Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
ADMINISTRATOR’S
GUIDE
KASP ERSKY ANTI -VIRUS 6.0 F OR WINDOWS SERVERS
ENTERPRISE EDITION
Administrator’s Guide
Kaspersky Lab
http://www.kaspersky.com
CHAPTER 18. MANAGING ANTI-VIRUS AND VIEWING ITS STATUS ................ 252
18.1. Starting and stopping the Anti-Virus service................................................ 252
18.2. Viewing the server protection status............................................................ 253
18.3. Viewing the Anti-Virus statistics................................................................... 255
18.4. Viewing Anti-Virus details............................................................................ 257
18.5. Viewing information about installed keys..................................................... 258
8 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
This guide contains description of how to use Kaspersky Anti-Virus 6.0 for
Windows Servers Enterprise Edition (hereinafter - Anti-Virus).
Section 1.1 on pg. 12 contains general information about the Anti-Virus as well
as the description of its protection functions and of detectable threats.
Part 1 of the user guide, Configuration and Control via MMC, contains a discus-
sion of Anti-Virus control via console installed on a protected server or on a re-
mote workstation.
For instructions on how to control the Anti-Virus from the command line of the
protected server refer to the Part 2, Control of the Anti-Virus from the command
line.
Part 3, Configuration and control using Kaspersky Administration Kit, discusses
protected of servers with the Anti-Virus installed using the Kaspersky Administra-
tion Kit application.
Part 4, Anti-Virus counters, contains the description of the Anti-Virus counters for
the "System Monitor" application as well as SNMP counters and traps.
If you have not found an answer to your question about Anti-Virus in this docu-
ment, please feel free to refer to other resources containing information about
this product (see section 1.2 on pg. 18).
Note
You can check the severity level of threats detected in the suspicious objects
detected using the Quarantine node (see Chapter 11 on pg. 155); the severity
level of threats contained in infected objects - using the Backup storage node
(see Chapter 12 on pg. 173).
A brief description of the threats is provided below. For a more detailed descrip-
tion of malware programs and their classification please visit Kaspersky Lab's
Virus Encyclopedia (http://www.viruslist.com/en/viruses/encyclopedia).
Introduction 15
If Anti-Virus detects (in a detectable object) sections of code that fully coincide
with the control code sections of a threat based on the information provided in
the bases, it will find such object infected, and, if it coincides only partially (in
accordance with some conditions) – suspicious.
Additionally, Anti-Virus detects objects, which may potentially contain malicious
code. For this purpose, it uses a heuristic code analyzer. It would not be true to
say that the code of such object fully or partially coincides with the code of a
known threat, but it does contain some command sequences characteristic of
malicious objects, such as opening a file or writing to a file or interception of in-
terrupt vectors. Heuristic analyzer determines for example that a file seems to be
infected with an unknown boot virus.
If Anti-Virus finds a detectable object infected or suspicious, it will return the
name of the threat contained in such object; if Anti-Virus finds that an object may
potentially contains malicious code, it will not return the name of the threat con-
tained in this object.
Note:
Term "objects potentially containing malicious code" is not used in the security
setting configuration dialog box or in the Security Settings dialog window and
the Task Statistics dialog window: Anti-Virus calls "suspicious" those objects
that may potentially contain malicious code and suspicious objects (in which
code sections that coincide with the code of known threats have been de-
tected).
In other dialog boxes of the Anti-Virus console terms "suspicious objects" and
"objects that may potentially contain malicious code" are named differently.
Term "suspicious objects" only refers to suspicious objects.
ous areas of the computer and perform other tasks. It also contains informa-
tion about managing the application from the command line, use Anti-Virus
efficiency counters as well as SNMP counters and traps.
In order to open the complete help file, select the Display help command
from the Help menu in the Anti-Virus console.
If you have any questions regarding an individual application window, you
can refer to the context help.
In order to open the context help, press the Help button or <F1> key in the
window you need help on.
Documentation
The set of documents supplied with the application contains most of the in-
formation required for its operation. The set contains the following docu-
ments:
Typical usage schemes. This document discusses the use of Anti-
Virus in the enterprise network.
Comparison with Kaspersky Anti-Virus 6.0 for Windows Serv-
ers. This document lists the characteristics of the Anti-Virus which
differentiates it from Kaspersky Anti-Virus 6.0 for Windows Servers.
Installation Guide contains Anti-Virus installation requirements to
the computer, Anti-Virus installation and activation instructions as
well as instructions on verifying its operability and initial setup.
Administration Guide (this document) discusses how to work with
the Anti-Virus console in MMC, manage Anti-Virus from the Kas-
persky Administration Kit application and from the command line,
use Anti-Virus efficiency counters as well as counters and traps for
the SNMP protocol.
Files with these documents in PDF format are included into the Anti-Virus
distribution kit.
Alternatively you can download files with these documents from the Anti-
Virus page of the Kaspersky Lab's website.
After you have installed the Anti-Virus console you can open the Administra-
tor's Guide from the Start menu.
In order to send an e-mail message with your question, you must indicate
the client number obtained during the registration at the Technical Support
service website along with your password.
Note
If you are not yet a registered user of Kaspersky Lab's applications you can
fill out a registration form on page:
https://support.kaspersky.com/en/PersonalCabinet/Registration/Form/.
During the registration you must provide the application's activation code or
the key serial number (you can view it in the Keys node of the Anti-Virus
console in the properties of the key installed).
In this forum you can view topics published earlier, leave your comments, create
new topics and use the search engine.
For example, you can discuss various scenarios of Anti-Virus deployment in your
organization and its configuration options.
PART 1. CONFIGURATION
AND CONTROL VIA MMC
This part contains the following information:
Starting the Anti-Virus console in ММС, granting access to Anti-Virus
functions, description of the console window appearance (see Chapter
2 on pg. 25);
Configuring general Anti-Virus settings (see Chapter 3 on pg. 40);
Importing and exporting Anti-Virus settings and its individual functional
components (see Chapter 4 on pg. 44);
A concept of task in the Anti-Virus, types of tasks, operations performed
with tasks, configuring a task schedule, viewing task statistics, launch-
ing a task under a different account (see Chapter 5 on pg. 48);
Configuring a real-time task settings (see Chapter 6 on pg. 62);
Blocking access from computers to the server during Real-time file
protection tasks (see Chapter 7 on pg. 87);
Trusted zone (see Chapter 8 on pg. 99);
Updating the Anti-Virus bases and application modules (see Chapter 10
on pg. 136);
Using quarantine for isolation of suspicious objects (see Chapter 11 on
pg. 155);
Backing up files before disinfection or deletion and using Backup (see
Chapter 12 on pg. 173);
Registration of events and Anti-Virus statistics (see Chapter 13 on pg.
185);
Installing and deleting license keys (see Chapter 14 on pg. 209);
Configuring notifications (see Chapter 15 on pg. 214).
CHAPTER 2. WORKING WITH
ANTI-VIRUS CONSOLE IN
MMC AND ACCESS TO ANTI-
VIRUS FUNCTIONS
You can launch msc-file of Anti-Virus snap-in or add Anti-Virus snap-in to the
existing MMC console as a new element in the tree. In Microsoft Windows 64-
byte version you can add Anti-Virus snap-in only in MMC 32-byte version
(MMC32): open MMC using the shell with command: mmc.exe /32.
You can manage the Anti-Virus via the MMC installed on the protected server or
on any other computer within the network. After you have installed the Anti-Virus
console onto another computer you must perform advanced configuration as
described in section 2.2 on pg. 26.
You can add several Anti-Virus snap-ins to a single console opened in the autho-
rizing mode in order to use it for managing protection of multiple servers on
which Anti-Virus is installed.
Note
To learn which services Anti-Virus registers refer to document Kaspersky Anti-
Virus 6.0 for Windows Servers Enterprise Edition. Installation Guide.
You can grant the right to access the Anti-Virus management service to the ac-
counts of the following types:
accounts registered locally on the computer on which Anti-Virus con-
sole in installed. In order to establish a connection, an account with the
same data shall be locally registered on the protected server;
account registered in the domain in which the computer with the Anti-
Virus console installed is registered. In order to establish a connection
the protected server must be registered within the same domain or with-
in a domain that is in trust relationship with this domain.
During the installation Anti-Virus registers KAVWSEE Administrators group on
the protected server. Users of this group are granted access to the Anti-Virus
management service. You can grant or disallow users access to the Anti-Virus
management service by adding them to the KAVWSEE Administrators group or
removing them from this group.
In order to allow or disallow access to the Anti-Virus management service:
1. On the protected server select Start → Settings → Control Panel. Se-
lect Administrative Tools → Computer Management in the Control
panel window.
2. In the Computer Management console expand the Local users and
groups node and then expand the Groups node.
3. Double click the KAVWSEE Administrators group and perform the fol-
lowing actions in the Properties window:
in order to allow the user to remotely manage Anti-Virus using the
console, add this user to the KAVWSEE Administrators group;
28 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
in the Windows firewall open TCP port 135 and allow network connec-
tions for the executable file kavfsrcn.exe of Anti-Virus remote manage-
ment process.
The client computer on which the Anti-Virus console in MMC is installed
uses port TCP 135 in order to access the protected server and to re-
ceive the server response.
In order to grant anonymous access to COM applications:
1. On the computer with the Anti-Virus MMC console installed open the
Component Services console. To do that select Start Run, type
dcomcnfg and press the OK button.
2. Expand the Computers node in the Component Services console of
the computer, open the shortcut menu of the My Computer node and
select the Properties command.
3. In the COM Security of the Properties dialog box, press the Edit Lim-
its button in the Access Permissions group of settings.
4. Make sure that the Allow remote access box is checked for the
ANONYMOUS LOGON user in the Access Permission dialog box.
5. Press the OK button.
In order to open TCP port 135 in the Windows firewall and allow network connec-
tions for the executable file of Anti-Virus remote management process:
1. Close Anti-Virus MMC console on the remote computer.
2. Perform one of the following actions:
in Microsoft Windows XP SP2 or higher select Start Control
Panel Windows Firewall.
in Microsoft Windows Vista select Start Control Panel
Windows Firewall and click Change settings in Windows
Firewall dialog window.
3. In Windows Firewall dialog window (or Windows Firewall settings)
press the Add port button on the Exceptions tab.
4. In the Name field specify the part name RPC (TCP/135) or enter anoth-
er name, for example Anti-Virus DCOM and specify port number (135)
in the Port name field.
5. Select TCP protocol.
6. Press the OK button.
7. Press the Add program button on the Exceptions tab.
Working with Anti-Virus Console in MMC and Access to Anti-Virus Functions 31
Note
In order to apply the new connection settings: if the Anti-Virus console
was opened while you were configuring the connection between the
protected server and the computer with the console installed, close the
console, wait for 30-60 seconds (until the Anti-Virus remote manage-
ment process kavfsrcn.exe is completed) and then run it again.
Note
If you plan to add other snap-ins to the Anti-Virus console, open the
console in the authoring mode, select Start Programs Kas-
persky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Administration Tools, open the shortcut menu on the Kaspersky An-
ti-Virus console and select Author.
32 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
If you started the Anti-Virus console on the protected server, the con-
sole window (see Figure 1) will open.
Inactive (black and white) - if the Real-time file protection task or the
Script Monitoring is not being performed at the moment.
To open the shortcut menu shown on Figure 2, right-click the Anti-Virus icon.
Command Description
About the program Opens the About the program window with information
about the Anti-Virus.
If you are registered as Anti-Virus user, then the About
the program window would contain information about
urgent updates installed.
You can enable or disable the display of the Anti-Virus icon after Anti-Virus au-
tomatically starts following the server restart (see section 3.2 on pg. 40).
34 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
If run from the Start menu, the Anti-Virus console will contain the taskpad (from
an .msc file saved when Anti-Virus is installed). If you added the Anti-Virus utility
to the MMC console yourself, the console will not contain the taskpad.
Function Description
Function Description
View reports Viewing summary and detail reports about task ex-
ecution in the Reports nodes and events in the Sys-
tem audit log node
Manage reports Deleting reports and purging the system audit log
tions and their brief description is provided in Table 1). Then press
the OK button.
Note
You can start and stop the Anti-Virus service only if you are a member of the
group of local administrators on the protected server.
In order to start or stop an Anti-Virus service, open the shortcut menu of the Anti-
Virus snap-in in the console tree and select one of the following commands:
Stop, to stop the Anti-Virus service;
Start, to start the Anti-Virus service.
You also can start and stop the Anti-Virus service using the Microsoft Windows
Services snap-in.
CHAPTER 3. GENERAL ANTI-
VIRUS SETTINGS
3. After you have configured the values of the required Anti-Virus settings,
press the OK button.
CHAPTER 4. IMPORTING AND
EXPORTING ANTI-VIRUS
SETTINGS
Note
Imported task settings are not used in the running tasks; they are applied when
tasks are started. We recommend that you stop tasks in the functional compo-
nents before importing settings into them.
Specifying the path you can use system environmental variables; you
can’t use user’s environmental variables.
Note
If a Kaspersky Administration Kit policy is active at the moment of ex-
port, Anti-Virus exports values that had been active before such policy
was applied rather than the values used by this policy.
4. Press the OK button in the Export completed box in order to close the
settings export wizard.
Note
After you have imported the general settings of the Anti-Virus or its
functional components on the server, you will not be able return the old
values of these settings.
3. Press the OK button in the Import completed box in order to close the
settings import wizard.
4. Press the Update button in the tools panel in the Anti-Virus con-
sole to display the imported settings.
Importing and exporting Anti-Virus settings 47
Note
Anti-Virus does not import passwords (data of the accounts used to
launch tasks or to connect to the proxy server) from the file created on
another computer or on the same computer after Anti-Virus installed on
it has been re-installed or updated. After the importing operation is
completed, you will have to enter the passwords manually.
CHAPTER 5. TASK
MANAGEMENT
Local user-defined tasks. You can add new on-demand scan tasks in
the Anti-Virus console in MMC. Using the administration console of the
Kaspersky Administration Kit application, you can create new on-
demand scan, database update, database update rollback, and update
downloading tasks. Such tasks are called user-defined tasks. You can
rename, configure and delete user-defined tasks. You can start several
user-defined tasks at the same time.
Group tasks
Group and global tasks created in the Kaspersky Administration Kit Adminis-
tration Console are reflected in the Anti-Virus console in MMC. They are all
called group tasks in the Anti-Virus console. You can manage group tasks
and configure them from the Kaspersky Administration Kit application. In the
Anti-Virus console in MMC you can only view the status of group tasks.
The Anti-Virus console displays information about the tasks (see example
on Figure 9).
Task management commands are listed in the shortcut menu that opens by
right-click on the task name.
Task management operations are registered in the system audit log (see 13.3 on
pg. 199).
50 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
This will open the Create task dialog box (see Figure 11):
Task management 51
Settings of the Real-time file protection task are listed in 6.2 on pg. 62.
Settings of the Scan My computer task are listed in 9.2 on pg. 112.
Update task settings are listed in 10.5 on pg. 144.
5.6. Starting/pausing/resuming/stopp
ing tasks manually
You can pause or resume all tasks except the updating tasks.
In order to start/pause/resume/stop a task, right-click the task name and select
the command you wish to perform: Start, Pause, Resume or Stop.
The operation will be performed. The task status in the result panel will change
and the operation will be registered in the system audit log (see 13.3 on pg. 199).
Note
If you pause and resume an on-demand scan task, Anti-Virus will resume the
scan of the object on which the task had been paused.
Note
Fields with the schedule settings will be unavailable if the launch of this
scheduled system task is disabled by the Kaspersky Administration Kit
policy (see section 19.4 on pg. 272).
Figure 12. An example of dialog box Schedule settings with the Frequency setting
assigned value Weekly
b) In the Start time field, specify the time that the task will first run.
c) In the Start from field, specified that date that the schedule will be-
come effective (see A.2.2 on pg. 355).
