Sophos Anti-Virus 5 User Manual
User manual
Sophos Anti-Virus 5.0 for Windows 2000/XP/2003
Document version 1.0
Sophos Anti-Virus for Windows 2000/XP/2003
About this manual
This user manual explains how to use Sophos Anti-Virus for
Windows 2000/XP/2003, and how to configure
• virus scanning
• virus alerts
• disinfection
• logging
• updating.
The manual also provides help in resolving common problems.
Sophos Anti−Virus for Windows 2000/XP/2003
Contents
About Sophos Anti−Virus.....................................................................................1
What is Sophos Anti−Virus?.........................................................................1
Sophos Anti−Virus window...........................................................................1
Sophos Anti−Virus system tray icon.............................................................3
What is on−access scanning?......................................................................3
What is an on−demand scan?......................................................................3
What is a right−click scan?...........................................................................4
Checking the computer is protected...................................................................5
Checking protection is on..............................................................................5
Turning protection on or off for the computer................................................5
Scanning items on demand..................................................................................7
What is an on−demand scan?......................................................................7
Scanning local disks.....................................................................................7
Setting up a scan..........................................................................................8
Scheduling a scan.........................................................................................9
Running a scan...........................................................................................10
Editing a scan.............................................................................................11
Scanning a single item.......................................................................................14
Scanning a single item................................................................................14
Restricting access rights....................................................................................15
Types of user..............................................................................................15
Changing membership of Sophos user groups...........................................16
Changing settings for multiple users................................................................17
Changing settings for all computers............................................................17
Changing settings for all users on the computer.........................................17
Configuring scanning.........................................................................................18
Changing types of file scanned...................................................................18
Excluding items from scanning...................................................................20
Changing when on−access scanning occurs..............................................23
Scanning inside archive files.......................................................................24
Scanning Macintosh files............................................................................27
Scanning all files.........................................................................................30
Configuring alerts...............................................................................................35
Desktop messaging....................................................................................35
Email alerting..............................................................................................36
Event logging..............................................................................................38
SNMP messaging.......................................................................................40
Sophos Anti−Virus for Windows 2000/XP/2003
Logging................................................................................................................42
Viewing the log for this computer................................................................42
Configuring the log for this computer..........................................................42
Viewing the log for an on−demand scan.....................................................43
Updating...............................................................................................................45
Updating immediately.................................................................................45
Setting up automatic updating....................................................................45
Setting a source for updates.......................................................................47
Setting an alternative source for updates...................................................48
Scheduling updates....................................................................................49
Updating via a proxy server........................................................................50
Limiting the bandwidth used.......................................................................51
Logging updates.........................................................................................52
Disinfection..........................................................................................................54
What is disinfection?...................................................................................54
Getting disinfection information...................................................................54
Setting up automatic disinfection................................................................55
Disinfecting on demand..............................................................................57
Disinfecting with a right−click scan.............................................................58
Recovering from virus side−effects.............................................................59
Managing quarantine items................................................................................60
What is Quarantine manager?....................................................................60
Dealing with viruses in quarantine..............................................................60
Configuring user rights for Quarantine manager.........................................62
Troubleshooting..................................................................................................64
System tray icon has a white cross.............................................................64
System tray icon is greyed out....................................................................65
Virus not disinfected....................................................................................65
Virus fragment reported..............................................................................66
Unable to access disk with infected boot sector.........................................66
Unable to access areas of Sophos Anti−Virus............................................67
Getting further help.....................................................................................67
About Sophos Anti−Virus
This section includes the following.
What is Sophos Anti−Virus?•
Sophos Anti−Virus window•
Sophos Anti−Virus system tray icon•
What is on−access scanning?•
What is an on−demand scan?•
What is a right−click scan?•
What is Sophos Anti−Virus?
Sophos Anti−Virus is software that detects viruses, worms and Trojans on your
computer or network. It can also disinfect infected items. In particular, it can
check each file you access for viruses•
scan your computer or network for viruses•
eliminate viruses•
alert you when it finds a virus•
keep a log of its activity•
be updated to detect the latest viruses.•
Sophos Anti−Virus can be used in two ways:
via the Sophos Anti−Virus window•
via the Sophos Anti−Virus system tray icon.•
Sophos Anti−Virus can perform three types of scanning:
on−access•
on−demand•
right−click.•
Sophos Anti−Virus window
To open the Sophos Anti−Virus window, right−click the Sophos Anti−Virus
system tray icon to display a menu.
