User manual

ManualsBrandsAVIRA ManualsComputer equipmentProfessional security 2012

Avira Professional Security

User Manual

Summary of content (202 pages)

PAGE 1
Avira Professional Security User Manual
PAGE 2
Introduction Trademarks and Copyright Trademarks Windows is a registered trademark of the Microsoft Corporation in the United States and other countries. All other brand and product names are trademarks or registered trademarks of their respective owners. Protected trademarks are not marked as such in this manual. This does not mean, however, that they may be used freely. Copyright information Code provided by third party providers was used for Avira Professional Security.
PAGE 3
Introduction Table of Contents 1. Introduction ................................................................................... 7 1.1 2. Icons and emphases ............................................................................................................. 7 Product information ........................................................................ 9 2.1 Delivery scope .......................................................................................................................
PAGE 4
Introduction 4.2.2 Perform automatic updates ..................................................................................................................38 4.2.3 Start a manual update ...........................................................................................................................39 4.2.4 Using a scan profile to scan for viruses and malware .................................................................40 4.2.5 Scan for viruses and malware using drag & drop ........
PAGE 5
Introduction 9. Viruses and more ......................................................................... 81 9.1 Threat categories................................................................................................................. 81 9.2 Viruses and other malware ................................................................................................. 84 10. Info and Service ........................................................................... 89 10.1 Contact address......
PAGE 6
Introduction 11.6.6 11.7 Display settings ..................................................................................................................................... 159 Web Protection .................................................................................................................. 160 11.7.1 Scan ......................................................................................................................................................... 160 11.7.2 Report ......
PAGE 7
Introduction 1. Introduction Your Avira product protects your computer against viruses, worms, Trojans, adware and spyware and other risks. In this manual these are referred to as viruses or malware (harmful software) and unwanted programs. The manual describes the program installation and operation. For further options and information, please visit our website: http://www.avira.
PAGE 8
Introduction Note Placed before a link to particularly important information or a tip which makes your Avira product easier to use. The following emphases are used: Emphasis Explanation Italics File name or path data. Displayed software interface elements (e.g. window section or error message). Bold Clickable software interface elements (e.g. menu item, navigation area, option box or button). Avira Professional Security - User Manual (Status: 14 Dec.
PAGE 9
Product information 2. Product information This chapter contains all information relevant to the purchase and use of your Avira product:  see Chapter: Delivery scope  see Chapter: System requirements  see Chapter: Licensing and Upgrade  see Chapter: License Manager Avira products are comprehensive and flexible tools you can rely on to protect your computer from viruses, malware, unwanted programs and other dangers.
PAGE 10
Product information  ProActiv component for the permanent monitoring of program actions (for 32-bit system only)  Mail Protection (POP3 Scanner, IMAP Scanner and SMTP Scanner) for the permanent checking of emails for viruses and malware, including the checking of email attachments  Web Protection for monitoring data and files transferred from the Internet using the HTTP protocol (monitoring of ports 80, 8080, 3128)  Integrated quarantine management to isolate and process suspicious files  Root
PAGE 11
Product information  At least 150 MB of free hard disk memory space (more if using quarantine for temporary storage)  At least 512 MB RAM under Windows XP  At least 1024 MB RAM under Windows Vista, Windows 7  For the program installation: Administrator rights  For all installations: Windows Internet Explorer 6.0 or higher  Internet connection where appropriate (see Installation) Information for Windows Vista users On Windows XP, many users work with administrator rights.
PAGE 12
Product information Note If your Avira product is managed under AMC, your administrator will execute the upgrade. You will be asked to save your data and reboot your computer, otherwise you are not protected. 2.3.1 License manager The Avira Professional Security License Manager enables very simple installation of the Avira Professional Security license.
PAGE 13
Installation and uninstallation 3. Installation and uninstallation This chapter contains information relating to the installation and uninstallation of your Avira product.
PAGE 14
Installation and uninstallation requirements. If your computer satisfies all requirements, you can install the Avira product. Note When installing on a server operating system, the Real-Time Protection and the files protection are not available. Pre-Setup Close your email program. It is also recommended to end all running applications. Make sure that no other virus protection solutions are installed. The automatic protection functions of various security solutions may interfere with each other.
PAGE 15
Installation and uninstallation  OK: Confirm action.  Abort: Abort action.  Next: Go to next step.  Back: Go to previous step.
PAGE 16
Installation and uninstallation The dialog box Download appears. All files necessary for installation are downloaded from the Avira web servers. The Download window closes after conclusion of the download. Installation with an installation package The window Preparing installation appears. The installation file is extracted. The installation routine is started. The dialog box Choose installation type appears. Note By default Express installation is preset.
PAGE 17
Installation and uninstallation After a successful installation, we recommend that you check the program is up-to-date in the Status field of the Control Center. If your Avira product shows that your computer is not secure, click Fix problem. The dialog Restore protection opens. Activate the preset options in order to maximize the security of your system. If appropriate, perform a complete system scan afterwards. 3.
PAGE 18
Installation and uninstallation If you confirm your participation in the Avira Community, Avira sends data on detected suspicious programs to the Avira Malware Research Center. The data is used only for an advanced online scan and to expand and refine detection technology. You can click the links ProActiv and Protection Cloud to obtain more details on the expanded online and cloud scan. Confirm that you accept the End User License Agreement.
PAGE 19
Installation and uninstallation Click Next in the welcome window of the configuration wizard to begin configuration of the program. The Configure AHeAD dialog box enables you to select a detection level for the AHeAD technology. The detection level selected is used for the System Scanner (On-demand scan) and Real-Time Protection (On-access scan) AHeAD technology settings. Select a detection level and continue the installation by clicking Next.
PAGE 20
Installation and uninstallation completed and before the computer is rebooted, and scans running programs and the most important system files for viruses and malware. Enable or disable the Quick system scan option and continue the configuration by clicking Next. In the following dialog box, you can complete the configuration by clicking Finish The specified and selected settings are accepted. If you have enabled the Quick system scan option, the Luke Filewalker window opens.
PAGE 21
Installation and uninstallation Avira product automatically scans the file. Renaming a file does not trigger a scan by Avira Real-Time Protection.  Mail Protection Mail Protection is the interface between your computer and the email server from which your email program (email client) downloads emails. Mail Protection is connected as a so-called proxy between the email program and the email server.
PAGE 22
Installation and uninstallation To uninstall your Avira product (e.g. in Windows 7): Open the Control Panel via the Windows Start menu. Double click on Programs and Features. Select your Avira product in the list and click Uninstall. You will be asked if you really want to remove the program. Click Yes to confirm. You will be asked if you want to re-enable Windows Firewall (the Avira FireWall will be disabled). Click Yes to confirm. All components of the program will be removed.
PAGE 23
Installation and uninstallation For information on installation and uninstallation on the network:  see Chapter: Command line parameters for the setup program  see Chapter: Parameter of the file setup.inf  see Chapter: Installation on the network  see Chapter: Uninstallation on the network Note The Avira Management Console provides another easy option for the installation and uninstallation of Avira products on the network.
PAGE 24
Installation and uninstallation 3.9.2 Uninstallation on the network To uninstall Avira products on the network automatically: You must have administrator rights (also required in batch mode) Start the uninstallation with the parameter/remsilent or /remsilentaskreboot or integrate the parameter into the login script of the server. You can also specify the parameter for the uninstallation log. Example: presetup.exe /remsilent /unsetuplog="c:\logfiles\unsetup.log" The uninstallation starts automatically.
PAGE 25
Installation and uninstallation Example: presetup.exe /remsilentaskreboot The following parameter is available as an option for the uninstallation log:  /unsetuplog All actions during uninstallation are logged. Example: presetup.exe /remsilent /unsetuplog="c:\logfiles\unsetup.log" 3.9.4 Parameters of the file setup.inf In the control file setup.inf, you can set the following parameters in the [DATA] field for the automatic installation of the Avira product. The sequence of the parameters is unimportant.
PAGE 26
Installation and uninstallation  Guard Installs the Avira Real-Time Protection (on-access Scanner). 1: Install Avira Real-Time Protection 0: Do not install Avira Real-Time Protection Example: Guard=1  MailScanner Installs the Avira Mail Protection. 1: Install Avira Mail Protection 0: Do not install Avira Mail Protection Example: MailScanner=1  KeyFile Specifies the path for the license file that is copied during installation. For initial installation: obligatory.
PAGE 27
Installation and uninstallation  AVWinIni (optional) Specifies the destination path for the configuration file that may be copied during installation. The file name must be specified completely (fully qualified). Example: AVWinIni=d:\inst\config\avwin.ini  Password This option assigns the password that was set for the (modification) installation and uninstallation to the setup routine. The entry is only scanned by the setup routine when a password has been set.