56 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Note
After you have specified the task startup frequency, the time of the
first task execution and the date for the schedule to be enabled,
information about the calculated time for the next task launch will
appear in the top part of the dialog box in the Next launch field.
Updated information about the calculated time of the new launch
will be displayed each time you open the Task Property of the
Schedule dialog box.
Value Task launch is prohibited by the policy of the Next launch
field is displayed if the parameters of the active policy of Kaspersky
Administration Kit prohibit launching of the system tasks on sche-
dule (for more details refer to section 19.4 on pg. 272).
4. Using the Additional tab (see Figure 13) configure the remaining sche-
dule settings in accordance with your requirements.
Task management 57
e) To enable the use of the Randomize the task start setting, check
the Randomize the task start within interval and specify the val-
ue for this setting in minutes (see A.2.7 on pg. 358).
5. Press the ОК button to save the changes you have made in the Sche-
dule settings dialog box.
Note
Under Local System (SYSTEM) account you can launch updating and on-
demand scan tasks in which Anti-Virus accesses public folder on a different
computer if this computer is registered within the same domain with the pro-
tected server. In this case account Local System (SYSTEM) must have
access rights to these folders. Anti-Virus will access the computer using rights
of account Domain_name\Computer_name$.
60 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
b) Enter the username and the password for the user whose ac-
count you wish to use.
Note
The user that you selected must be registered on the protected
server or within the same domain as this server.
Protection area Entire server You can limit the protection scope
(see 6.2.1 on pg. 65).
Security settings Common settings for You can do the following for the
the entire protection nodes selected in the server file
area; security level – resources tree:
Recommended.
Select a different pre-defined
security level (see 6.2.2.1 on
pg. 71);
Manually modify the security
settings (see 6.2.2.2 on pg.
74).
You can save the security set-
tings for the selected node as a
template to use later for any other
node (see 6.2.2.3 on pg. 78).
Protection mode When opened and You can select the mode for ob-
modified jects protection, i.e. define the
type of access during which the
Anti-Virus should check them. To
learn how to select the protection
mode refer to 6.2.3 on pg. 82.
For details about object protec-
tion modes refer to A.3.1 on
pg. 359.
At least one of the nodes nested in this node is excluded from the protection
area or the security parameters of the nested node(s) differ from the security
parameters of this node.
Note that the parent node will be marked with icon if you select all nested
nodes but not the parent node itself. In this case files and folders that do not
appear in this node will not be automatically included into the protection
area. In order to include them into the protection area you can include their
parent node into the protection area. Alternatively you can create their "vir-
tual copies" in the Anti-Virus console and add them to the protection area.
The names of virtual nodes of the protection area are displayed in blue color font.
Once you open the Real-time file protection task a tree of server file resources
will be displayed in the result panel (see Figure 16).
Note
The tree of file resources will display nodes for which you have reading privilege
based on the Microsoft Windows security settings.
Figure 16. Example of a server file resource tree in the Anti-Virus console
The server file resource tree contains the following pre-defined protection areas:
Real-time protection 67
Note
Virtual drives created using a SUBST command are not reflected in the server
file resource tree in the Anti-Virus console. In order to include objects on a vir-
tual drive into the protection area, include a server folder with which this virtual
drive is associated into the protection area.
Connected network drive will not be reflected in the server file resource tree
either. In order to include objects on a network drives into the protection area,
specify a path to a folder corresponding to this network drive in UNC format.
o If you would like to include into the protection area only a sepa-
rate folder on the disk, expand the server file resource tree in
order to display the folder that you wish to include into the pro-
tection area and check the box next to its name. Using the
same procedure you can also include files into the protection
area.
3. Open the shortcut menu on the task name and select the Save com-
mand in order to save the changes in the task.
Attention!
You can launch task Real-time file protection only if at least one of the server
file resources tree nodes is included into the protection area.
Note
If you specify a complex protection area, for example specify various security
parameter values for multiple nodes in the server file resource tree, this may
somewhat slowdown the scan of objects the they are accessed.
Anti-Virus can scan not only existing folders and files on hard and removable
drives, but also drives that are connected to the server temporarily, for example
common cluster drives and folders and files that are dynamically created on the
server by various applications and services.
If you included all server objects into the protection area, all these dynamic
nodes will automatically be included into the protection area. However, if you
would like to specify special values for the security settings of these dynamic
nodes or if you selected for real-time protection not the entire server, but sepa-
rate areas to include into the protection are dynamic drives, files or folders, you
will have to first create them in the Anti-Virus console - that is to specify the vir-
tual protection area. These drives, files and folders being created will exist only in
the Anti-Virus console, but not in the file structure of the protected server.
If, while creating a protection area, you select all nested folders or files without
selecting the parent folder, then all dynamic folders or files which will appear in it
will not be automatically included into the protected area. You should create their
"virtual copies" in the Anti-Virus console and add them to the protection area.
About creation of the virtual protection area in the Real-time file protection task
see 6.2.1.5 on pg. 69.
About creation of the virtual protection area in the on-demand scan tasks see
9.2.1.5 on pg. 118.
Real-time protection 69
3. Check box next to the drive added in order to include the drive into the
protection area.
4. Open the shortcut menu on the task name and select the Save com-
mand in order to save changes in the task.
70 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
In order to add a virtual folder or a virtual file into the protection area:
1. In the console tree expand the Real-time protection node and select
the nested Real-time file protection node.
2. Right-click the node into which you wish to add a folder or a file in the
results panel in the server file resources tree and select Add virtual
folder or Add virtual file.
3. In the entry field specify name for folder (file). You can specify file name
mask using special symbols * and ?.
4. In the line with the name of the folder created (or file created) check box
in order to include this folder (file) into the protection area.
5. Open the shortcut menu on the task name and select the Save com-
mand to save changes in the task.
Real-time protection 71
You can apply one of the following pre-defined security levels for the nodes se-
lected in the server file resources tree: a) minimum, b) recommended and c)
maximum. Each of these levels has its own set of security settings. Parameter
values of the pre-defined security levels are provided in Table 3 on pg. 72.
Minimum security level
You can set the Maximum Speed security level on the server if, apart from
the use of Anti-Virus on the servers and workstations, there are additional
computer security measures in your network, for example, firewalls are set
up, network user security policies are in place.
Recommended
Recommended is set by default. This level was admitted by Kaspersky
Lab's experts to be sufficient for protection of file servers in most networks. It
ensures the optimum combination of the protection quality and the degree of
the effect on the performance of the servers being protected.
Maximum protection
Use this security level if you impose high requirements to the computer se-
curity in the network.
72 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Maximum size of a 8 8 no
detected composite
object, MB (see A.3.11
on pg. 372)
Note
Note that security settings Protection mode, Use iChecker and Use iSwift are
not included into the set of settings of the pre-defined security levels. By default
these settings are enabled. If you change the status of settings Protection
mode, Use iChecker or Use iSwift, the selected security level will be not be
changed.
The dialog box will display the list of the values of security settings cor-
responding to the security level you selected.
5. Open the shortcut menu on the task name and select the Save com-
mand in order to save the changes in the task.
Note
To learn how to apply a security parameter template to a node, refer to
6.2.2.3 on pg. 78.
5. After you have configured the required security settings, open the short-
cut menu on the task name and select the Save command in order to
save the changes in the task.
After you have configured the security settings of any of the nodes in the server
file resource tree for the Real-time file protection you can save their values into
a template in order to save apply it to any other node.
In order to save the set of the security parameter values into a template:
1. In the console tree expand the Real-time protection node and select
the nested Real-time file protection node.
2. In the server file resource tree select the node which security settings
you wish to save.
3. Press the Settings button in the bottom part of the dialog box.
4. In the General tab of the Protection area settings press the Save to a
template button.
5. In the Template properties dialog box (see Figure 23) perform the fol-
lowing:
Enter the name of the template into the Template name field.
Enter any additional information about the template into the De-
scription field.
6. Press ОК. Template with the set of the parameter values will be saved.
80 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
The Templates dialog box displays a list of templates that you can ap-
ply to the Real-time protection task.
3. To view the information and security settings in a template, select the
template from the list and click the View button (see Figure 25).
Real-time protection 81
The General tab displays the template name and additional information
about a template; The Settings tab lists the security settings saved in the
template.
In order to apply template with the set of values of the security settings to the
selected node:
1. Save the security settings into the template (see 6.2.2.3.1 on pg. 79).
2. In the console tree expand the Real-time protection node and select
the nested Real-time file protection node.
3. Using the result panel in the server file resource tree, right-click the
node to which you wish to apply the template, select Apply template.
4. Select the template you wish to apply in the Templates dialog box.
82 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
5. Open the shortcut menu on the task name and select the Save com-
mand in order to save the changes in the task.
Note
If you apply a template to a parent node, the security settings from the template
will be also applied to all nested nodes except those for which you have confi-
gured security settings separately.
In order to apply the security settings from the template to all nested nodes, be-
fore you apply the template, you must uncheck the parent node in the server's
file resources tree and then - check it again. Apply the template to the parent
node. All nested nodes will have the same security settings as the parent node.
To delete a template:
1. Expand the Real-time Protection node of the console tree.
2. Open the context menu on the Real-time file protection task and se-
lect the Templates command (see Figure 24).
3. In the Templates dialog box, select the template from the template list
that you want to delete and click the Delete button.
4. Click Yes in the confirmation window. The selected template will be de-
leted.
Field Description
Objects not disinfected Number of objects that Anti-Virus did not disin-
fect it because: а) the type of the threat con-
tained in the object does not provide for disinfec-
tion; b) objects of this type cannot be disin-
fected; c) an error occurred during the disinfec-
tion
Execution of sus- Blocked You can specify the actions, which the
picious scripts Anti-Virus will perform over scripts that
it recognizes as suspicious: block or
allow their execution.
2. Open the context menu of the Script monitoring task and select its
Properties.
The Properties: Script monitoring dialog will open.
3. Use the Actions to be performed on suspicious scripts group of set-
tings to allow or block execution of suspicious scripts:
In order to allow execution of suspicious scripts select Allow ex-
ecution;
In order to prohibit execution of suspicious scripts select Block ex-
ecution.
4. Use the Trusted zone group of settings to enable or disable the trusted
zone:
To enable the trusted zone, check the Apply trusted zone box;
To disable the trusted zone, uncheck the Apply trusted zone box.
For details about addition of scripts to the list of trusted zone excep-
tions, please see section 8.2.3 on pg. 105.
5. To save the changes press OK in the Settings: Script monitoring di-
alog box.
Field Description
Note
If you enable a function of automatic blocking of access from computers, it
will be enabled only when the Real-time file protection task is running.
Once you disable the automatic blocking function, all computers in the block-
ing list will be granted access to the files on the server.
Figure 27. The Blocking access from computers Properties dialog box, the General tab
6. If you selected Run executable file, press the list button in the
Executable file dialog box (see Figure 28), specify the executable file
(name and full path to it) and the account under which the file will be
executed.
Blocking Access from Computers in the Real-Time File Protection Task 91
a) Press the Add button. An Add computer dialog box will open (see
Figure 29).
Figure 30. The Blocking access from computers Properties dialog box, the Additional
tab
In order to view the list of computers access for which to the protected server is
currently prohibited:
1. In the console tree expand the Real-time protection node and select
the Real-time file protection node.
2. Open nested node Blocking access from computers (see Figure 31).
Blocking Access from Computers in the Real-Time File Protection Task 95
The result panel will display the following information about computers from
which access to the server is prohibited:
Field Description
Blocking date Date and time when the access from a computer was
blocked displayed using the format specified by the
Microsoft Windows regional settings of the computer
on which Anti-Virus console is installed
Blocking end date Date and time when access to the computer will be
unblocked in the format specified by the Microsoft
Windows regional settings of the computer on which
Anti-Virus console is installed
Attention!
Computers that are in the access blocking list are not allowed to access the pro-
tected server only when the Real-time file protection task is running and the
automatic blocking of access from computers is enabled.
Note
In the Computer Name field specify only computers' NetBIOS names;
but not DNS addresses.
Figure 32. The Adding computer to the blocked list dialog box
Field Description
You can apply the trusted zone with the Trusted processes function enabled
or without enabling this function.
Please note that if the executable process file is modified, for example, if it is
updated, Anti-Virus will exclude it from the list of trusted processes.
Backup operations (used in the Real-time file protection task only)
You can disable real-time protection of files accessed by the backup file co-
pying operation during the time while this task is being executed: Anti-Virus
will not scan files opened for reading by the backup copying application with
attribute FILE_FLAG_BACKUP_SEMANTICS.
You can apply the trusted zone with disabling the real-time file protection for
the time the backup copying is carried on or without disabling this function.
Exclusion rules (used in the Real-time file protection and Script monitoring
tasks and on-demand scanning tasks)
You can exclude objects from scan in individual tasks without need for the
trusted zone or you can compile a unified list of objects to be excluded from
the scan in the trusted zone. You can keep this list and, when required, you
can apply exclusions in the tasks of the selected functional components
Real-time file protection, Script monitoring and on-demand scanning
tasks.
You can add to the trusted zone objects by their location on the server, by
the name of the threat detected in the object or by both attributes combined.
By adding a new exception to the trusted zone you set up a rule for it
(attributes using which Anti-Virus will skip objects) and specify to which func-
tional component (Real-time protection and/or On-demand scan) this
rules applies.
According to the rule you configure Anti-Virus can skip in the tasks of the
specified components:
specified threats in the specified areas of the server;
all threats in the specified areas of the server;
specified threats in the entire scan area.
If you selected Add to exclusions remote administration programs and
Add to exclusions files recommended by Microsoft during the installa-
tion of Anti-Virus, these exclusion rules will be applied to the Real-time file
protection task and in the system on-demand scan tasks except Scan Qu-
arantine and Application integrity control.
Trusted zone 101
Note
If the executable file of a process has been modified, Anti-Virus excludes this
process from the list of trusted processes.
Figure 34. The Trusted zone dialog box, the Trusted Processes tab
c) In the Active Processes dialog box (see Figure 36) select the
required process and press the OK button.
In order to find the required process in the list, you can sort the
processes by name, PID or by the path to the executable file of
the process.
Note
In order to view active processes on the protected server you
must be included into the administrator's group of the protected
server.
Note
Anti-Virus does not consider a process to be a trusted process
if the path to the executable process file is different from the
path specified by you in the Path to File field. If you wish a
process launched from a file that may be located in any folder
to be considered trusted, then enter character * in the Path to
file field. Specifying the path you can use environment va-
riables.
Note
Information about the number of files skipped by Anti-Virus skips during the
backup copying operations is not displayed in the Statistics dialog box of the
Real-Time File Protection task.
Figure 37. The Trusted zone dialog box, the Exclusion rules tab
3. Indicate the rule according to which Anti-Virus will exclude the object.
Note
In order to exclude specified threats within the specified areas check the
Object box and the Threats box.
In order to exclude all threats within the specified areas check the Ob-
ject box and uncheck the Threats box.
In order to exclude specified threat within the entire scan area, uncheck
the Object box and check the Threats box.
If you wish to specify the object's location, check the Object box,
press the Change button and in the Select Object dialog box (see
Figure 39) specify the object that will be excluded from scanning
and then press the ОК button:
o Predefined Scope. Select in the list one of predefined scan-
ning areas.
o Disc or folder. Specify the server drive or folder on server or
in the local network.
o File. Specify the file on server or in the local network.
o File or URL of the script. Select the script on a protected
server, in local network or in the Internet.
108 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Note
You can specify masks for the names of objects using characters ?
and *.
If you wish to specify the name of the threat, press the Change but-
ton and add the names of the threats in the List of exclusions
(see Figure 40) dialog box (for more details about this setting refer
to section A.3.9 on pg. 370).
