McAfee VirusScan TC Administrator’s Guide Version 6.
COPYRIGHT Copyright © 2000 Networks Associates Technology, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Networks Associates Technology, Inc., or its suppliers or affiliate companies.
Contents Chapter 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5 The deployment and installation scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . .6 Complete Installation — Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 Optimized Installation — Overview . . . . . . . . . . . . . . . . . . . . . . .
Contents Chapter 4. Updating and Mirroring Tasks . . . . . . . . . . . . . . . . . . . . . . . 49 Why update? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49 Overview of the updating and mirroring tasks . . . . . . . . . . . . . . . . . . . . . . . .49 Configuring the AutoUpdate and Mirroring tasks . . . . . . . . . . . . . . . . . .51 Setting schedule for tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1 Introduction 1 Features McAfee VirusScan TC (Thin Client) is an anti-virus software application that includes: On-Access Scanner Checks for viruses each time you open or copy a file from, save a file to, or otherwise use any file stored on your server or client disk or hard drive. Scanning engine The tool that recognizes viruses and malicious code. Virus definition files *.DAT files include information that the scanning engine uses to recognize and act upon viruses.
Introduction The deployment and installation scenarios You can deploy the VirusScan TC software to the computers on your network using one of two installation scenarios—Complete Installation or Optimized Installation. The major characteristics of the two approaches are described below: Complete Installation Optimized Installation Deployment VirusScan TC is deployed by SMS, Windows NT VirusScan TC is deployed using the ePolicy Orcheslogin scripts. trator Console.
Introduction Complete Installation Optimized Installation Limitations Cannot be deployed by SMS or Windows NT If you are not running ePolicy Orchestrator, or if login scripts. the target computers are not running the ePolicy Orchestrator agent: • You cannot change the default configuration of the VirusScan TC software. • You cannot update the virus definition files. * In an Optimized Installation, ePolicy Orchestrator “pushes” a single small file, the Installer, to the target computers.
Introduction Keep in mind: • You can set and enforce policy for VirusScan TC centrally from the ePolicy Orchestrator Console as soon as you install the ePolicy Orchestrator agent on the target computers. • You cannot configure the program before deploying it across your network. The program is sent to the workstations with default settings.
Introduction • Economy of bandwidth usage because the total size of the installation files is, in most cases, substantially less than the total size of the files that make up a Complete installation. • Opportunity to configure the ePolicy Orchestrator agent to reboot the computer as required by the installation process without prompting you for a response. Keep in mind: • You can set policy (configure) the VirusScan TC program’s scanning options before deploying it.
Introduction Configuring elements of VirusScan TC software There are three aspects of VirusScan TC software that can be configured: 10 Installation process This process must be configured if you are using the ePolicy Orchestrator software to deploy and install the VirusScan TC software. You cannot configure it using the ePolicy Orchestrator Console if you are using SMS or login scripts to deploy the software. For additional information, see Chapter 2, “Deploying and Installing VirusScan TC.
Deploying and Installing VirusScan TC 2 2 Overview This section describes the procedures for deploying and installing the VirusScan TC program. You can do this in one of two ways, depending on your environment and the rules by which your enterprise operates. The two methods are: Using SMS or Windows NT login scripts If your enterprise requires this method for software deployment. See “Complete Installation” on page 11. Using ePolicy Orchestrator software v1.
Deploying and Installing VirusScan TC To deploy and install the VirusScan TC program on your computer, follow these steps: 1. Place the CD-ROM in your server’s drive. 2. On your network, create a shared folder where you will copy the program files for the target computers to share. The shared folder must provide “read” access to every computer on which VirusScan TC will be installed. æ IMPORTANT: On Windows 95 and Windows 98 systems, the share must be in the same domain as the currently logged-in user.
Deploying and Installing VirusScan TC What next? If you have installed the ePolicy Orchestrator v1.1 program, you can now configure the VirusScan TC software before deploying it to the target computers. The features that you can customize are: • The On-Access Scanner. See Chapter 3, “Setting Policy for On-Access Scanning,” starting on page 29. • AutoUpdate. See Chapter 4, “Updating and Mirroring Tasks,” starting on page 49.