Select Open Sophos Anti−Virus. The components of the window are described
below.
1
Sophos Anti−Virus for Windows 2000/XP/2003 About Sophos Anti−Virus
Toolbar
This contains buttons for getting help and navigating between the pages in the
right−hand pane of the Sophos Anti−Virus window.
Status
This contains the status of on−access scanning, the number of items in
Quarantine, the last time Sophos Anti−Virus was updated and the product version
number.
Help and information
This enables you to contact Sophos technical support, and access help with
Sophos Anti−Virus and information on viruses. To see more detailed information
about your version of Sophos Anti−Virus and your computer, click View product
information.
Activity summary
This appears when you run a scan, and contains information about any viruses
found.
2
Sophos Anti−Virus for Windows 2000/XP/2003 About Sophos Anti−Virus
Home page
This is displayed in the right−hand pane when you open the Sophos Anti−Virus
window. It includes the task list and the Available scans list. As you use the
Sophos Anti−Virus window, the content of the right−hand pane may change.
You can return to the home page by clicking the Home button.
The task list is displayed at the top of the home page. It enables you to scan local
disks, set up scans, manage infected items and configure Sophos Anti−Virus.
The Available scans list lists the scans that have been set up. From here, you
can run, edit or delete each scan, and view a summary of what happened the last
time the scan was run.
Sophos Anti−Virus system tray icon
The Sophos Anti−Virus system tray icon is always displayed, even if the Sophos
Anti−Virus window is closed. The appearance of the icon changes depending on
whether on−access scanning is active, whether Sophos Anti−Virus is updating
and whether Sophos Anti−Virus updated successfully last time.
If you pass the mouse over the icon, the tool tip displays the last time Sophos
Anti−Virus was updated.
If you right−click the icon, a menu is displayed. From here, you can
update Sophos Anti−Virus•
configure updating•
check the progress of an update•
open the Sophos Anti−Virus window.•
What is on−access scanning?
On−access scanning intercepts files as they are accessed, and grants
access to only those that are virus free.
What is an on−demand scan?
An on−demand scan is a virus scan of the computer, or parts of the
computer, that you can run immediately or schedule to run at another time.
3
Sophos Anti−Virus for Windows 2000/XP/2003 About Sophos Anti−Virus
What is a right−click scan?
A right−click scan is a virus scan of selected item(s) in Windows Explorer,
that you can run by right−clicking the selection to display a menu, and
selecting Scan with Sophos Anti−Virus.
4
Checking the computer is protected
This section includes the following.
Checking protection is on•
Turning protection on or off for the computer•
Checking protection is on
The computer is protected by on−access scanning.
On−access scanning intercepts files as they are accessed, and grants
access to only those that are virus free.
When on−access scanning is active, a blue shield is displayed in the system tray.
When on−access scanning is inactive, the shield is grey.
The status of on−access scanning is also indicated in the Sophos
Anti−Virus window under Status.
If your computer is on a network, on−access scanning has probably already been
configured. However, if you want to change the settings, refer to Configuring
scanning.
Turning protection on or off for the computer
If you turn protection off, Sophos Anti−Virus does not scan files that you
access for viruses.
In the home page of the Sophos Anti−Virus window, click Configure
1.
Sophos Anti−Virus.
Click On−access scanning.2.
In the On−access scan settings for this computer dialog box, click the
3.
Scanning tab.
To turn on−access scanning on for the computer, select Enable
on−access scanning for this computer, and click OK. The Sophos
Anti−Virus system tray icon turns blue.
To turn on−access scanning off for the computer, deselect Enable
on−access scanning for this computer, and click OK. The Sophos
5
Sophos Anti−Virus for Windows 2000/XP/2003 Checking the computer is protected
Anti−Virus system tray icon turns grey.
In the Sophos Anti−Virus window, the Status menu is updated.
Sophos Anti−Virus retains the settings you make here, even after you reboot
the computer. If you have turned on−access scanning off, it remains inactive
until you turn it on again.
6
Scanning items on demand
This section includes the following.
What is an on−demand scan?•
Scanning local disks•
Setting up a scan•
Scheduling a scan•
Running a scan•
Editing a scan•
What is an on−demand scan?
An on−demand scan is a virus scan of the computer, or parts of the
computer, that you can run immediately or schedule to run at another time.
