Avira AntiVir Server | Windows User Manual
Trademarks and Copyright Trademarks AntiVir is a registered trademark of Avira GmbH. Windows is a registered trademark of the Microsoft Corporation in the United States and other countries. All other brand and product names are trademarks or registered trademarks of their respective owners. Protected trademarks are not marked as such in this manual. This does not mean, however that they may be used freely. Copyright information A code provided by a third party has been used for Avira AntiVir Server.
Table of Contents 1 Introduction .......................................................................................................... 1 2 Icons and emphases ................................................................................................ 2 3 Product information............................................................................................... 3 3.1 3.2 3.3 3.4 4 Installation and uninstallation ..........................................................................
Table of Contents 10.3 10.4 10.5 10.6 10.2.3 Exceptions ..............................................................................................................40 10.2.4 Products..................................................................................................................43 10.2.5 Heuristic .................................................................................................................43 10.2.6 Report ...........................................................
1 Introduction Avira AntiVir Server from Avira GmbH protects you computer against viruses, malware, adware and spyware, unwanted programs and other dangers. This manual deals with viruses and software in brief. The manual describes the program installation and operation. Please go to our website http://www.avira.com where you can download the Avira AntiVir Server manual in PDF from, update Avira AntiVir Server or renew your license.
2 Icons and emphases The following icons are used: Icon / Designation Explanation Placed before a condition which must be fulfilled prior to implementation. Placed before an action step that you implement. Placed before an event that follows the previous action. Warning Placed before a warning of the danger of critical data loss. Note Placed before a link to particularly important information or a tip which makes Avira AntiVir Server easier to use.
3 Product information 3.1 Functionality The protection package Avira AntiVir Server includes the Avira AntiVir Server service and the AntiVir Server Console. The Avira AntiVir Server service protects your Windows Server from viruses and malware. The AntiVir Server Console is used for administration, control and monitoring of the servers to be protected or of the AntiVir services on the servers to be protected. You can access any number of servers via the AntiVir Server Console.
Avira AntiVir Server – The Scheduler supports you in planning regular tasks such as scans and updates via the Internet or Intranet. – The Updater always keeps your program up to date via an Internet or intranet connection. – The quarantine manager conveniently manages and monitors the files placed in quarantine. AntiVir Server console ... provides a desktop for AntiVir Server services with which you can control, configure and monitor AntiVir Server services.
Product information – Automatable updating via the Internet or network-wide distribution (without system interruption) – Comprehensive logging, warning and messaging functions for the administrator; sending of warnings in Windows networks and by email (SMTP), SMTPauthentication possible – Protection against modifications of the program files via intensive self-test – Extended terminal server support – Rootkit protection (not under Windows XP 64 bit, Windows 2003 64 bit, Windows Server 2003 64 bit) – Support
Avira AntiVir Server 3.4 Licensing You require a license to use Avira AntiVir Server. Activate your license for Avira AntiVir Server with the license file hbedv.key. You can obtain the license file by email from Avira GmbH. The license file contains the license for all products that you have ordered in one order process. You hereby accept the license terms. 3.4.
4 Installation and uninstallation 4.1 Installation Before installing Avira AntiVir Server, certain conditions must be met: – Please ensure that the system requirements are met (see System requirements), and that the Windows Server used is running. – Ensure that you are logged in on the server as an administrator or as a user with administrator rights. – Ensure that an Internet connection or network connection to a download server exists for updating AntiVir Server.
Avira AntiVir Server AntiVir Systray tool: This function generates a tray icon for AntiVir Server in the notification area of the protected server. This enables you to monitor the status of AntiVir Server and gives you access to other AntiVir Server functions. The function is part of the express installation and can be deselected if you are performing a custom install. – A target folder can be selected for the program files to be installed.
Installation and uninstallation 4.2 Uninstallation Carry out uninstallation via the control panel of the operating system or via the setup of AntiVir Server. During uninstallation, the AntiVir services are stopped, all report files and infected files (in quarantine) are deleted. During uninstallation you can specify that the directories with the report files and the quarantine are not deleted. 4.
Avira AntiVir Server You must have administrator rights (also required in batch mode) Configure the parameter of the file setup.inf and save the file. Begin installation of Avira AntiVir Server with the parameter /inf or integrate the parameter into the login script of the server. – Examples: presetup.exe /inf="c:\temp\setup.inf" 4.3.