Deploying and Installing VirusScan TC Optimized Installation This section describes the procedures for placing the program files onto the server, then deploying and installing the Installer and VirusScan TC programs via the ePolicy Orchestrator software. Overview Optimized installation and deployment consists of these seven basic tasks, which are described in detail later in this chapter: 1. Install the ePolicy Orchestrator v1.1 server software on your server. 2.
Deploying and Installing VirusScan TC ¥ NOTE: You can designate up to eight sites for the VirusScan TC program installation file, and for the files that install MSI. This helps assure that the installation procedure will be able to locate the required files, even if one or more of the locations is temporarily off-line. Listing the sites in order of proximity helps assure that the installation procedure will contact the most preferred location first. 7. Set policy for (configure) the on-access scanner. 8.
Deploying and Installing VirusScan TC To place a .NAP file in the software repository, follow these steps: 1. In the ePolicy Orchestrator console tree, right-click on Software, and select Install (Figure 2-1). Figure 2-1. Console Tree—Install software in repository The Select a Software Package dialog box appears (Figure 2-2). Figure 2-2. Select a Software Package dialog box 2. Click at the top of the dialog box to select the CD-ROM. Locate each of the following .
Deploying and Installing VirusScan TC Figure 2-3. ePolicy Orchestrator Console displaying the contents of the Software Repository 4. Copy Installer and program files to the network In order for the Installer to find the files needed for downloading, you must first copy those files from the CD-ROM to a place on the network that all target computers can access. This can be either an FTP site or a shared folder on the network.
Deploying and Installing VirusScan TC 2. Copy the appropriate MSI file or files for your Windows environment to either an FTP site or to a shared folder on the network. • If your network includes both types of Windows environment, copy both MSI files. • If you are operating in an exclusively Windows 2000 environment, you do not need to copy either of the MSI files. • If you are copying to a shared folder, you must use Universal Naming Convention (UNC) to target it.
Deploying and Installing VirusScan TC Setting policy for the installation files Follow these steps to set policy for the installation files: 1. Verify that the Policies tab is selected in the upper portion of the details pane, on the right side of the ePolicy Orchestrator console. 2. If you have not already done so, click the next to Installer for VirusScan TC in the upper portion of the details pane. 3. Select Configurations to display the Configurations property pages.
Deploying and Installing VirusScan TC ¥ NOTE: Disabling the Inheritance feature lets you set new policy for the installation of the Installer program for the target (group or computer) that you have selected in the console tree. During future installations to computers in other branches of your network, you might want to leave this checkbox selected if you want the Site policies you set now to affect computers that are in subordinate positions in the console tree.
Deploying and Installing VirusScan TC 6. Enter a name for the site that you are defining. This is the name that will appear in the main Install Sites, or MSI Sites page, shown in Figure 2-4 on page 19, and in the installation log. See “Setting policy for the installation files” on page 19 for information about the installation log. 7. Verify that Enable Site is selected. 8. Provide the necessary information appropriate to the site where the files are located: • For an FTP site a.
Deploying and Installing VirusScan TC ¥ NOTE: You must also perform this step for VSCANTC.MCS if, in Step 3 on page 18, you placed that file on a UNC shared folder. c. Fill in the User Name and Password boxes. Regardless of the number of characters in the password, eight asterisks appear in the password field. • For a path on the local computer a. Select the UNC path option. b. Enter the path of the local folder in the field labeled Enter a local path. 9.
Deploying and Installing VirusScan TC Setting policy for the Installer’s logging feature This feature of the Installer allows you to configure the way in which the installer logs activity during installation. You can set the name and location of the log file, its size, and the level of detail that is reported. æ IMPORTANT: When deploying and installing the VirusScan TC program, the only report that an installation has failed is found in the local log file on the target machines.