Scanning local disks
To run a scan of all disk drives, including boot sectors, on the computer, do as
follows.
In the home page of the Sophos Anti−Virus window, click Scan local disks.
A progress dialog box is displayed and the Activity summary appears in the
Sophos Anti−Virus window.
If any viruses are found, click More and refer to Disinfection.
To stop scanning, click Stop scan.
For information on setting up, scheduling, running and configuring a scan, refer to
the rest of this section and Configuring scanning.
7
Sophos Anti−Virus for Windows 2000/XP/2003 Scanning items on demand
Setting up a scan
In the home page of the Sophos Anti−Virus window, click Set up a new
1.
scan to display the scan setup page.
In the Scan name text box, type a name for the scan.2.
In the Items to scan panel, select the drives and folders you want to scan.
To do this, click the check box to the left of each drive or folder. To learn
about the icons that appear in the check boxes, refer to Representation of
items to scan.
Drives or folders that are unavailable (because they are offline
or have been deleted) are displayed in a strikethrough font.
They are removed from the Items to scan panel if they are
deselected or there is a change in the selection of their parent
drive or folder(s).
To configure the scan further, click Configure this scan. (Refer to
Configuring scanning for more information.)
To schedule the scan, click Schedule this scan. (Refer to Scheduling a
scan for more information.)
You can't manually run a scan that you have scheduled. Scheduled
scans are displayed in the Available scans list with a clock icon.
Click Save to save the scan or Save and start to save and run the scan.
8
Sophos Anti−Virus for Windows 2000/XP/2003 Scanning items on demand
Representation of items to scan
In the Items to scan panel, different icons are displayed in the check box next to
each item, depending on which items will be scanned. These icons are shown
below with explanations.
The item and all sub−items are not selected for scanning.
The item and all sub−items are selected for scanning.
The item is partially selected: some sub−items are not selected for scanning.
The item and all sub−items are excluded from this particular scan.
The item is partially excluded: some sub−items are excluded from this particular
scan.
The item and all sub−items are excluded from all on−demand scans, because of
an on−demand exclusion that has been set up.
Scheduling a scan
To schedule a scan that you are setting up or editing, do as follows.
You can't manually run a scan that you have scheduled. Scheduled scans are
displayed in the Available scans list with a clock icon.
In the right−hand pane of the Sophos Anti−Virus window, click Schedule
1.
this scan.
In the Schedule scan dialog box, select Enable schedule.2.
Select the day(s) on which the scan should run.
Add the time(s) by clicking Add.
9
Sophos Anti−Virus for Windows 2000/XP/2003 Scanning items on demand
If necessary, remove or edit a time by selecting it and clicking Remove or
Edit, respectively.
Type a user name and password. The scheduled scan runs with the
access rights of that user.
Click OK.
Running a scan
To run a scan that has been set up, do as follows.
In the home page of the Sophos Anti−Virus window, in the Available scans list,
select the scan you want to run. Click Start.
10
Sophos Anti−Virus for Windows 2000/XP/2003 Scanning items on demand
You can't manually run a scan that you have scheduled. Scheduled scans are
displayed in the Available scans list with a clock icon.
A progress dialog box is displayed and the Activity summary appears in the
Sophos Anti−Virus window.
If any viruses are found, click More and refer to Disinfection.
To stop scanning, click Stop scan.
For information on setting up, scheduling and configuring a scan, refer to the rest
of this section and Configuring scanning.
Editing a scan
To edit a scan that has been set up, do as follows.
In the home page of the Sophos Anti−Virus window, in the Available
1.
scans list, select the scan you want to edit. Click Edit to display the scan
setup page.
To rename the scan, in the Scan name text box, type a name for the scan.2.
To change which items to scan, in the Items to scan panel, select or
deselect the drives and folders you want to scan. To do this, click the check
box to the left of each drive or folder. To learn about the icons that appear
in the check boxes, refer to Representation of items to scan.
Drives or folders that are unavailable (because they are offline
or have been deleted) are displayed in a strikethrough font.
They are removed from the Items to scan panel if they are
deselected or there is a change in the selection of their parent
drive or folder(s).
To configure the scan further, click Configure this scan. (Refer to
Configuring scanning for more information.)
To schedule the scan, click Schedule this scan. (Refer to Scheduling a
scan for more information.)
11
Sophos Anti−Virus for Windows 2000/XP/2003 Scanning items on demand
You can't manually run a scan that you have scheduled. Scheduled
scans are displayed in the Available scans list with a clock icon.