PAGE 28
Overview of Avira Professional Security 4. Overview of Avira Professional Security This chapter contains an overview of the functionality and operation of your Avira product.  see Chapter Interface and operation  see Chapter How to...? 4.
PAGE 29
Overview of Avira Professional Security The Control Center window is divided into three areas: The Menu bar, the Navigation area and the detail window Status:  Menu bar: In the Control Center menu bar, you can access general program functions and information on the program.  Navigation area: In the navigation area, you can easily swap between the individual sections of the Control Center.
PAGE 30
Overview of Avira Professional Security  Via the Tray Icon of your Avira product. Close the Control Center via the menu command Close in the menu File or by clicking on the close tab in the Control Center. Operate Control Center To navigate in the Control Center Select an activity in the navigation bar. The activity opens and other sections appear. The first section of the activity is selected and displayed in the view. If necessary, click another section to display this in the detail window.
PAGE 31
Overview of Avira Professional Security report file. More detailed information on the last virus or unwanted program detected can be obtained practically "at the push of a button".  INTERNET PROTECTION: In this section you will find the components to protect your computer system against viruses and malware from the Internet, and against unauthorized network access.    The FireWall section enables you to configure the basic settings for the Avira FireWall.
PAGE 32
Overview of Avira Professional Security Note We recommend to change the default setting OFF with its automatic full-screen recognition mode only temporarily, because you won't receive visible desktop notifications and warnings concerning network events and possible threats. 4.1.3 Configuration You can define settings for your Avira product in the Configuration. After installation, your Avira product is configured with standard settings, ensuring optimal protection for your computer system.
PAGE 33
Overview of Avira Professional Security  via the Windows Security Center - from Windows XP Service Pack 2.  via the Tray Icon of your Avira product.  in the Control Center via the menu item Extras > Configuration.  in the Control Center via the Configuration button. Note If you are accessing configuration via the Configuration button in the Control Center, go to the Configuration register of the section which is active in the Control Center.
PAGE 34
Overview of Avira Professional Security If you want to finish configuration without confirming your settings: Click Cancel. The configuration window is closed and the settings are discarded. If you want to restore all configuration settings to default values: Click Default values. All settings of the configuration are restored to default values. All amendments and custom entries are lost when default settings are restored.
PAGE 35
Overview of Avira Professional Security    Update: Configuration of the update settings, download via Web server or fileserver, set-up of product updates              Scan options, enabling and disabling the Web Protection Action on detection Blocked access: Unwanted file types and MIME types, Web filter for known unwanted URLS (malware, phishing, etc.
PAGE 36
Overview of Avira Professional Security        Security: block autostart function, complete system scan status display, product protection, protect Windows hosts file WMI: Enable WMI support Event log configuration Configuration of report functions Setting of directories used Alerts: Configuration of network alerts for component(s): System Scanner Realtime Protection Configuration of email alerts for component(s): System Scanner Realtime Protection Updater Configuration of acoustic alerts when malw
PAGE 37
Overview of Avira Professional Security  Block all traffic: Enabled. Blocks all data transfers except transfers to the host computer system (Local Host/IP 127.0.0.1).  Start Avira Professional Security: Opens the Control Center.  Configure Avira Professional Security: Opens the Configuration.  Start update Starts an update.  Select configuration: Opens a submenu with the available configuration profiles. Click on a configuration to activate this configuration.
PAGE 38
Overview of Avira Professional Security Note In Windows Vista the User Account Control dialog box appears. Log in as administrator if appropriate. Click Continue. Highlight the license file and click Open. A message appears. Click OK to confirm. The license is activated. If necessary, restart your system. 4.2.2 Perform automatic updates To create a job with the Avira Scheduler to update your Avira product automatically: In the Control Center, select the section ADMINISTRATION > Scheduler.
PAGE 39
Overview of Avira Professional Security   Repeat job if time has expired Past jobs are performed that could not be performed at the required time, for example because the computer was switched off. Start job while connecting to the Internet (dial-up) In addition to the defined frequency, the job is performed when an Internet connection is set up. Click Next. The dialog box Select display mode appears.
PAGE 40
Overview of Avira Professional Security - OR In the Control Center, select Status. In the Last update field, click on the Start update link. The Updater dialog box appears. - OR In the Control Center, in the Update menu, select the menu command Start update. The Updater dialog box appears. Note We recommend regular automatic updates. The recommended update interval is: 60 minutes. Note You can also carry out a manual update directly via the Windows security center. 4.2.
PAGE 41
Overview of Avira Professional Security performed in the Control Center with extended administrator rights. These extended administrator rights must be granted at the start of each scan via a scan profile.  This icon starts a limited scan via a scan profile. Only directories and files that Windows Vista has granted access rights to are scanned.  This icon starts the scan with extended administrator rights. After confirmation, all directories and files in the selected scan profile are scanned.
PAGE 42
Overview of Avira Professional Security Highlight the nodes and directories to be saved by clicking the check box of the respective directory level. The following options are available for selecting directories:    Directory, including sub-directories (black check mark) Sub-directories of one directory only (grey check mark, sub-directories have black check marks) No directory (no check mark) 4.2.
PAGE 43
Overview of Avira Professional Security Give the job a name and, where appropriate, a description. Click Next. The dialog box Type of job appears. Select Scan job. Click Next. The dialog box Selection of the profile appears. Select the profile to be scanned. Click Next. The dialog box Time of the job appears. Select a time for the scan:       Immediately Daily Weekly Interval Single Login Where appropriate, specify a date according to the selection.
PAGE 44
Overview of Avira Professional Security View properties of a job Edit job Delete job Start job Stop job 4.2.8 Targeted scan for Rootkits and active malware To scan for active rootkits, use the predefined scan profile Scan for Rootkits and active malware. To scan for active rootkits systematically: Go to Control Center and select the section PC PROTECTION > System Scanner. Predefined scan profiles appear. Select the predefined scan profile Scan for Rootkits and active malware.
PAGE 45
Overview of Avira Professional Security In the case of System Scanner scan, you will receive an alert with a list of the affected files when the scan is complete. You can use the content-sensitive menu to select an action to be executed for the various infected files. You can execute the standard actions for all infected files or cancel the System Scanner. Automatic In automatic action mode, when a virus or unwanted program is detected the action you selected in this area is executed automatically.
PAGE 46
Overview of Avira Professional Security Note Which actions are available for selection depends on the operating system, the protection components (Avira Real-Time Protection, Avira System Scanner, Avira Mail Protection, Avira Web Protection) reporting the detection, and the type of malware detected. Actions of the System Scanner and the Real-Time Protection (not ProActiv detections): Repair The file is repaired. This option is only available if the infected file can be repaired.
PAGE 47
Overview of Avira Professional Security permitted and no further notifications will be provided until the computer is restarted or the virus definition file is updated. Copy to quarantine Action option for a rootkits detection: The detection is copied to quarantine. Repair boot sector | Download repair tool Action options when infected boot sectors are detected: A number of options are available for repairing infected diskette drives.
PAGE 48
Overview of Avira Professional Security Mail Protection actions: Incoming emails Move to quarantine The email including all attachments is moved to quarantine. The affected email is deleted. The body of the text and any attachments of the email are replaced by a default text. Delete mail The affected email is deleted. The body of the text and any attachments of the email are replaced by a default text. Delete attachment The infected attachment is replaced by a default text.
PAGE 49
Overview of Avira Professional Security Warning Viruses and unwanted programs can penetrate the computer system of the email recipient in this way. Web Protection actions: Deny access The website requested from the web server and/or any data or files transferred are not sent to your web browser. An error message to notify you that access has been denied is displayed in the web browser. Move to quarantine The website requested from the web server and/or any data or files transferred are moved to quarantine.
PAGE 50
Overview of Avira Professional Security Check which files are involved, so that, if necessary, you can reload the original back onto your computer from another location. If you want to see more information on a file: Highlight the file and click on . The dialog box Properties appears with more information on the file. If you want to rescan a file: Scanning a file is recommended if the virus definition file of your Avira product has been updated and a false positive report is suspected.
PAGE 51
Overview of Avira Professional Security by the Avira Malware Research Center has been recommended in the virus detection dialog box or in the report file generated by the scan. Suspicious file: You consider a file to be suspicious and have therefore moved this file to quarantine, but a scan of the file for viruses and malware is negative.
PAGE 52
Overview of Avira Professional Security   This icon restores the files to a directory of your choice. In Windows Vista: In Microsoft Windows Vista, the Control Center only has limited rights at the moment, e.g. for access to directories and files. Certain actions and file accesses can only be performed in the Control Center with extended administrator rights. These extended administrator rights must be granted at the start of each scan via a scan profile.