Trusted zone 109
4. In the Exclusion rule dialog window under the Rule application scope
heading check the boxes next to the names of the functional compo-
nents in whose tasks exclusion rules will be applied.
5. Press OK.
In order to edit the rule, select the rule you wish to edit in the
Trusted zone dialog box, on the Exclusion tab, press the Edit but-
ton and make a change in the Exclusion rule dialog box.
In order to delete a rule, select the rule you wish to delete in the
Trusted zone dialog box, on the Exclusion tab, press the Delete
button and confirm the deletion.
6. Press OK in the Trusted zone dialog box.
After you enable or disable a trusted zone, exclusions in this area will be imme-
diately applied to or removed from the Real-Time File Protection and Script
monitoring, and in to/from the on-demand scan tasks - next time the task is
launched.
In order to apply exclusions to a trusted zone in a task:
1. In the MMC console open the shortcut menu on the task name and
check the Apply Trusted zone box on the General tab in the Task
Properties dialog box.
2. Press the OK button.
CHAPTER 9. ON-DEMAND SCAN
For more details on the categories of tasks, provided by the Anti-Virus, according
to where they were created or saved refer to 5.1 on pg. 48.
For more details about the Anti-Virus Real-time protection and On-demand pro-
tection functions refer to 1.1.1 on pg. 13.
For managing tasks in the Anti-Virus console in MMC refer to Chapter 5 on pg.
48.
Scan scope entire server You can create a scan area (see
In server file resource tree 9.2.1 on pg. 113).
the node Shared folders
is excluded – the Anti-
Virus scans public folders
following their actual path
to the hard drives.
Trusted zone 113
Security settings common for the entire You can do the following for the
scan area; matching the nodes selected in the server file
Recommended security resources tree:
level
Select a different pre-defined
security level (see 9.2.2.1 on
pg. 120);
Manually change security set-
tings (see 9.2.2 on pg. 120).
You can save security settings as
a template to use them later for
another node (see 9.2.2.3 on pg.
127).
Figure 41. An example of server file resource tree in the Anti-Virus console
The results panel displays the server file resource tree. You can create a scan
scope from the objects displayed there.
The server file resource tree contains the following pre-defined areas:
My computer: The Anti-Virus scans the entire server.
Hard drives. Anti-Virus scans objects on the server's hard drives. You
can include into or exclude from the scan area all hard drives, individual
disks, folders or files.
Removable drives. Anti-Virus scans objects on removable media, for
example on CDs or USB drives. You can include into or exclude from
the scan area all removable disks, individual disks, folders or files.
System memory. Anti-Virus scans system and process memory.
Startup objects. Anti-Virus scans objects to which register keys and
configuration files refer, for example WIN.INI or SYSTEM. INI and the
application's modules that are started automatically at the computers
startup.
Shared folders. Anti-Virus scans all public folders on the protected
server.
Network places. You can add network folders or files to the scan area
indicating the path to them in UNC (Universal Naming Convention) for-
mat. Account that you use to launch the task must have the access right
to the folders and files added. By default on-demand scan tasks are ex-
116 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
ecuted under the Local system (SYSTEM) account. For more details
refer to 9.2.1.4, pg. 117.
Virtual drives. You can include into the scan area dynamic drives, fold-
ers and files as well as drives connected to the server, for example
common cluster drives (create a virtual scan area). For more details re-
fer to 9.2.1.5, pg. 118.
Note
Virtual drives created using a SUBST command are not displayed in the server
file resource tree in the Anti-Virus console. In order to scan objects on a virtual
drive, include a server folder with which this virtual drive is associated.
Connected network drive will not be reflected in the server file resource tree ei-
ther. In order to include objects on a network drives into the scan area, specify a
path to a folder corresponding to this network drive in UNC format.
If you are remotely managing the Anti-Virus on a protected server via the MMC
console installed on the administrator's workstation, you must be a member of
the local administrators group on the protected server in order to view folders on
such server.
In order to create a scan area
1. Expand the On-demand scan node in the console tree.
2. Select the on-demand task the scan scope of which you wish to create.
The server file resource tree will be displayed in the result panel. By de-
fault all areas of the protected server will be included into the scan area.
3. Perform the following actions:
In order to select nodes that you wish to include into the scan area
uncheck the My computer box in the system on-demand scan task
and perform the following:
o if you wish to include all drives of the same type into the scan
area, check the box next to the name of the required disk type;
o if you wish to include an individual disk into the scan area, ex-
pand the node that contains the list of drives of this type and
check the box next to the name of the required drive. For ex-
ample, in order to select a removable drive F: expand node All
removable drives and check the box for drive F.
Trusted zone 117
You can add network drives, folders or files to the scan area indicating the path
to them in UNC (Universal Naming Convention) format.
In order to add the network object to the scan area:
1. Expand the On-demand scan node in the console tree.
2. Select the on-demand scan task to the scan area of which you wish to
add the network path.
3. Right-click the Network path node and select the Add network folder
or the Add network file command.
4. Enter the path to a network folder or file in UNC format and press
<ENTER>.
5. Check the box next to the added network object to include the added
network path to the scan area.
6. If required, change the security settings for the added network object
(see 9.2.2 on pg. 120).
7. Open the shortcut menu on the task name and select the Save com-
mand in order to save the changes in the task.
118 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
You can include into the scan area dynamic drives, folders and files as well as
drives connected to the server, for example common cluster drives (create a
virtual scan area). For more details about virtual scan area refer to 6.2.1.4 on pg.
68.
You can add dynamic drives, folders or files to the virtual scan area.
In order to add a virtual drive into the scan area:
1. Expand the On-demand scan node in the console tree.
2. Select the on-demand scan task in which you wish to create a virtual
scan area in order to open the task.
3. In the result panel of the server file resource tree open the shortcut
menu on the Virtual drives node and select the name for the virtual
drive being created from the list of available names (see Figure 42).
4. Check box next to the drive added in order to include the drive into the
scan area.
Trusted zone 119
5. Open the shortcut menu on the task name and select the Save com-
mand in order to save the changes in the task.
In order to add a virtual folder or a virtual file into the scan area:
1. Expand the On-demand scan node in the console tree.
2. Click on the on-demand scan task in which you wish to create a virtual
scan area in order to open the task.
3. Open the shortcut menu on the node into which you wish to add a folder
or a file in the results panel in the server file resources tree and select
Add virtual folder or Add virtual file.
4. In the entry field specify name for folder (file). You can use a folder
name mask (file). Use special symbols * and ? for the mask.
5. In the line with the name of the folder created (or file created) check box
in order to include this folder (file) into the scan area.
6. Open the shortcut menu on the task name and select the Save com-
mand in order to save the changes in the task.
120 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Maximum Protection
Use the Maximum Protection security level if there are no other computer
security measures in your network.
To learn how to manually configure security parameters for the selected node in
the file resource tree see 9.2.2 on pg. 120.
Table 6. Pre-defined security levels and
corresponding security settings
Maximum composite 8 no no
object size (see A.3.11
on pg. 372)
Note
Note that scan settings Use iChecker and Use iSwift are not included into the set
of settings of the pre-defined security levels. By default these settings are
enabled. If you change the state of Use iChecker and Use iSwift, the pre-defined
security level will not change.
3. Select the scan area node for which you wish to select the pre-defined
security level.
4. Make sure that this node is included into the scan area (see 9.2.1.1 on
pg. 114).
5. Using the Security level dialog box (see Figure 44) select a security
level you wish to apply.
The dialog box will display the list of security settings corresponding to
the security level you selected.
6. Open the shortcut menu on the task name and select the Save com-
mand in order to save the changes in the task.
3. Select the scan area node for which you wish to configure the security
settings. Make sure that this node is included into the scan area (for
more details about defining the scan area refer to 9.2.1.3 on pg. 116).
The Security level dialog box will be then displayed in the bottom part
of the results panel (see Figure 45).
Press the Settings button in order to open the Security settings dialog
box.
Note
You can open the Security Settings dialog box for the selected node in
the file resource node by right-clicking this node and selecting Properties.
4. In the Security Settings dialog box configure the required security set-
tings for the selected node in accordance with your requirements.
In the General tab (see Figure 46) perform the following actions:
o Under the Scan scope heading, indicate whether the Anti-
Virus will scan all objects in the scan area or only objects with
certain formats or extensions and whether it will scan disk boot
Trusted zone 125
Figure 46. The Security Settings dialog box of the On-demand scan task, the General
tab
In the Actions tab (see Figure 47) perform the following actions:
o Actions to be performed with infected (see A.3.5 on pg. 364);
o Actions to be performed with suspicious objects (see A.3.6 on
pg. 366);
o Actions to be performed with objects depending on the threat
type (see A.3.7 on pg. 368).
126 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Figure 47. The Security Settings dialog box of the On-demand scan task, the Actions
tab
Using the Performance tab (see Figure 48) perform the following
actions, if necessary:
o Excluding objects (see A.3.8 on pg. 369);
o Excluding (see A.3.9 on pg. 369);
o Maximum time of the object scan (see A.3.10 on pg. 372);
o Maximum composite detectable object size (see A.3.11 on
pg. 372);
o Using iChecker technology (see A.3.12 on pg. 373);
o Using iSwift technology (see A.3.13 on pg. 374).
Trusted zone 127
Figure 48. The Security Settings dialog box of the On-demand scan task, the
Performance tab
5. After you have configured the required security settings, open the short-
cut menu on the task name and select the Save command in order to
save the changes in the task.
After you have configured settings of any node in the server file resource tree in
an on-demand scan task, you can save this set of settings into a template in or-
der to apply it to other node in the same task or other on-demand tasks.
In order to save a set of security settings into a template:
1. Select On-demand scan in the console tree.
2. Select on-demand scan task security settings of which you wish to save
into the template.
3. In the server file resource tree select a scan area node the set of set-
tings of which you wish to save.
4. In the General tab of the Settings dialog box press the Save to tem-
plate button.
5. In the Template properties dialog box (see Figure 49) select the fol-
lowing actions:
Enter the template name in the Template name field.
Enter additional template information in the Description field.
6. Press OK. Template with the set of the parameter values will be saved.
Trusted zone 129
The Templates dialog box displays a list of templates that you can ap-
ply to on demand scan tasks.
2. To view the information and security settings in a template, select the
template from the list and click the View button (see Figure 51).
130 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
The General tab displays the template name and additional information
about a template; The Settings tab lists the security settings saved in
the template.
Note
If you apply a template to a parent node, the security parameters from the tem-
plate will be also applied to all nested nodes except those for which you have
configured security parameters separately.
In order to apply the security settings from the template to all nested nodes, be-
fore you apply the template, you must uncheck the parent node in the server's
file resources tree and then - check it again. Apply the template to the parent
node. All nested nodes will have the same security settings as the parent node.
To delete a template:
1. Open the context menu on the On-demand scan node and select the
Templates command (see Figure 50).
2. In the Templates dialog box, select the template from the template list
that you want to delete and click the Delete button.
3. Click Yes in the confirmation window. The selected template will be de-
leted.
2. Open the shortcut menu on the on-demand scan task the priority of
which you wish to change and select Properties.
A Scan My Computer Properties dialog box will open (see Figure 52).
Note
If you enable or disable the background mode for a running task, the task priority
will not change immediately. Instead it will change next time this task is run.
Trusted zone 133
Field Description
in tasks Full computer scan, Scan at the system startup, Scan Qua-
rantine and user-defined on-demand scan tasks:
Field Description
Objects not disinfected the number of objects that Anti-Virus did not
disinfect because: а) the type of the threat
contained in the object does not provide for
disinfection; b) objects of this type cannot be
disinfected; c) an error occurred during the
disinfection
Field Description
you receive database updates regularly. In order to minimize the server infection
risk, download bases updates on a regular basis.
By default if, if Anti-Virus database are not updated within a week after the mo-
ment the latest installed bases updates were created, a Bases obsolete event
occurs and if the bases are not updated within two weeks, a Bases outdated
event will occur (information about bases up-to-date status will be displayed in
the Statistics node, see section 13.4 on pg. 203) You can specify the number of
days before these events occur using general Anti-Virus settings (see 3.2 on pg.
40) and configure administrator notifications about these events (see 15.2 on pg.
216).
You can update bases from Kaspersky Lab's FTP or HTTP update servers or
from other update sources using Anti-Virus task Application database update.
Details about task Application database update see 10.4 on pg. 143.
You can download updates to each protected server or use one computer as an
intermediary by copying all updates onto it and then distributing them to the
servers. And if you use Kaspersky Administration Kit application for the centra-
lized administration of protection of computers in a company, you can use Kas-
persky Administration Kit administration server as an intermediary for download-
ing updates. In order to copy bases to the intermediary computer without using
them, use the Updates Distribution task. More details about this task see 10.4
on pg. 143.
You can launch the database update tasks manually or using a schedule (To
learn how to configure a task schedule see 5.7 on pg. 53).
If the update downloading process is interrupted or results in an error, the Anti-
Virus will automatically switch back to using bases with the latest installed up-
dates. If the Anti-Virus bases become corrupted you can manually roll them back
to the previously installed updates (see 10.7 on pg. 154).
Note
If you do not have internet access you can receive update files on diskettes or
CD from our partners. You can view information about the partner you have
purchased your copy of Anti-Virus from in the properties of the installed key of
the Anti-Virus console. You can also call our central office in Moscow at
+7 (495) 797-87-07, +7 (495) 645-79-29 or +7 (495) 956-87-08 for the address
of the our partner located closest to you (support is provided in Russian and
English).
138 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Note
If you do not have internet access you can receive update files on diskettes or
CD from our partners. You can view information about the partner you have
purchased your copy of Anti-Virus from in the properties of the installed key of
the Anti-Virus console. You can also call our central office in Moscow at
+7 (495) 797-87-07, +7 (495) 645-79-29 or +7 (495) 956-87-08 for the address
of the our partner located closest to you (support is provided in Russian and
English).
Updating Anti-Virus bases and application modules 139
Configure task schedule. You can specify launch frequency option After
receiving updates by Administration server. The task will be
launched each time the Administration Server receives bases updates.
Note
You cannot specify launch frequency After receiving updates by Ad-
ministration server in the Anti-Virus console in MMC.
Note
You can stop the updating tasks, however you cannot pause them.
In order to change path to the source select the source in the list and
press the Change button, make the required changes in the entry field
and press the <Enter> key.
In order to remove a source, select it in the list and press the Delete
button. The source will be deleted from the list.
5. In order to use Kaspersky Lab's update servers to download updates if
the user-defined sources are unavailable, check the Use Kaspersky
Lab's update servers if custom servers or network folders are not
accessible.
6. Using the Connection Settings tab (see Figure 60) configure the con-
nection with the update source.
148 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Figure 60. The Task properties dialog box, Connection settings tab
Figure 61. The Task properties dialog box, the Regional settings tab
8. After you have configured the required settings, press the OK button to
save changes.
150 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Figure 62. The Application modules update Properties dialog box, the
General tab
Figure 63. The Updates distribution Properties dialog box, the General tab
Updating Anti-Virus bases and application modules 153
Field Description
Errors applying updates If the value of this field is not zero, the update
was not applied. You can view the name of
the update which cased an error when was
attempted to apply in the detailed task execu-
tion report.
154 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
The following information is displayed in the results panel for each quarantined
object:
Isolation of suspicious objects. Using quarantine 157
Field Description
Danger level The threat level indicated how harmful the object is for the
server. The severity level depends on the class of the
threat contained in the object and may assume the follow-
ing values (for more information about threat classes refer
to 1.1.2 on pg. 14).
High. The object may contain a threat of the following
classes "network worms", "classic viruses", "Trojan
horses", or a threat of an undefined class (this class in-
cludes new viruses currently not referred to any known
class);
Medium. The object may contain a threat of class "other
malware", "adware" or "pornware";
Low. The object may contain a threat of class "risk-
ware".
Information. Object is quarantined by the user.