Deploying and Installing VirusScan TC 3. Make sure that Log to file is selected. 4. By default, the name of the log file is Install.log. The default path of the log file is: :\Program Files\McAfee\VirusScan TC\Install.log Here, refers to the client disk where the VirusScan TC software is installed. If you prefer, you can enter a different file name or path. 5. By default, the maximum size for the log file is set to 1,024KB (1MB). You can enter any value between 10KB and 32,767KB.
Deploying and Installing VirusScan TC + WARNING: If you do not click Apply, the options that you selected are ignored. 6. Select reboot options Using the ePolicy Orchestrator Agent Options page, you can specify the way you want the installer to respond to rebooting requirement. The options are: • Prompt user when software installation requires reboot. and/or • Automatic reboot with timeout.
Deploying and Installing VirusScan TC To deploy the policy and install VirusScan TC, follow these steps: 1. Select a target in the ePolicy Orchestrator console tree where you will be installing the Installer and VirusScan TC programs. The target can be a group or a single computer (See Figure 2-9 on page 26). Figure 2-9. ePolicy Orchestrator—Installation Options property page 2. Deselect Inherit on the Installation Options page, located in the lower portion of the details pane.
Deploying and Installing VirusScan TC 6. Click Apply. The policy is ready for deployment to the computers that you selected in the console tree in Step 1 on page 26. The VirusScan TC program will be transmitted when the ePolicy Orchestrator agent requests new policies from the server. + WARNING: If you do not click Apply, the options that you selected are ignored.
Deploying and Installing VirusScan TC 28 McAfee VirusScan TC
Setting Policy for On-Access Scanning 3 3 Overview The VirusScan TC program uses its On-Access Scanner to provide continuous, real-time virus detection and response. The On-Access Scanner checks for infections each time you open or copy a file from, save a file to, or otherwise use any file stored on the hard drive. The scanner starts when the computer starts up, and stays in memory until the computer shuts down. By default, the scanner: • Scans files when they are written to disk.
Setting Policy for On-Access Scanning Configuring on-access scanning options If you have the ePolicy Orchestrator software running on your network, you can change or modify the default policy for the on-access scanner’s detection, action, reporting, and exclusion features. You cannot change the scanner’s default settings without the ePolicy Orchestrator software. To configure the on-access scanner, follow these steps: 1.
Setting Policy for On-Access Scanning Figure 3-3. On-Access Scan Options—Detection property page Each tab governs a set of options for the on-access scanning operation: Detection Options for the scanner’s behavior—when and what to scan. Action Actions you want the scanner to take when it finds a virus. Report Features that customize the output of the log files. Exclusions Any item (file, folder or disk) that you want to exclude from scanning.
Setting Policy for On-Access Scanning Detection Options To set the Detection options, follow these steps: 1. Deselect Inherit to change the product’s current configuration settings. ¥ NOTE: Disabling the Inheritance feature lets you set new policy for scanning activities for the target (group or computer) that you have selected in the console tree.
Setting Policy for On-Access Scanning Scanning files only when they are read from disk can be a element of an effective virus protection program. However, under some circumstances, scanning files only when they are written to disk may not be equally effective. For additional information, see the footnote page 39. 4. Under Scan Floppies, select At system shutdown to scan any floppy disk that is left in the drive when the computer shuts down. 5.
Setting Policy for On-Access Scanning ¥ NOTE: When the VirusScan TC product is shipped, the list of Default files is identical with the list of Custom files. However, over time, as you upgrade the scanning engine, the list of Default files may grow or shrink depending on the most current research on the susceptibility of certain file types to virus infection. Upgrading the scanning engine will not affect the list of Custom files, which is under the control of the user.
Setting Policy for On-Access Scanning – If you selected Default files, the compressed file types that the current scanning engine and .DAT files classify as susceptible to infection will be included in scanning activities. – If you selected Custom files, the scanner will examine only those compressed file types that appear in the list of extensions. • Select Boot sectors to scan the disk boot sector of a floppy disk or hard disk when a file is first accessed.