PAGE 53
Overview of Avira Professional Security To restore a file to a specified directory: Highlight the file and click on . A message appears asking if you want to restore the file. Click Yes. The Windows default window Save As for selecting the directory appears. Select the directory to restore the file to and confirm. The file is restored to the selected directory. 4.2.
PAGE 54
Overview of Avira Professional Security If you want to add a file type to the scan: Highlight a file type. Click Insert and enter the file extension of file type into the input box. Use a maximum of 10 characters and do not enter the leading dot. Wildcards (* and ? ) are allowed. 4.2.14 Create desktop shortcut for scan profile You can start a system scan directly from your desktop via a desktop shortcut to a scan profile without accessing your Avira product’s Control Center.
PAGE 55
Overview of Avira Professional Security To filter displayed events: In the Control Center, select the section ADMINISTRATION > Events. Check the box of the program components to display the events of the activated components. - OR Uncheck the box of the program components to hide the events of the deactivated components. Check the event type box to display these events. - OR Uncheck the event type box to hide these events. 4.2.
PAGE 56
Overview of Avira Professional Security The following security levels are available: Low Flooding and port scan are detected. Medium Suspicious TCP and UDP packages are discarded. Flooding and port scan are prevented. High Computer is not visible on the network. New connections from outside are not allowed. Flooding and port scan are prevented. User User-defined rules: If this security level is selected, the program automatically recognizes that the adapter rules have been modified.
PAGE 57
System Scanner 5. System Scanner With the System Scanner component, you can carry out targeted scans (on-demand scans) for viruses and unwanted programs. The following options are available for scanning for infected files:  System scan via context menu The system scan via the context menu (right-hand mouse button - entry Scan selected files with Avira) is recommended if, for example, you wish to scan individual files and directories.
PAGE 58
Updates 6. Updates The effectiveness of anti-virus software depends on how up-to-date the program is, in particular the virus definition file and the scan engine. To carry out regular updates, the Updater component is integrated into your Avira product. The Updater ensures that your Avira product is always up-to-date and able to deal with the new viruses that appear every day.
PAGE 59
Updates In the Control Center under Scheduler, you can create additional update jobs that are performed by Updater at the specified intervals.
PAGE 60
FireWall 7. FireWall Avira FireWall monitors and regulates incoming and outgoing data traffic on your computer system and protects you from a wide range of attacks and threats from the Internet: Incoming or outgoing data traffic or listening to ports will be allowed or denied based on security guidelines. You will receive a desktop notification if Avira FireWall denies network activity and thus blocks network connections.
PAGE 61
FAQ, Tips 8. FAQ, Tips This chapter contains important information on troubleshooting and further tips on using your Avira product.  see Chapter Help in case of a problem  see Chapter Shortcuts  see Chapter Windows Security Center (Windows XP and Vista) or Windows Action Center (Windows 7 and 8) 8.1 Help in case of a problem Here you will find information on causes and solutions of possible problems.  The error message The license file cannot be opened appears.
PAGE 62
FAQ, Tips The error message Connection failed while downloading the file ... appears when attempting to start an update. Reason: Your Internet connection is inactive. No connection to the web server on the Internet can therefore be established. Test whether other Internet services such as WWW or email work. If not, re-establish the Internet connection. Reason: The proxy server cannot be reached. Check whether the login for the proxy server has changed and adapt it to your configuration if necessary.
PAGE 63
FAQ, Tips Open the context menu with a right-click on the Tray Icon. Click Real-Time Protection enable. Reason: Avira Real-Time Protection is blocked by a firewall. Define a general approval for Avira Real-Time Protection in the configuration of your firewall. Avira Real-Time Protection only works with the address 127.0.0.1 (localhost). An Internet connection is not established. The same applies to Avira Mail Protection. Otherwise: Check the startup type of the Avira Real-Time Protection service.
PAGE 64
FAQ, Tips Check whether your mail client reports to the server through SSL (also often called TLS – Transport Layer Security). Avira Mail Protection does not support SSL and therefore terminates any encrypted SSL connections. If you want to use encrypted SSL connections without having them protected by Mail Protection, you will have to use a port that is not monitored by Mail Protection for the connection.
PAGE 65
FAQ, Tips To avoid this behavior do the following: Go to Control Center and select the section INTERNET PROTECTION > FireWall. Click the Configuration button. The Configuration dialog box is displayed. You are in the configuration section Application rules. Activate the Expert mode option. Select the configuration section Adapter rules. Click add rule. Select UDP in the section Incoming rules. Type the name of the rule in the Section Name of the rule. Click OK.
PAGE 66
FAQ, Tips Webchat is not operational: Chat messages are not displayed; data are being loaded in the browser. This phenomenon may occur during chats, which are based on the HTTP protocol with 'transfer-encoding: chunked’. Reason: Web Protection checks the sent data completely for viruses and undesired programs first, before the data are loaded into the web browser. During a data transfer with ‘transfer-encoding: chunked’, Web Protection cannot determine the message length or the data volume.
PAGE 67
FAQ, Tips Shift + Tab Change to the previous option or options group. Space Activate or deactivate a check box, if the active option is a check box. Alt + underlined letter Select option or start command. Alt + ↓ Open selected drop-down list. F4 Esc Close selected drop-down list. Cancel command and close dialog. Enter Start command for the active option or button. 8.2.2 In the help Shortcut Description Alt + Space Display system menu.
PAGE 68
FAQ, Tips Page up Page down Browse through a subject. 8.2.3 In the Control Center General Shortcut Description F1 Display help Alt + F4 Close Control Center F5 Refresh F8 Open configuration F9 Start update Scan section Shortcut Description F2 Rename selected profile F3 Start scan with the selected profile F4 Create desktop link for the selected profile Ins Create new profile Avira Professional Security - User Manual (Status: 14 Dec.
PAGE 69
FAQ, Tips Del Delete selected profile FireWall section Shortcut Description Return Properties Quarantine section Shortcut Description F2 Rescan object F3 Restore object F4 Send object F6 Restore object to... Return Properties Ins Add file Del Delete object Scheduler section Shortcut Description F2 Edit job Return Properties Avira Professional Security - User Manual (Status: 14 Dec.
PAGE 70
FAQ, Tips Ins Insert new job Del Delete job Reports section Shortcut Description F3 Display report file F4 Print report file Return Display report Del Delete report(s) Events section Shortcut Description F3 Export event(s) Return Show event Del Delete event(s) 8.3 Windows Security Center - Windows XP Service Pack 2 or higher - 8.3.1 General The Windows Security Center checks the status of a computer for important security aspects.
PAGE 71
FAQ, Tips 8.3.
PAGE 72
FAQ, Tips Virus protection software / Protection against malicious software You may receive the following information from the Windows Security Center with regard to your virus protection:  Virus protection NOT FOUND  Virus protection OUT OF DATE  Virus protection ON  Virus protection OFF  Virus protection NOT MONITORED Virus protection NOT FOUND This information of the Windows Security Center appears when the Windows Security Center has not found any anti-virus software on your computer.
PAGE 73
FAQ, Tips Note In order for the Windows Security Center to recognize your Avira product as upto-date, an update must be performed after installation. Update your system by carrying out an update. Virus protection ON After installing your Avira product and performing a subsequent update, you will receive the following message: Your Avira product is now up-to-date and the Avira Real-Time Protection is enabled.
PAGE 74
FAQ, Tips Note This function is not supported by Windows Vista. Note The Windows Security Center is supported by your Avira product. You can enable this option at any time via the Recommendations button. Note Even if you have installed Windows XP Service Pack 2 or Windows Vista, you still require a virus protection solution. Although Windows monitors your antivirus software, it does not contain any anti-virus functions itself.
PAGE 75
FAQ, Tips The Windows Action Center also gives you the option of managing the installed programs and to choose between them (e.g. View installed antispyware programs). You can even turn off the warning messages under Change Action Center settings (e.g. Turn off messages about spyware and related protection). 8.4.
PAGE 76
FAQ, Tips Note Avira FireWall should be immediately detected by Windows Action Center, but if you get the message, Windows Firewall is turned off or set up incorrectly, this means that neither the firewall from Windows nor the one from Avira are activated. You can enable or disable Avira FireWall in the Status section of the Control Center. You also have control of the Avira FireWall via the Action Center > Security.
PAGE 77
FAQ, Tips Note You can enable or disable Avira Real-Time Protection in the Status section of the Avira Control Center. You can also notice that the Avira Real-Time Protection is enabled by the opened red umbrella in your taskbar. It is also possible to activate the Avira product by clicking the Turn on now button on the Windows Action Center message. You will receive a notification asking your permission to run Avira.