Click Save to save the scan or Save and start to save and run the scan.
Representation of items to scan
In the Items to scan panel, different icons are displayed in the check box next to
each item, depending on which items will be scanned. These icons are shown
below with explanations.
The item and all sub−items are not selected for scanning.
The item and all sub−items are selected for scanning.
The item is partially selected: some sub−items are not selected for scanning.
The item and all sub−items are excluded from this particular scan.
The item is partially excluded: some sub−items are excluded from this particular
scan.
12
Sophos Anti−Virus for Windows 2000/XP/2003 Scanning items on demand
The item and all sub−items are excluded from all on−demand scans, because of
an on−demand exclusion that has been set up.
13
Scanning a single item
This section includes the following.
Scanning a single item•
Scanning a single item
You can scan a single item by performing a right−click scan.
A right−click scan is a virus scan of selected item(s) in Windows Explorer,
that you can run by right−clicking the selection to display a menu, and
selecting Scan with Sophos Anti−Virus.
Open Windows Explorer. To do this, at the taskbar, click
1.
Start|Programs|Accessories|Windows Explorer.
Select the file(s), folder(s) and/or disk drives you want to scan.2.
Right−click the selection to display a menu, and select Scan with Sophos
3.
Anti−Virus.
A progress dialog box is displayed.
If any viruses are found, click More and refer to Disinfection.
To stop scanning, click Stop scan.
For information on configuring a scan, refer to Configuring scanning.
14
Restricting access rights
This section includes the following.
Types of user•
Changing membership of Sophos user groups•
Types of user
Sophos Anti−Virus restricts access to certain parts of the software to certain types
of user. This security is based on the user groups that have been set up in
Windows on this computer. When Sophos Anti−Virus is installed, each user is
assigned to one of the Sophos user groups depending on their Windows user
group, as follows.
Members of the Windows Administrators group are assigned to the
•
SophosAdministrator group.
Members of the Windows Power Users group are assigned to the
•
SophosPowerUser group.
Members of the Windows Users group are assigned to the SophosUser
•
group.
Any user who is not assigned to one of the Sophos user groups, including Guest
users, can perform only
on−access scanning•
scans run from a right−click menu.•
Members of the SophosUser group can perform the above functions and
access the Sophos Anti−Virus window•
set up and run on−demand scans•
configure scans run from a right−click menu•
manage, with limited privileges, quarantined items.•
Members of the SophosPowerUser group have the same rights as members of
the SophosUser group with the addition of greater privileges in Quarantine
manager.
Members of the SophosAdministrator group can use or configure any part of
Sophos Anti−Virus.
15
Sophos Anti−Virus for Windows 2000/XP/2003 Restricting access rights
Changing membership of Sophos user groups
To change the Sophos user group for a user, you must do as follows. (Refer to
your Windows documentation if necessary.)
Use Windows to move the user from one Sophos user group to another.1.
When that user logs on to Windows again, they should find that their
2.
access rights have changed accordingly.
16
Changing settings for multiple users
This section includes the following.
Changing settings for all computers•
Changing settings for all users on the computer•
Changing settings for all computers
To configure Sophos Anti−Virus on workstations from a central location on the
network, refer to the Sophos Enterprise Console help.
Changing settings for all users on the computer
To configure Sophos Anti−Virus for all users on the computer, in the home page
of the Sophos Anti−Virus window, click Configure Sophos Anti−Virus. From
the Configure page, you can change the following settings.
On−access scanning•
On−demand extensions and exclusions•
User rights for Quarantine manager•
Messaging•
Log for this computer•
Updating•
You need to be a Sophos Administrator to change these settings.
17
Configuring scanning
This section includes the following.
Changing types of file scanned•
Excluding files from scanning•
Changing when on−access scanning occurs•
Scanning inside archive files•
Scanning Macintosh files•
Scanning all files•
Changing types of file scanned
If the Sophos Enterprise Console is used to administer Sophos
Anti−Virus on workstations, it may override changes made here. To
avoid this, refer to the console help.
In the home page of the Sophos Anti−Virus window, click Configure
1.
Sophos Anti−Virus.
To change the settings for on−access scanning, click On−access
2.
scanning.
To change the settings for on−demand and right−click scanning, click
On−demand extensions and exclusions.
Click the Extensions tab. Set the options as described below.3.
18
Loading...