158 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Field Description
Source path Full path to the original object location, for example to the
folder from which the object was moved to the quarantine
folder, file contained in the archive or .pst file in the mail
database.
2. To add a filter:
a) In the Field name list select a file to which the filter value will be
compared.
160 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
b) In the Operator list select the filtering condition. The values of the
filtering conditions in the list may differ depending on the value you
have selected in the Field name list.
c) Enter the filter value in the Field value field or select it from the list.
d) Press the Add button.
The filter you have added will appear in the list of filters in the Filter
settings dialog box. Repeat these actions for each filter you wish
to add. If you specify several filters they will be combined using log-
ical "AND".
In order to delete a filter, select the filter you wish to delete in the filter
list and press the Delete button.
In order to edit a filter, select the filter in the list displayed in the Filter
settings dialog box. Then change the required values in the Field
name, Operator or Field value fields and press the Replace button.
3. After you added all filters, press the Apply button.
In order to display all objects in the list of guarantied objects again, open the
shortcut menu on the Quarantine node in the console tree and select Remove
Filter.
Parameter Value
Parameter Value
Attention!
Restoring objects from the quarantine may lead to computer infection.
Note
If a quarantined object was contained in a composite object (for example in an
archive), the Anti-Virus will not include into this composite object during the
restoration, rather it will save separately into a selected folder.
You can restore the object and save its copy in the quarantine folder to use it
later, for example in order to rescan the object after the database has been up-
dated.
You can restore one or several objects.
In order to restore objects from the quarantine:
1. Select the Quarantine node in the console tree.
2. Perform one of the following actions in the result panel:
in order to restore an object right-click the object you wish to re-
store and select Restore.
in order to restore several objects select the objects you wish to re-
store using the <Ctrl> key or <Shift> key, right-click one of the se-
lected objects and select Restore.
A Object restoration dialog box will open (see Figure 66).
3. In the Object restoration dialog box specify folder into which the object
being restored will be saved for each of the selected object. (The name
of the object is displayed in the Object field in the upper part of the di-
alog box. If you selected several objects, the name of the first object in
the list of selected objects will be displayed).
Perform one of the following actions:
in order to restore an object to the original location select Restore
to the source folder on the server or to selected network fold-
er.
in order to restore an object into the folder specified as the folder
for restored objects in the quarantine settings (see A.6.4 on pg.
394) select Restore to the server folder for restoration by de-
fault;
in order to save an object to another folder on a computer on which
the Anti-Virus console is installed or in the network folder, select
Restore to folder on your local computer or on the network re-
source and then select the required folder or specify path to it.
4. If you wish to save a copy of the object in the quarantine folder after this
objects is restored, uncheck the Delete objects from storage after
they are restored box.
5. In order to apply the specified restoration conditions to the rest of the
selected objects, check the Apply to all selected objects box.
All selected objects will be restored and saved to the location you have
specified: if you selected Restore to the source folder on the server
or to selected network folder, each of the objects will be saved into its
original location if you selected Restore to the server folder for resto-
ration by default or Restore to folder on your local computer or on
the network resource - all objects will then be saved into one specified
folder.
6. Press the OK button.
Anti-Virus will start restoring the first of the selected objects.
7. If an object with this name already exists in the specified location, an
Object with such name already exists dialog box will open
(see Figure 67):
Isolation of suspicious objects. Using quarantine 165
Figure 67. The Object with such name already exists dialog box
Note
If files that you wish to quarantine are stored in one folder then in the
Open file dialog box you can select several files using the <Ctrl> or
the <Shift >key.
Note
You cannot send a quarantined object for analysis to Kaspersky Lab after it ex-
pires.
Figure 68. The dialog box prompting to save a quarantine object to a file.
2. Using the Quarantine Properties dialog box configure the required qu-
arantine settings as per your requirements:
in order to specify the Quarantine folder different from the default
folder, select the required folder on the local disk of the protected
server or specify its name and full path to it (for more details about
this setting see A.6.1 on pg. 391).
in order to set the maximum quarantine size check the Maximum
quarantine size box and specify the required values in MB in the
entry field (see A.6.2 on pg. 392).
in order to set the minimum free space in the quarantine, set the
Maximum quarantine size parameter, check the Threshold of
free space box and specify the required value for the parameter in
the entry field (see A.6.3 on pg. 393).
in order to specify a different folder for restored objects, select the
required folder on the disk in the Restoration settings settings
group or enter full path to it (see A.6.4 on pg. 393).
3. Press the OK button.
Isolation of suspicious objects. Using quarantine 171
The Statistics dialog box displays the following information about the num-
ber of quarantined objects at the current moment:
Field Description
Used quarantine space The total size of date in the quarantine folder
False alarm objects The number of objects that received the False
alarm status because they were found clean
during the quarantine scan using the updated
bases
You can restore files from Backup either to the original folder or to another folder
on the protected server or another computer in the local area network. You can
restore the file from Backup, for example, if an infected file contained important
information, but during the disinfection of this file Anti-Virus was unable to main-
tain its integrity and therefore the information became unavailable.
Attention!
Restoring files from Backup may lead to computer infection.
The following information about a file stored in Backup will be displayed in the
result panel:
Field Description
Field Description
Danger level The threat level indicated how harmful the object is for the
server. The severity level depends on the class of the
threat contained in the object and may assume the follow-
ing values:
High. The file may contain a threat of the following
types "network worms", "classic viruses", "Trojan
horses", or a threat of an undefined class (this class in-
cludes new viruses currently not referred to any known
class);
Medium. The file may contain a threat of type "other
malware", "adware" or "pornware";
Low. The file may contain a threat of type "riskware".
For more details about threats detectable by Anti-Virus
see 1.1.2 on pg. 14.
Field Description
Date of place- Date and time when the file was saved in the Backup fold-
ment er
Source path Full path to the original folder - folder into which the file
was located before Anti-Virus saved its copy in Backup
The result of the filtering will be saved if you leave and then open Backup node
again or if you close the Anti-Virus console, save the msc file and then open it
again from this file.
In order to filter files in Backup:
1. Right-click Backup node in the console tree and select Filter.
The Filter settings dialog box will open (see Figure 72).
2. To add a filter:
a) In the Field name select a field with the values of which the values
of the filter you have specified will be compared to when matching.
b) In the Operator list select the filtering condition. The values in the
list of the filtering conditions may differ depending on the value you
have selected in the Field name field.
c) Enter or select the filter value in the Filter value field.
d) Press the Add button.
The filter you have added will appear in the list of filters in the Filter
settings dialog box. Repeat these actions for each filter you wish
to add. If you specify several filters they will be combined using log-
ical "AND".
178 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
In order to delete a filter, select the filter you wish to delete in the filter
list and press the Delete button.
In order to edit a filter, select it in the filter list in the Filter settings di-
alog box, modify the required values in the Field name, Operator or
Field value fields and press the Replace button.
3. After you have added all filters, press the Apply button. Only files se-
lected by the filters you have specified will then be displayed in the list.
In order to display all files included in the list of objects stored in Backup, open
the shortcut menu on Backup node in the console tree and select Remove Fil-
ter.
Attention!
Restoring files from Backup may lead to computer infection.
When you restore a file you can select where it will be saved: to the original fold-
er (by default), to a special folder for restored objects on the protected server or
to the folder specified by you in the computer on which Anti-Virus console is in-
stalled or on another computer in the network.
A folder for restoration is designed for storing restored objects on the protected
server. You can set special security parameter to scan it. Path to this folder is set
by Backup settings (see 12.5 on pg. 182).
By default when Anti-Virus is restoring a file it deletes its copy from Backup. You
can save a file copy in Backup after it is restored.
Backup copying of objects before disinfection/deletion; Using Backup storage 179
Figure 74. The Object with such name already exists dialog box
in order to set the maximum backup storage size check the Maxi-
mum storage size box and specify the required values in MB in
the entry field (see A.7.2 on pg. 395);
in order to set the free space threshold for the backup storage set
the Maximum storage size setting, check the Threshold of free
space box and specify the minimum free space value for the
backup storage in megabytes (see section A.7.3 on pg. 396);
in order to specify a folder for restored objects, select the required
folder on the local drive of the protected server in the Restoration
settings settings group or enter the folder name and the full path to
it in the Restore to folder (see A.7.4 on pg. 397).
3. Press the OK button.
In order to view Backup statistics right-click Backup node in the console tree and
select View Statistics (see Figure 76):
Field Description
2. In the result panel find the required task report (in order to quickly find
the report in the list you can filter or sort the records by any column).
To learn how to view a detailed report about the task execution, see
13.2.4 on pg. 191.
The following information about the task execution will be contained in the report:
Field Description
Task name The name of the task which report you are viewing.
188 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Field Description
Completion If the task has been completed by the current moment, the
time date and the time of its completion will be displayed in this
column. If the task is running at the moment, this field will
remain empty.
Table 10. Statuses of the bases update and update downloading task reports
Field Description
Event importance By the importance level events in the detailed reports are
level information , important and critical .
In addition to the above fields, the detailed analysis about tasks Real-time file
protection and Script monitoring contains the Username field.
Field Description
To view task statistics, open the Statistics tab in the Detailed report dialog box
(see Figure 79).
To view task settings, open the Settings tab in the Detailed report dialog box
(see. Figure 80).
While you are viewing a detailed report, you can apply one or several filters in
order to find the required event on the Events tab.
To specify one or several filters:
1. Press the Filter button in the bottom part of the Detailed report dialog
box. The Filter settings dialog box will open (see Figure 81).
Event registration 195
In order to display all objects, press the Remove filter button in the bottom part
of the Detailed report dialog box.
Field Description
Event Event description that includes the type of event and addi-
tional information about it. Based on the importance level
events can be information , important and critical .
Event time Event registration time in the time zone of the protected
server in the format set by the Microsoft Windows server
regional settings.
You can perform the following actions with events in the System audit log node:
sort events (see 13.3.1 on pg. 200);
filter events (see 13.3.2 on pg. 201);
delete events (see 13.3.3 on pg. 202).
In order to find an event in the list you can sort the events by any column with
information. The result of the sorting will be saved if you leave and then select
the System audit log node again or if you close the Anti-Virus console, save the
msc file and then open it again from this file.
In order to sort events:
1. Select System audit log in the console tree.
2. In the result panel click the column heading by which you wish to sort
the events in the list.
2. To add a filter:
a) In the Field name select a file to which the filter value will be com-
pared.
b) In the Operator list select the filtering condition. The values of the
filtering conditions in the list may differ depending on the value you
have selected in the Field name field.
c) Enter the filter value in the Filter value field or select it from the list
of possible values.
d) Press the Add button.
The filter you have added will appear in the list of filters in the Filter
settings dialog box. Repeat these actions for each filter you wish
to add. If you specify several filters they will be combined using log-
ical "AND".
In order to delete a filter, select the filter you wish to delete in the filter
list in the left part of the dialog box and press the Delete button.
In order to edit a filter, select it in the list of filters in the Filter settings
dialog box. Then change values in the Field name, Operator or Field
value fields and press the Replace button.
3. After you added all filters, press the Apply button. Only events selected
by the filters you have specified will then be displayed in the event list.
In order to display all events again, open the shortcut menu on the System audit
log node in the console tree and select Remove filter.
by detail levels. The detail level corresponds to the level of the event
importance in which it is registered (informational, important, or critical
events). The most detailed is the Information level, which registers
events of all importance level; the least detailed is the Critical level
which registers critical events only (Important events is the default). By
default, for all components except the Update component the Impor-
tant events detailed level is selected (only important and critical com-
ponents are registered); for the Update component the Information
events level is selected.
To learn how to select events for registration in the Event log see 13.2.7 on pg.
197
In order to view the Event log:
1. Add to the MMC Event Viewer. If you control the server protection re-
motely from the administrator's station, specify the protected server as
the computer to be controlled by the utility.
2. Select the Kaspersky Anti-Virus node in the Viewing events console
tree (see Figure 85).
Beta
Beta keys are free. They are only given out during Anti-Virus beta-testing.
After the expiration date of the key, Anti-Virus stops performing all of its
functions.
Trial
Trial keys are also free. They are designed for trying out Anti-Virus. A trial
key has a short lifespan. After the expiration date of the key, Anti-Virus stops
performing all of its functions. You can only install one trial key for Anti-Virus.
Commercial
After the expiration date of a commercial license key, Anti-Virus continues
performing all of its functions except for updates. It scans the server using
databases installed prior to the license key expiration date. It will not detect
threats that Kaspersky Lab specialists added to the database after the key
expired and will not disinfect files infected with those threats. Technical Sup-
port is also only provided for the key validity period.
You can purchase and install two keys at the same time, one as the active key
and the other as a backup. The Active key becomes effective as soon as you
install it, and the backup key will become active automatically when the active
key expires.
Anti-Virus key can have a usage restriction according to the number of servers.
The General tab in the <Serial number> Properties dialog box displays the
following information:
Field Description
Key type Key type (beta, trial, or commercial). For more details on
key types, see 14.1 on pg. 209.
Validity period Term of the key in days, set when the key is written
The Additional tab in the <Serial number> Properties dialog box displays in-
formation on the customer, as well as contact information for Kaspersky Lab or
the retailer where you purchased Anti-Virus.
This dialog box displays on the key described in the table below.
3. If you install the key as a backup, select Add as a reserve key.
4. Click the OK button.
Installing and deleting license keys 213
The Adding a key dialog box displays the following information about the li-
cense key being installed:
Field Description
Type Key type (beta, trial, or commercial). For more details, see
14.1 on pg. 209.
Expiration date The expiration key is calculated by the Anti-Virus after the
key installation; it is the date of the expiration of the key
validity period since the moment of its activation, but not
later than date on which the key becomes invalid. For more
details refer to section 14.1 on pg. 209.
Warning:
If you delete the installed key, you can restore it only by re-installation from the
key file.
You can create the message text for individual event types. It can include a field
with information about the event.
The message text used by default for user notifications is given in the following
table.
216 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Note
You can compose a single message text for several event
types: After you have selected a notification method for one
event type, select the other event types for which you want to
use the same message text using the <Ctrl> and <Shift> keys.
3. To compose the message text, click Message text in the desired set-
tings group and enter the text to be displayed in the event message in
the Message text dialog box.
To add fields with information on the event, click Macro... and select the
desired fields from the list of those available. Fields with information on
events are described in Table 16.
In order to restore the default text of the message for this event, press
the Default button.
4. To configure the administrator notification methods for selected events,
click Settings in the Notifications dialog box and configure the se-
lected methods in the Additional settings dialog box.
For e-mail notifications, open the E-mail tab (see Figure 89) and
specify the e-mail addresses of the recipients (delimit addresses
with a semi-column), the name or network address of the SMTP
server, and the port in the appropriate fields. If necessary, specify
the text that will be displayed in the Subject and From fields. The
text in the Subject field can also include a field with information
about the event (see Table 16).
Configuring notifications 219
To run an executable file, select the file on a local drive of the pro-
tected server that will be executed on the server triggered by the
event or enter the full path to it on the Executable file tab (see
Figure 91). Enter the username and password under which the file
will be executed.
Specifying the path to the executable file you can use system envi-
ronmental variables; you can not use user’s environmental va-
riables.
Configuring notifications 221
If you want to limit the number of messages for one event type over
a period of time, on the Additional tab (see Figure 92), select from
Do not send the same notification more than and specify the
needed number of times and time span.
222 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Field Description
Field Description
You can perform basic Anti-Virus management commands from the command
line of the protected server if you included the Command line utility into the list
of installed features during Anti-Virus installation.
Using command line commands you can manage only those functions which are
accessible to you based on the rights assigned to you in Anti-Virus (for more
details about access to Anti-Virus functions refer to section 2.6.1 on pg. 35).
Some of Anti-Virus commands are executed in the synchronous mode that is if
control returns to the console only after the command is completed, other com-
mands are executed in the asynchronous mode: control returns to the console
immediately after the command is started.