PAGE 78
FAQ, Tips Note Please note that this option will not appear in Windows 8, as Windows Defender is now also the pre-set virus protection function. Note Install your Avira product on your computer to protect it against viruses and other unwanted programs! Avira Desktop has expired This information of the Windows Action Center appears when the license of your Avira product has expired.
PAGE 79
FAQ, Tips Windows Defender and Avira Desktop both report that they are turned off You receive the following message if you disable the Avira Real-Time Protection or stop the Real-Time Protection service. Note You can enable or disable Avira Real-Time Protection in the Status section of the Avira Control Center. You can also notice that the Avira Real-Time Protection is enabled by the opened red umbrella in your taskbar.
PAGE 80
FAQ, Tips Note Windows Defender is the pre-set spyware and virus protection solution from Windows. Windows Defender is turned off This information of the Windows Action Center appears when the Windows Action Center has not found any other anti-virus software on your computer than the one that the operating system integrates by default: Windows Defender. If you have had some antivirus software installed on your computer before, this application has been disabled.
PAGE 81
Viruses and more 9. Viruses and more Avira Professional Security not only detects viruses and malware, it can also protect you from other threats. In this chapter you can find an overview of different kinds of malware and other threats describing their background, behavior and the unpleasant surprises they have in store for you. Related topics:  Threat categories  Viruses and other malware 9.
PAGE 82
Viruses and more Backdoor Clients In order to steal data or manipulate computers, a backdoor server program is smuggled in unknown to the user. This program can be controlled by a third party using backdoor control software (client) via the Internet or a network. Your Avira product recognizes "Backdoor control software".
PAGE 83
Viruses and more Your Avira product recognizes "Double Extension Files". If the option Double Extension files is enabled with a check mark in the configuration under Threat categories, you receive a corresponding alert if your Avira product detects such files. Fraudulent software Also known as "scareware" or "rogueware", it is a fraudulent software that pretends that your computer is infected by viruses or malware.
PAGE 84
Viruses and more Thanks to the extension of its scanning and identification routines, your Avira product is able to detect joke programs and eliminate them as unwanted programs if required. If the option Jokes is enabled with a check mark in the configuration under Threat categories, a corresponding alert is issued if a joke program is detected.
PAGE 85
Viruses and more Backdoors A backdoor can gain access to a computer by bypassing the computer access security mechanisms. A program that is being executed in the background generally enables the attacker almost unlimited rights. User's personal data can be spied with the backdoor's help.. But are mainly used to install further computer viruses or worms on the relevant system. Boot viruses The boot or master boot sector of hard disks is mainly infected by boot sector viruses.
PAGE 86
Viruses and more Hoaxes For several years, Internet and other network users have received alerts about viruses that are purportedly spread via email. These alerts are spread via email with the request that they should be sent to the highest possible number of colleagues and to other users, in order to warn everyone against the "danger". Honeypot A honeypot is a service (program or server) installed in a network. Its function is to monitor a network and log attacks.
PAGE 87
Viruses and more Polymorph viruses Polymorph viruses are the real masters of disguise. They change their own programming codes - and are therefore very hard to detect. Program viruses A computer virus is a program that is capable of attaching itself to other programs after being executed and cause an infection. Viruses multiply themselves unlike logic bombs and Trojans. In contrast to a worm, a virus always requires a program as host, where the virus deposits its virulent code.
PAGE 88
Viruses and more which differentiates them from viruses and worms. Most of them have an interesting name (SEX.EXE or STARTME.EXE) with the intention to induce the user to start the Trojan. Immediately after execution they become active and can, for example, format the hard disk. A dropper is a special form of Trojan that 'drops' viruses, i.e. embeds viruses on the computer system.
PAGE 89
Info and Service 10. Info and Service This chapter contains information on how to contact us.  see Chapter Contact address  see Chapter Technical support  see Chapter Suspicious files  see Chapter Report false positives  see Chapter Your feedback for more security 10.1 Contact address If you have any questions or requests concerning the Avira product range, we will be pleased to help you.
PAGE 90
Info and Service 10.3 Suspicious file Suspect files or viruses that may not yet be detected or removed by our products can be sent to us. We provide you with several ways of doing this.  Identify the file in the quarantine manager of the Control Center and select the item Send file via the context menu or the corresponding button.  Send the required file packed (WinZIP, PKZip, Arj, etc.) in the attachment of an email to the following address: virus-professional@avira.
PAGE 91
Reference: Configuration options 11. Reference: Configuration options The configuration reference documents all available configuration options. 11.1 System Scanner The System Scanner section of configuration is responsible for the configuration of the on-demand scan. (Options available in expert mode only.) 11.1.1 Scan You can define the behavior of the on-demand scan routine (options available in expert mode only).
PAGE 92
Reference: Configuration options Note If Use smart extensions is enabled, the button File extensions cannot be selected. Use file extension list If this option is enabled, only files with a specified extension are scanned. All file types that may contain viruses and unwanted programs are preset. The list can be edited manually via the button "File extension".
PAGE 93
Reference: Configuration options an amended file is detected, this is reported as suspect. This function uses a lot of computer capacity. That is why the option is disabled as the default setting. Note This option is only available with Windows Vista and higher. The option is not available if you are managing the Avira program under AMC. Note This option should not be used if you are using third-party tools that modify system files and adapt the boot or start screen to your own requirements.
PAGE 94
Reference: Configuration options Note The rootkits scan is not available for Windows XP 64 bit Scan Registry If this option is enabled, the Registry is scanned for references to malware. This option only changes the settings of profiles created by you. Ignore files and paths on network drives If this option is enabled, network drives connected to the computer are excluded from the on-demand scan.
PAGE 95
Reference: Configuration options Action on detection You can define the actions to be performed by System Scanner when a virus or unwanted program is detected. (Options available in expert mode only.) Interactive If this option is enabled, the results of the System Scanner scan are displayed in a dialog box. When carrying out a scan with the System Scanner, you will receive an alert with a list of the affected files at the end of the scan.
PAGE 96
Reference: Configuration options Default The button is used to define a default action by the System Scanner to handle the files encountered. Highlight an action and click the "Default" button. Only the selected default action for the relevant files can be executed in combined notification mode. The selected default action for the relevant files is preselected in individual and expert notification mode. Note The action repair cannot be selected as the default action.
PAGE 97
Reference: Configuration options Repair If this option is enabled, the System Scanner repairs affected files automatically. If the System Scanner cannot repair an affected file, it carries out the action selected under Secondary action. Note An automatic repair is recommended, but means that the System Scanner modifies files on the workstation. Rename If this option is enabled, the System Scanner renames the file. Direct access to these files (e.g. with double-click) is therefore no longer possible.
PAGE 98
Reference: Configuration options Quarantine If this option is enabled, the System Scanner moves the file to Quarantine. These files can later be repaired or - if necessary - sent to the Avira Malware Research Center. Delete If this option is enabled, the file is deleted. This process is much faster than "overwrite and delete". Ignore If this option is enabled, access to the file is allowed and the file is left as it is.
PAGE 99
Reference: Configuration options This button opens a window in which you can select the desired program with the aid of the file selection dialog. Arguments In this input box you can enter command line parameters for the program to be started if necessary. Event log Use event log If this option is enabled, an event report with the results of the scan is transferred to the Windows Event Log after a System Scanner scan has been completed. The events can be called up in the Windows Event Viewer.
PAGE 100
Reference: Configuration options Note In order to find a virus or an unwanted program in an archive, the System Scanner must scan up to the recursion level in which the virus or the unwanted program is located. Maximum recursion depth In order to enter the maximum recursion depth, the option Limit recursion depth must be enabled. You can either enter the requested recursion depth directly or by means of the right arrow key on the entry field. The permitted values are 1 to 99.
PAGE 101
Reference: Configuration options Input box In this input box you can enter the name of the file object that is not included in the ondemand scan. No file object is entered as the default setting. The button opens a window in which you can select the required file or the required path. When you have entered a file name with its complete path, only this file is not scanned for infection.
PAGE 102
Reference: Configuration options alternatively suspect documents are only reported, i.e. you receive an alert. This option is enabled as the default setting and is recommended. Advanced Heuristic Analysis and Detection (AHeAD) Enable AHeAD Your Avira program contains a very powerful heuristic in the form of Avira AHeAD technology, which can also detect unknown (new) malware. If this option is enabled, you can define how "aggressive" this heuristic should be. This option is enabled as the default setting.
PAGE 103
Reference: Configuration options Extended When this option is activated, the System Scanner logs alerts and tips in addition to the default information. The report also contains a '(cloud)' suffix to identify the detections from Protection Cloud. Complete When this option is activated, the System Scanner also logs all scanned files. In addition, all files involved as well as alerts and tips are included in the report file.
