U SER G UIDE KASPERSKY ANTI-VIRUS 2010
Dear User! Thank you for choosing our product. We hope that this documentation will help you in your work and will provide answers to most of the questions regarding this software product. Any type of reproduction or distribution of any materials, including translations, is allowed only with the written permission of Kaspersky Lab. This document and graphic images related to it may be used exclusively for informational, non-commercial, and personal purposes.
CONTENTS INTRODUCTION ........................................................................................................................................................... 9 Distribution kit .......................................................................................................................................................... 9 Services provided for registered users...................................................................................................................
KASPERSKY ANTI-VIRUS 2010 Security Management ............................................................................................................................................ 33 Protection status .................................................................................................................................................... 34 Pausing protection ....................................................................................................................................
CONTENTS Selecting the scan method..................................................................................................................................... 66 Using heuristic analysis ......................................................................................................................................... 67 PROACTIVE DEFENSE ..............................................................................................................................................
KASPERSKY ANTI-VIRUS 2010 Mail Anti-Virus ........................................................................................................................................................ 95 Web Anti-Virus ....................................................................................................................................................... 96 IM Anti-Virus .................................................................................................................................
CONTENTS Suspicious link detected ...................................................................................................................................... 136 Invalid certificate detected ................................................................................................................................... 136 VALIDATING KASPERSKY ANTI-VIRUS SETTINGS ..............................................................................................
KASPERSKY ANTI-VIRUS 2010 Libjpeg 6b library ................................................................................................................................................. 169 Libungif 3.0 library ............................................................................................................................................... 171 Libxdr library ....................................................................................................................................
INTRODUCTION IN THIS SECTION: Distribution kit .................................................................................................................................................................... 9 Services provided for registered users .............................................................................................................................. 9 Hardware and software system requirements ........................................................................................
KASPERSKY ANTI-VIRUS 2010 SERVICES PROVIDED FOR REGISTERED USERS Kaspersky Lab offers an extensive service package to all legally registered users, thus enabling them to boost the application's performance.
KASPERSKY ANTI-VIRUS 2010 Kaspersky Anti-Virus 2010 is a new generation of information security solutions. What really sets Kaspersky Anti-Virus 2010 apart from other software, even from other Kaspersky Lab products, is the multifaceted approach to data security on the user's computer. IN THIS SECTION: Obtaining information about the application ....................................................................................................................
KASPERSKY ANTI-VIRUS 2010 On this page, you will find the articles created by Technical Support Service specialists. These articles contain useful information, recommendations and FAQ on purchasing, installation and use of the application. They are assorted by their subject, such as Managing key files, Setting database updates, or Eliminating operation failures.
KASPERSKY ANTI-VIRUS 2010 Describe the problem you have encountered in the request web form providing as much detail as possible. Specify the following in the mandatory fields: Request type. Select the subject that corresponds to the problem the most strictly, for example: Problem with product installation/uninstallation, or Problem with searching/eliminating viruses. If you have not found an appropriate topic, select "General Question". Application name and version number. Request text.
WHAT'S NEW IN KASPERSKY ANTI-VIRUS 2010 Kaspersky Anti-Virus 2010 is a comprehensive data protection tool. The multifaceted protection covers all channels for data transfer and exchange. Flexible configuration provided for any component lets users completely adapt Kaspersky Anti-Virus to their specific needs. Let us take a closer look at the innovations in Kaspersky Anti-Virus 2010.
THE CONCEPT OF YOUR COMPUTER PROTECTION Kaspersky Anti-Virus ensures protection of your computer against known and new threats. Each type of threat is processed by a separate application component. This makes setup flexible, with easy configuration options for all components, which can be tailored to the needs of a specific user or the business as a whole.
KASPERSKY ANTI-VIRUS 2010 Mail Anti-Virus (see page 51) Mail Anti-Virus scans all incoming and outgoing email messages on your computer. It analyzes emails for malicious programs. The email is available to the addressee only if it does not contain dangerous objects. The component also analyzes email messages to detect phishing. Web Anti-Virus (see page 58) Web Anti-Virus intercepts and blocks scripts on websites if they pose a threat. All HTTP traffic is subject to careful inspection.
THE CONCEPT OF YOUR COMPUTER PROTECTION Network Monitor The component designed to view information about network activity in real-time mode. Anti-Banner Anti-Banner blocks advertising information located on banners built into interfaces of various programs installed on your computer, or displayed online. Parental Control The Parental Control component monitors the users' access to web resources.
KASPERSKY ANTI-VIRUS 2010 WIZARDS AND TOOLS Ensuring computer's security is a difficult task that requires the expertise in operating system's features and in ways of exploiting its weak points. Besides, the volume and diversity of information about system security makes its analysis and processing difficult.
THE CONCEPT OF YOUR COMPUTER PROTECTION Support All registered Kaspersky Anti-Virus users can take advantage of our Technical Support Service. For more details about the conditions of service, use the Support option. By following the links you can access the Kaspersky Lab product users' forum, send an error report to Technical Support, or give application feedback by completing a special online form. Also, you may contact the online Technical Support and Personal User Cabinet services.
INSTALLING KASPERSKY ANTI-VIRUS Kaspersky Anti-Virus is installed in interactive mode using the Installation Wizard. Before beginning the installation, you are advised to close all applications currently running. To install Kaspersky Anti-Virus on your computer, run the installation file (file with the .exe extension) on the product CD. Installing Kaspersky Anti-Virus from the installation file downloaded via the Internet, is identical to installing the application from the CD.
INSTALLING KASPERSKY ANTI-VIRUS STEP 1. SEARCHING FOR A NEWER VERSION OF THE APPLICATION Before the installation, the application searches for a newer version of Kaspersky Anti-Virus on Kaspersky Lab's update servers. If no newer versions are found on Kaspersky Lab's update servers, the Installation Wizard of current version will be run. If a newer version of Kaspersky Anti-Virus is found on the update servers, you will be offered to download and install it.
KASPERSKY ANTI-VIRUS 2010 STEP 5. KASPERSKY SECURITY NETWORK DATA COLLECTION STATEMENT At this step, you will be offered to take part in the Kaspersky Security Network program. Participating in the program consists in sending Kaspersky Lab information about new threats detected on your computer, in sending the unique ID number assigned to your computer by Kaspersky Anti-Virus, and the system information. At that, the company guarantees that privacy data will not be disclosed.
INSTALLING KASPERSKY ANTI-VIRUS To select a component for the installation, open the context menu on the icon next to the component's name, and select the This feature will be installed on the local hard drive item. When you have finished selecting components to be installed, click the Next button. To return to the default list of components to be installed, click the Reset button. STEP 8.
KASPERSKY ANTI-VIRUS 2010 If the application is being remotely installed using Windows Remote Desktop, you are advised to uncheck the Protect the installation process box. If this box is checked, the installation procedure may be left unfinished or performed incorrectly. To proceed with the installation, click the Install button. When installing Kaspersky Anti-Virus components, which intercept network traffic, current network connections will be terminated.
GETTING STARTED One of the main goals of Kaspersky Lab in creating Kaspersky Anti-Virus was to provide the optimum configuration of the application. This allows users with any level of computer literacy to ensure his or her computer's protection immediately after the installation without wasting his or her precious time upon the settings.
KASPERSKY ANTI-VIRUS 2010 APPLICATION CONFIGURATION WIZARD The Application Configuration Wizard starts after the installation is complete. It is designed to help you configure the initial settings of Kaspersky Anti-Virus, based on the features and tasks of your computer. The Application Configuration Wizard's interface is a series of steps in windows that you can navigate, using the Back button and the Next link, or close using the Cancel button. DETAILED DISCUSSION OF THE WIZARD STEPS Step 1.
GETTING STARTED SEE ALSO: Activating the commercial version ................................................................................................................................... 27 Activating trial version...................................................................................................................................................... 27 Completing activation ...................................................................................................................