Installation and uninstallation Destination path, in which Avira AntiVir Server is installed. It has to be included to the script. The environment variable cannot be used. Example: InstallPath="%PROGRAMFILES%\Avira\AntiVir Server\" – LicenseFile= AntiVir Server will be installed with the license. If you enter the file name only, the license file will be searched in the source folder of the setup only. Example: LicenseFile="A:\hbedv.
Avira AntiVir Server 0: Do not install Shell extension – Systray= 0 | 1 Installs the Systray tool. A AntiVir Server tray icon is visible in the notification area of the protected server. The tray icon enables you to monitor the status of AntiVir Server and gives you access to other AntiVir Server functions.
5 User interface and operation 5.1 User interface: AntiVir Server console The Avira AntiVir Server service that is installed on the servers to be protected is administered via theAntiVir Server Console. The AntiVir Server Console is a snap-in of the Microsoft Management Console (MMC). You can create any number of servers to be protected on the AntiVir Server Console in order to configure and monitor them on the AntiVir Server Console.
Avira AntiVir Server – Navigate via the console structure in the left-hand window of the MMC. Navigation elements are also displayed as objects in the right-hand detail window of the MMC. Open these objects in the detail window by double-clicking. The Configuration is located under the Settings node. You can select various configuration sections in the detail window: the window Settings is opened in which you can configure the selected section.
User interface and operation – Display all events of the Avira AntiVir Server service on the server to be protected – Actions: display events, export events, delete events Settings – Configuration of the Avira AntiVir Server service on the server to be protected Configuration sections: – Scanner: Configuration of on-demand scan – Guard: Configuration of on-access scan – General: Extended risk categories for on-demand and on-access scans, password protection for the server on the AntiVir Server Console, sec
Avira AntiVir Server 1. Installation Install the Avira AntiVir Server service on the servers that you want to protect against viruses and unwanted programs. Install the AntiVir Server Console on at least one computer on your network. see ch. Installation 2. Administration on the AntiVir Server Console Add server Add all servers on the AntiVir Server Console that you want to administer on the AntiVir Server Console.
6 Scanner 6.1 Scanner With the Scanner component, you can carry out targeted scans (on-demand scans) for viruses and unwanted programs. The following options are available for scanning for infected files: – Scan in Scheduler (remote and local) The scheduler gives you the option to schedule the times at which scan jobs are to be executed on the protected server. – Suche über Profile (remote und lokal) Profiles enable you to initiate defined and configured scan profiles on the protected server.
7 Updates The effectiveness of antivirus software depends entirely on the scanning engine and the virus definitions being up to date. For this reason, regularly download updates for AntiVir Server from our download servers. To carry out regular updates, the Updater component is integrated into AntiVir Server.
8 Viruses and more 8.1 Viruses and other malware Adware Adware is software that presents banner ads or in pop-up windows through a bar that appears on a computer screen. These advertisements usually cannot be removed and are consequently always visible. The connection data allow many conclusions on the usage behavior and are problematic in terms of data security. Backdoors A backdoor can gain access to a computer by circumventing computer access security mechanisms.
Avira AntiVir Server For several years, Internet and other network users have received alerts about viruses that are purportedly spread via email. These alerts are spread per email with the request that they should be sent to the highest possible number of colleagues and to other users, in order to warn everyone against the "danger". Honeypot A honeypot is a service (program or server) installed in a network. It has the function to monitor a network and to protocol attacks.
Viruses and more A computer virus is a program that is capable to attach itself to other programs after being executed and cause an infection. Viruses multiply themselves unlike logic bombs and Trojans. In contrast to a worm, a virus always requires a program as host, where the virus deposits his virulent code. The program execution of the host itself is not changed as a rule.
Avira AntiVir Server 8.2 Extended threat categories Dialers (DIALERS) Certain services available in the Internet have to be paid for. They are invoiced in Germany via dialers with 0190/0900 numbers (or via 09x0 numbers in Austria and Switzerland; in Germany, the number is set to change to 09x0 in the medium term). Once installed on the computer, these programs guarantee a connection via a suitable premium rate number whose scale of charges can vary widely.