PAGE 104
Reference: Configuration options Note If Use smart extensions is enabled, the File extensions button cannot be selected. Use file extension list If this option is enabled, only files with a specified extension are scanned. All file types that may contain viruses and unwanted programs are preset. The list can be edited manually via the "File extensions" button. This option is enabled as the default setting and is recommended.
PAGE 105
Reference: Configuration options Monitor network drives If this option is enabled, files on network drives (mapped drives) such as server volumes, peer drives etc., are scanned. Note In order not to reduce the performance of your computer too much, the option Monitor network drives should only be enabled in exceptional cases. Warning If this option is disabled, the network drives are not monitored.
PAGE 106
Reference: Configuration options Max. recursion depth When scanning archives, the Real-Time Protection uses a recursive scan: Archives in archives are also unpacked and scanned for viruses and unwanted programs. You can define the recursion depth. The default value for the recursion depth is 1 and is recommended: all files that are directly located in the main archive are scanned. Max. number of files When scanning archives, you can restrict the scan to a maximum number of files in the archive.
PAGE 107
Reference: Configuration options Ignore Access to the file is permitted and the file is ignored. Overwrite and delete Real-Time Protection overwrites the file with a default pattern before deleting it. It cannot be restored. Warning If Real-Time Protection is set to Scan when writing, the affected file is not written. Default This button allows you to select an action that is activated in the dialog box by default when a virus is detected.
PAGE 108
Reference: Configuration options Note The Secondary action option can only be selected if the Repair setting was selected under Primary action. Repair If this option is enabled, the Real-Time Protection repairs affected files automatically. If the Real-Time Protection cannot repair an affected file, it carries out the action selected under Secondary action. Note An automatic repair is recommended, but means that the Real-Time Protection modifies files on the workstation.
PAGE 109
Reference: Configuration options Warning If Real-Time Protection is set to Scan when writing, the affected file is not written. Secondary action The option Secondary action can only be selected if the Repair option was selected under Primary action. With this option it can now be decided what is to be done with the affected file if it cannot be repaired. Rename If this option is enabled, the Real-Time Protection renames the file. Direct access to these files (e.g.
PAGE 110
Reference: Configuration options Further actions Use event log If this option is enabled, an entry is added to the Windows event log for every detection. The events can be called up in the Windows event viewer. This option is enabled as the default setting. (Option available in expert mode only.) Exceptions With these options you can configure exception objects for the Real-Time Protection (onaccess scan). The relevant objects are then not included in the on-access scan.
PAGE 111
Reference: Configuration options You have the option of excluding processes from monitoring by the Real-Time Protection without full path details. For example: application.exe This however only applies to processes where the executable files are located on hard disk drives. Full path details are required for processes where the executable files are located on connected drives, e.g. network drives. Please note the general information on the notation of Exceptions on connected network drives.
PAGE 112
Reference: Configuration options C:\Directory\*.mdb *.mdb *.md? *.xls* C:\Directory\*.log Directory names must end with a backslash \ . If a directory is excluded, all its sub-directories are automatically also excluded. For each drive you can specify a maximum of 20 exceptions by entering the complete path (starting with the drive letter). For example: C:\Program Files\Application\Name.log The maximum number of exceptions without a complete path is 64. For example: *.
PAGE 113
Reference: Configuration options excluded from the Real-Time Protection scan. If the UNC path in the list of exceptions differs from the UNC path used to connect to the network drive (IP address specification in the list of exceptions – specification of computer name for connection to network drive), the specified folders and files are NOT excluded by the Real-Time Protection scan.
PAGE 114
Reference: Configuration options  \\1.0.0.0\Shared1\*.mdb All files with the extension 'mdb’ are excluded from the Real-Time Protection scan accessed via a connection '\\1.0.0.0\Shared1'. This is generally a connected network drive which accesses another computer with a shared folder via the IP address '1.0.0.0' and the shared name 'Shared1'. Heuristic This configuration section contains the settings for the heuristic of the scan engine. (Options available in expert mode only.
PAGE 115
Reference: Configuration options 11.2.2 ProActiv ProActiv (Option available in expert mode only.) Enable ProActiv If this option is enabled, programs on your system are monitored and checked for suspicious actions. You will receive a message if typical malware behavior is detected. You can block the program or select "Ignore" to continue to use the program.
PAGE 116
Reference: Configuration options is then categorized as "clean" or "malware". Unknown program files are uploaded to the Protection Cloud for analysis. Confirm manually when sending suspicious files to Avira You can see a list of the suspicious files that should be sent to the Protection Cloud, and you can choose which files you want to send. Blocked applications Under Applications to be blocked you can enter applications which you classify as harmful and which you want Avira ProActiv to block by default.
PAGE 117
Reference: Configuration options Allowed applications The section Applications to be skipped lists the applications excluded from monitoring by the ProActiv component: signed programs classified as trusted and included in list by default, all applications classified as trusted and added to the application filter: You can add permitted applications to the list in Configuration.
PAGE 118
Reference: Configuration options The button opens a window in which you can select the application to be excluded. Add With the "Add" button you can transfer the application specified in the input box to the list of applications to be excluded. Delete The "Delete" button lets you remove a highlighted application from the list of applications to be excluded. 11.2.
PAGE 119
Reference: Configuration options the log file exceeds the indicated size by more than 50 kilobytes, then old entries are deleted until the indicated size minus 50 kilobytes is reached. Back up report file before shortening If this option is enabled, the report file is backed up before shortening. For the save location see Report directory. Write configuration to report file If this option is enabled, the configuration of the on-access scan is recorded in the report file.
PAGE 120
Reference: Configuration options %INSTALLDIR% C:\Program Files\Avira\Antivir Desktop ** %AVAPPDATA% C:\Documents and Settings\All Users\Avira\AntiVir Desktop ** The paths marked with ** are language dependent. The above mentioned examples name the relevant paths on an English operating system. 11.3.
PAGE 121
Reference: Configuration options Note If you configure your Avira product in the Avira Management Console, automatic updates are not available. Automatic update Activate If this option is enabled, automatic updates are performed for the enabled events at the specified interval. All n Day(s) / Hour(s) / Minute(s) In this box you can specify the interval at which the automatic update is performed.
PAGE 122
Reference: Configuration options Note You can access further settings for updating via a file server under: Configuration > Local protection > Update > File server. If this option is enabled, you can configure the file server you are using. 11.4.1 File server In the case of more than one workstation on a network, your Avira product can download an update from a file server in the intranet, which in turn obtains the update files from a proprietary download server on the Internet.
PAGE 123
Reference: Configuration options 11.4.2 Web Server Web server The update can be performed directly via a web server on the Internet or the intranet. (Options available in expert mode only.) Web server connection Use existing connection (network) This setting is displayed if your connection is used via a network. Use the following connection This setting is displayed if you define your connection individually. The Updater automatically detects which connection options are available.
PAGE 124
Reference: Configuration options Download Priority server In this field, enter the update directory and URL of the web server that will first be requested to provide the update. If this server cannot be reached, the standard servers indicated will be used. The format for the address of the web server is as follows: http://[:port]/update. If you do not specify a port, port 80 will be used.
PAGE 125
Reference: Configuration options Address Enter the computer name or IP address of the proxy server you want to use to connect to the web server. Port Please enter the port number of the proxy server you want to use to connect to the web server. Login name Enter a user name to log in on the proxy server. Login password Enter the relevant password for logging in on the proxy server here. For security reasons, the actual characters you type in this space are replaced by asterisks (*).
PAGE 126
Reference: Configuration options Note The default Security level setting for all predefined rules of the Avira FireWall is Medium. ICMP protocol The Internet Control Message Protocol (ICMP) is used to exchange error and information messages on networks. The protocol is also used for status messages with ping or tracer. With this rule, you can define the incoming and outgoing blocked message types, the behavior in case of flooding and the reaction to fragmented ICMP packets.
PAGE 127
Reference: Configuration options Assume Flooding With a mouse click on the link, a dialog box is displayed where you can enter the maximum allowed ICMP delay. Example: 50 milliseconds. Fragmented ICMP packets With a mouse click on the link, you have the choice between Reject and Don't reject fragmented ICMP packets. TCP port scan With this rule, you can define when a TCP port scan is assumed by the FireWall and what should be done in this case.
PAGE 128
Reference: Configuration options Rule With a mouse click on the link you have the choice between add and don't add the rule to block the TCP port scan attack. UDP Port Scan With this rule, you can define when a UDP port scan is assumed by the FireWall and what should be done in this case. This rule prevents so-called UDP port scan attacks that result in a detection of open UDP ports on your computer.
PAGE 129
Reference: Configuration options Incoming Rules Incoming rules are defined to control incoming data traffic by the Avira FireWall. Warning When a packet is filtered, the corresponding rules are applied successively, therefore the rule order is very important. Change the rule order only if you are completely aware of what you are doing. Predefined rules for the TCP traffic monitor Avira Professional Security - User Manual (Status: 14 Dec.