KASPERSKY ANTI-VIRUS 2010 STEP 2. SELECTING PROTECTION MODE Select the protection mode provided by Kaspersky Anti-Virus. Two modes are available: Automatic. If any important events occur, Kaspersky Anti-Virus will automatically perform the action recommended by Kaspersky Lab's experts. Once a threat is detected, the application will attempt to disinfect the object; if it fails, the application will delete it. Suspicious objects will be skipped without processing.
GETTING STARTED Virus. Using a password can protect the application against unauthorized attempts to disable protection or modify the settings of Kaspersky Anti-Virus. To enable password protection, check the Confirm new password fields.
KASPERSKY ANTI-VIRUS 2010 SCANNING COMPUTER FOR VIRUSES Developers of malware make every effort to conceal the actions of their programs, and therefore you may not notice the presence of malware on your computer. Once Kaspersky Anti-Virus is installed on your computer, it automatically performs the Quick scan task on your computer. This task searches for and neutralizes harmful programs in objects loaded during operating system startup.
GETTING STARTED Information about the license currently in use is displayed in the License manager window: its type (commercial, commercial with subscription, commercial with protection subscription, trial), the maximum number of hosts, the expiration date, and the number of days remaining.
KASPERSKY ANTI-VIRUS 2010 If the subscription validity period has elapsed as well as the grace period during which license can be renewed (subscription status – Expired) Kaspersky Anti-Virus will notify you about it and will stop its attempts to renew license automatically. For license with subscription the functionality of the application will retain except for the databases update feature.
GETTING STARTED SECURITY MANAGEMENT The computer protection status indicates problems in computer protection (see section "Main window of Kaspersky AntiVirus" on page 38), which is displayed by changes in the color of the protection status icon, and of the panel on which the icon is located. Once problems appear in the protection system, you are advised to fix them immediately.
KASPERSKY ANTI-VIRUS 2010 The tab shows the list of current problems. The problems are sorted with regard to their criticality: first, the most critical ones (i.e., with red status icon), then less critical ones – with yellow status icon, and the last – information messages. A detailed description is provided for each problem and the following actions are available: Eliminate immediately. Using the corresponding buttons, you can switch to fix the problem, which is the recommended action.
GETTING STARTED PAUSING PROTECTION Pausing protection means temporarily disabling all protection components for a certain period of time. As a result of temporarily disabling protection, all protection components will be paused. This is indicated by: inactive (grey) application icon in the taskbar notification area; red color of the status icon and panel of the main application window.
APPLICATION INTERFACE Kaspersky Anti-Virus has a fairly simple and easy-to-use interface. This section will discuss its basic features in detail. Kaspersky Anti-Virus has plugins which are integrated into Microsoft Office Outlook, The Bat!, Microsoft Internet Explorer, Microsoft Windows Explorer. The plugins extend the functionality of these programs as they allow configuring the application's components from their interface. IN THIS SECTION: Notification area icon .........................................
APPLICATION INTERFACE CONTEXT MENU You can run basic protection tasks from the context menu, which contains these items: Update – start the application module and database updates and install updates on your computer. Full Scan – start a complete scan of your computer for malware objects. Objects residing on all drives, including removable storage media, will be scanned. Virus Scan – select objects and start a virus scan.
KASPERSKY ANTI-VIRUS 2010 MAIN WINDOW OF KASPERSKY ANTI-VIRUS The main application window can be divided into three parts: The top part of the window indicates your computer‟s current protection status. Figure 4: Current status of the computer protection There are three possible values of protection status: each of them is indicated with a certain color, similar to traffic lights.
APPLICATION INTERFACE The right part of the window contains information about the application function selected in the left part, allows to configure its settings, provides tools for executing virus scan tasks, retrieving updates etc. Figure 6: Right part of the main window You can also use the following buttons and links: Settings – to open the application settings window (see section "Application settings configuration" on page 91). Quarantine – to start working with quarantined objects.
KASPERSKY ANTI-VIRUS 2010 NOTIFICATIONS If events occur during the operation of Kaspersky Anti-Virus, special notifications will be displayed on the screen as popup messages above the application icon in the Microsoft Windows task bar. Depending on how critical the event is for computer security, you might receive the following types of notifications: Alarm. A critical event has occurred; for instance, a virus or dangerous activity has been detected on your system.
COMPUTER FILE SYSTEM PROTECTION File Anti-Virus prevents infection of the computer's file system. It loads when you start your operating system and runs in your computer's RAM, scanning all files that are opened, saved or executed. By default, File Anti-Virus scans only new or modified files. A collection of settings, called the security level, determines the conditions for file scan. If File Anti-Virus detects a threat, it will perform the assigned action.
KASPERSKY ANTI-VIRUS 2010 IN THIS SECTION: Component operation algorithm ...................................................................................................................................... 42 Changing security level of files and memory ................................................................................................................... 43 Changing actions to be performed on detected objects.....................................................................................
COMPUTER FILE SYSTEM PROTECTION The application will notify you when an infected or a possibly infected file is detected. If an infected or potentially infected object is detected, a notification with a request for further actions will be displayed onscreen. You will be offered the following: quarantine the object, allowing the new threat to be scanned and processed later using updated databases; delete the object; skip the object if you are absolutely sure that it is not malicious.
KASPERSKY ANTI-VIRUS 2010 Before attempting to disinfect or delete an infected object, Kaspersky Anti-Virus creates a backup copy of it to allow later restoration or disinfection. If you are working in automatic mode (see section "Step 2. Selecting protection mode" on page 28), Kaspersky Anti-Virus will automatically apply the action recommended by Kaspersky Lab's specialists when dangerous objects are detected. For malicious objects this action is Disinfect.
COMPUTER FILE SYSTEM PROTECTION 3. Click the Settings button for the component you have selected. 4. In the window that will open, on the General tab, in the File types section select required settings. USING HEURISTIC ANALYSIS Objects are scanned using databases which contain descriptions of all known malware and the corresponding disinfection methods.
KASPERSKY ANTI-VIRUS 2010 By default, Kaspersky Anti-Virus scans only embedded OLE objects. To modify the list of scanned compound files: 1. Open the main application window and click the Settings link in the top part of the window. 2. In the window that will open, in the Protection section select the File Anti-Virus component. 3. Click the Settings button for the component you have selected. 4.
COMPUTER FILE SYSTEM PROTECTION To change the object scan mode: 1. Open the main application window and click the Settings link in the top part of the window. 2. In the window that will open, in the Protection section select the File Anti-Virus component. 3. Click the Settings button for the component you have selected. 4. In the window that will open, on the Additional tab, in the Scan mode section, select the required mode.
KASPERSKY ANTI-VIRUS 2010 PAUSING THE COMPONENT: CREATING A SCHEDULE When certain programs which require considerable computer resources are in progress, you can temporarily pause the operation of the File Anti-Virus component, which allows quicker access to objects. To decrease the load and ensure quick access to objects, you can set a schedule for disabling the component. Figure 7: Creating a schedule To configure a schedule for pausing the component: 1.
COMPUTER FILE SYSTEM PROTECTION PAUSING THE COMPONENT: CREATING AN APPLICATIONS LIST When certain programs which require considerable computer resources are in progress, you can temporarily pause the operation of the File Anti-Virus component, which allows quicker access to objects. To decrease the load and ensure quick access to objects, you can configure the settings for disabling the component when working with certain applications.
KASPERSKY ANTI-VIRUS 2010 RESTORING DEFAULT PROTECTION SETTINGS When configuring File Anti-Virus, you are always able to restore its recommended settings. They are considered optimal, recommended by Kaspersky Lab, and grouped in the Recommended security level. To restore default protection settings, please do the following: 1. Open the main application window and click the Settings link in the top part of the window. 2.
MAIL PROTECTION Mail Anti-Virus scans incoming and outgoing messages for the presence of malicious objects. It is launched when the operating system loads, is located in computer RAM and scans all email messages received via the POP3, SMTP, IMAP, MAPI and NNTP protocols. A collection of settings called the security level, determines the way of scanning the email.