Viruses and more Jokes (JOKES) Jokes are merely intended to give someone a fright or provide general amusement without causing harm or reproducing. When a joke program is loaded, the computer will usually start at some point to play a tune or display something unusual on the screen. Examples of jokes are the washing machine in the disk drive (DRAIN.COM) or the screen eater (BUGSRES.COM). But beware! All symptoms of joke programs may also originate from a virus or Trojan.
Avira AntiVir Server Avira AntiVir Server detects "Unusual runtime Compression Tools". If the option Unusual runtime Compression Tools is enabled with a check mark in the configuration under Extended threat categories, you receive a corresponding alert if Avira AntiVir Server detects such packers. Double Extension Files (HEUR-DBLEXT) Executable files that hide their real file extension in a suspicious way. This camouflage method is often used by malware.
9 Info and Service This chapter contains information on how to contact us. see Chapter Contact address see Chapter Technical support see Chapter Suspicious files see Chapter Report false positives see Chapter Your feedback for more security 9.1 Technical Support Avira AntiVir Server support provides reliable assistance in answering your questions or solving a technical problem. All necessary information on our comprehensive support service can be obtained from our website http://www.avira.de/en/support.
Avira AntiVir Server 9.3 Reporting false positives If you believe that Avira AntiVir Server reports something about a file that is most likely "clean", send the required file packed (WinZIP, PKZip, Arj etc.) in the attachment of an email to virus@avira.com. As some email gateways work with anti-virus software, you should also provide the file(s) with a password (please remember to tell us the password). 9.4 Your feedback for more security At Avira GmbH, the security of our customers is our top priority.
10 Reference: Configuration options The configuration reference documents all configuration options available in Avira AntiVir Server. 10.1 Scanner Here you define the basic behavior of the scan routine for an on-demand scan.
Avira AntiVir Server With the aid of this button, a dialog window is opened in which all file extensions are displayed that are scanned in Use file extension list mode. Default entries are set for the extensions, but entries can be added or deleted. Note Please note that the default list may vary from version to version. Additional settings Scan boot sectors of selected drives If this option is enabled, the Scanner only scans the boot sectors of the drives selected for the on-demand scan.
Reference: Configuration options Do not scan files and paths on network drives Scan process Scanner priority With the on-demand scan, the Scanner distinguishes between priority levels. This is only effective if several processes are running simultaneously on the workstation. The selection affects the scanning speed. Low The Scanner is only allocated processor time by the operating system if no other process requires computation time, i.e. as long as only the Scanner is running, the speed is maximum.
Avira AntiVir Server delete If this option is enabled, the file is deleted. This process is much faster than "overwrite and delete". overwrite and delete If this option is enabled, the Scanner overwrites the file with a default pattern and then deletes it. It cannot be restored. rename If this option is enabled, the Scanner renames the file. Direct access to these files (e.g. with double-click) is therefore no longer possible. Files can later be repaired and given their original names again.
Reference: Configuration options 10.1.2 Further actions Launch program following detection After the on-demand scan, the Scanner can open a file of your choice (for example a program) if at least one virus or unwanted program has been detected, for example an email program, so that you can inform other users or the administrator. Note For security reasons it is only possible to start a program after a detection when a user is logged on the computer.
Avira AntiVir Server If this option is enabled, the Scanner detects whether a file is a packed file format (archive), even if the file extension differs from the usual extensions, and scans the archive. However, for this every file must be opened - which reduces the scanning speed. Example: if a *.zip archive has the file extension *.xyz, the Scanner also unpacks this archive and scans it. This option is enabled as the default setting.
Reference: Configuration options Input box In this input box you can enter the name of the file object that is not included in the ondemand scan. No file object is entered as the default setting. The button opens a window in which you can select the required file or the required path. When you have entered a file name with its complete path, only this file is not scanned for infection.
Avira AntiVir Server Avira AntiVir Server contains a very powerful heuristic in the form of AntiVir AheAD technology, which can also detect unknown (new) malware. If this option is activated, you can define how "aggressive" this heuristic should be. This option is enabled as the default setting. Low detection level If this option is enabled, Avira AntiVir Server detects slightly less unknown malware, the risk of false alerts is low in this case.