Setting Policy for On-Access Scanning Action options When VirusScan TC software detects a virus, it can respond either by automatically taking an action that you determine ahead of time. Use the Action tab to specify the scanner’s behavior when it finds a virus. To set the Action options, follow these steps: 1. Select the Action tab on the On-Access Scan Options page (Figure 3-5). Figure 3-5. On-Access Scan Options — Action property page 2.
Setting Policy for On-Access Scanning 3. Under When a Virus is Found, select one of these options: • Deny access to infected files and continue. Denies any user access to an infected file. If you select this option, be sure to enable the logging option so that you have a record of which files are infected. See “Report options” on page 39 for details. ë • TIP: When you select this option, the scanner automatically stops read and copy operations for any file that it identifies as infected.
Setting Policy for On-Access Scanning 5. Click Apply to save your action policy settings. The settings are transmitted to the ePolicy Orchestrator agents for enforcement the next time that the agents request new policies and tasks from the server. See the ePolicy Orchestrator Administrator’s Guide for information about agent-server communication. + WARNING: If you do not click Apply, you settings are ignored.
Setting Policy for On-Access Scanning Status of Infected File Selected Action Outcome Windows 95 and Windows 98 Read from disk Deny Access Success Failure • Left intact Written to disk Deleted* • Access denied Failure Failure Failure* Deleted* Deleted • Left intact Left intact* • Access Denied • Left intact Left intact* • Access denied Moved to quarantine folder • Left intact Deleted* • Access denied • Left intact Left intact* • Access denied Success Clean • Left intact Written to
Setting Policy for On-Access Scanning ¥ NOTE: The reporting function of the VirusScan TC program does not replace, supersede, or affect the function of the McAfee Anti-Virus Informant application that is included with the ePolicy Orchestrator software. See the ePolicy Orchestrator Administrator’s Guide for more information about the Anti-Virus Informant module.
Setting Policy for On-Access Scanning 2. Deselect Inherit to change the product’s current configuration settings. See the NOTE on page 32 for more information about this step. 3. Select Log to file to save the log in a file that you specify. By default, the scanner writes log information to the file VSHLOG.TXT in the VirusScan program directory. The program creates the default file in the default path. 4.
Setting Policy for On-Access Scanning 6. Select Enable Centralized Alerting if you have installed a McAfee product that includes Alert Manager, such as the NetShield or GroupShield software, on one or more servers, and want to continue using it. This feature allows workstations to transmit alerts to a centralized folder from which Alert Manager can retrieve and distribute them, using the methods that you configured within Alert Manager. 7.
Setting Policy for On-Access Scanning • establishing a quota for the number of messages that the shared folder can accept. • using the NTFS auditing feature. 8. Click Apply to save your report policy settings. The settings are transmitted to the ePolicy Orchestrator agents for enforcement the next time that the agents request new policies and tasks from the server. See the ePolicy Orchestrator Administrator’s Guide for information about agent-server communication.
Setting Policy for On-Access Scanning Figure 3-7. On-Access Scan Options — Exclusions property page 2. Deselect Inherit to change the product’s current configuration settings. See the NOTE on page 32 for more information about Inheritance. 3. Specify the items you want to exclude. Use the Add button to add a file or folder to the list; or use the Edit and Remove buttons to change or remove existing items in this list. • 44 McAfee VirusScan TC Add files, folders or volumes to the exclusion list.
Setting Policy for On-Access Scanning Figure 3-8. Add Exclusion Item dialog box Follow these steps to add items to the list: a. In the text box, enter the path of a folder or a file or folder that you want to exclude from scanning activities. ¥ NOTE: If you have chosen to move infected files to a quarantine folder automatically, the module excludes that folder from scan operations. b.
Setting Policy for On-Access Scanning 4. Click Apply to save your exclusion policy settings. The settings are transmitted to the ePolicy Orchestrator agents for enforcement the next time that the agents request new policies and tasks from the server. See the ePolicy Orchestrator Administrator’s Guide for information about agent-server communication. + WARNING: If you do not click Apply, you settings are ignored.