KASPERSKY ANTI-VIRUS 2010 COMPONENT OPERATION ALGORITHM Kaspersky Anti-Virus includes the component, which ensures scanning the email for dangerous objects named Mail AntiVirus. It loads when the operating system launches and runs continually, scanning all email on the POP3, SMTP, IMAP, MAPI and NNTP protocols, as well as on secure connections (SSL) for POP3 and IMAP.
MAIL PROTECTION CHANGING EMAIL PROTECTION SECURITY LEVEL The security level is defined as a preset configuration of File Anti-Virus settings. Kaspersky Lab specialists distinguish three security levels. The decision of which level to select should be made by the user based on the operational conditions and the current situation. You may select one of the following security levels: High. If you work in a non-secure environment, the maximum security level will suit you the best.
KASPERSKY ANTI-VIRUS 2010 To change the specified action to be performed on detected objects: 1. Open the main application window and click the Settings link in the top part of the window. 2. In the window that will open, in the Protection section select the Mail Anti-Virus component. 3. Specify the required action for the component you have selected. CREATING A PROTECTION SCOPE Protection scope is understood as the type of messages to be scanned.
MAIL PROTECTION EMAIL SCANNING IN THE BAT! Actions on infected email objects in The Bat! are defined using the application's own tools. Mail Anti-Virus settings determining if incoming and outgoing messages should be scanned, which actions should be performed on dangerous objects in email, and which exclusions should apply, are ignored. The only thing that The Bat! takes into account is scanning of attached archives.
KASPERSKY ANTI-VIRUS 2010 To enable/disable the heuristic analysis, and to set the detail level for the scan, please do the following: 1. Open the main application window and click the Settings link in the top part of the window. 2. In the window that will open, in the Protection section select the Mail Anti-Virus component. 3. Click the Settings button for the component you have selected. 4.
MAIL PROTECTION RESTORING DEFAULT MAIL PROTECTION SETTINGS When configuring Mail Anti-Virus, you are always able to restore its recommended settings. They are considered optimal, recommended by Kaspersky Lab, and grouped in the Recommended security level. To restore default mail protection settings, please do the following: 1. Open the main application window and in the top part click the Settings link. 2. In the window that will open, in the Protection section select the Mail Anti-Virus component. 3.
WEB TRAFFIC PROTECTION Whenever you use the Internet, you subject information stored on your computer to the risk of infection by dangerous programs. These can infiltrate your computer while you are downloading free software, or browsing knowingly safe sites, which have recently suffered network attacks. Moreover, network worms can penetrate your computer before you open a webpage or download a file just because your computer is connected to the Internet.
WEB TRAFFIC PROTECTION IN THIS SECTION: Component operation algorithm ...................................................................................................................................... 59 Changing HTTP traffic security level ............................................................................................................................... 60 Changing actions to be performed on detected objects..................................................................................
KASPERSKY ANTI-VIRUS 2010 CHANGING HTTP TRAFFIC SECURITY LEVEL The security level is defined as a preset configuration of File Anti-Virus settings. Kaspersky Lab specialists distinguish three security levels. The decision of which level to select should be made by the user based on the operational conditions and the current situation. You will be offered to select one of the following options for security level: High.
WEB TRAFFIC PROTECTION To create the list of trusted web addresses, please do the following: 1. Open the main application window and click the Settings link in the top part of the window. 2. In the window that will open, in the Protection section select the Web Anti-Virus component. 3. Click the Settings button for the component you have selected. 4.
KASPERSKY ANTI-VIRUS 2010 3. Click the Settings button for the component you have selected. 4. In the Web Anti-Virus window that will open, in the Scan methods block, make sure that the Check if URLs are listed in the base of suspicious web addresses box and / or Check if URLs are listed in the base of phishing web addresses are checked. KASPERSKY URL ADVISOR Kaspersky Anti-Virus includes the URL scanning module managed by Web Anti-Virus.
WEB TRAFFIC PROTECTION USING HEURISTIC ANALYSIS Essentially, the heuristic method analyzes the object's activities in the system. If those actions are typical of malicious objects, the object is likely to be classed as malicious or suspicious. This allows new threats to be detected even before they have been researched by virus analysts. By default, heuristic analysis is enabled. Kaspersky Anti-Virus will notify you when a malicious object is detected in a message.
KASPERSKY ANTI-VIRUS 2010 RESTORING DEFAULT WEB PROTECTION SETTINGS When configuring Web Anti-Virus, you are always able to restore its recommended settings. They are considered optimal, recommended by Kaspersky Lab, and grouped in the Recommended security level. To restore default Web Anti-Virus settings, please do the following: 1. Open the main application window and click the Settings link in the top part of the window. 2.
PROTECTING INSTANT MESSENGERS TRAFFIC Besides the additional features for comfortable Internet surfing, instant messaging clients (further referred to as IM clients), which have widely spread nowadays, have caused potential threats to computer security. Messages that contain URLs to suspicious websites and those used by intruders for phishing attacks may be transferred using IM clients.
KASPERSKY ANTI-VIRUS 2010 COMPONENT OPERATION ALGORITHM Kaspersky Anti-Virus includes a component that ensures the scan of messages transferred via IM (instant messaging) clients for dangerous objects, named IM Anti-Virus. It loads at the startup of operating system and runs in your computer's RAM, scanning all incoming and outgoing messages. By default, protection of IM clients' traffic is carried out using the algorithm described below: 1.
PROTECTING INSTANT MESSENGERS TRAFFIC To scan links in the messages using the database of suspicious web addresses, please do the following: 1. Open the main application window and click the Settings link in the top part of the window. 2. In the window that will open, in the Protection section select the IM Anti-Virus component. 3. In the Scan methods section, check the Check if URLs are listed in the base of suspicious web addresses box for the component selected.
PROACTIVE DEFENSE Kaspersky Anti-Virus protects you both from known threats and from new ones about which there is no information in the application databases. This feature is ensured by a specially developed component named Proactive Defense. The preventative technologies provided by Proactive Defense neutralize new threats before they harm your computer.
PROACTIVE DEFENSE rootkits redirecting data input / output; attempts of sending DNS requests. The list of dangerous activities is added to automatically when Kaspersky Anti-Virus is updated, and it cannot be edited. However you can turn off monitoring for one dangerous activity or another. To turn off monitoring for one dangerous activity or another: 1. Open the main application window and click the Settings link in the top part of the window. 2.
KASPERSKY ANTI-VIRUS 2010 CREATING A GROUP OF TRUSTED APPLICATIONS You can use the option of specifying the range of trusted applications, activities of which will not be scanned by Proactive Defense. Trusted applications may include those with a digital signature or those listed in Kaspersky Security Network's database.
COMPUTER SCAN Scanning the computer for viruses and vulnerabilities is one of the most important tasks in ensuring the computer's security. The virus scan detects the spreading of malicious code, which has not been detected by the malware protection for some reasons. Vulnerability scan detects software vulnerabilities that can be used by intruders to spread malicious objects and obtain access to personal information.
KASPERSKY ANTI-VIRUS 2010 In addition, you can select an object to be scanned for viruses with the standard tools of the Microsoft Windows operating system, for example, in the Explorer program window or on your Desktop, etc. Place the cursor on the desired object's name, right-click to open the Microsoft Windows context menu, and select the Scan for viruses option.
COMPUTER SCAN STARTING THE VIRUS SCAN TASK A virus scan task can be started in one of the following ways: from the context menu of Kaspersky Anti-Virus (see section "Context menu" on page 37); from the main window (see section "Main window of Kaspersky Anti-Virus" on page 38) of Kaspersky Anti-Virus; using an existing shortcut (see page 74). Task execution information will be displayed in the main window of Kaspersky Anti-Virus.