PAGE 130
Reference: Configuration options Setting Rules Low No incoming data traffic is blocked by the Avira FireWall. Medium Allow Established TCP Connections on 135 Allow TCP packets from address 0.0.0.0 with mask 0.0.0.0 if local ports in {135} and remote port is in {0-65535}. Apply for packets of existing connections. Don't log when packet matches rule. Advanced: Discard packets that have following bytes with mask at offset 0. Deny TCP packets on 135 Deny TCP packets from address 0.0.0.
PAGE 131
Reference: Configuration options With a mouse click on the link you have the choice to allow or deny special defined incoming TCP packets. IP address By clicking on this link with the mouse, a dialog box opens in which you can enter the required IPv4 or IPv6 address. IP mask By clicking on this link with the mouse, a dialog box opens in which you can enter the required IPv4 or IPv6 mask.
PAGE 132
Reference: Configuration options Predefined rules for the UDP data traffic monitor Setting Rules Low - Medium UDP accepted traffic monitor Allow UDP packets from address 0.0.0.0 with mask 0.0.0.0 if local port is in {0- 66535} and remote port is in {0-66535}. Apply rule to open ports for all streams. Don't log when packet matches rule. Advanced: Discard packets that have following bytes with mask at offset 0. Discard UDP traffic Deny UDP packets from address 0.0.0.0 with mask 0.0.0.
PAGE 133
Reference: Configuration options Local ports With a mouse click on this link a dialog box appears in which you can define the local port number(s) or complete port ranges. Remote ports With a mouse click on this link a dialog box appears in which you can define the remote port number(s) or complete port ranges. Application method Ports With a mouse click on this link you have the choice to apply this rule to all ports or only to all opened ports.
PAGE 134
Reference: Configuration options Predefined rules for the ICMP traffic monitor Setting Rules Low - Medium Do not discard ICMP based on IP address Allow ICMP packets from address 0.0.0.0 with mask 0.0.0.0. Don't log when packet matches rule. Advanced: Discard packets that have following bytes with mask at offset 0. High Same rule as for medium level. Allow/ Deny ICMP packets With a mouse click on the link you have the choice to allow or deny special defined incoming ICMP packets.
PAGE 135
Reference: Configuration options Filtered content: offset With a mouse click on the link a dialog box appears in which you can define the filtered content offset. The offset is computed from where ICMP header ends. Predefined rules for IP packets Setting Rules Low - Medium - High Deny all IP packets Deny IPv4 packets from address 0.0.0.0 with mask 0.0.0.0. Don't log when packet matches rule.
PAGE 136
Reference: Configuration options Warning When a packet is filtered, the corresponding rules are applied successively, therefore the rule order is very important. Change the rule order only if you are completely aware of what you are doing. Buttons to manage the rules Button Description Add rule Allows you to create a new rule. If you press this button, the Add new rule dialog box is opened. In this dialog box you can select new rules. Remove rule Removes the selected rule.
PAGE 137
Reference: Configuration options 11.5.2 Application rules Application rules for user This list contains all users in the system. If you are logged in as an administrator, you can select the user to whom you want to apply the rules. If you are not a privileged user, you can see only the user currently logged on. Application This table shows the list of applications for which rules are defined.
PAGE 138
Reference: Configuration options Column Description Application Name of the application. Active Connections Number of active connections opened by the application. Action Shows the action that the Avira FireWall will automatically take when the application is using the network, whatever the network usage type is. If you choose Basic in the Filtering column, you can click the link to select another action type. The values are Ask, Allow, or Deny.
PAGE 139
Reference: Configuration options Allow/ Deny passive listening to the application of ports Allow/ Deny Traffic Allow or deny incoming and/or outgoing IP packets Allow or deny incoming and/or outgoing TCP packets Allow or deny incoming and/or outgoing UDP packets You can create as many application rules as you like for each application. The application rules are executed in the sequence shown (You will find more information under Advanced application rules).
PAGE 140
Reference: Configuration options 11.5.3 Trusted vendors A list of trusted software producers is displayed under Trusted vendors. (Options available in expert mode only.) You can add / remove producers to / from the list using the Always trust this provider option in the Network Event popup window. You can allow network access from applications that are signed by the listed providers by default, by enabling the Automatically allow applications created by trusted vendors option.
PAGE 141
Reference: Configuration options Note The FireWall prioritizes application rules before making entries in the list of trusted vendors: If you have created an application rule and the application provider is listed in the list of trusted vendors, the application rule will be executed. 11.5.4 Settings Options available in expert mode only.
PAGE 142
Reference: Configuration options Applications blocked If the option is activated, you will receive a desktop notification if the FireWall has denied, i.e. blocked, network activity by an application. IP blocked If the option is activated, you will receive a desktop notification if the FireWall has denied, i.e. blocked, data traffic from an IP address. Application rules The application rules options are used to set the configuration options for application rules in the FireWall > Application rules section.
PAGE 143
Reference: Configuration options Always disabled When this option is enabled, the option "Remember action for this application" of the dialog box "Network event" is disabled as the default setting. Enabled for signed applications When this option is enabled, the option "Remember action for this application" of the dialog box "Network event" is automatically enabled during network access by signed applications. Signed applications are distributed by so-called "trusted vendors" (see Trusted Vendors).
PAGE 144
Reference: Configuration options  The FireWall settings apply to all users of the client computer  Adapter rules: Security levels for individual adapters can be set using context menus  Application rules: Network access by applications can be allowed or denied. There is no way of creating specific application rules.
PAGE 145
Reference: Configuration options  Default adapter: LAN or high-speed Internet  Wireless  Dial-up connection From the adapter's context menu (in the Generic adapter rules window, right-click My Computer or Default, Wireless, Dial-up, etc) you can specify predefined adapter rules for each available adapter:  Set security level Low  Set security level Medium  Set security level High You also have the option of modifying individual adapter rules to suit your own particular requirements.
PAGE 146
Reference: Configuration options Setting Rules Low Incoming blocked types: no type. Outgoing blocked types: no type. Assume flooding if delay between packets is less than 50 ms. Reject fragmented ICMP packets. Medium Same rule as for the low level. High Incoming blocked types: several types Outgoing blocked types: several types Assume flooding if delay between packets is less than 50 ms. Reject fragmented ICMP packets.
PAGE 147
Reference: Configuration options used to search a computer for weak spots and is often followed by more dangerous attack types. Predefined rules for the TCP port scan Setting Rules Low Assume a TCP port scan if 50 or more ports were scanned in 5,000 milliseconds. When detected, log attacker's IP and don't add rule to block the attack. Medium Assume a TCP port scan if 50 or more ports were scanned in 5,000 milliseconds. When detected, log attacker's IP and add rule to block the attack.
PAGE 148
Reference: Configuration options Setting Rules Low Assume a UDP port scan if 50 or more ports were scanned in 5,000 milliseconds. When detected, log attacker's IP and don't add rule to block the attack. Medium Assume a UDP port scan if 50 or more ports were scanned in 5,000 milliseconds. When detected, log attacker's IP and add rule to block the attack. High Same rule as for medium level.
PAGE 149
Reference: Configuration options Setting Rules Low No incoming data traffic is blocked by the Avira FireWall. Medium  Allow established TCP connections on 135 Allow TCP packets from address 0.0.0.0 with mask 0.0.0.0 if local ports in {135} and remote ports in {0-65535}. Apply for packets of existing connections. Don't log when packet matches rule. Advanced: Discard packets that have following bytes with mask at offset 0  Deny TCP packets on 135 Deny TCP packets from address 0.0.0.
PAGE 150
Reference: Configuration options High Monitor established TCP data traffic Allow TCP packets from address 0.0.0.0 with mask 0.0.0.0 if local ports in {0-65535} and remote ports in {0-65535}. Apply for packets of existing connections. Don't log when packet matches rule. Advanced: Discard packets that have following bytes with mask at offset 0. Accept / reject TCP packets With a mouse click on the link you have the choice to allow or deny special defined incoming TCP packets.
PAGE 151
Reference: Configuration options Filtered content: Data With a mouse click on the link a dialog box appears in which you can select a file that contains the specific buffer. Filtered content: Mask With a mouse click on the link a dialog box appears in which you can select the specific mask. Filtered content: Offset With a mouse click on the link a dialog box appears in which you can define the filtered content offset. The offset is computed from where TCP header ends.
PAGE 152
Reference: Configuration options High Monitor established UDP traffic Allow UDP packets from address 0.0.0.0 with mask 0.0.0.0 if the local port is in range {0-65535} and the remote port is in range {53, 67, 68, 123}. Apply rule to open ports. Don't log when packet matches rule. Advanced: Discard packets that have following bytes with mask at offset 0. Accept / reject UDP packets With a mouse click on the link you have the choice to allow or deny special defined incoming UDP packets.