In order to interrupt command execution in synchronous mode, press <Ctrl+C>.
Follow the following rules when entering Anti-Virus commands:
enter modifiers and commands using upper and lower case;
delimit modifiers with the space character;
if the name of the file (folder) path to which you specify as the value of
the modifier contains the space character, provide the path to the file
(folder) in quotes, for example "C:\TEST\test cpp.exe";
in the filename or path masks use only one placeholder and enter it only
at the end of the path to a folder to a file, for example
"C:\Temp\Temp*\", "C:\Temp\Temp???.doc", "C:\Temp\Temp*.doc".
The list of Anti-Virus commands is provided in Table 17.
Anti-Virus command return codes are listed in Chapter 17 on pg. 245.
226 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Command Description
KAVSHELL UPDATE (16.7) starts Anti-Virus bases update task with settings
specified using command modifiers
KAVSHELL EXPORT (16.13) exports all Anti-Virus settings and existing tasks
to a configuration file
Anti-Virus command line commands 227
Note
By default during Anti-Virus startup tasks Real-time file protection, Script mon-
itoring, Scan at the system startup and Application integrity control and
other tasks the schedule of which provides for the launch frequency At the ap-
plication startup will be started.
Modifier Description
<files> Specifies the scan scope - the list of files, folders, net-
work paths and pre-defined areas.
<folders>
Specify network paths to the UNC format (Universal
<network path> Naming Convention).
In the following example folder Folder4 is specified with-
out a path - it is located in the folder from which you
launch command KAVSHELL:
KAVSHELL SCAN Folder4
/L: <path to file with File name with the list of scan scopes including full path
the list of scan to the file.
scopes> Delimit scan areas in the files using line breaks. You can
specify pre-defined scan areas as shown as follows in
this example of a file with a scan scope list:
C:\
D:\Docs\*.doc
E:\My Documents
/STARTUP
/SHARED
Detectable objects (File types). If you do not specify values for this modifier,
Anti-Virus will scan objects by their format.
Modifier Description
/NEWONLY Scan only new and modified objects (for more details
about this setting see section A.3.2 on pg. 360). If you do
not provide this modifier, Anti-Virus will scan all objects.
/AI: Actions to be performed with infected objects. If you do not specify val-
ues for this modifier, Anti-Virus will only perform the Skip action.
DELETE Delete
/AS: Actions with suspicious objects (actions) If you do not specify values for
this modifier, Anti-Virus will perform the Skip action.
QUARANTINE Quarantine
DELETE Delete
Exclusions
Modifier Description
/ES:<size> Do not scan compound objects larger than the size (in
MB) specified by value <size>
Anti-Virus scans all sizes of objects by default.
Report settings
232 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Modifier Description
/W:<path to report If you specify this modifier, Anti-Virus will save the task
file> report file with the named specified by the modifier's val-
ue.
The report file contains the task execution statistics, time
when it was started and completed (stopped) and infor-
mation about events in this task.
The report registers events specified by the settings of
the reports and event log in the Anti-Virus console (for
more details refer to section 13.2.7 on pg. 197).
You can specify either the absolute or the relative path to
the report file. If you specify only file name without speci-
fying path to it, then the report file will be created in the
current folder.
Restart of the command with the same settings of record
into the report will overwrite the existing report.
You can view the report file while the scan task is being
executed.
Report about the task is also displayed in the Report
node of Anti-Virus console.
If Anti-Virus fails to create the report file, it will not stop
the command from executing and will not display an error
message.
/W:<path to report If you specify this modifier, Anti-Virus will save the task
file> report file with the named specified by the modifier's
value.
The report file contains the task execution statistics, time
when it was started and completed (stopped) and infor-
mation about events in this task.
The report registers events specified by the settings of
the reports and event log in the Anti-Virus console (for
more details refer to section 13.2.7 on pg. 197).
You can specify either the absolute or the relative path
to the report file. If you specify only file name without
specifying path to it, then the report file will be created in
the current folder.
Restart of the command with the same settings of record
into the report will overwrite the existing report with the
same name.
You can view the report file while the scan task is being
executed.
Report about the task is also displayed in the Report
node of Anti-Virus console.
If Anti-Virus fails to create the report file, it will not stop
the command from executing and will not display an
error message.
Modifier Description
Without modifiers Returns the list of all existing Anti-Virus tasks. The list
contains the following fields: alias, task category (sys-
tem, user-defined or group) and the current task status.
<task alias> Instead of the task name, in the SCAN TASK command,
use its Task alias, an additional short-form name that
Anti-Virus assigns to tasks. To view Anti-Virus task
aliases enter the command KAVSHELL TASK without
any modifiers.
Modifier Description
<Path to the update User-defined update source. Path to the network folder
source> in the UNC format.
Modifier Description
Modifier Description
/USENOPROXYFOR Use proxy server settings for connecting with local up-
CUSTOM date sources. If not specified, value Do not use proxy
server settings to connect to the local update
sources. For more details about these settings see sec-
tion A.5.4.1 on pg. 384.
/NOFTPPASSIVE If you specify this modifier, Anti-Virus will use the active
FTP server mode to connect to the protected server. If
you do not specify this modifier, Anti-Virus will use the
passive FTP server mode, if possible.
/ALIAS:<task alias> This modifier will allow you to assign the task a tempo-
rary name by which you cold access it during its execu-
tion. For example you can view task statistics using the
TASK command. The task alias must be unique among
the task aliases of all functional components of Anti-
Virus.
If this modifier is not specified, the temporary name up-
date_<kavshell_pid> is used, for example scan_1234. In
the Anti-Virus console the task will be automatically as-
signed name Update-bases (<date time>), for example,
Update-bases 8/16/2007 5:41:02 PM.
Anti-Virus command line commands 239
Modifier Description
/W:<path to report If you specify this modifier, Anti-Virus will save the task
file> report file with the named specified by the modifier's
value.
The report file contains the task execution statistics, time
when it was started and completed (stopped) and infor-
mation about events in this task.
The report registers events specified by the settings of
the reports and event log in the Anti-Virus console (for
more details refer to section 13.2.7 on pg. 197).
You can specify either the absolute or the relative path
to the report file. If you specify only file name without
specifying path to it, then the report file will be created in
the current folder.
Restart of the command with the same settings of record
into the report will overwrite the existing report with the
same name.
You can view the report file while the on-demand scan
task is being executed.
Report about the task is also displayed in the Report
nodes of Anti-Virus console.
If Anti-Virus cannot generate a report file, it will not ter-
minate the commands and will not display an error mes-
sage.
Modifier Description
/ADD:<path to key Installs key from a file path to which is specified by the
file> value of the /ADD modifier. Include the key file name
and the full path to it.
Specifying the path to the key you can use system envi-
ronmental variables; you can not use user’s environmen-
tal variables.
/DEL:<serial number> deletes the key with serial number specified by the value
of /DEL.
Anti-Virus command line commands 241
Modifier Description
/F:<folder with track- This modifier specifies full path to the folder in which the
ing log files> tracking log files will be saved (mandatory modifier).
If you specify a path to a non-existent folder, no tracking
logs will be created. You can specify network paths but
you cannot specify paths to folders on network drives of
the protected server.
If the name of the folder path to which you specify as the
value of the modifier contains the space character, pro-
vide the path to this folder in quotes, for example
/F:”C\Trace Folder”.
Specifying the path to the tacking log file you can use
system environmental variables; you can not use user’s
environmental variables.
/S: <the maximum log This modifier sets the maximum size of a single file of
file size in mega- the track log. As soon as the log file reaches the maxi-
bytes> mum level, Anti-Virus will start recording information into
a new file; the previous log file will be saved.
If you do not specify the value of this modifier, the max-
imum size of one log file will be 50 MB.
242 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Modifier Description
/LVL:<debug | info | This modifier sets the detail level of the log from the
warning | error | criti- maximum (debug information) which records all events
cal> into the log to the minimum (critical) which records only
critical events.
If you do not specify this modifier, then events with the
Debug information detail level will be recorded into the
log.
/OFF This modifier disables the tracking log.
Modifier Description
<name of config file Name of the configuration file used to import settings.
and path to file> Specifying path to the file you can use system environ-
mental variables; you can not use user’s environmental
variables.
244 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Modifier Description
<name of config file Name of the configuration file in which the settings will
and path to file> be saved
You can assign any extension to the configuration file.
Specifying path to the file you can use system environ-
mental variables; you can not use user’s environmental
variables.
CHAPTER 17. RETURN CODES
The following tables describe the return codes for Anti-Virus commands.
1 Operation canceled
-3 Permissions error
-4 Object not found (will with list of scan scopes not found)
Return code for the commands KAVSHELL START and KAVSHELL STOP
-3 Permissions error
-3 Permissions error
-3 Permissions error
-3 Permissions error
-3 Permissions error
-3 Permissions error
-3 Permissions error
-3 Permissions error
250 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
-5 Invalid syntax
-3 Permissions error
-5 Invalid syntax
Figure 93. The <Computer name> Properties dialog box, the Protection tab
The Protection tab displays the following information about the protected server:
Field Description
Last full scan Date and time of the last execution of an on-demand scan
date that has the "full computer scan task" status.
Computer status The server status from the Anti-Virus security point of view.
For more details about computer statuses refer to the Kas-
persky Lab's Technical Support website, Article code 987.
Note
If you wish to view Anti-Virus statistics in real-time, open port UDP 15000 in
Windows firewall of the computer on which the Administration server is installed.
Field Description
Database release time UTC (Coordinated Universal Time) date and time of
(UTC) the creation of the latest installed bases update by
Kaspersky Lab.
Real-time file protec- Information about the Real-time file protection task
tion statistics (for details see 6.3 on pg. 83)
On-demand scan sta- Information about the Real-time file protection task
tistics (for details see 9.4 on pg. 133)
Note
Information about task Real-time file protection, Script monitoring and on-
demand scan tasks will be displayed only while the corresponding task is being
performed
Figure 95. The Application Settings dialog box, the Licenses tab
The following Information about installed keys will be displayed on the License
tab:
Field Description
Type Key type (for beta testing, trial or commercial key). For
more details about key types refer to section 14.1 on pg.
209).
Expiration date The key expiration date is calculated by Anti-Virus after the
key installation (only for active keys); it is the date of the
expiration of the key validity period since the moment of its
activation, but not later than the date on which the key be-
comes invalid.
260 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Note
You cannot create protection/scan scopes using policies in the Real-time file
protection and on-demand scan tasks.
You can create several policies for one administration group and enforce them in
turns. In the Administration Console, the policy currently active for a group has
the status active.
Information on policy enforcement is logged in the Anti-Virus system audit log.
You can view it in the Anti-Virus console in MMC under the System audit log
node.
Of all the methods for enforcing policies, you can only use the Do not modify
settings method, which does not involve saving values of the settings deter-
mined by the policy in Anti-Virus. You cannot use Enforce mandatory settings
or Enforce all settings policy enforcement methods.
Using the Do not modify settings policy enforcement method, Anti-Virus will
enforce the settings that you selected while the policy is active instead of the
values for those settings in place before the policy is enforced. Anti-Virus will not
enforce the settings with their checkbox select in the policy properties. After the
262 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
policy is no longer active, the values replaced by the policy will take values used
before the policy was enforced.
While the policy is active, the settings in the Application settings dialog box of
Administration Console marked with the icon in the Anti-Virus console in MMC;
are locked for editing. The remaining settings (which are marked with the icon
in the policy) can be edited in the Anti-Virus console in MMC and the Applica-
tion settings dialog box in Administration Console.
If the policy defines settings for any of the real-time protection tasks and such
task is not running, the settings determined by the policy will be enforced imme-
diately. If the task is not running, the settings will be enforced after it is started. If
the policy defines settings for other Anti-Virus tasks, those settings will not be
applied in tasks currently running when the policy becomes active and will be
enforced the next time the task is run.
7. In the On-Demand Scan window (see Figure 97), select one of the pre-
set security levels or configure the security settings manually in the on-
demand scan tasks(A.3 on pg. 359).
Check the Apply trusted zone flag if for on-demand scan tasks you
wish to exclude objects, described in the Anti-Virus trusted zone, from
the scan scope (for more details about trusted zone see section 8.1 on
pg. 99; for more details about adding exclusions to the trusted zone in
Kaspersky Administration Kit see section 20.7 on pg. 296).
Creating and Configuring Policies 265
8. In the Update dialog box (see Figure 98) configure settings for the Ap-
plication Databases Update and Application Modules Update.
9. Perform the following actions in the Settings dialog box:
a) select an update source (see A.5.1 on pg. 381);
266 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Note
Settings of the Updates distribution task can be configured a later
time in the Policy Properties dialog box.
Note
You cannot create a protection (scan) area for the Real-time file protection task
and on-demand scan tasks using a policy.
You can configure the policy settings using the following tabs:
Settings Tab
Settings Tab
Settings Tab
Settings Tab
4. After you have configured the required policy settings, press the OK
button to save changes.
Note
If you exclude the protected server from the administration group, the system
task schedule will be automatically disabled.
In order to disable the scheduled launch of the Anti-Virus system task on the
group's servers:
1. Expand the Groups node in the Administration Console, expand the re-
quired group and select the Policies node in it.
2. Right-click the policy name, using which you wish to disable the sche-
duled launch of Anti-Virus predefined tasks on the group's servers, in
the results panel and select Properties.
3. Open the Predefined tasks tab in the Policy Properties dialog box
(see Figure 101).
Creating and Configuring Policies 273
Figure 101. The Properties dialog box, the Predefined tasks tab
4. Uncheck the box next to the name of the system task whose scheduled
launch you wish to disable.
In order to re-enable the system task schedule, check the box next to its
name.
5. Press the OK button.
Note
If you disable the scheduled launch of predefined tasks, you can launch them
manually either from the Anti-Virus console in MMC or from the Kaspersky Ad-
ministration Kit administration console.
CHAPTER 20. CONFIGURING
ANTI-VIRUS IN THE
APPLICATION SETTINGS
DIALOG BOX
Figure 102. The list of Anti-Virus applications in the <Computer name> Properties dialog
box
Figure 103. The Application Settings dialog box, the General tab
Note
While the Kaspersky Administration Kit policy is active, the settings marked with
the icon in the Application settings dialog box of Administration Console are
locked for editing.
Figure 104. The Application Settings dialog box, the Performance tab
Figure 105. The Application Settings dialog box, the Additional tab
Figure 106. The Application settings dialog box, Malfunction diagnosis tab
2. After you have configured the required Anti-Virus settings, press the OK
button.
Note
If you enable a function of automatic blocking of access from computers, it will be
enabled only when the Real-time file protection task is running.
Figure 107. The Application Settings dialog box, tab Blocking access from computers
4. Perform one of the following actions in the Additional dialog box (see
Figure 110).
In order to enable the Virus outbreak prevention function:
a) check the Increase security level if the number of comput-
ers exceeds box;
b) indicate the number of blocked computers in the blocking list
that, when reached, would cause the Anti-Virus to switch to the
higher security level;
c) enable or disable the function of the restoring the security level
once the number of computers access from which to the server
is blocked decreases and reaches the specified value. Specify
the number of computers in the Restore security level if the
number of computers is lower than … field.
In order to disable the Virus outbreak prevention function, uncheck
the Increase security level if the number of computers exceeds
box.
Attention!
Computers that are in the server blocking list are not allowed to access the pro-
tected server only when the Real-time file protection task is running and the au-
tomatic access blocking feature is enabled.
In order to view the list of computers access from which to the protected server is
currently blocked:
1. Open the Application Settings dialog box (see 20.1 on pg. 274).
2. Press the Blocking list button on the Blocking access from computers
tab (see Figure 111).