KASPERSKY ANTI-VIRUS 2010 To start a virus scan task for a selected object from the Microsoft Windows context menu: 1. Right-click the name of the selected object. 2. Select the item Scan for viruses in the context menu that will open. The progress and the results of the task execution will be displayed in the window that will open. CREATING A SHORTCUT FOR TASK EXECUTION The application provides the option of creating shortcuts for a quick start of full scan tasks and quick scan tasks.
COMPUTER SCAN To create the list of objects for quick scan or full scan tasks, please do the following: 1. Open the main application window and click the Settings link in the top part of the window. 2. In the left part of the window, select the Full Scan (Quick Scan) task. 3. In the Scan scope block, click the Settings button for the task selected. 4. In the : list of objects window that will open, create the list using the Add, Edit, Delete links.
KASPERSKY ANTI-VIRUS 2010 If you are working in automatic mode (see section "Step 2. Selecting protection mode" on page 28), Kaspersky Anti-Virus will automatically apply the action recommended by Kaspersky Lab's specialists when dangerous objects are detected. For malicious objects this action is Disinfect. Delete if disinfection fails, for suspicious objects – Skip. To change the specified action to be performed on detected objects: 1.
COMPUTER SCAN To scan only new and changed files: 1. Open the main application window and in the top part click the Settings link. 2. In the left part of the window, select the required task in the Scan My Computer (Full Scan, Quick Scan, Object Scan) section. 3. In the Security level block, click the Settings button for the task selected. 4. In the window that will open, on the Scope tab, in the Scan optimization block, check the and changed files box.
KASPERSKY ANTI-VIRUS 2010 SCAN OF COMPOUND FILES A common method of concealing viruses is to embed them into compound files: archives, databases, etc. To detect viruses that are hidden this way a compound file should be unpacked, which can significantly lower the scan speed. For each type of compound file, you can select to scan either all files or only new ones. To do so, use the link next to the name of the object. It changes its value when you left-click on it.
COMPUTER SCAN SCAN TECHNOLOGY Additionally you can specify the technology which will be used during the scan. You can select one of the following technologies: iChecker. This technology can increase scan speed by excluding certain objects from the scan. An object is excluded from the scan using a special algorithm that takes into account the release date of the application database, the date the object was last scanned and any modifications to the scan settings.
KASPERSKY ANTI-VIRUS 2010 3. In the Run Mode block, click the Settings button for the task selected. 4. In the window that will open, on the Additional tab, in the Scan methods section, select the required values for the settings. RUN MODE: CREATING A SCHEDULE You can create a schedule to start virus scan tasks automatically. The main thing to choose is the time interval between task startups. To change the frequency, specify the schedule settings for the selected option.
COMPUTER SCAN FEATURES OF SCHEDULED TASK LAUNCH All scan tasks can be started manually, or by a schedule. Scheduled tasks feature an additional functionality, for example, you can pause scheduled scan if the screensaver is inactive, or the computer is unlocked. This functionality postpones the task launch until the user has finished working on the computer. So, the scan task will not take up system resources during the work.
KASPERSKY ANTI-VIRUS 2010 The outcome of the search for potential vulnerabilities in the operating system and in installed user applications is represented by direct links to critical fixes (application updates). After the vulnerability scan task starts (see page 82), its progress is displayed in the main application window and in the Vulnerability Scan window, in the Finish field.
COMPUTER SCAN CREATING A SHORTCUT FOR TASK EXECUTION The application provides the option of creating a shortcut for a quick start of vulnerability scan task. This allows starting the task without opening the main application window. To create a shortcut for starting the vulnerability scan task: 1. Open the main application window and click the Settings link in the top part of the window. 2. In the left part of the window, select the Scan My Computer section. 3.
KASPERSKY ANTI-VIRUS 2010 To edit a schedule for scan tasks: 1. Open the main application window and click the Settings link in the top part of the window. 2. In the left part of the window, select the Vulnerability Scan task in the Scan My Computer section. 3. In the Run Mode block, click the Settings button for the task selected. 4. In the window that will open, on the Run mode tab, in the Schedule section, select the Manually option if you wish to start a scan task at the most suitable time.
UPDATE Keeping the application updated is a prerequisite for reliably protecting your computer. New viruses, Trojans, and malicious software emerge daily, so it is important to update the application regularly to keep your personal data constantly protected. Information about threats and methods of their neutralization is stored in the databases of Kaspersky Anti-Virus, therefore their timely updating is an essential part in the maintenance of reliable protection.
KASPERSKY ANTI-VIRUS 2010 You can view the update report, which contains full information about events that have occurred during the update task execution (the Report link in the upper part of the window). You can also see the virus activity overview at www.kaspersky.com by clicking the Virus activity review link. IN THIS SECTION: Starting update ................................................................................................................................................................
UPDATE ROLLING BACK THE LAST UPDATE At the start of the update process Kaspersky Anti-Virus creates a backup copy of the current databases and application modules. This allows the application to continue working, using the previous databases, if the update fails. The rollback option is useful if, for example, part of the databases has been corrupted.
KASPERSKY ANTI-VIRUS 2010 USING THE PROXY SERVER If you are using a proxy server to connect to the Internet, you should edit its settings. To configure the proxy server, please do the following: 1. Open the main application window and click the Settings link in the top part of the window. 2. Select the My Update Center section in the left part of the window. 3. Click the Settings button in the Update source section. 4. In the window that will open, on the Source tab, click the Proxy server button.
UPDATE UPDATING FROM A LOCAL FOLDER The procedure of retrieving updates from a local folder is arranged as follows: 1. One of the computers on the network retrieves the Kaspersky Anti-Virus update package from Kaspersky Lab's updates servers, or from a mirror server hosting a current set of updates. The updates retrieved are placed in a shared folder. 2. Other computers on the network access the shared folder to retrieve Kaspersky Anti-Virus updates. To enable updates distribution mode: 1.
KASPERSKY ANTI-VIRUS 2010 3. Click the Settings button in the Run mode section. 4. In the window that will open, on the Run mode tab, select the update task startup mode in the Schedule section. If the By schedule option is selected, create the schedule. If an update was skipped for any reason (for example, the computer was not on at that time), you can configure the task to start automatically as soon as it becomes possible. To do so, check the Run skipped tasks box in the bottom part of the window.
APPLICATION SETTINGS CONFIGURATION The application settings window is used for quick access to the main Kaspersky Anti-Virus settings. Figure 11: Application settings window The application settings window consists of two parts: the left part of the window provides access to Kaspersky Anti-Virus components, virus scan tasks, update tasks, etc.; the right part of the window contains a list of settings for the component, task, etc., selected in the left part of the window.
KASPERSKY ANTI-VIRUS 2010 From the context menu (see section "Context menu" on page 37). To do so, select the Settings item from the application context menu. Figure 12: Context menu IN THIS SECTION: Protection ........................................................................................................................................................................ 92 File Anti-Virus ..............................................................................................................
APPLICATION SETTINGS CONFIGURATION ENABLING / DISABLING COMPUTER PROTECTION By default, Kaspersky Anti-Virus is launched when the operating system loads, and protects your computer until it is switched off. All protection components are running. You can completely or partially disable the protection provided by Kaspersky Anti-Virus. The Kaspersky Lab specialists strongly recommend that you do not disable protection, since this could lead to an infection of your computer and data loss.
KASPERSKY ANTI-VIRUS 2010 USING INTERACTIVE PROTECTION MODE Kaspersky Anti-Virus uses two modes to interact with the user: Interactive protection mode. Kaspersky Anti-Virus notifies the user about all hazardous and suspicious events occurring in the system. In this mode the user independently decides whether to allow or block actions. Automatic protection mode. Kaspersky Anti-Virus will automatically apply actions recommended by Kaspersky Lab in response to dangerous events.
APPLICATION SETTINGS CONFIGURATION create a protection scope (see page 44); optimize the scan (see page 45); configure the scan of compound files (see page 45); change the scan mode (see page 46); use the heuristic analysis (see page 45); pause the component (see page 48); select a scan technology (see page 47); restore the default protection settings (see page 49) if they have been edited. To disable File Anti-Virus, please do the following: 1.