PAGE 153
Reference: Configuration options Filtered content: Data With a mouse click on the link a dialog box appears in which you can select a file that contains the specific buffer. Filtered content: Mask With a mouse click on the link a dialog box appears in which you can select the specific mask. Filtered content: Offset With a mouse click on the link a dialog box appears in which you can define the filtered content offset. The offset is computed from where UDP header ends.
PAGE 154
Reference: Configuration options The advanced feature enables content filtering. For example packets can be rejected if they contain some specific data at a certain offset. If you do not want to use this option do not select a file or choose an empty file. Filtered content: Data With a mouse click on the link a dialog box appears in which you can select a file that contains the specific buffer.
PAGE 155
Reference: Configuration options Report file By clicking on the link with the mouse you can decide whether to write to a report file or not if the package complies with the rule. Incoming IP Protocol rule IP packages By clicking on the link with the mouse, you can decide whether you want to accept or reject specially defined IP packages. IP address By clicking on this link with the mouse, a dialog box opens in which you can enter the required IPv4 or IPv6 address.
PAGE 156
Reference: Configuration options Button Description Add rule Allows you to create a new rule. If you press this button, the "Add new rule" dialog box is opened. In this dialog box you can select new rules. Remove rule Removes the selected rule. Rule up Moves the selected rule up one line, i.e. increases the rule priority. Rule down Moves the selected rule down one line, i.e. reduces the rule priority. Rename rule Allows you to give the selected rule another name.
PAGE 157
Reference: Configuration options Application list This table shows the list of applications for which rules are defined. The symbols indicate whether network access by the applications is allowed or denied. The rules for the applications can be changed using a context menu. Buttons Button Description Add by path This button opens a dialog box in which you can select applications. The application is added to the application list with the rule "Allow".
PAGE 158
Reference: Configuration options Buttons Button Description Add This button opens a dialog box in which you can select applications. The manufacturer of the application is established and added to the list of trusted vendors. Add group This button opens a dialog box in which you can select a directory. The manufacturers of all the applications in the selected path are established and added to the list of trusted vendors. Remove The highlighted entry is removed from the list of trusted vendors.
PAGE 159
Reference: Configuration options Port scan If the option is activated, you will receive a desktop notification if a port scan has been detected by the FireWall. Flooding If the option is activated, you will receive a desktop notification if a flooding attack has been detected by the FireWall. Applications blocked If the option is activated, you will receive a desktop notification if the FireWall has denied, i.e. blocked, network activity by an application.
PAGE 160
Reference: Configuration options Enabled for signed applications When this option is enabled, the option "Remember action for this application" of the dialog box "Network event" is automatically enabled during network access by signed applications. The manufacturers are: Microsoft, Mozilla, Opera, Yahoo, Google, Hewlet Packard, Sun, Skype, Adobe, Lexmark, Creative Labs, ATI, nVidia.
PAGE 161
Reference: Configuration options used to set the behavior of the Web Protection component. (Options available in expert mode only.) Scan Enable Web Protection If this option is enabled, the Web Protection feature is active. Enable IPv6 support If this option is enabled, Internet Protocol version 6 is supported by the Web Protection. Drive-by protection Drive-by protection allows you to make settings to block I-Frames, also known as inline frames. I-Frames are HTML elements, i.e.
PAGE 162
Reference: Configuration options In this box actions can be specified, which can be selected to be displayed in case of a virus detection. You must activate the corresponding options for this. Deny access The website requested from the web server and/or any data or files transferred are not sent to your web browser. An error message to notify you that access has been denied is displayed in the web browser. Web Protection logs the detection to the report file if the report function is activated.
PAGE 163
Reference: Configuration options file can be recovered from the quarantine manager if it has any informative value or - if necessary - sent to the Avira Malware Research Center. Ignore The website requested from the web server and/ or the data and files that were transferred are forwarded on by Web Protection to your web browser. Access to the file is permitted and the file is ignored.
PAGE 164
Reference: Configuration options Note No wildcards (* for any number of characters or ? for a single character) can be used when entering file types and MIME types. MIME types: Examples for media types: text = for text files image = for graphics files video = for video files audio = for sound files application = for files linked to a particular program      Examples of excluded file and MIME types application/octet-stream = application/octet-stream MIME type files (executable files *.bin, *.exe, *.
PAGE 165
Reference: Configuration options Note The web filter is ignored for entries in the list of excluded URLs under Web Protection > Scan > Exceptions. Note Spam URLs are URLs sent with spam emails. The Fraud / Deception category covers web pages with “Subscription Expires” and other offers of services whose costs are hidden by the provider.
PAGE 166
Reference: Configuration options by Web Protection: For all entries on the exclusion list, the entries on the list of file and MIME types to be blocked are ignored. No scan for viruses and malware is performed.
PAGE 167
Reference: Configuration options .domainname.* *.domainname.com .*name*.com (valid but not recommended) Specifications without dots, like *name*, are interpreted as part of a top-level domain and are not advisable. Warning All websites on the list of excluded URLs are downloaded into the Internet browser without further scanning by the web filter or by Web Protection: For all entries in the list of excluded URLs, the entries in the web filter (see Web Protection > Scan > Blocked requests) are ignored.
PAGE 168
Reference: Configuration options Warning Enter the URLs you want to exclude from the Web Protection scan as precisely as possible. Avoid specifying an entire top-level domain or parts of a secondlevel domain because there is a risk that Internet pages that distribute malware and undesirable programs will be excluded from the Web Protection scan through global specifications under exclusions. You are recommended to specify at least the complete second-level domain and the top-level domain: domainname.
PAGE 169
Reference: Configuration options High detection level If this option is enabled, significantly more unknown malware is detected, but there are also likely to be false positives. 11.7.2 Report The Web Protection includes an extensive logging function to provide the user or administrator with exact notes about the type and manner of a detection. Reporting This group allows for the content of the report file to be determined. Off If this option is enabled, then Web Protection does not create a log.
PAGE 170
Reference: Configuration options Note If you have not specified any report file restriction, older entries are automatically deleted when the report file reaches 100MB. Entries are deleted until the size of the report file reaches 80 MB. 11.8 Mail Protection The Mail Protection section of the Configuration is responsible for the configuration of the Mail Protection. 11.8.1 Scan Use Mail Protection to scan incoming emails for viruses and malware .
PAGE 171
Reference: Configuration options Default This button resets the specified port to the default IMAP port. (Option available in expert mode only.) Scan outgoing emails (SMTP) If this option is enabled, outgoing emails are scanned for viruses and malware. Monitored ports In this field you should enter the port to be used as the outbox by the SMTP protocol. Multiple ports are separated by commas. (Option available in expert mode only.) Default This button resets the specified port to the default SMTP port.
PAGE 172
Reference: Configuration options In this box actions can be specified, which can be selected to be displayed in case of a virus detection. You must activate the corresponding options for this. Move to quarantine When this option has been activated, the email including all attachments is moved to quarantine. It can be later be delivered via the quarantine manager. The affected email is deleted. The body of the text and any attachments of the email are replaced by a default text.
PAGE 173
Reference: Configuration options Ignore If this option is enabled, the affected email is ignored despite detection of a virus or unwanted program. However, you can decide what is to be done with the affected attachment. Move to quarantine If this option is enabled, the complete email including all attachments is placed in Quarantine if a virus or unwanted program is found. If required, it can later be restored. The affected email itself is deleted.
PAGE 174
Reference: Configuration options Default text for deleted and moved emails The text in this box is inserted in the email as a message instead of the affected email. You can edit this message. A text may contain a maximum of 500 characters. You can use the following key combination for formatting: Ctrl + Enter = inserts a line break. Default The button inserts a pre-defined default text in the edit box.
PAGE 175
Reference: Configuration options you can define how "aggressive" this heuristic should be. This option is enabled as the default setting. Low detection level If this option is enabled, slightly less unknown malware is detected, the risk of false alerts is low in this case. Medium detection level This option combines a strong detection level with a low risk of false alerts. Medium is the default setting if you have selected the use of this heuristic.
PAGE 176
Reference: Configuration options Malware When this option is enabled, the email address is no longer scanned for malware. Up You can use this button to move a highlighted email address to a higher position. If no entry is highlighted or the highlighted address is at the first position in the list, this button is not enabled. Down You can use this button to move a highlighted email address to a lower position.
PAGE 177
Reference: Configuration options Attach Mail Protection footer If this option is enabled, the Avira Mail Protection footer is displayed beneath the message text of the sent email. The Avira Mail Protection footer confirms that the sent email has been scanned for viruses and unwanted programs by Avira .