Setting Policy for On-Access Scanning 2. In the Directory tree, select a target group or computer to which you want to deploy scanning policy. The target could be a group or a single computer. 3. Deselect Inherit to change the installation settings. See the NOTE on page 32 for information about Inheritance. 4. Verify that Enforce Policies for VirusScan TC v.6.0.0 for Windows is selected. 5. Click Apply.
Setting Policy for On-Access Scanning 48 McAfee VirusScan TC
4 Updating and Mirroring Tasks 4 Why update? To protect your network, the VirusScan TC software needs regular updates of its virus definition files (.DAT files), improvements to its scanning engine, and other technical enhancements. Without updated files, the VirusScan TC software might not detect new virus strains or respond to them effectively. McAfee releases new .DAT files weekly to provide protection against the approximately 500 new viruses that appear each month.
Updating and Mirroring Tasks In relatively small networks, where every computer has unlimited access to the internet, each computer could pull the update files directly from the Network Associates FTP update site. However, such an approach is impractical in situations where some computers do not have access to the internet, and inefficient in situations where many computers are all downloading files from a remote, external source, such as the Network Associates FTP site.
Updating and Mirroring Tasks AutoUpdate Mirroring Target This task applies to a server that you select This task applies to a domain, and affects as the source for update files. Any all computers in the selected domain that have McAfee VirusScan TC installed. Any computer that can “see” the mirror folder computer in the domain can AutoUpdate can receive its updates. its .DAT files.
Updating and Mirroring Tasks To configure the AutoUpdate and Mirroring tasks, follow these steps: 1. Select a target in the ePolicy Orchestrator Directory tree for which you want to configure an updating task. The target could be a group or a single computer. 2. Right-click and select Schedule Task. The ePolicy Orchestrator Scheduler dialog box appears (Figure 4-1). Figure 4-1. Scheduler dialog box—Task page ¥ NOTE: There are three alternative ways to open the Scheduler.
Updating and Mirroring Tasks • Select All Tasks from the ePolicy Orchestrator Action menu. Then select Schedule Task from the drop-down menu. 3. Select the Task tab to define the activity you are configuring. 4. In the Name box, enter a descriptive name for the task that you are creating. Tasks can be saved for repeated use. The name you assign to a particular update task might describe the group of computers you are targeting for update, and/or the frequency of the update task. 5.
Updating and Mirroring Tasks ¥ NOTE: You can designate a maximum of eight sites, each with a unique name. The order in which the sites are listed on the Install Sites and MSI Sites property pages is the order in which the VirusScan TC installer software will look for the file. Figure 4-3. Site Options property page 9. Enter a name for the site that you are defining. This is the name that will appear in the main Update Sites or Source Sites page seen in Figure 4-2 on page 53, and in the Update log. 10.
Updating and Mirroring Tasks 11. Provide the necessary information to identify the location of the update files. This might be the NAI update FTP site or a site on your network that mirrors the NAI update FTP site. • For an FTP site a. Enter the name of the FTP server and the directory containing the file or files. For example, ftp.myserver/install. b. If the FTP location: – requires login credentials, enter the User Name and Password information required for access to the server.
Updating and Mirroring Tasks æ workstations IMPORTANT: Very careful planning is required to assure that have easy access to the shared folder, using SYSTEMACCOUNT, without compromising overall network security. Achieving this combination requires that you a) designate the shared folder as a NullSessionShare, and b) take advantage of appropriate Windows securities measure for NTFS systems to protect the NullSessionShare. a. Designate the shared folder that receives the .ALR files as a NullSessionShare.
Updating and Mirroring Tasks 12. When you have finished setting Site Option, click OK. Your changes are saved for deployment, and you are returned to the AutoUpdate property page. + WARNING: If you do not click OK, the options that you selected will be ignored. 13. Select the second tab on the dialog box (Figure 4-4). AutoUpdate Mirroring Select the Advanced tab. Select the Destination tab. Figure 4-4. AutoUpdate Advanced property page and Mirroring Destination property page 14.