The Blocking list of server access dialog box contains the following informa-
tion on computers that currently are blocked from accessing the protected server:
Field Description
Blocking date Date and time when the access from a computer was
blocked; it is displayed using the format specified by the
286 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Blocking end date Date and time when the computer will be unblocked; it is
displayed using the format specified in the Microsoft Win-
dows regional settings of the computer on which the Ad-
ministration Console is installed.
Attention!
Computers that are in the server blocking list are not allowed to access the pro-
tected server only when the Real-time file protection task is running and the au-
tomatic access blocking feature is enabled.
Note
In the Computer Name field specify only computers' network NetBIOS
names; do not specify DNS addresses.
Configuring Anti-Virus in the Application Settings Dialog BOx 287
Note
Please specify network name of computer that should be added to the
blocking list.
Note
Specify the date and time relative to the current date and time of
the protected server.
Figure 113. The Application Settings dialog box, the Quarantine tab
Figure 114. The Application Settings dialog box, the Backup tab
the operation of the Anti-Virus and the status of the Anti-Virus protection of the
protected server:
the administrator can receive information about events of selected
types;
users of the local network who access the protected server can receive
information about events of types Threat detected and Computer added
to the blocking list; terminal server users can receive information about
events of the Threat detected type.
You can configure notifications about the Anti-Virus events either for a single
server using the Application Properties dialog box of the selected server or for
a group of servers using the Policy Properties dialog box.
You can configure notifications in these dialog boxes using the Event tab or on
the Notification tab.
you can configure notifications to the administrator about events of se-
lected types on the Events tab (standard tab of the Kaspersky Adminis-
tration Kit application). For the description of notification methods you
can configure and how you can do it see document Kaspersky Adminis-
tration Kit. Administrator's Guide;
You can configure both administrator's and users' notifications on the
Notification tab. For information about the methods of notifications you
can configure on the Notification tab, see 15.1 on pg. 214. To learn
how to configure notifications on the Notification tab see 20.6.2 on pg.
295.
Notifications about events of some types can only be configured on one of the
tabs while notifications about events of other types - on both of them.
Note
If you configure notifications about events of one type using two tables (both
Events and Notification, the administrator will receive notifications about these
events twice.
Configuring Anti-Virus in the Application Settings Dialog BOx 295
Figure 115. The Application Settings dialog box, the Notification tab
296 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Figure 116. The Application Settings dialog box, the Trusted zone tab
Figure 117. The Application Settings dialog box, the Trusted zone tab
4. Apply trusted zone exclusions in the selected tasks and policies (see
section 20.7.4 on pg. 302).
Figure 118. The Application Settings dialog box, Trusted zone tab
3. Specify the rule using which Anti-Virus will exclude the object.
Note
In order to exclude specified threats within the specified folders or files
check the Object box and the Threats box.
In order to exclude all threats within the specified folders or files, check
the Object box and uncheck the Threats box.
In order to exclude specified threat within the entire scan area, uncheck
the Object box and check the Threats box.
If you wish to specify the object's location, check the Object box,
press the Change button and use the Object selection dialog to
specify the object that will be excluded from scanning, then press
the ОК button:
o Predefined scope. Select in the list one of predefined scan-
ning areas.
o Disc or folder. Specify the server drive or folder on server or
in the local network.
o File. Specify the file on server or in the local network.
o File or URL of the script. Select the script on a protected
server, in local network or in the Internet.
Configuring Anti-Virus in the Application Settings Dialog BOx 301
Note
You can use masks or folders' and file's names using characters ?
and *.
If you wish to specify the name of a threat, check the Threats box
press the Change button and add names of threats in the Threat
Exception List dialog box (for more details about this settings see
section A.3.9 on pg. 370).
4. Check boxes next to the names of functional components in whose
tasks the exclusion rule will be applied.
5. Press ОК.
In order to edit a rule, select the rule you wish to edit on the
Trusted Zone tab, press the Modify button and edit it in the Ex-
clusion rule dialog box.
In order to delete a rule select it on the Trusted Zone tab, press
the Delete button and confirm the operation.
6. Press ОК in the Application Settings dialog box.
7. If required, apply exceptions of the trusted zone in the selected tasks
and policies (see section 20.7.4 on pg. 302).
302 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Note
Using policies, you can disable the schedule of local predefined tasks on all pro-
tected servers that belong to the same administration group.
Figure 122. The Adding objects to the scan scope dialog box
b) Press the LAN settings button. This will open the Connection
settings dialog box (see Figure 124);
308 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Figure 124. The Additional settings dialog box, Connection settings tab
Figure 125. The Update settings dialog box in the Updating application modules task
Figure 126. The Updates distribution settings defining settings dialog box
If you are creating a License key installation task, specify the key
filename with .key extension and full path to it in the Key filed in the
License key installation dialog box (see Figure 127).
Creating and Configuring Tasks 311
5. Configure the required task schedule settings (you can configure the
schedule for all types of tasks, except tasks Key Installation and Ap-
plication Database rollback). Perform the following in the Schedule
dialog box (see Figure 128):
a) check the Start task according to schedule box to enable the
schedule;
b) specify the frequency for the task startup (see A.2.1 on pg. 353);
select one of the following values in the Execution Frequency list:
Hourly, daily, weekly, At Anti-Virus startup, After database up-
date (you can specify the frequency for the task startup Upon re-
ceiving updates by the Administration Server in the Application
bases update, Application module update and Downloading
updates):
o if you selected Hourly, specify the number of hours in the
Every <number> hours in the Task Launch Settings settings
group;
o if you selected Daily, specify the number of days in the Every
<number> days in the Task Launch Settings settings group;
o if you selected Weekly, specify the number of weeks in the
Every <number> weeks in the Task Launch Settings set-
312 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Figure 128. An example of the Schedule dialog box with After receiving updates by
Administration server
c) specify the time of first task start in the Start time field; specify the
date of schedule start in the Start from field (see A.2.2 on pg. 355);
d) if required, specify the rest of the schedule settings: press the Ad-
ditional button and perform the following in the Additional sche-
dule settings dialog box (see Figure 129):
3. Right-click on the task you wish to configure on the Task tab in the
Computer Properties dialog box and select Properties.
4. Modify the task settings, if necessary:
In the Real-time File Protection task on the Settings tab:
create a protection area (for information about pre-defined area
see section 6.2.1.2 on pg. 66);
apply the trusted zone: press the Protection mode button and
check the Take into Account Trusted zone Rules box in the
Advanced dialog box (to learn how to create a trusted zone
see section 20.7.3 on pg. 299);
in order to change the object protection mode, press the Pro-
tection mode button and select the required object protection
mode in the Advanced dialog box (for more details about this
setting refer to section A.3.1 on pg. 359);
In the Script monitoring task on the Settings tab:
Define whether execution should be allowed or blocked for the
scripts, which the Anti-Virus recognizes as suspicious.
Use the trusted zone (please refer to section 20.7.3 on pg. 299
for the details on the procedure).
In the Full Computer Scan task on the Scan scope tab:
create a scan area (for information about pre-defined area see
section 9.2.1.2 on pg. 114);
change the priority of the working process during which the
task will be executed (see section 9.3 on pg. 131);
assign status "Full Computer Scan Task" to this task (see sec-
tion 21.4 on pg. 315);
apply the trusted zone (to learn how to create a trusted zone
see section 20.7.3 on pg. 299);
In the Updates distribution task:
Use the Updates distribution settings tab to specify the up-
dates you want and the folder where they will be saved (see
A.5.7 on pg. 389);
On the Update source tab, specify the update source (see
A.5.1 on pg. 381);
configure the task schedule on the Schedule tab (for instruction on
how to create a task see 21.2 on pg. 303);
Creating and Configuring Tasks 315
specify the account under which the task will be executed on Ac-
count tab (see 5.9.1 on pg. 59);
configure a notification about the result of the task execution on the
Notification tab. (For details– see document Kaspersky Adminis-
tration Kit. Reference Guide).
Note
While the Kaspersky Administration Kit policy is active, the settings
marked with the icon in the Application settings dialog box of
Administration Console are locked for editing.
Note
You can assign an on-demand scan task the status "Scan My Computer
task" when you create it or afterward in the Task properties dialog box.
316 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
2. Using the new or an existing policy, disable the system Scan My Com-
puter task on the group's servers (see section 19.4 on pg. 272).
Kaspersky Administration Kit Administration Server will then evaluate the security
status of the secured server and will notify you about it based on the results of
the last execution of tasks with the Full Computer Scan status rather than based
on the results of the Full computer scan predefined tasks.
You can assign the "Full Computer Scan" status to either group or global on-
demand scan tasks.
Using the Anti-Virus Console in MMC you can view to check whether a group or
a global on-demand task is a full computer scan task.
Note
The Treat task execution as a full server scan task check box is displayed
only in the properties of the group and global tasks (it is not accessible for edit-
ing).
PART 4. ANTI-VIRUS
COUNTERS
This section contains the following information:
Description of performance counters for System Monitor (see Chapter
22 on pg. 317);
Description of Anti-Virus SNMP counters and traps (see Chapter 23 on
pg. 326).
CHAPTER 22. PERFORMANCE
COUNTERS FOR SYSTEM
MONITOR
The following points list definitions of counters, recommended intervals for taking
readings, threshold values, and recommendations for Anti-Virus settings if the
counter values exceed them.
Normal / threshold 0 / 1
value
Recommended 1 hour
reading interval
Recommended 1 hour
reading interval
Recommendations If the counter value is anything other than zero, this means
for configuration if that one or several file interception dispatcher streams have
value exceeds the frozen and are down. The counter value corresponds to the
threshold number of streams currently down.
If the scan speed is not satisfactory, restart Anti-Virus to
restore the off-line streams.
Anti-Virus SNMP counters and traps 321
Recommendations If the counter value is anything other than zero, the Anti-
for configuration if Virus working processes need more RAM to process re-
value exceeds the quests.
threshold Active processes of other applications may be using all
available RAM.
Normal / threshold The counter value may vary depending on the level of file
value activity on the server
Recommended 1 min.
reading interval
Recommendations No
for configuration if
value exceeds the
threshold
Recommended 1 min.
reading interval
Recommended 1 minute
reading interval
Normal / threshold This value may be something other than zero while Anti-
value Virus is processing infected or suspicious objects but will
return to zero after processing is finished / The value re-
minds non-zero for an extended period of time.
Recommendations If the value of the counter does not return to zero for an
for configuration if extended period of time:
value exceeds the Anti-Virus is not processing objects (the file interception
threshold dispatcher may have crashed);
Restart Anti-Virus.
Not enough processor time to process the objects;
Make sure Anti-Virus receives additional processor
time (by lowering other applications' load on the server,
for example).
There has been a virus outbreak.
You can enable the Virus Outbreak Prevention function
(see 7.5 on pg. 92).
A large under of infected or suspicious objects in a
Real-time file protection task also is a sign of a virus
outbreak. You can view information on the number of
Anti-Virus SNMP counters and traps 325
Recommendations The values of this counter depend on the values set in the
for configuration if Anti-Virus settings and the load on the server from other
value exceeds the applications' processes.
threshold Observe the average level of counter numbers over an
extended period of time. If the average level of the counter
numbers drops:
Anti-Virus processes do not have enough processor
time to process the objects;
Make sure Anti-Virus receives additional processor
time (by lowering other applications' load on the server,
for example).
Anti-Virus has experienced an error (several streams
are down).
Restart Anti-Virus.
326 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Counter Definition
Counter Definition
Counter Definition
Counter Definition
Counter Definition
Counter Definition
Counter Definition
Counter Definition
Counter Definition
objectName Object name (for example, name of the file where the
virus was detected).
updaterErrorEven- The reason why update was not applied. Possible values
tReason include:
reasonUnknown(0) – reason is unknown;
reasonAccessDenied – access denied;
reasonUrlsExhausted – the list of update sources is
exhausted;
reasonInvalidConfig – invalid configuration file;
reasonInvalidSignature – invalid signature;
reasonCantCreateFolder – folder cannot be created;
reasonFileOperError – file error;
reasonDataCorrupted – object is corrupted;
reasonConnectionReset – connection reset;
reasonTimeOut – connection timeout exceeded;
reasonProxyAuthError – proxy authentication error;
reasonServerAuthError – server authentication error;
reasonHostNotFound – computer not found;
reasonServerBusy – server unavailable;
reasonConnectionError – connection error;
reasonModuleNotFound – object not found;
reasonBlstCheckFailed(16) – error checking the list of
recalled licenses. It is possible that databases updates
were being published at the moment of update; please
repeat the update in a few minutes.
See the list of these reasons and possible actions of ad-
ministrator on the Technical Support Service website in
section If a program generated an error
(http://support.kaspersky.com/error).
338 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
storageObjectNo- The reason why the object was not backed up or quaran-
tAddedEventReason tined. Possible values include:
reasonUnknown(0) – reason is unknown;
reasonStorageInternalError – database error; please
restore Anti-Virus;
reasonStorageReadOnly – database is read-only;
please restore Anti-Virus;
reasonStorageIOError – input/output error: a) Anti-
Virus is corrupted, please restore Anti-Virus; b) disk
with Anti-Virus files is corrupted;
reasonStorageCorrupted – storage is corrupted;
please restore Anti-Virus;
reasonStorageFull – database is full; free up disk
space;
reasonStorageOpenError – database file could not be
opened; please restore Anti-Virus;
reasonStorageOSFeatureError – some operating sys-
tem features do not correspond to Anti-Virus require-
ments;
reasonObjectNotFound – object being placed to Qua-
rantine does not exist on the disk;
reasonObjectAccessError – not enough rights to use
Backup API: account under which the operation is per-
formed does not have Backup Operator rights.
reasonDiskOutOfSpace – not enough space on the
disk.
APPENDIX A. DESCRIPTION OF
GENERAL ANTI-VIRUS
SETTINGS AND SETTINGS
OF ITS FUNCTIONS, AND
TASKS
A.1. Anti-Virus settings
You can configure the following Anti-Virus settings:
The maximum number of processes (see A.1.1 on pg. 340);
The maximum number of processes used in real-time protection (see
A.1.2 on pg. 341);
Number of processes for background on-demand scan tasks (see A.1.3
on pg. 342);
Task recovery (see A.1.4 on pg. 343);
How long information displayed in the Reports node is stored (see
A.1.5 on pg. 344);
How long information displayed in the System Audit Log node is
stored (see A.1.6 on pg. 344);
Actions when switching to an uninterruptible power supply (see A.1.7 on
pg. 345);
Event generation threshold (see A.1.8 on pg. 346);
Creation of the tracking log (see A.1.9 on pg. 346);
Creation of the Anti-Virus process memory dump files (see A.1.10 on
pg. 351).
340 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Allowable 1– 8
values
=1 1
4 4
=1 1
>1 2
Possible 1-4
values
Default val- 1
ue
Setting Reports storage period (Do not store reports and events for
longer than … days)
Description This setting defines how many days summary and detailed task
performance reports displayed in the Anti-Virus console in MMC
in the Reports node will be stored. You can disable this setting in
order to store reports about task execution indefinitely. In this
case the report file may become very large.
Allowable 1–365
values
Default value In detailed reports about tasks execution the Anti-Virus deletes
event records occurred over 30 days ago. Reports about com-
pleted tasks will be deleted 30 days after completion of the task.
Setting System audit log storage period (Do not store events for longer
than … days)
Description You can restrict the storage period for events displayed in the
Anti-Virus Console in MMC in the System Audit Log node.
Allowable 1–365
values
Description This setting determines the actions that Anti-Virus will take if the
server switches to an uninterruptible power supply.
Possible val- run / do not run on-demand scan tasks that run on a schedule;
ues Perform / stop all active on-demand scan tasks
Description You can specify the thresholds for generation of the following
three events:
Bases are obsolete and Bases are outdated . This event oc-
curs if the Anti-Virus bases have not been updated during the
period (in days) specified by the setting since the release date
of the latest installed bases updates. You can configure an
administrator's notification for these events.
