer
install sites logging activity MSI sites site options
, 19 to 22
, 23 to 25
, 19 to 22
, 21 to 22
mirroring
destination logging activity source sites
, 57 to 58
, 58 to 59
, 53 to 57
on-access scanner
action options detection options exclusion options report options reporting activity
, 36 to 39
, 32 to 35
, 43 to 46
, 39 to 43
, 39 to 43
configuring VirusScan TC software
AutoUpdate and Mirroring Installer On-Access Scanner overview
, 17 to 27
, 29 to 47
, 10
, 49 to 69
Administrator’s Guide 87
contacting
consulting and training services customer service international offic es PrimeSupport reporting n ew viruses technical support
customer service
, 73
, 77 to 79
, 83 to 84
, 75 to 76
, 73 to 75
, 73
D
.DAT file
for
, 49
, 66 to 69
, 49
, 51
, 50
, 66
, 49
, 49
, 57
, 49
, 49
, 37 to 39
, 37 to 39
, 71
, 66 to 69
, 25 to 27
, 46 to 47
contents deploying during an outbreak deploying EXTRA.DAT downgrade to earlier version incremental located on mirror site mirrored from FTP site naming convention need to update Network Associates download site
option to backup the existing option to force update of reporting n ew items for update SuperDAT updated using AutoUpd ate
ZIP file delete infected files deny access to infected files deploying
defined
EXTRA.DAT file
installation policy
scanning policy
, 65
, 58
, 57
, 51
, 85 to 86
, 76
Destination tab destination, for mirror update site Detection tab detection, setting policy for virus
, 57 to 58
, 57 to 58
, 32 to 35
, 32 to 35
E
educational services, description of , 86 engine
, 5, 7, 10, 29, 33, 49, 51
updating
, 57
exclusion options
add files, folder or volumes configuring
, 43 to 46
include subfolders
setting policy Exclusion tab extensions
, 33 to 35
, 43 to 46
, 43 to 46
, 45
, 44 to 45
EXTRA.DAT, deploying during a virus
outbreak
, 66 to 69
F
file
extensions
, 33, 35
size depending on installation
scenario
types foreign offices, contact information
, 6 to 7, 9
, 33 to 34
, 77 to 79
FTP
Network Associates site for .DAT
updates
, 49
using for source location
for MSI files for VSCANTC.MCS
, 18, 21
, 18, 21
H
heuristic scanning, 35
88 McAfee VirusScan TC
I
infected files, status of after
scanning inheritance Install Sites tab Installation
Complete Optimized
installation
deploying policy INSTMSI.EXE and INSTMSIW.E XE log, setting policy for MSI files non-verbose logging of activities setting policy for
verbose logging of activities installing, defined INSTMSI.EXE and INSTMSIW.E XE
defined
installing
placing where Installer can fin d
use in Complete Installation
use in Optimized Installation
, 38 to 39
, 32
, 19 to 22
, 7, 11 to 12
, 8 to 9, 14 to 27
, 25 to 27
, 23 to 24
, 17
, 17 to 24
, 24
, 71
, 17
, 17
, 12
, 17 to 20
, 17
, 24
, 17 to 20
updating and mirroring mirroring activities scanning activities
, 39 to 43
, 58 to 59
, 59
updating and mirroring activities,
non-verbose
, 59
logging, setting policy for scanning
activities
, 39 to 43
LWISETUP.EXE, use in Complete
Installation
, 12
M
macro viruses, 35 .MCS file, VSCANTC.MCS message, to user when v ir us is found mirroring
, 49 to 60
compared to AutoUpdate configuring
destination
source sites
missed task move infected files
, 51 to 60
, 57 to 58
, 53 to 57
, 63
, 37 to 39
MSI files. See INSTMSI.EXE and
INSTMSIW. EXE
MSI Sites tab
, 19 to 22
, 19
, 49 to 51
, 37
L
Log Activity tab
for A ut oUpdate and Mirroring for Installer
logging
AutoUpdateactivities installation activities, verbose installer activities limiting size of log file
installation on-access scanner
, 23 to 24
, 23 to 25
, 24
, 58 to 59
, 41