Updating and Mirroring Tasks – Force-update .DAT files. Select this checkbox if: • You want to downgrade the current .DAT file to an earlier .DAT file that you have preserved. You may want to take this action as a temporary step if the newer .DAT files are not behaving as expected. Another situation in which you may want to select this option is where you want to include an EXTRA.DAT file with a routine update of your virus definition files. See Deploying an EXTRA.DAT file “With the weekly .
Updating and Mirroring Tasks 18. Verify that Log to file is selected. 19. The name of the log files are UPDATE.LOG and MIRROR.LOG. The default path of the logfiles is: :\Program Files\McAfee\VirusScan TC\ Here, drive refers to the client disk where the VirusScan TC software is installed. If you prefer, you can enter a different name or path. 20. By default, the maximum size for the log file is set to 1,024KB (1MB). You can enter any value between 10KB and 32,767KB.
Updating and Mirroring Tasks Figure 4-8. ePolicy Orchestrator Agent Options property page 23. Click Apply to save your settings and continue configuring the task with schedule settings. If you have finished configuring the task, click OK to save your settings and close the Scheduler dialog box. Your saved settings are transmitted to the ePolicy Orchestrator agents for enforcement the next time that the agents request new policies and tasks from the server.
Updating and Mirroring Tasks For a more complete description of opening the Scheduler and naming a task, see Step 1 on page 52 through Step 4 on page 53. 2. Select the Schedule tab (Figure 4-9). Figure 4-9. Scheduler dialog box—Scheduler page 3. In the box labeled Schedule Task, click to select the frequency for the task. Depending on your selection, the display in the lower portion of the dialog box changes, allowing you to further specify the scheduling details.
Updating and Mirroring Tasks • For At System Startup, there is nothing more to configure. The task will run when the system starts. ¥ NOTE: On Windows 95 and Windows 98 systems, the user must be logged-on for this option to work. • For At Logon, there is nothing more to configure. The task will run when a user logs on. • If you select When Idle, use to specify the number of minutes of idleness that will trigger the task.
Updating and Mirroring Tasks • Select Enable randomization. • In the two adjoining boxes, click to enter the time frame, in hours and minutes, within which you want the updating task to start. For example, if you set the randomization range to 1 hour and 30 minutes, updating may occur at any time during the 1.5 hours preceding or following the time specified in the Start at box. 6. By default, Run missed task is selected.
Updating and Mirroring Tasks Selecting Schedule Settings After you have set a schedule for a task, and have clicked OK, you are returned to the ePolicy Orchestrator Scheduler page to complete the Schedule Settings portion of that dialog box (Figure 4-11). Figure 4-11. Scheduler dialog box There are two settings available: • Enable (scheduled task runs at specified time). Select this to run the task at the times and under the circumstances that you specified on the Schedule tab.
Updating and Mirroring Tasks Editing and deleting a task When you have finished defining a task and setting its schedule, the task appears on the Tasks page of the ePolicy Orchestrator details pane. Figure 4-12. Task List Right-click a listed task and select an action from the menu that appears: • Delete. Select this option to remove the task from the list. • Schedule Task. Select this option to schedule a new task. • Edit Task. Select this option to change the task’s settings.
Updating and Mirroring Tasks Deploying routine .DAT file updates When an outbreak condition exists, the new drivers are, as usual, added to the routine, weekly .DAT files. However, instead of waiting until the next weekly distribution day to incorporate the new virus definition, a new incremental .DAT file is created to deal with the new virus, and is included with the .DAT files available from the McAfee FTP site.
Updating and Mirroring Tasks When AVERT publishes an EXTRA.DAT file, they announce its availability and a location where you can download the file. If you subscribe to the Enterprise SecureCast update service, you can receive all such alert messages. The procedure for deploying EXTRA.DAT independently of the weekly .DAT updates is a six step process: 1. Download EXTRA.DAT from the location designated in the AVERT announcement. 2. Place EXTRA.
Updating and Mirroring Tasks To deploy EXTRA.DAT with a weekly .DAT file, follow these steps: 1. Select the Advanced tab on the VirusScan TC AutoUpdate property pages. For information on navigating to this tab, see Step 1 through Step 7 on page 53, and Step 12 on page 57 through Step 14 on page 57. 2. Select Force-update .DAT files. This will ensure that all .DAT files are included in the update activity. 3. Add EXTRA.DAT to the weekly .ZIP file containing the .DATs. To do so: a. Place DAT-4085.