Full computer scan has not been performed for a long time .
This event occurs if during the specified number of days no
tasks flagged with the Treat task execution as a full server
scan task box have been executed. For more details about
the "full computer scan task" status see 21.4 on pg. 315.
Parameter Creating tracking log (Write debug information into the file)
Description To enable Tracking log generation, you must specify the folder
when the log files will be saved.
Values and Specify the folder on a local drive of the protected server.
some rec- If you specify a path to a nonexistent folder, the Tracking log will
ommenda- not be created.
tions for us-
Do not use folders on virtual drives created using the SUBST
ing them
command or network server drives as the Tracking log folder.
If you are managing Anti-Virus on the protected server through an
MMC console installed on a remote administrator's workstation,
you must be included in the local administrators group on the
protected server to be able to view the folders on it.
Specifying path to the tacking file folder you can use system envi-
ronmental variables; you can not use user’s environmental va-
riables.
Description You can select the Tracking log level of detail (Debug informa-
tion, Information events, Important events, Errors or Critical
events).
Values and The most detailed level is Debug information which writes all
some rec- events to the log, and the least detailed is Critical events, which
ommenda- only writes critical events to the log;
tions for us- Please note that the tracking file can take up a large amount of
ing them disk space.
Default value If you do not change the logging settings when you enable Track-
ing log generation, Anti-Virus will trace Anti-Virus subsystems
with the Debug information level of detail.
Description You can change the maximum size of a single Tracking log.
Default value If you do not change the logging settings when you enable Track-
ing log generation, the maximum size of a single tracking file will
be 50 MB.
Description You can keep logs of only selected Anti-Virus subsystems in-
stead of all of them
Values and In the Anti-Virus settings dialog box, in the Malfunction diagno-
some rec- sis settings group, click the Additional settings button in the
ommenda- Additional settings window and entire the codes for the subsys-
tions for us- tems that you want to trace in the Subsystems to be traced
ing them field. Separate subsystem codes with a comma. When entering a
subsystem code, use the register. The codes and Anti-Virus sub-
system names are listed in the table below Table 21.
Anti-Virus applies trace settings from the gui subsystem (the ap-
pearance of Anti-Virus) after restarting the Anti-Virus console;
Trace settings for the AK_conn subsystem (subsystem for inte-
grating Kaspersky Administration NAgent) – after restarting Kas-
persky Administration Kit NAgent; Trace settings for other Anti-
Virus subsystems are applied immediately after the settings are
saved.
Default value If you do not change the logging settings when you enable Track-
ing log generation, Anti-Virus will trace all Anti-Virus subsystems.
Table 22. The list of subsystems codes for adding to the tracking log
dump files send these files for analysis to Kaspersky Lab's Tech-
nical Support Service. Detailed information on how you can con-
tact the Technical Support Service see section 1.2.3 on pg. 21.
Default value In local predefined tasks the Launch frequency setting by de-
fault has the following values:
Real-time file protection - At the application startup;
Scrip monitoring - at the application startup;
Scan at the system startup - At the application startup;
Verification of the application integrity - at the application star-
tup;
Full computer scan - Weekly (Every Friday at 20:00);
Quarantined objects scan - After the bases update;
Application bases update – Every hour;
Application modules update - Weekly (Every Friday at 16:00);
Updates distribution - schedule disabled;
Application database rollback - no schedule provided;
In all created user-defined on-demand scan tasks the schedule
will be disabled.
Setting Date when the schedule will be applied and time of the first task
launch
Default value In all created user-defined on-demand scan tasks these settings
will be disabled.
In local predefined tasks the Launch frequency setting by default
has the following values:
Full computer scan - every Friday at 20:00 in accordance with
the time settings configured on the protected server;
Application bases update –every three hours;
In the schedule of the rest of the predefined tasks these settings
are disabled by default.
Description Starting with the date you specified, the schedule will be disabled:
scheduled tasks will not be launched according to this schedule.
This setting will not be applied if you selected At the application
startup or After bases update as the value for the Launch Fre-
quency setting.
Description If the execution of a task takes longer than the specified number
of hours and minutes, it will be terminated by the Anti-Virus. Task
terminated this way will not be considered skipped.
Using this setting you can specify the time for the automatic ter-
mination of the real-time protection tasks.
This setting is not used in the updating tasks.
Setting Time period (within 24 hours) during which a task will be paused
(Pause from… until)
Description If required, you can pause a task for a specified time period within
24 hours. For example, pausing an on-demand scan task if the
load on the server is too high and you do not wish to create addi-
tional load by the execution of this task.
This setting is not used in the updating tasks.
If, along with the above setting, you specified the Maximum task
execution time setting, note that the time period specified by this
value, during which task will be paused, will be included into the
total task execution time.
Description You can enable the function of launching skipped tasks. If the
Anti-Virus cannot start a task at the specified time (for example, if
the computer is turned off), the Anti-Virus will consider this task
skipped and will automatically start its execution after it is started.
358 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Allowable Enabled/disabled
values
Description If you provide a value for this setting, this task will be launched at
any moment within the time interval between its scheduled launch
time and the calculated time for its launch plus the value of this
setting.
You can use this setting, for example, when you use one inter-
mediary computer for distributing updates to multiple servers, in
order to decrease the load on the intermediary computer and the
network traffic.
This setting will not be applied if you selected At the application
startup, After bases update or After receiving updates by
Administration server as the value for the Launch Frequency
setting.
Description This setting is used only in the Real-time file protection task. It
determines the type of access to the objects that ensures that
the Anti-Virus scans such objects.
The Protection mode has the common value for the entire pro-
tection area specified in the task. You cannot specify different
values for the setting for its individual nodes.
Values and Select one of the protection modes depending on your require-
some recom- ments to the server security, on which files are stored on the
mendations server, on the format of the files are stored in and on the infor-
on their mation they contain:
usage
Intelligent Mode. The Anti-Virus scans the object when it is
opened and rescans after it is saved, if the object was mod-
ified. If multiple calls to the object were made by the process
while ran and if the process modified it, the Anti-Virus will re-
scan the object only after the last time the object was saved
by the process.
When opened and modified. The Anti-Virus scans the ob-
ject when it is opened and rescans it after it is saved if the
object was modified.
When opened. The Anti-Virus scans the object when it is
opened for reading or for execution or modification.
When executed. The Anti-Virus scans object only when it is
opened for execution.
By default objects are scanned On opening and modification
protection mode.
Description This setting determines where all objects in the protection scope
or only objects with specified formats or extensions.
The Kaspersky Lab virus analysts draw up lists of formats and
extensions that infectable objects could have. These lists are
saved in the Anti-Virus database. When Kaspersky Lab updates
them, you will receive these updates along with the database
updates.
Using the Objects to scan, you can create your own extension
list.
You can add all the extensions from the list of extensions pro-
vided by Anti-Virus. To do it, click the Default button.
Scan boot sectors of disks and of the main boot record
(MBR) This setting is applied when the scan scope includes pre-
defined areas Hard Drives and Removable Drives, a predefined
area My Computer or dynamically created drives. This setting is
not applied if the scan scope includes only the System memory,
Startup objects, Public folders areas or if the scan scope in-
cludes individual files or folders.
Scan alternate NTFS streams. The Anti-Virus scans alternate
file and folder streams on the NTFS file system drives.
Description When scan of only new and changed objects is enabled, Anti-
Virus scans all objects in the specified protection scope (scan
scope) except those objects which it already scanned and found
clean and which have not changed since the moment of scan.
Description Threats of some types (classes) are more dangerous than oth-
ers. For instance a Trojan horse may inflict more considerable
damage compared with adware. Using settings of this group you
can define configure actions for Anti-Virus to perform with objects
that contain threats of various types.
If you configure values for this setting, the Anti-Virus will apply
them instead of values of the Actions to be performed infected
objects and Actions to be performed with suspicious objects
settings.
Appendix A 369
Values and For each threat type select in the list of all possible actions with
some rec- infected and suspicious objects two actions that Anti-Virus will
ommenda- attempt to perform with the object if it detects a threat of the spe-
tions on their cified type in it. If the Anti-Virus fails to perform the first action, it
usage will perform the second action you selected.
If possible, the Anti-Virus will apply selected actions both to in-
fected and to suspicious objects. For example, if you select Dis-
infect as the first action and Quarantine as the second actions,
the Anti-Virus will quarantine an infected object only if it failed to
disinfect it and it will quarantine a suspicious object immediately
without attempting to perform the Disinfect action since suspi-
cious objects are not subject to disinfection.
If you select Skip as the first action, the second action will not be
available. We recommend specifying two actions as other values.
Note that in the list of threat types Network Worms and Classic
Worms are listed under the common heading Viruses.
If Anti-Virus fails to move an object to Backup or Quarantine, it
will not take the next step on the object (for example, disinfecting
or deleting it). The object will be considered skipped. You can
also view the reason for skipping the object in the detailed report
on task performance.
The value Undefined on the list of threat types includes new
viruses currently not classified under any of the known threat
types.
For the description of threat types see 1.1.2 on pg. 14.
Description Using this setting you can exclude individual objects or groups of
objects (using filename mask) from the scan scope.
By excluding large files from the scan scope you can speed up
the file exchange and shorten the execution time of on-demand
scan tasks.
Information about excluding objects from the scan scope is en-
tered into the task execution report (according to the default re-
port settings). For more details about reports see 13.2 on pg.
186.
For on-demand scan tasks: when the Anti-Virus scans the
process in the memory, it also scans the process starting file
even if this file was added to the list of exclusions.
Values and Create a list of files. You can specify either the full file name or
some rec- use a mask. Use special symbols * and ? for creating a mask.
ommenda-
tions on their
usage
Values and Create a list of threats to be excluded (by default this list is emp-
some rec- ty). Delimit values in the list using a semicolon (;).
ommenda- In order to exclude from the scan a single object, specify the full
tions on their name of the threat in this object - the Anti-Virus line with a con-
usage clusion that the object is infected or suspicious.
The full name of the threat is determined as the result of objects'
threat. It may contain the following information:
<threat class>:<threat type>.<platform short name>.<threat
name>.<threat modification name>.
For example, you use Remote Administrator utility as the remote
administration tool. Most Anti-Virus programs refer this utility's
code to the Riskware threats type. If you do not want Anti-Virus
to block it, add the full name of the threat to the list of excluded
threats of the server file resource tree node in which the utility
files are stored.
You can specify the following as the setting's value:
full name of the threat: not-a-
virus:RemoteAdmin.Win32.RAdmin.20. The Anti-Virus will
not perform actions with application modules of the program in
which Anti-Virus detected threat Win32.RAdmin.20.
mask for the full threat name: not-virus:RemoteAdmin.* The
Anti-Virus will not perform actions with any version of Remote
Administrator program.
mask of the full name of threat including only the type of the
threat: not-a-virus:* The Anti-Virus will not perform any ac-
tions with objects containing the threat of this type.
You can find the full name of a threat contained in the program in
the detailed report about the task execution. For more details
about reports see 13.2 on pg. 186.
Additionally you can find the full name of a threat detected in an
object in the Virus Encyclopedia Viruslist.com. In order to find the
name of a threat enter the name of the product in the Search
field.
Setting Maximum object scan time, sec. (Stop scan if it takes longer
than…)
Description The Anti-Virus will stop scanning an object if the scan takes
longer than the number of seconds specified in the setting. In-
formation about excluding objects from the scan scope is entered
into the detailed task execution report (according to the default
report settings).
Description This setting enables and disables the use of Kaspersky Lab's
iChecker technology.
iChecker technology is only applied to infectable file types and
formats.
The iChecker technology enables you not to rescan objects on
the server that were found clean as the result of previous scans
performed by the Anti-Virus. The use of iChecker decreases the
load on the processor and disk systems and simultaneously in-
creases the speed of the scan and file exchanges.
Note that the Anti-Virus rescans an object from the rescan scope
if during the time elapsed since the time of the previous scan the
object itself has changed or scan settings have changed towards
the higher security level.
Anti-Virus enters into the report information that the object was
not scanned due to the use of iChecker technology (in accor-
dance with the default report settings).
Values Enabled/disabled
Description This setting enables and disables the use of Kaspersky Lab's
iSwift technology.
The iSwift technology is applied to objects of NTFS system.
The iSwift technology enables you not to rescan those objects
which were found clean by the Anti-Virus during previous scans
and objects scanned by other Kaspersky Lab's Anti-Virus 6.0
version applications. The use of iSwift decreases the load on the
processor and disk systems and simultaneously increases the
speed of the scan And file exchanges.
Note that the Anti-Virus rescans an object if during the time
elapsed since the time of the previous scan the object itself has
changed, scan settings have changed towards the higher securi-
ty level.
The Anti-Virus enters into the report information that the object
was not scanned due to the use of iSwift technology (in accor-
dance with the default report settings).
Anti-Virus uses a network version of iSwift technology called iN-
etSwift. It operates in the same way as a common iSwift version,
but allows to skip reprocessing of files received from other com-
puters running iSwift and one of the following applications.
Kaspersky Anti-Virus 6.0 for Windows Workstations;
Kaspersky Anti-Virus 6.0 for Windows Servers;
Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edi-
tion;
Kaspersky Anti-Virus 6.0 / 7.0;
Kaspersky Internet Security 6.0 / 7.0.
The use of iNefSwift rules out reprocessing of objects within the
entire network which minimizes the Anti-Virus impact on the
speed of file exchange.
If Novell Client For Windows XP/2003 v4.71 or later is installed
on the protected server, the ISwift technology will operate within
one computer without the use of iNetSwift.
Appendix A 375
Values Enabled/disabled
If you selected Run executable file, specify the name of the ex-
ecutable file and the full path to it and specify the account under
which the executable file will be run. The executable file must be
stored on the local drive of the protected server. The account
under which the file will be executed must be registered on the
protected server or on at the domain controller into which the
protected server is included.
Description You can specify a list of computers to be excluded from the au-
tomatic blocking scope - local network computers with which Anti-
Virus will not perform any actions if an attempt to write infected or
suspicious object from this computer to the protected server oc-
curs.
If you add a computer access from which is currently blocked to
this list, such computer will not be unblocked immediately after
you have saved the new blocking settings. Rather it will be
blocked only after the time period specified for its blocking has
expired or after you have unblocked it manually.
Scan of composite objects (see A.3.4 The following values of the setting are
on pg. 363) enabled:
all SFX-archives;
all packed objects;
all embedded OLE-objects.
The following values of the setting do
not change:
archives;
mail databases;
mail format files.
Description You can select a source from which the Anti-Virus will receive
updates of bases or application modules depending on the up-
date scheme used in your organization. (Examples of the update
schemes are provided in 10.3 on pg. 139).
Default value You can view the list of Kaspersky Anti-Virus update servers in
file %ALLUSERSPROFILE%\Application Data\Kaspersky
Lab\KAV for Windows Servers Enterprise Edi-
tion\6.0\Update\updcfg.xml.
Setting FTP server mode for connection to the protected server; connec-
tion timeout (Use FTP in passive mode if possible)
Appendix A 383
Description For connecting via FTP protocol Anti-Virus uses passive FTP
server mode: it is suggested that the local area network of the
organization uses a firewall. When the passive FTP server mode
is not working, the active mode will be automatically enabled.
Allowable Select the FTP server mode. Enable or disable passive FTP
values mode.
Description This setting assigns the connection timeout for the update source.
Default value Anti-Virus accesses the proxy server only when it connects to the
Kaspersky Lab's HTTP or FTP update servers.
Allowable Specify the IP address or the server’s DNS name (for example,
values proxy.mycompany.com) and the port.
Disable the use of a proxy server if the user-defined FTP or
HTTP server is located in your local network.
Description This setting specifies the method used to authenticate users when
accessing the proxy server in case of establishing a connection to
the FTP or HTTP servers used as update sources.