KASPERSKY ANTI-VIRUS 2010 To proceed to the Mail Anti-Virus settings, please do the following: 1. Open the main application window and in the top part click the Settings link. 2. In the window that will open, in the Protection section, select the Mail Anti-Virus component. 3. In the right part of the window, select the component settings for security level and reaction to the threat. Click the Settings button in order to switch to the other Mail Anti-Virus settings.
APPLICATION SETTINGS CONFIGURATION change the scan method (see page 66); use the heuristic analysis (see page 67). To disable IM Anti-Virus, please do the following: 1. Open the main application window and click the Settings link in the top part of the window. 2. In the window that will open, in the Protection section, select the IM Anti-Virus component. 3. Uncheck the Enable IM Anti-Virus box in the right part of the window. To proceed to the IM Anti-Virus settings, please do the following: 1.
KASPERSKY ANTI-VIRUS 2010 SCAN Selection of the method to be used to scan objects on your computer is determined by the set of properties assigned for each task. Kaspersky Lab distinguishes virus scan tasks and vulnerability scan tasks. Virus scan tasks include the following: Object Scan. Scan of objects selected by the user. You can scan any object in the computer's file system. Full Scan. A thorough scan of the entire system.
APPLICATION SETTINGS CONFIGURATION UPDATE The update of Kaspersky Anti-Virus is performed according to the set of parameters.
KASPERSKY ANTI-VIRUS 2010 To enable the Kaspersky Anti-Virus's self-defense mechanisms, please do the following: 1. Open the main application window and in the top part click the Settings link. 2. In the window that will open, select the Options section. 3. In the Self-defense section, check the Enable self-defense box to deploy the Kaspersky Anti-Virus's protective mechanisms against changes or deletion of its own files from the hard drive, RAM processes and system registry records.
APPLICATION SETTINGS CONFIGURATION However, there is a number of applications which will start immediately when CPU resources become available, and will run in the background. For the scan not to depend on the performance of those applications, system resources should not be conceded to them. Note that this setting can be configured individually for every scan task. In this case, the configuration for a specific task has a higher priority.
KASPERSKY ANTI-VIRUS 2010 After you are finished with the Configuration Wizard, the Recommended security level will be set for all components, except for the settings that you have decided to keep customized when restoring. In addition, the settings that you have specified when working with the Wizard will also be applied. To restore protection settings, please do the following: 1. Open the main application window and in the top part click the Settings link. 2.
APPLICATION SETTINGS CONFIGURATION SELECTING DETECTABLE THREAT CATEGORIES Kaspersky Anti-Virus protects you against various types of malicious programs. Regardless of the settings selected, the application will always scan and disinfect viruses, Trojans and hacker utilities. These programs can do significant harm to your computer. To provide more security to your computer, you can enlarge the list of threats to be detected, by enabling the control of various potentially dangerous programs.
KASPERSKY ANTI-VIRUS 2010 EXCLUSION RULES Potentially dangerous software does not have any malicious functions but can be used as an auxiliary component for a malicious code, since it contains holes and errors. This category includes, for example, remote administration programs, IRC clients, FTP servers, various utilities for halting or concealing processes, keyloggers, password crackers, autodialers, etc. These programs are not classified as viruses (not-a-virus).
APPLICATION SETTINGS CONFIGURATION ALLOWED FILE EXCLUSION MASKS Let's look at some examples of permitted masks that you can use when create file exclusion lists. They are as follows: 1. Masks without file paths: *.exe – all files with the exe extension; *.ex? – all files with the ex? extension, where ? can represent any single character; test – all files with the name test. 2. Masks with absolute file paths: C:\dir\*.* or C:\dir\* or C:\dir\ – all files in the C:\dir\ folder; C:\dir\*.
KASPERSKY ANTI-VIRUS 2010 NETWORK In the Network section of the application settings window, you can select the ports monitored by Kaspersky Anti-Virus, and configure the encrypted connections scan: create a list of monitored ports; enable / disable the encrypted connections scan mode (using the SSL protocol) (see page 107); edit the proxy server settings (see page 109). SEE ALSO: Creating a list of monitored ports ...........................................................................................
APPLICATION SETTINGS CONFIGURATION To create the list of applications for which you wish to monitor all the ports, please do the following: 1. Open the main application window and click the Settings link in the top part of the window. 2. In the window that will open, select the Network section. 3. In the Monitored ports section click the Select button. 4. In the Network ports window that will open, check the click the Add link in the section below. 5.
KASPERSKY ANTI-VIRUS 2010 3. In the Certificates section, select the Security tab and click the Viewing certificates button. 4. In the window that will open, select the Certification Centers tab and click the Restore button. 5. In the window that will open, select the Kaspersky Lab's certificate file. The path to the Kaspersky Lab's certificate file is as follows: %AllUsersProfile%\Application Data\Kaspersky Lab\AVP8\Data\Cert\(fake)Kaspersky AntiVirus personal root certificate.cer. 6.
APPLICATION SETTINGS CONFIGURATION To install the Kaspersky Lab's certificate for Opera version 9.x, please do the following: 1. Select the Tools Settings item in the browser menu. 2. In the window that will open, select the Additional section. 3. In the left part of the window, select the Security tab and click the Manage Certificates button. 4. In the window that will open, select the Certification Centers tab and click the Import button. 5.
KASPERSKY ANTI-VIRUS 2010 To disable notification delivery, please do the following: 1. Open the main application window and click the Settings link in the top part of the window. 2. In the window that will open, select the Notifications section. 3. Uncheck the Enable events notifications box. Even if the notification delivery is disabled, information about events occurring in Kaspersky Anti-Virus's operation will be recorded in the report on the application's operation.
APPLICATION SETTINGS CONFIGURATION REPORTS AND STORAGES The section contains the settings that control the operation with Kaspersky Anti-Virus data files. Application data files are objects that have been quarantined by Kaspersky Anti-Virus, or moved to the backup, and files with reports about application components' operation. In this section, you can: edit the settings for creating (see page 111) and storing reports (see page 112); edit the settings for quarantine and backup (see page 113).
KASPERSKY ANTI-VIRUS 2010 STORING REPORTS You can determine the maximum storage time for event reports (the Store reports no longer than box). By default, it is equal to 30 days: after it expires, objects will be deleted. You can change the maximum storage time, or even discard any limits imposed on it. Besides, you can specify the maximum size of report file (the Maximum file size box). By default, the maximum size is 1024 MB.
APPLICATION SETTINGS CONFIGURATION Backup copy is a copy of the original dangerous object that is created when first disinfecting or deleting the object, and it is saved in backup. Backup is a special repository that contains backup copies of dangerous objects after processing or deletion. The main function of a backup storage is the ability to restore the original object at any time. Files in backup are saved in a special format and are not dangerous.
KASPERSKY ANTI-VIRUS 2010 FEEDBACK A great number of new threats appear worldwide on a daily basis. To facilitate gathering statistics about new threat types and sources, and about elimination methods, Kaspersky Lab invites you to use the Kaspersky Security Network service. Using Kaspersky Security Network suggests sending certain information to Kaspersky Lab. The following data will be sent: Unique identifier assigned to your computer by the Kaspersky Lab's application.
APPLICATION SETTINGS CONFIGURATION Enable news notifications. By default, when some news are received, the system tray will display a special icon which, when clicked, displays a window containing the piece of news. Show "Protected by Kaspersky Lab" on Microsoft Windows logon screen. By default, this indicator appears in the top right corner of the screen when Kaspersky Anti-Virus starts. It informs you that your computer is protected from any type of threats.
KASPERSKY ANTI-VIRUS 2010 To enable the gaming profile, please do the following: 1. Open the main application window and click the Settings link in the top part of the window. 2. In the window that will open, select the Gaming profile section. 3. Check the Enable Gaming profile box and specify the required settings.