Updating and Mirroring Tasks Original text [ZIP] EngineVersion=0 DATVersion=4085 FileName=dat-4085.zip FileSize=1707214 Checksum=42BE,D02E Edited text [ZIP] EngineVersion=0 DATVersion=4085 FileName=dat-4085.
Updating and Mirroring Tasks 70 McAfee VirusScan TC
A Terminology A This appendix supplements the glossary found in the ePolicy Orchestrator Administrator’s Guide, elaborating on the usage of selected terms. • Deploying refers to sending a software program or utility to the target computers. Deployment does not include installation, although the two processes sometimes overlap. You can deploy installation software, such as the McAfee Installer for VirusScan TC, or anti-virus software packages, such as VirusScan TC.
Terminology Policy Task Definition A software operation that is triggered by clock Enforced configuration settings for routine or calendar settings, such as the periodic software operations that are triggered by users’ updating of virus definition files used by the actions, such as on-access scanning. This term anti-virus scanner.
Contact and support information B B Customer service You may direct all questions, comments, or requests concerning the software you purchased, your registration status, or similar issues to the Network Associates Customer Service department at the following address: Network Associates Customer Service 4099 McEwen, Suite 500 Dallas, Texas 75244 U.S.A. The department's hours of operation are 8:00 a.m. to 8:00 p.m.
Contact and support information If you do not find what you need or do not have web access, try one of our automated services. Internet techsupport@mcafee.com CompuServe GO NAI America Online keyword MCAFEE If the automated services do not have the answers you need, contact Network Associates at one of the following numbers Monday through Friday between 8:00 A.M. and 8:00 P.M. Central time to find out about Network Associates technical support plans.
Contact and support information Download support To get help with navigating or downloading files from the Network Associates or McAfee websites or FTP sites, call: Corporate customers (801) 492-2650 Retail customers (801) 492-2600 Network Associates training For information about scheduling on-site training for any McAfee or Network Associates product, call Network Associates Customer Service at: (972) 308-9960.
Contact and support information Because McAfee researchers are committed to providing you with effective and up-to-date tools you can use to protect your system, please tell them about any new Java classes, ActiveX controls, dangerous websites, or viruses that your software does not now detect. Note that McAfee reserves the right to use any information you supply as it deems appropriate, without incurring any obligations whatsoever. Send your questions or virus samples to: virus_research@nai.
Contact and support information International contact information To contact Network Associates outside the United States, use the addresses, phone numbers and fax numbers below. Network Associates Australia Network Associates Austria Level 1, 500 Pacific Highway Pulvermuehlstrasse 17 St.
Contact and support information Network Associates France S.A.
Contact and support information Network Associates Portugal Net Tools Network Associates South Africa Av. da Liberdade, 114 Hawthorne House 1269-046 Lisboa St. Andrews Business Park Portugal Meadowbrook Lane Phone: 351 1 340 4543 Bryanston, Johannesburg Fax: South Africa 2021 351 1 340 4575 Phone: 27 11 700-8200 Fax: 27 11 706-1569 Network Associates South East Asia Network Associates Spain 78 Shenton Way Orense 4, 4a Planta.
Contact and support information PrimeSupport options Adding value to your McAfee product Choosing McAfee anti-virus, Sniffer Technologies network management, and PGP security software helps to ensure that the critical technology you rely on functions smoothly and effectively.
Contact and support information To receive your KnowledgeCenter password or to register your PrimeSupport agreement with Network Associates, visit: http://www.nai.com/asp_set/support/introduction/default.asp Your completed form will go to the Network Associates Customer Service Center. You must submit this form before you connect to the PrimeSupport KnowledgeCenter site.
Contact and support information The PrimeSupport Priority plan The PrimeSupport Priority plan gives you round-the-clock telephone access to essential product assistance from experienced Network Associates technical support staff members. You can purchase the PrimeSupport Priority plan on an annual basis when you purchase a Network Associates product, either with a subscription license or a one-year license.