386 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Default value Authentication is not performed when accessing the proxy server.
Default value By default the Anti-Virus detects location of the protected server
according to its regional settings in Microsoft Windows, for Micro-
soft Windows Server 2003 – according to the value of Location
setting set for Default User Account by the Default User Account
Settings.
For example, if you set Russia as the Location value in regional
settings of Microsoft Windows (using current user account),
meanwhile it’s value for the Default User Account is left as USA,
Anti-Virus will download the updates from the servers set not in
Russia, but in the USA.
To optimize the downloading of updates you can perform one of
the following actions:
specify country of server’s Location in regional settings of
Microsoft Windows for the Default User Account;
launch update task in the Anti-Virus using the current User
Account;
select country of server’s location using update setting Loca-
tion of the protected server described in this table.
Description Using the Updating application modules task, you can select,
immediately load, and install critical program module updates or
just check to see if any are available.
Default value Only check for available critical application module updates
Description Using this setting, you can select which updates are downloaded.
You can only download only Anti-Virus database updates, only
critical program module updates, or all available updates. You can
also download database updates and modules for both Anti-Virus
and the other Kaspersky Lab 6.0 applications in order to distribute
390 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Default value The Anti-Virus downloads only the updates of the Anti-Virus
bases.
Description Using this setting you can specify the folder into which the update
files will be saved.
Allowable Specify a local or a network folder into which Anti-Virus will save
values the downloaded updates. In order to specify a network folder, en-
ter its name and the path to it in the UNC (Universal Naming Con-
vention) format.
Appendix A 391
Description You can specify a folder other than the default Quarantine folder
as the quarantine location.
392 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Allowable 1– 999 MB
values
Description This setting is used along with the Maximum quarantine size
setting.
Quarantine Free Space Threshold is an information only set-
ting. It does not restrict the size of the quarantine folder, but al-
lows to obtain information that the quarantine will be full shortly. If
the quarantine folder free space amount becomes less than the
set threshold, Anti-Virus registers event Quarantine Free Space
Threshold Exceeded and continues isolating suspicious objects.
You can configure a notification about event Quarantine Free
Space Threshold Exceeded (information about setting up such
notification is contained in Chapter 15 on pg. 214)
Allowable Specify the size in MB; it must be less than the value specified by
values the Maximum quarantine size setting.
Recommended setting: 50 MB
Description The value of this setting specifies a special folder for restored
objects on the protected server.
When you restore objects you can select location where the ob-
ject being restored will be saved to: into the original location, into
a special folder for restored objects on the protected server or
into another specified folder in the computer on which Anti-Virus
console is installed or on another computer in the network.
Description You can specify a folder other than the default folder as Backup
location.
Description The value of this setting determines the maximum backup sto-
rage size - the total amount of data in the Backup folder.
The Maximum Backup Storage Size is an information only set-
ting. It does not restrict the size of the backup storage folder, ra-
ther it is an event criterion which allows the administrator to moni-
tor the storage state. After the maximum backup storage size is
exceeded Anti-Virus will continue saving copies of infected files in
the backup storage.
You can configure an administrator's notification that the maxi-
mum backup storage size has been exceeded. Anti-Virus will
send the notification once the total amount of data in the Backup
has reached the specified value (for more details about notifica-
tions refer to Chapter 15 on pg. 214).
Recommended setting: 200 MB.
Allowable 1– 999 MB
values
Description This setting is used along with the Maximum Backup Storage
Size setting.
This is an information only setting. It does not restrict the size of
the backup storage folder, but allows to obtain information that it
Appendix A 397
will be full shortly. If the backup storage folder free space amount
becomes less than the set threshold, Anti-Virus registers event
Backup Storage Free Space Threshold Exceeded and contin-
ues isolating suspicious objects.
You can configure a notification about events of this type (for
information about configuring such notifications see Chapter 15
on pg. 214).
Allowable Specify the size in MB; it must be less than the value specified by
values the Maximum backup storage size setting.
Recommended setting: 50 MB
Description The value of this setting specifies a special folder for restored
objects for the local disk of the protected server.
When you restore files you can select where the file being res-
tored will be saved: to the original folder, to a special folder for
restored objects on the protected server or to another specified
folder in the computer on which Anti-Virus console is installed or
on another computer in the network.
If you are managing Anti-Virus on the protected server through an
MMC console installed on a remote administrator's workstation,
you must be included in the local administrators group on the
protected server to be able to view the folders on it.
tem blocks all network activity except for a few transactions allowed in user-
defined rules.
The program employs an all-inclusive approach to anti-spam filtering of incoming
e-mail messages:
Verification against black and white lists of recipients (including ad-
dresses of phishing sites);
Inspection of phrases in message body;
Analysis of message text using a learning algorithm;
Recognition of spam sent in image files.
On-demand scans of the entire file system or individual files and folders;
Use of optimization technologies when scanning objects in the server
file system;
System rollback after virus attacks;
Scalability of the software package within the scope of system re-
sources available;
Monitoring of the system load balance;
Creating a list of trusted processes whose activity on the server is not
subject to control by the software package;
Remote administration of the software package, including centralized
installation, configuration, and administration;
Saving backup copies of infected and deleted objects in case you need
to restore them;
Quarantining suspicious objects;
Send notifications on events in program operation to the system admin-
istrator;
Log detailed reports;
Automatically update program databases.
Kaspersky Open Space Security
Kaspersky Open Space Security is a software package withal new approach to
security for today's corporate networks of any size, providing centralized protec-
tion information systems and support for remote offices and mobile users.
The suite includes four programs:
Kaspersky Work Space Security;
Kaspersky Business Space Security;
Kaspersky Enterprise Space Security;
Kaspersky Total Space Security.
Specifics on each program are given below.
Appendix B 405
Kaspersky® Anti-Spam
Kaspersky® Anti-Spam is a cutting-edge software suite designed to help organi-
zations with small- and medium-sized networks wage war against the onslaught
of unsolicited e-mail messages (spam). The product combines the revolutionary
technology of linguistic analysis with modern methods of e-mail filtration, includ-
ing DNS Black Lists and formal letter features. Its unique combination of services
allows users to identify and wipe out up to 95% of unwanted traffic.
Installed at the entrance to a network, where it monitors incoming e-mail traffic
streams for spam, Kaspersky® Anti-Spam acts as a barrier to unsolicited e-mail.
The product is compatible with any mail system and can be installed on either an
existing mail server or a dedicated one.
Kaspersky® Anti-Spam’s high performance is ensured by daily updates to the
content filtration database, adding samples provided by the Company’s linguistic
laboratory specialists. Databases are updated every 20 minutes.
®
Kaspersky Anti-Virus for MIMESweeper
®
Kaspersky Anti-Virus for MIMESweeper provides high-speed scanning of traffic
on servers running Clearswift MIMEsweeper for SMTP / Clearswift MIMEswee-
per for Exchange / Clearswift MIMEsweeper for Web.
The program is a plug-in and scans for viruses and processes inbound and out-
bound e-mail traffic in real time.
Appendix B 411
B.2. Contact Us
If you have any questions, comments, or suggestions, please refer them to one
of our distributors or directly to Kaspersky Lab. We will be glad to assist you in
any matters related to our product by phone or via email. Rest assured that all of
your recommendations and suggestions will be thoroughly reviewed and consi-
dered.
you the non-exclusive, non-transferable right to use one copy of the specified
version of the Software and the accompanying documentation (the “Documenta-
tion”) for the term of this Agreement solely for your own internal business pur-
poses.
1.1 Use. The number of computers that User may protect by the Software is spe-
cified in the License Key File and indicated in the “Service” window. The Soft-
ware may not be used to protect any networks with more than this number of file
servers.
1.1.1 The Software is “in use” on a computer when it is loaded into the temporary
memory (i.e., random-access memory or RAM) or installed into the permanent
memory (e.g., hard disk, CD-ROM, or other storage device) of that computer.
This license authorizes you to make only as many back-up copies of the Soft-
ware as are necessary for its lawful use and solely for back-up purposes, pro-
vided that all such copies contain all of the Software’s proprietary notices. You
shall maintain records of the number and location of all copies of the Software
and Documentation and will take all reasonable precautions to protect the Soft-
ware from unauthorized copying or use.
1.1.2 The Software protects computer against viruses whose signatures are con-
tained in the threat signatures database which is available on Kaspersky Lab's
update servers.
1.1.3 If you sell the computer on which the Software is installed, you will ensure
that all copies of the Software have been previously deleted.
1.1.4 You shall not decompile, reverse engineer, disassemble or otherwise re-
duce any part of this Software to a humanly readable form nor permit any third
party to do so. The interface information necessary to achieve interoperability of
the Software with independently created computer programs will be provided by
Kaspersky Lab by request on payment of its reasonable costs and expenses for
procuring and supplying such information. In the event that Kaspersky Lab noti-
fies you that it does not intend to make such information available for any reason,
including (without limitation) costs, you shall be permitted to take such steps to
achieve interoperability, provided that you only reverse engineer or decompile
the Software to the extent permitted by law.
1.1.5 You shall not make error corrections to, or otherwise modify, adapt, or
translate the Software, nor create derivative works of the Software, nor permit
any third party to copy (other than as expressly permitted herein).
1.1.6 You shall not rent, lease or lend the Software to any other person, nor
transfer or sub-license your license rights to any other person.
1.1.7 You shall not use this Software in automatic, semi-automatic or manual
tools designed to create virus signatures, virus detection routines, any other data
or code for detecting malicious code or data.
418 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
1.1.8 Kaspersky Lab may ask User to install the latest version of the Software
(the latest version and the latest maintenance pack).
1.1.9 Removal of Potentially Harmful Products. You acknowledge and agree that,
in addition to detecting harmful and malicious software, the Product may also
identify, remove and/or disable potentially harmful products, including those that
are regarded or classified as Adware, Riskware, Pornware etc.
2. Support.
(i) Kaspersky Lab will provide you with the support services (“Support Ser-
vices”) as defined below for a period, specified in the License Key File and
indicated in the "Service" window, since the moment of purchasing on:
(a) payment of its then current support charge, and:
(b) Kaspersky Lab's technical support service is also entitled to de-
mand from the End User additional registration for identifier award-
ing for Support Services rendering.
(c) Until Software activation and/or obtaining of the End User identifier
(Customer ID) technical support service renders only assistance in
Software activation and registration of the End User.
(ii) By completion of the Support Services Subscription Form you consent to
the terms of the Kaspersky Lab Privacy Policy, which is deposited on
www.kaspersky.com/privacy, and you explicitly consent to the transfer of
data to other countries outside your own as set out in the Privacy Policy.
(iii) Support Services will terminate unless renewed annually by payment of
the then-current annual support charge and by successful completion of
the Support Services Subscription Form again.
(iv) “Support Services” means:
(a) Hourly updates of the Anti-Virus database;
(b) Free software updates, including version upgrades;
(c) Technical support via Internet and hot phone-line provided by Ven-
dor and/or Reseller;
(d) Virus detection and disinfection updates in 24-hours period.
(v) Support Services are provided only if and when you have the latest ver-
sion of the Software (including maintenance packs) as available on the
official Kaspersky Lab website (www.kaspersky.com) installed on your
computer.
3. Ownership Rights. The Software is protected by copyright laws. Kaspersky
Lab and its suppliers own and retain all rights, titles and interests in and to the
Software, including all copyrights, patents, trademarks and other intellectual
Appendix D 419
property rights therein. Your possession, installation, or use of the Software does
not transfer any title to the intellectual property in the Software to you, and you
will not acquire any rights to the Software except as expressly set forth in this
Agreement.
4. Confidentiality. You agree that the Software and the Documentation, including
the specific design and structure of individual programs constitute confidential
proprietary information of Kaspersky Lab. You shall not disclose, provide, or oth-
erwise make available such confidential information in any form to any third party
without the prior written consent of Kaspersky Lab. You shall implement reason-
able security measures to protect such confidential information, but without limi-
tation to the foregoing shall use best endeavours to maintain the security of the
activation code.
5. Limited Warranty.
(i) Kaspersky Lab warrants that for six (6) months from first download or in-
stallation the Software purchased on a physical medium will perform sub-
stantially in accordance with the functionality described in the Documenta-
tion when operated properly and in the manner specified in the Documen-
tation.
(ii) You accept all responsibility for the selection of this Software to meet your
requirements. Kaspersky Lab does not warrant that the Software and/or
the Documentation will be suitable for such requirements nor that any use
will be uninterrupted or error free.
(iii) Kaspersky Lab does not warrant that this Software identifies all known
viruses, nor that the Software will not occasionally erroneously report a vi-
rus in a title not infected by that virus.
(iv) Kaspersky Lab does not warrant that this Software provides protection
after expiring date (see .2 (i))
(v) Your sole remedy and the entire liability of Kaspersky Lab for breach of
the warranty at paragraph (i) will be at Kaspersky Lab option, to repair, re-
place or refund of the Software if reported to Kaspersky Lab or its desig-
nee during the warranty period. You shall provide all information as may
be reasonably necessary to assist the Supplier in resolving the defective
item.
(vi) The warranty in (i) shall not apply if you (a) make or cause to be made any
modifications to this Software without the consent of Kaspersky Lab, (b)
use the Software in a manner for which it was not intended, or (c) use the
Software other than as permitted under this Agreement.
(vii) The warranties and conditions stated in this Agreement are in lieu of all
other conditions, warranties or other terms concerning the supply or pur-
ported supply of, failure to supply or delay in supplying the Software or the
420 Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
Documentation which might but for this paragraph (vi) have effect be-
tween the Kaspersky Lab and your or would otherwise be implied into or
incorporated into this Agreement or any collateral contract, whether by
statute, common law or otherwise, all of which are hereby excluded (in-
cluding, without limitation, the implied conditions, warranties or other
terms as to satisfactory quality, fitness for purpose or as to the use of rea-
sonable skill and care).
6. Limitation of Liability.
(i) Nothing in this Agreement shall exclude or limit Kaspersky Lab’s liability
for (a) the tort of deceit, (b) death or personal injury caused by its breach
of a common law duty of care or any negligent breach of a term of this
Agreement, or (c) any other liability which cannot be excluded by law.
(ii) Subject to paragraph (i) above, Kaspersky Lab shall bear no liability
(whether in contract, tort, restitution or otherwise) for any of the following
losses or damage (whether such losses or damage were foreseen, fore-
seeable, known or otherwise):
(a) Loss of revenue;
(b) Loss of actual or anticipated profits (including for loss of profits on
contracts);
(c) Loss of the use of money;
(d) Loss of anticipated savings;
(e) Loss of business;
(f) Loss of opportunity;
(g) Loss of goodwill;
(h) Loss of reputation;
(i) Loss of, damage to or corruption of data, or:
(j) Any indirect or consequential loss or damage howsoever caused
(including, for the avoidance of doubt, where such loss or damage
is of the type specified in paragraphs (ii), (a) to (ii), (i).
(iii) Subject to paragraph (i), the liability of Kaspersky Lab (whether in con-
tract, tort, restitution or otherwise) arising out of or in connection with the
supply of the Software shall in no circumstances exceed a sum equal to
the amount equally paid by you for the Software.
7. This Agreement contains the entire understanding between the parties with
respect to the subject matter hereof and supersedes all and any prior under-
standings, undertakings and promises between you and Kaspersky Lab, whether
oral or in writing, which have been given or may be implied from anything written
or said in negotiations between us or our representatives prior to this Agreement
Appendix D 421
and all prior agreements between the parties relating to the matters aforesaid
shall cease to have effect as from the Effective Date.
________________________________________________________________
When using demo software, you are not entitled to the Technical Support specified in
Clause 2 of this EULA, nor do you have the right to sell the copy in your possession to
other parties.
You are entitled to use the software for demo purposes for the period of time
specified in the license key file starting from the moment of activation (this period
can be viewed in the Service window of the software's GUI).