ADDITIONAL FEATURES Ensuring computer's security is a difficult task that requires the expertise in operating system's features and in ways of exploiting its weak points. Besides, the volume and diversity of information about system security makes its analysis and processing difficult.
KASPERSKY ANTI-VIRUS 2010 To start using the virtual keyboard: 1. Open the main application window. 2. Select the Security+ section in the left part of the window and click the Virtual keyboard button. 3. Enter the required data by pressing the buttons on the virtual keyboard. Make sure that data is entered in the correct field.
ADDITIONAL FEATURES CREATING THE RESCUE DISK Rescue disk creation means the creation of a disk image (ISO file) with up-to-date anti-virus databases and configuration files. The source disk image serving as base for new file creation can be downloaded from Kaspersky Lab server or copied from a local source.
KASPERSKY ANTI-VIRUS 2010 6. Trying to configure network connections based on data found in system files of the computer being loaded. 7. Loading graphical subsystem and starting Kaspersky Rescue Disk. In system rescue mode only virus scan tasks and database updates from a local source are available, as well as update rollback and viewing of statistics. To load the operating system of an infected computer, please do the following: 1.
ADDITIONAL FEATURES This wizard consists of a series of screens (steps) navigated using the Back and the Next buttons; to close the wizard once it has completed its work, use the Finish button. To stop the wizard at any stage, use the Cancel button. To start the wizard: 1. Open the main application window. 2. Select the Security+ section in the left part of the window and click the Tune Up your Browser Settings button.
KASPERSKY ANTI-VIRUS 2010 Information about a user's activity in the system is being stored constantly. The launch of any file, or the opening of any document will be logged. The Microsoft Windows system log registers many events occurring in the system. For this reason, repeated running of the Privacy Cleaner Wizard may detect activity traces which were not cleaned up by the previous run of the wizard.
REPORTS The operation of each application component and the performance of each virus scan and update is recorded in a report.
KASPERSKY ANTI-VIRUS 2010 SELECTING A COMPONENT OR A TASK TO CREATE A REPORT You can obtain information about events which occurred during the operation of each of the application's components, or during the execution of tasks (for example, File Anti-Virus, update etc.). In order to create a report on a certain component or a task: 1. Open the main application window and click the Report link in the top part of the window. 2.
REPORTS REPORT READINESS NOTIFICATION You can create a schedule, according to which Kaspersky Anti-Virus will remind you about report readiness. In order to create a notification schedule: 1. Open the main application window and in the top part click the Report link. 2. In the window that will open, on the Report tab, check the the preset time value. 3. Create the schedule on the Report schedule window that will open. Notify about the report box.
KASPERSKY ANTI-VIRUS 2010 DISPLAYING DATA ON THE SCREEN Events included in the report will be displayed as a table. You can create a dataset to filter the information, by specifying a restricting condition. To do this, click the area to the left of the heading of the table column for which you wish to impose a restriction. The dropdown list will display possible values of the restricting conditions, for example, Yesterday – for column Time, Email message – for column Object etc.
REPORTS To specify a limitation: 1. Open the main application window and click the Report link in the top part of the window. 2. In the window that will open, on the Report tab, click the Detailed report button. 3. In the window that will open, click the area to the left of the heading of the table column for which you wish to impose a restriction. Select a required restriction from the dropdown list.
KASPERSKY ANTI-VIRUS 2010 USING COMPLEX FILTERING The Custom filter window (see the figure below) is used to specify complex data filtering conditions. You can use this window to specify data search criteria for any table column. Let us examine the procedure for work with the window using the Time column as an example. A data query using a complex filter is based on the logical conjunction (Logical AND) function and disjunction (Logical OR) function which can be used to control the query.
REPORTS The Column field is used to select the column of the table on which the keyword search will be performed. This selection allows you to save time required to perform a search (unless, of course, you have not selected the All value). Figure 18: Events search To make the search case-sensitive, check the the search to finding whole words only. Match case box. The Match whole word only checkbox will restrict To use events search: 1.
NOTIFICATIONS When Kaspersky Anti-Virus runtime events occur, special notification messages are displayed. Depending on how critical the event is for computer security, you might receive the following types of notifications: Alarm. A critical event has occurred, for instance, a malicious object or dangerous activity has been detected on your system. You should immediately decide how to deal with this threat. The notification window of this type is of the red color. Warning.
NOTIFICATIONS IN THIS SECTION: Malicious object detected .............................................................................................................................................. 131 Object cannot be disinfected ......................................................................................................................................... 132 Special treatment required .............................................................................................................
KASPERSKY ANTI-VIRUS 2010 OBJECT CANNOT BE DISINFECTED There are some cases when it is impossible to disinfect a malicious object. This could happen if a file is so damaged that it is impossible to delete malicious code from it and restore integrity. The treatment procedure cannot be applied to several types of dangerous objects, such as Trojans.
NOTIFICATIONS To apply the selected action to all objects of the same status detected in the current session of protection component or a task operation, check the Apply to all box. The current session is the time from when the component is started until it is disabled or the application is restarted or the time from beginning a virus scan until it is complete.
KASPERSKY ANTI-VIRUS 2010 Possible responses: Quarantine – shuts down the process and places the executable file to the quarantine. When you place an object in Quarantine, it is moved, not copied. Files in Quarantine are saved in a special format and are not dangerous. When you scan Quarantine later with updated threat signatures, the status of the object could change. For example, the object may be identified as infected and can be processed using an updated database.
NOTIFICATIONS ATTEMPT TO ACCESS THE SYSTEM REGISTRY DETECTED When Proactive Defense detects an attempt to access system registry keys, a special notification pops up containing: The registry key being accessed. Full name of the file of the process that initiated the attempt to access the registry keys and a path to it. Possible responses: Allow – allows to execute the dangerous action once; Block – blocks the dangerous action once.
KASPERSKY ANTI-VIRUS 2010 SUSPICIOUS LINK DETECTED Every time Kaspersky Anti-Virus detects an attempt to open the website, which address is contained in the list of suspicious web addresses, a special notification will pop up. The notification will contain: The website address. Possible responses: Allow – continues the website download. Block – blocks the website download.
VALIDATING KASPERSKY ANTI-VIRUS SETTINGS After Kaspersky Anti-Virus has been installed and configured, you can verify whether the application is configured correctly, using a test "virus" and its modifications. A separate test is required for each protection component / protocol. IN THIS SECTION: Test "virus" EICAR and its modifications ....................................................................................................................... 137 Testing the HTTP traffic protection ............
KASPERSKY ANTI-VIRUS 2010 Table 1. Modifications of the test "virus" Prefix Object status Object processing information No prefix, standard test "virus". Infected. Object contains code of a known virus. You cannot disinfect the object. The application identifies the object as a non-disinfectable virus. CORR– Corrupted. The application could access the object but could not scan it because it is corrupted (for example, the file structure is corrupted, or the file format is invalid).
VALIDATING KASPERSKY ANTI-VIRUS SETTINGS TESTING THE SMTP TRAFFIC PROTECTION In order to detect viruses in data streams transferred using SMTP protocol, you must use an email system that uses this protocol to transfer data. We recommend that you test how the Anti-Virus handles outgoing email messages, including both the body of the message and attachments.
KASPERSKY ANTI-VIRUS 2010 VALIDATING VIRUS SCAN TASK SETTINGS In order to verify that the virus scan task is correctly configured: 1. Create a folder on the disk. Copy into this folder the test "virus" downloaded from the official EICAR website (http://www.eicar.org/anti_virus_test_file.htm), as well as all the test "virus" modifications you have created. 2. Create a new virus scan task and select the folder, containing the set of test "viruses", as the object to scan. 3.
WORKING WITH THE APPLICATION FROM THE COMMAND LINE You can work with Kaspersky Anti-Virus from the command line. Capability is provided to perform the following operations: start and stop application components; start and stop virus scan tasks; obtain information on the current status of components and tasks as well as their statistics; scan selected objects; update databases and application modules; call up help on command prompt syntax; call up help on command syntax. Command prompt syntax: avp.