PAGE 178
Reference: Configuration options Limit size to n MB If this option is enabled, the report file can be limited to a certain size; possible values: Permitted values are between 1 and 100 MB. Around 50 kilobytes of extra space are allowed when limiting the size of the report file to minimize the use of system resources. If the size of the log file exceeds the indicated size by more than 50 kilobytes, then old entries are deleted until the indicated size minus 50 kilobytes is reached.
PAGE 179
Reference: Configuration options SMTP Server Enter the name of the host to be used here - either its IP address or the direct host name. The maximum possible length of the host name is 127 characters. For example: 192.168.1.100 or mail.samplecompany.com. Port Enter the port to be used here. Sender address In this input box, enter the email address of the sender. The maximum length of the sender's address is 127 characters.
PAGE 180
Reference: Configuration options  Backdoor Clients  Dialer  Double Extension Files  Fraudulent software  Games  Jokes  Phishing  Programs that violate the private domain  Unusual runtime packers By clicking on the relevant box, the selected type is enabled (check mark set) or disabled (no check mark). Select all If this option is enabled, all types are enabled. Default values This button restores the predefined default values.
PAGE 181
Reference: Configuration options Note The password is case-sensitive! Areas protected by password (Options available in expert mode only) Your Avira product can protect individual areas with a password. By clicking the relevant box, the password request can be disabled or re-enabled for individual areas as required. Password-protected area Function Control Center If this option is enabled, the pre-defined password is required to start the Control Center.
PAGE 182
Reference: Configuration options Restore affected objects If this option is enabled, the pre-defined password is required to restore an object. Rescan affected objects If this option is enabled, the pre-defined password is required to rescan an object. Affected object properties If this option is enabled, the pre-defined password is required to display the properties of an object. Delete affected objects If this option is enabled, the pre-defined password is required to delete an object.
PAGE 183
Reference: Configuration options Installation / uninstallation If this option is enabled, the pre-defined password is required for installation or uninstallation of the program. 11.9.3 Security Options available in expert mode only. Autorun Block autorun function If this option is enabled, the execution of the Windows autorun function is blocked on all connected drives, including USB sticks, CD and DVD drives and network drives.
PAGE 184
Reference: Configuration options Protect processes from unwanted termination If this option is enabled, all processes of the program are protected against unwanted termination by viruses and malware or against 'uncontrolled' termination by a user, e.g. via Task-Manager. This option is enabled as the default setting. Advanced process protection If this option is enabled, all processes of the program are protected with advanced options against unwanted termination.
PAGE 185
Reference: Configuration options 11.9.4 WMI Options available in expert mode only. Support for Windows Management Instrumentation Windows Management Instrumentation is a basic Windows management technology that uses script and programming languages to allow read and write access, both local and remote, to settings on Windows systems. Your Avira product supports WMI and provides data (status information, statistical data, reports, planned requests, etc.
PAGE 186
Reference: Configuration options Address Enter the computer name or IP address of the proxy server you want to use to connect to the web server. Port Please enter the port number of the proxy server you want to use to connect to the web server. Login name Enter a user name to log in on the proxy server. Login password Enter the relevant password for logging in on the proxy server here. For security reasons, the actual characters you type in this space are replaced by asterisks (*).
PAGE 187
Reference: Configuration options The list in this window shows names of computers that receive a message when a virus or unwanted program is found. Note A computer can always be entered only once in this list. Insert With this button you can add a further computer. A window is opened in which you can enter the names of new computers. A computer name can be a maximum of 15 characters long. The button opens a window in which you can alternatively select a computer directly from your computer environment.
PAGE 188
Reference: Configuration options Shortcut Description Ctrl + Tab Inserts a tab The current line is indented by several characters to the right. Ctrl + Enter Inserts a line break The message can include wildcards for information found during the search. These wildcards are replaced by the actual text when sent.
PAGE 189
Reference: Configuration options Note To be able to activate this option, at least one recipient must be entered under Configuration > General > Alerts > Network. Message to be sent The window shows the message sent to the selected workstation when a virus or unwanted program is detected. You can edit this message. A text may contain a maximum of 500 characters.
PAGE 190
Reference: Configuration options  System Scanner email alerts  Updater email alerts Note Please note that ESMTP is not supported. In addition, an encrypted transfer via TLS (Transport Layer Security) or SSL (Secure Sockets Layer) is currently not possible. Email messages SMTP Server Enter the name of the host to be used here - either its IP address or the direct host name. The maximum possible length of the host name is 127 characters. For example: 192.168.1.100 or mail.samplecompany.com.
PAGE 191
Reference: Configuration options Real-Time Protection email alerts Avira Real-Time Protection can send alerts by email to one or more recipients for certain events. Email alerts If this option is enabled, Avira Real-Time Protection sends email messages with the most important information when a certain event occurs. This option is disabled as the default setting.
PAGE 192
Reference: Configuration options System Scanner email alerts With certain events, the on-demand scan can send alerts and messages via email to one or more recipients. Email alerts If this option is enabled, the program sends email messages with the most important information when a certain event occurs. This option is disabled as the default setting.
PAGE 193
Reference: Configuration options Email alerts If this option is enabled, the Update component sends email messages with the most important data when a specific event occurs. This option is disabled as the default setting. Email messages for the following events No update necessary. Your program is up-to-date If this option is enabled, an email is sent if the Updater has successfully made a connection to the download server but there are no new files available on the server.
PAGE 194
Reference: Configuration options Note Alerts are always sent by email for the following events if an SMTP server and a recipient address have been configured for Updater notifications: A product update is required for every further update of the program. An update of the scanning engine or of the virus definition file could not be performed as a product update is necessary. These alerts are sent irrespective of your email warning settings for the Update component.
PAGE 195
Reference: Configuration options %MODULENAME% Name of the component sending the email %MODULEVER% Version of the component sending the email Specific component variables Variable Value Component emails %ENGINEVER% Version of scan engine used Realtime Protection System Scanner %VDFVER% Version of virus definition file used Realtime Protection System Scanner %SOURCE% Fully qualified file name Real-Time Protection %VIRUSNAME% Name of the virus or unwanted program Realtime Protection %ACTION
PAGE 196
Reference: Configuration options %UPDATEURL% URL of download server used for update Updater %UPDATE_ERROR% Update error in words Updater %DIRCOUNT% Number of scanned directories System Scanner %FILECOUNT% Number of files scanned System Scanner %MALWARECOUNT% Number of viruses or unwanted programs detected System Scanner %REPAIREDCOUNT% Number of infected files repaired System Scanner %RENAMEDCOUNT% Number of infected files renamed System Scanner %DELETEDCOUNT% Number of infected files d
PAGE 197
Reference: Configuration options %START_TIME% Start time of the scan: Start time of the update System Scanner, Updater %END_TIME% End of the scan End of the update System Scanner, Updater %TIME_TAKEN% Duration of scan in minutes System Duration of the update in minutes Scanner, Updater %LOGFILEPATH% Path and file name of the report file System Scanner, Updater Acoustic alerts Options available in expert mode only.
PAGE 198
Reference: Configuration options WAVE file In this input box you can enter the name and the associated path of an audio file of your choice. The program's default acoustic signal is entered as standard. The button opens a window in which you can select the required file with the aid of the file explorer. Test This button is used to test the selected WAVE file.
PAGE 199
Reference: Configuration options Update failed If this option is enabled, you will receive a desktop notification whenever an update fails: No connection to the download server could be created or the update files could not be installed. No update necessary If this option is enabled, you will receive a desktop notification whenever an update is started but installation of the files is not necessary as your program is up to date. 11.9.7 Events Options available in expert mode only.
PAGE 200
Reference: Configuration options Delete all reports older than n day(s) If this option is enabled, reports are automatically deleted after a specific number of days. Permissible values are: 1 to 90 days. This option is enabled as the default setting, with a value of 30 days. No limit If this option is enabled, the number of reports is not restricted. 11.9.9 Directories Options available in expert mode only.
PAGE 201
Reference: Configuration options Default The button restores the pre-defined path to the report directory. Quarantine directory Input box This box contains the path to the quarantine directory. The button opens a window in which you can select the required directory. Default The button restores the predefined path to the quarantine directory. Avira Professional Security - User Manual (Status: 14 Dec.
PAGE 202
This manual was created with great care. However, errors in design and contents cannot be excluded. The reproduction of this publication or parts thereof in any form is prohibited without previous written consent from Avira Operations GmbH & Co. KG. Issued Q4-2012 Brand and product names are trademarks or registered trademarks of their respective owners. Protected trademarks are not marked as such in this manual. However, this does not mean that they may be used freely. © 2012 Avira Operations GmbH & Co.