Contact and support information By calling in advance, your PrimeSupport Enterprise representative can help to prevent problems before they occur. If, however, an emergency arises, the PrimeSupport Enterprise plan gives you a committed response time that assures you that help is on the way. You may purchase the PrimeSupport Enterprise plan on an annual basis when you purchase a Network Associates product, either with a subscription license or a one-year license.
Contact and support information Table B-1. Corporate PrimeSupport Plans at a Glance Plan Feature Knowledge Center Connect Priority Enterprise Technical support via website Yes Yes Yes Yes Software updates Yes Yes Yes Yes Technical support via telephone — Monday–Friday Monday–Friday, after hours emergency access Monday–Friday, after hours emergency access North America: 8 a.m.–8 p.m. CT North America: 8 a.m.–8 p.m. CT North America: 8 a.m.–8 p.m.
Contact and support information Network Associates consulting and training The Network Associates Total Service Solutions program provides you with expert consulting and comprehensive education that can help you maximize the security and performance of your network investments. The Total Service Solutions program includes the Network Associates Professional Consulting arm and the Total Education Services program.
Contact and support information Network consulting Network Associates consultants provide expertise in protocol analysis and offer a vendor-independent perspective to recommend unbiased solutions for troubleshooting and optimizing your network. Consultants can also bring their broad understanding of network management best practices and industry relationships to speed problem escalation and resolution through vendor support.
Index A access, deny to infected files, 37 to 39 compared to Optimized Installation, 6 to 7 configuring action setting policy for scanner, 36 to 39 status of files after scanning, 38 to 39 See also clean infected files delete infected files deny access to infected files move infected files Action tab , 36 to 39 advanced options AutoUpdate, 57 to 58 schedule, 63 Advanced tab, 57 to 58 Agent Wakeup Call, 67 Alert Manager, 42, 56 alerts, destination folder, 42 .
contacting Destination tab, 57 to 58 consulting and training services, 85 to 86 destination, for mirror update site , 57 to 58 customer service, 73 Detection tab, 32 to 35 international offices, 77 to 79 detection, setting policy for virus, 32 to 35 PrimeSupport, 83 to 84 reporting new viruses, 75 to 76 E technical support, 73 to 75 educational services, description of, 86 customer service, 73 engine, 5, 7, 10, 29, 33, 49, 51 updating, 57 D exclusion options add files, folder or volumes, 44 to
I updating and mirroring, 59 infected files, status of after scanning, 38 to 39 mirroring activities, 58 to 59 inheritance, 32 updating and mirroring activities, non-verbose, 59 scanning activities, 39 to 43 Install Sites tab, 19 to 22 Installation Complete, 7, 11 to 12 Optimized, 8 to 9, 14 to 27 installation logging, setting policy for scanning activities, 39 to 43 LWISETUP.EXE, use in Complete Installation, 12 deploying policy, 25 to 27 M INSTMSI.EXE and INSTMSIW.
O on-access scanner configuring, 30 to 46 defined, 29 file types scanned, 33 to 34 recycle bin, excluding contents from scanning, 43 removing the VirusScan TC program, 27 replication, See mirroring report options configuring, 40 to 43 overview, 29 enable centralized alerting, 42 Optimized Installation, 8 to 9, 14 to 27 log to file, 41 compared to Complete Installation, 6 outbreak dealing with, 65 to 69 Report tab, 39 to 43 reporting AutoUpdate activities, 58 to 59 high-prevalence virus threat, 66 i
for MSI files, 18, 21 site options AutoUpdate, 54 to 57 installer, 21 to 22 Site Options page for AutoUpdate and Mirroring, 53 to 57 for VSCANTC.MCS, 18, 21 uninstalling the VirusScan TC program, 27 Universal Naming Convention. See UNC update Sites configuring, 53 to 57 for Installer, 20 to 22 site replication, See mirroring updating , 49 to 60 software repository, 30 updating and mirroring placing .