KASPERSKY ANTI-VIRUS 2010 IMPORT Imports application protection settings. The command can only be executed if the password assigned via the Kaspersky Anti-Virus interface is entered EXPORT Exports application protection settings Each command requires its own specific set of parameters. IN THIS SECTION: Activating the application ...............................................................................................................................................
WORKING WITH THE APPLICATION FROM THE COMMAND LINE Example: avp.com ACTIVATE 11AA1-11AAA-1AA11-1A111 avp.com ADDKEY 1AA111A1.key /password= MANAGING APPLICATION COMPONENTS AND TASKS Command syntax: avp.com [/R[A]:] avp.
KASPERSKY ANTI-VIRUS 2010 EM Mail Anti-Virus WM Web Anti-Virus Values for Web Anti-Virus subcomponents: httpscan (HTTP) – scan HTTP traffic; sc – scan scripts.
WORKING WITH THE APPLICATION FROM THE COMMAND LINE Settings description:
KASPERSKY ANTI-VIRUS 2010 /i9 Prompt the user for action at the end of the scan. – this parameter defines the file types that will be subject to an anti-virus scan. By default, if this parameter is not defined, only infected files by contents will be scanned. /fe Scan only infected files by extension. /fi Scan only infected files by contents. /fa Scan all files. – this parameter defines objects that are excluded from the scan.
WORKING WITH THE APPLICATION FROM THE COMMAND LINE Pause scan of selected objects and start a full computer scan, after which continue the paused scan: avp.com PAUSE Scan_Objects /password= avp.com START Scan_My_Computer avp.com RESUME Scan_Objects Scan the objects listed in the file object2scan.txt, using the configuration file scan_setting.txt for the job. Use the scan_setting.txt configuration file. When the scan is complete, create a report to log all events: avp.
KASPERSKY ANTI-VIRUS 2010 ROLLING BACK THE LAST UPDATE Command syntax: ROLLBACK [/R[A]:] [/password=] Settings description: /R[A]: /R: – log only important events in the report. /RA: – log all events in the report. You can use an absolute or relative path to the file. If the parameter is not defined, scan results are displayed on screen, and all events are shown.
WORKING WITH THE APPLICATION FROM THE COMMAND LINE Note that this command will not be accepted without a password. Example: avp.com IMPORT c:\settings.dat /password= STARTING THE APPLICATION Command syntax: avp.com STOPPING THE APPLICATION Command syntax: EXIT /password= Application password specified in the interface Note that this command will not be accepted without a password.
KASPERSKY ANTI-VIRUS 2010 To create a trace file to send to Technical Support with a maximum trace level of 500: avp.com TRACE file on 500 VIEWING HELP Use this command to view the application command line syntax: avp.com [ /? | HELP ] To get help on the syntax of a specific command, you can use one of the following commands: avp.com /? avp.com HELP RETURN CODES OF THE COMMAND LINE This section contains a list of return codes from the command line.
ELIMINATING PROBLEMS If problems occur during Kaspersky Anti-Virus operation, first of all check if a method for solving them is described in the Help system or in the Kaspersky Lab's Knowledge Base at http://support.kaspersky.com. The Knowledge Base is a separate section of the Technical Support web site, and comprises recommendations for Kaspersky Lab products as well as answers to frequently asked questions. Try to find an answer to your question or a solution to your problem with this resource.
KASPERSKY ANTI-VIRUS 2010 3. In the Support window that will open, click the Support tools link. 4. In the Information for Technical Support Service window that will open, click the Create system state report button. The system state report is created in HTML and XML formats and is saved in sysinfo.zip archive. Once the information gathering process is complete, you can view the report. To view the report: 1. Open the main application window. 2.
ELIMINATING PROBLEMS In order to upload the data files to the Support service server: 1. Open the main application window. 2. In the bottom part of the window, click the Support link. 3. In the Support window that will open, click the Support tools link. 4. In the Information for Technical Support Service window that will open, in the Actions section, click the Upload information for Technical Support Service to the server button. 5.
KASPERSKY ANTI-VIRUS 2010 To start the wizard: 1. Open the main application window. 2. In the bottom part of the window, click the Support link. 3. In the Support window that will open, click the Support tools link in the bottom part of the window. 4. In the Information for Technical Support Service window that will open, click the Execute AVZ script button. If the script successfully executes, the wizard will close.
KASPERSKY SECURITY NETWORK DATA COLLECTION STATEMENT A. INTRODUCTION Please read this document carefully. It contains important information that you should know before continuing to use our services or software. By continuing to use Kaspersky Lab software and services you will be deemed to have accepted this Kaspersky Lab‟ Data Collection Statement. We reserve the right to modify this Data Collection Statement at any time by posting the changes on this page.
KASPERSKY ANTI-VIRUS 2010 Kaspersky Security Network shall duly inform the users concerned, when initially collecting the above-mentioned information, of any sharing of such information, notably for use for business development and shall allow these Internet users to opt in (in the EC Member States and other countries requiring opt-in procedure) or opt-out (for all the other countries) on-line from the commercial use of this data and/or the transmission of this data to third parties.
KASPERSKY SECURITY NETWORK DATA COLLECTION STATEMENT regarding protection and use of confidential information. After collected data reaches Kaspersky Lab it is stored on a server with physical and electronic security features as customary in the industry, including utilization of login/password procedures and electronic firewalls designed to block unauthorized access from outside of Kaspersky Lab.
USING THIRD-PARTY CODE Third-party code was used during Kaspersky Anti-Virus development. IN THIS SECTION: CryptoEx LLC ................................................................................................................................................................ 159 Fastscript 1.9 library ...................................................................................................................................................... 159 Libnkfm 7.4.7.7 library ........................
USING THIRD-PARTY CODE CRYPTOEX LLC To create and verify digital signatures, Kaspersky Anti-Virus uses Crypto Ex LLC's data security software library, Crypto C. CryptoEx LLC holds a license from the Federal Agency for Government Communications and Information (a branch of the Federal Security Service) and the Crypto C data security software library certificate. CryptoEx LLC corporate website: http://www.cryptoex.ru Exclusive rights for data security software library are reserved by CryptoEx LLC.
KASPERSKY ANTI-VIRUS 2010 GNU BISON PARSER LIBRARY The bison parser skeleton 2.3 copyright © GNU Project http://ftp.gnu.org/gnu/bison/ library under the framework of a special exception was used during application development. As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work under terms of your choice, so long as that work isn't itself a parser generator using the skeleton or a modified version thereof as a parser skeleton.
USING THIRD-PARTY CODE OpenSSL License Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2.
KASPERSKY ANTI-VIRUS 2010 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement:"This product includes cryptographic software written by Eric Young (eay@cryptsoft.
USING THIRD-PARTY CODE THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. INFO-ZIP 5.
KASPERSKY ANTI-VIRUS 2010 i) changes to the Program, and ii) additions to the Program; where such changes and/or additions to the Program originate from and are distributed by that particular Contributor. A Contribution 'originates' from a Contributor if it was added to the Program by such Contributor itself or anyone acting on such Contributor's behalf.
USING THIRD-PARTY CODE iv) states that source code for the Program is available from such Contributor, and informs licensees how to obtain it in a reasonable manner on or through a medium customarily used for software exchange. When the Program is made available in source code form: a) it must be made available under this Agreement; and b) a copy of this Agreement must be included with each copy of the Program. Contributors may not remove or alter any copyright notices contained within the Program.
KASPERSKY ANTI-VIRUS 2010 If Recipient institutes patent litigation against a Contributor with respect to a patent applicable to software (including a cross-claim or counterclaim in a lawsuit), then any patent licenses granted by that Contributor to such Recipient under this Agreement shall terminate as of the date such litigation is filed.