Reference: Configuration options You will normally want to monitor your system constantly. To this end, use the Guard (= on-access scanner). You can thus scan all files that are copied or opened on the computer "on the fly", for viruses and unwanted programs. Scan mode Here the time for scanning of a file is defined. Scan when reading If this option is enabled, the Guard scans the files before they are read or executed by the application or the operating system.
Avira AntiVir Server Note Please note that the file extension list may vary from version to version. Archives Scan archives If this option is enabled, then archives will be scanned. Compressed files are scanned, then decompressed and scanned again. This option is deactivated by default. The archive scan is restricted by the recursion depth, the number of files to be scanned and the archive size. You can set the maximum recursion depth, the number of files to be scanned and the maximum archive size.
Reference: Configuration options Note When files are executed on network drives, they are scanned by the Guard irrespective of the setting for the Network Drives option. In some cases files on network drives are scanned while being opened, even though the Network Drives option is disabled. Reason: These files are accessed with ‘Execute File’ rights.
Avira AntiVir Server This button allows you to select an action that is activated in the dialog box by default when a virus is detected. Select the action that should be activated by default and click on the Default button. Note The action repair cannot be selected as the default action. Automatic If this option is enabled, then no dialog box for selecting an action appears following the detection of a virus or unwanted program. Guard reacts according to the settings you define in this section.
Reference: Configuration options Deny access If this option is enabled, the Guard only enters the detection in the report file if the report function is enabled. In addition, the Guard writes an entry in the Event log, if this option is enabled. Quarantine If this option is enabled, the Guard moves the file to the quarantine. The files in this directory can later be repaired or - if necessary - sent to the Avira Malware Research Center.
Avira AntiVir Server Event log Use event log When this option is enabled, an entry is added to the event log for every detection. The administrator can identify detections and react accordingly. This option is enabled as the default setting. 10.2.3 Exceptions With these options you can configure exception objects for the Guard (on-access scan). The relevant objects are then not included in the on-access scan.
Reference: Configuration options Note The entries in the list must have no more than 6000 characters in total. Note For each drive you can specify a maximum of 20 exceptions by entering the complete path (starting with the drive letter). E.g.: C:\Program Files\Application\Name.log The maximum number of exceptions without a complete path is 64. For example: *.log \computer1\C\directory1 The button opens a window in which you can select the file object to be excluded.
Avira AntiVir Server Note With regard to exceptions on connected network drives, please note the following: if you use the drive letter of the connected network drive, the files and folders specified are NOT excluded from the Guard scan.
Reference: Configuration options 10.2.4 Products Products to be skipped by Guard In this display box, you can select products which are excluded by the Guard scan. All applications, services or databases of the selected products are excluded from the monitoring by Guard. 10.2.5 Heuristic This configuration section contains the settings for the heuristic of the Avira AntiVir Server search engine. Avira AntiVir Server contains very powerful heuristics that can proactively uncover unknown malware, i.e.
Avira AntiVir Server 10.2.6 Report Guard includes an extensive logging function to provide the user or administrator with exact notes about the type and manner of a detection. Guard includes an extensive logging function to provide the user or administrator with exact notes about the type and manner of a detection. This group allows for the content of the report file to be determined. Off If this option is enabled, then Guard does not create a log.
Reference: Configuration options – Backdoor Clients (BDC) – Dialer (DIALER) – Games (GAMES) – Jokes (JOKES) – Security Privacy Risk (SPR) – Adware/Spyware (ADSPY) – Unusual runtime packers (PCK) – Double Extension Files (HEUR-DBLEXT) – Phishing – Application (APPL) By clicking on the relevant box, the selected type is enabled (check mark set) or disabled (no check mark). Select all If this option is enabled, all types are enabled. Default values This button restores the predefined default values.
Avira AntiVir Server 10.3.3 Security Update Alert if last update older than n day(s) In this box you can enter the maximum number of days allowed to have passed since the last update of Avira AntiVir Server. If this number of days has passed, a red icon is displayed for the update status in the status overveiw . Show notice if the virus definition file is out of date If this option is enabled, you will obtain an alert message if the virus definition file is not up-to date.
Reference: Configuration options Do not limit size of event database (delete events manually) When this option has been activated, the size of the event database is not limited. However, a maximum of 20,000 entries are displayed in the program interface under Events. 10.3.6 Reports Limit number of reports Limit the number to n units When this option is enabled, the maximum number of reports can be limited to a specific amount. Values between 1 and 300 are permissible.