, 58 to 59
, 24
N
.NAP files, placing in repository, 15 to 17 new viruses, reporting to McAfee non-verbose logging
installation activitie s
, 24
updating and mirroring activities
notify user when virus is found null session share
as destination for Centralized
Alerting
, 42
as source of update files
Administrator’s Guide 89
, 75
, 59
, 37
, 56
O
on-accessscanner
configuring defined file types scanned overview
Optimized Installation
compared to Complete Insta llation
, 30 to 46
, 29
, 33 to 34
, 29
, 8 to 9, 14 to 27
, 6
outbreak
dealing with high-prevalence virus threat using EXTRA.DAT to control
, 65 to 69
, 66
, 49,
66 to 69
using GreenwichMean Time to
synchronize d efense
, 62
P
packages, deployment and installation, 6 to 7 ping. See Agent Wakeup call Policies tab
, 30
, 67
policy
compared to task
, 71 to 72
setting for
file that installs VirusScan
TC
, 18 to 22
installation log scanner actions scanner exclusions scanner reporting virus detection VSCANTC.MCS
PrimeSupport
, 80 to 84
, 23 to 24
, 36 to 39
, 43 to 46
, 39 to 43
, 32 to 35
, 18 to 22
R
randomization, starting time of scheduled
task
, 62
recycle bin, excluding contents from
scanning
removing the VirusScan TC program
, 43
, 27
replication, See mirroring report options
configuring enable centralized alerting log to file
Report tab
, 40 to 43
, 42
, 41
, 39 to 43
reporting
AutoUpdateactivities installer activities mirroring activities scanning activities
, 58 to 59
, 23 to 25
, 58 to 59
, 39 to 43
setting policy for scanning
activities
viruses not detected to McAfee
, 39 to 43
, 75
repository
placing .NAP file in software
, 30
, 15 to 17
response to virus detection, setting policy
, 36 to 37
for
Run Immediate l y, scheduled task
, 62
S
scanner action
outcome setting policy for
schedule
tab on Scheduler dialog box
Schedule tab SETUP.EXE
use in Complete Installation
SETUP.EXE, use in Co m plete Installation
, 38 to 39
, 36 to 39
, 53, 61 to 63
, 61
, 12
, 12
90 McAfee VirusScan TC
site options
AutoUpdate installer
, 54 to 57
, 21 to 22
Site Options page
for A ut oUpdate and Mirroring for Installer
, 20 to 22
, 53 to 57
site replication, See mirroring software repository
placing .NAP file in
, 30
, 15 to 17
source sites
configuring
, 53 to 57
support
download PrimeSupport technical training and consultation
, 75
, 80 to 84
, 73 to 74
, 85 to 86
T
task
compared to policy editing and deleting mirroring missed
, 49 to 60
, 63
Run Immediately setting schedulefor tab o n Scheduler dialog box
updating Task tab Tasks tab
, 49 to 60
, 52, 59, 64
, 52
technical support training for Network Associates products
, 71 to 72
, 65
, 62
, 60 to 64
, 52 to 53
, 73 to 74
for M SI files for VSCANTC.MCS
, 18, 21
, 18, 21
uninstalling the VirusScan TC program UniversalNaming Convention. SeeUNC update Sites
configuring
updating
, 53 to 57
, 49 to 60
updating and mirroring
non-verbose logging of activities
V
verbose logging
virus
VSCANTC.MCS
, 75
VSHLOG.TXT
installation activitie s updating and mirroring activities
actions when found detection, setting policy for outbreak
dealing with high-prevalen ce viru s threat using EXTRA.DAT t o control
66 to 69
using Greenwich Mean Time to
synchronize defense
reporting new strain to McA fee
defined
, 17
placing where Installer can find setting policy for use in Complete Installation use in Optimized Installation
, 39
, 24
, 37 to 39
, 66 to 69
, 19 to 22
, 27
, 59
, 59
, 32 to 35
, 66
, 49,
, 62
, 75
, 17 to 20
, 12
, 17 to 20
U
UNC, using for shared folder
for Aut oUpdate
, 55
W
wakeup call, 67
Administrator’s Guide 91
Loading...