USING THIRD-PARTY CODE RFC1321-BASED (RSA-FREE) MD5 LIBRARY The RFC1321-based (RSA-free) MD5 library was used during application development. Copyright (c) 1999, 2002 Aladdin Enterprises. All rights reserved. Distributed under zlib/libpng license. WINDOWS TEMPLATE LIBRARY (WTL 7.5) The Windows Template Library 7.5 Copyright (c) 2005 Microsoft Corporation was used during application development. All rights reserved, under Common Public license 1.0, http://sourceforge.net/projects/wtl/.
KASPERSKY ANTI-VIRUS 2010 other entity based on infringement of intellectual property rights or otherwise. As a condition to exercising the rights and licenses granted hereunder, each Recipient hereby assumes sole responsibility to secure any other intellectual property rights needed, if any. For example, if a third party patent license is required to allow Recipient to distribute the Program, it is Recipient's responsibility to acquire that license before distributing the Program.
USING 5. THIRD-PARTY CODE NO WARRANTY EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NONINFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
KASPERSKY ANTI-VIRUS 2010 LEGAL ISSUES In plain English: We don't promise that this software works. (But if you find any bugs, please let us know!) You can use this software for whatever you want. You don't have to pay us. You may not pretend that you wrote this software. If you use it in a program, you must acknowledge somewhere in your documentation that you've used the IJG code.
USING THIRD-PARTY CODE LIBUNGIF 3.0 LIBRARY The libungif 3.0 library was used during application development. Copyright (c) 1997 Eric S. Raymond.
KASPERSKY ANTI-VIRUS 2010 Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This license, the Lesser General Public License, applies to some specially designated software packages--typically libraries--of the Free Software Foundation and other authors who decide to use it.
USING THIRD-PARTY CODE The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run. TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0.
KASPERSKY ANTI-VIRUS 2010 In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library.
USING THIRD-PARTY CODE c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution. d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.
KASPERSKY ANTI-VIRUS 2010 12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 13.
USING THIRD-PARTY CODE PARTICULAR PURPOSE ARE DISCLAIMED.
KASPERSKY ANTI-VIRUS 2010 Code generated by the Protocol Buffer compiler is owned by the owner of the input file used when generating it. This code is not standalone and requires a support library to be linked with it. This support library is itself covered by the above license.
GLOSSARY List of masks and addresses of web resources, to which content the user trusts. Kaspersky Lab application does not scan web pages, corresponding to some list item, for the presence of malicious objects. ACTIVATING THE APPLICATION The application activation procedure consists in entering an activation code and obtaining a key which will allow the application to determine if the user has sufficient rights to use it, and to find out the license expiration date.
KASPERSKY ANTI-VIRUS 2010 BACKUP STORAGE Special storage designed to save backup copies of objects created before their first disinfection or deletion. BASE OF PHISHING WEB ADDRESSES List of web addresses, which are defined as phishing by Kaspersky Lab specialists. The base is regularly updated and it is a part of Kaspersky Lab application. BASE OF SUSPICIOUS WEB ADDRESSES List of web addresses, which content can be considered as potentially dangerous. The list is created by Kaspersky Lab specialists.
GLOSSARY There exist a number of viruses that infect boot sectors, which are thus called boot viruses. The Kaspersky Lab application allows to scan boot sectors for viruses and disinfect them if an infection is found. DOMAIN NAME SERVICE (DNS) Distributed system for converting the name of a host (a computer or other network device) into IP address. DNS functions in TCP/IP networks.
KASPERSKY ANTI-VIRUS 2010 For example, you have an archive scanned by Kaspersky Lab application and assigned the not infected status. The next time the application will skip this archive, unless it has been altered or the scan settings have been changed. If you altered the archive content by adding a new object to it, modified the scan settings or updated the anti-virus database, the archive will be re-scanned.
GLOSSARY LIST OF CHECKED WEB ADDRESSES List of masks and addresses of web resources, which are mandatory scanned for malicious objects by Kaspersky Lab application. MAIL DATABASES Databases containing emails in a special format and saved on your computer. Each incoming/outgoing email is placed in the mail database after it is received/sent. These databases are scanned during a full computer scan.
KASPERSKY ANTI-VIRUS 2010 PROXY SERVER Computer network service which allows users to make indirect requests to other network services. First, a user connects to a proxy server and requests a resource (e.g., a file) located on another server. Then, the proxy server either connects to the specified server and obtains the resource from it, or returns the resource from its own cache (in case if the proxy has its own cache).
GLOSSARY TRAFFIC SCAN A real-time scan using information from the latest version of the databases for objects transmitted over all protocols (for example, HTTP, FTP, etc.). TRUSTED PROCESS Application process whose file operations are not monitored by Kaspersky Lab's application in real-time protection mode. In other words, no objects run, open, or saved by the trusted process will be scanned. UNKNOWN VIRUS A new virus about which there is no information in the databases.
KASPERSKY LAB Kaspersky Lab was founded in 1997. Today it is the leading developer of a wide range of high-performance information security software products, including anti-virus, anti-spam and anti-hacking systems. Kaspersky Lab is an international company. Headquartered in the Russian Federation, the company has offices in the United Kingdom, France, Germany, Japan, the Benelux countries, China, Poland, Romania and the USA (California).
LICENSE AGREEMENT IMPORTANT LEGAL NOTICE TO ALL USERS: CAREFULLY READ THE FOLLOWING LEGAL AGREEMENT BEFORE YOU START USING THE SOFTWARE. BY CLICKING THE ACCEPT BUTTON IN THE LICENSE AGREEMENT WINDOW YOU CONSENT TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS AGREEMENT. SUCH ACTION IS A SYMBOL OF YOUR SIGNATURE AND YOU ARE CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT AND AGREE THAT THIS AGREEMENT IS ENFORCEABLE LIKE ANY WRITTEN NEGOTIATED AGREEMENT SIGNED BY YOU.
KASPERSKY ANTI-VIRUS 2010 2.2. If the Software was purchased on a physical medium You have the right to use the Software for protection of such a number of Computer(s) as is specified on the Software package. 2.3. If the Software was purchased via the Internet You have the right to use the Software for protection of such a number of Computers that was specified when You purchased the License to the Software. 2.4.
LICENSE AGREEMENT 4. Technical Support The Technical Support described in Clause 2.5 of this Agreement is provided to You when the latest Update of the Software is installed (except for a trial version of the Software). 5. Information Collection 5.1. Having agreed with the terms and conditions of this Agreement You consent to provide information to the Rightholder about executable files and their checksums to improve Your security protection level. 5.2.
KASPERSKY ANTI-VIRUS 2010 or surges; casualty; alteration, non-permitted modification, or repairs by any party other than Rightholder; or any other third parties‟ or Your actions or causes beyond Rightholder‟s reasonable control; (y) any defect not made known by You to Rightholder as soon as practical after the defect first appears; and (z) incompatibility caused by hardware and/or software components installed on Your Computer. 7.2.
LICENSE AGREEMENT 9. GNU and Other Third Party Licenses The Software may include some software programs that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or other similar free software licenses which, among other rights, permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access to the source code (“Open Source Software”).
KASPERSKY ANTI-VIRUS 2010 reason, in whole or in part, such provision will be more narrowly construed so that it becomes legal and enforceable, and the entire Agreement will not fail on account thereof and the balance of the Agreement will continue in full force and effect to the maximum extent permitted by law or equity while preserving, to the fullest extent possible, its original intent.
INDEX A Application components .............................................................................................................................................. 15 APPLICATION INTERFACE ....................................................................................................................................... 36 Application self-defense ..............................................................................................................................................
KASPERSKY ANTI-VIRUS 2010 K Kaspersky Anti-Virus starting at the operating system's startup .............................................................................................................. 93 L License ...................................................................................................................................................................... 182 active ....................................................................................................................
INDEX selecting a component or a task .......................................................................................................................... 124 REPORTS ................................................................................................................................................................. 123 Rescue disk ...............................................................................................................................................................