Avira AntiVir Server This box contains the path to the quarantine directory of Avira AntiVir Server. The button opens a window in which you can select the required directory. Default The button restores the predefined path to the quarantine directory. 10.4 Update 10.4.1 Update The connection to the download servers is configured in the Update section. Download via web server The update is carried out via a web server using an HTTP connection.
Reference: Configuration options If this option is enabled, product updates will be downloaded as soon as they become available. If no restart is necessary, the update is installed automatically after the update file is downloaded. If a product update requires you to restart your computer, it will be executed at the next user-controlled system reboot and not immediately after the download of the update file.
Avira AntiVir Server In this field, enter the update directory and URL of the web server that will first be requested to provide the update. If this server cannot be reached, the standard servers indicated will be used. The format for the address of the web server is as follows: http://
[:Port]/update. If you do not specify a port, port 80 will be used. 10.4.Reference: Configuration options If your web server connection is set up via a proxy server, you can enter the relevant information here. Address Please enter the URL or the IP address of the proxy server you should use to connect to the web server. Port Please enter the port number of the proxy server you should use to connect to the web server. Login name Enter your login name on the proxy server here. Login password Enter the relevant password for logging in on the proxy server here.
Avira AntiVir Server This button lets you delete the currently selected entry from the list. 10.5.1 Guard Network alerts If this option is enabled, network alerts are sent. This option is disabled as the default setting. Note To enable this option, at least one recipient must be entered under General::Alerts::Network . Message to be sent The window shows the message sent to the selected workstation when a virus or unwanted program is detected. You can edit this message.
Reference: Configuration options Note To enable this option, at least one recipient must be entered under General::Alerts::Network . Message to be sent The window shows the message sent to the selected workstation when a virus or unwanted program is detected. You can edit this message. A text may contain a maximum of 500 characters. You can use the following key combinations for formatting the message: Inserts a tab. The current line is indented by several characters to the right. inserts a line break.
Avira AntiVir Server In this input box you can enter the name and the associated path of an audio file of your choice. The default acoustic signal of AntiVir Server is entered as standard. The button opens a window in which you can select the required file with the aid of the file explorer. Test This button is used to test the selected wave file. 10.6 Email 10.6.1 Email With certain events, Avira AntiVir Server can send alerts and messages via email to one or more recipients.
Reference: Configuration options If this option is enabled, a user name and a password can be entered in the relevant boxes for login (authentication). – User name: Enter your user name here. – Password: Enter the relevant password here. The password is saved in encrypted form. For security, the actual characters you type in this space are replaced by asterisks (*).
Avira AntiVir Server 10.6.3 Scanner With certain events, the on-demand scan can send alerts and messages via email to one or more recipients. Scanner Enable email alerts If this option is enabled, Avira AntiVir Server sends email messages with the most important information when a certain event occurs. This option is disabled as the default setting. Email messages for the following events The on-demand scan detected a virus or unwanted program.
Reference: Configuration options If this option is enabled, the Update component sends email messages with the most important data when a specific event occurs. This option is disabled by default. Email messages for the following events No update necessary. Your program is up to date. If this option is enabled, an email is sent if the Updater has successfully made a connection to the download server but there are no new files available on the server. This means that AntiVir Server is up to date.
Avira AntiVir Server Note Warning messages are always sent by email for the following events if a SMTP server and a recipient address have been configured for Updater notifications: A product update is required for every further update of AntiVir Server. An update of the scanning engine or of the virus definition file could not be carried out as a product update is necessary. These warning messages are sent irrespective of your email warning settings for the Update component. 10.6.
Reference: Configuration options unwanted program.
Avira AntiVir Server %LOGFILEPATH% 60 Path and file name of the report file Scanner Updater
Avira AntiVir Server | Windows www.avira.com Avira GmbH Lindauer Str. 21 88069 Tettnang Germany Telephone: +49 (0) 7542-500 0 Fax: +49 (0) 7542-525 10 Internet: http://www.avira.com AntiVir® is a registered trademark of the Avira GmbH. All other brand and product names are trademarks or registered trademarks of their respective owners. Protected trademarks are not marked as such in this manual. However, this does not mean that they may be used freely. © Avira GmbH. All rights reserved.