F-Secure Anti-Virus. for Windows Servers. Administrator s Guide

(1)

Anti-Virus

for Windows Servers

(2)

F-Secure Corporation disclaims proprietary interest in the marks and names of others. Although F-Secure Corporation makes every effort to ensure that this information is accurate, F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure Corporation reserves the right to modify specifications cited in this document without prior notice.

Companies, names and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of F-Secure Corporation.

(3)

1. Welcome ... 1

Today's Challenges ... 1

The Solution ... 1

1.1 F-Secure Anti-Virus ... 1

Administration ... 2

Local Interface ... 2

2. Installation ... 3

2.1 System Requirements ... 3

2.2 Remote Installation ... 4

F-Secure Policy Manager ... 4

2.3 Installation ... 5

Remote Installation ... 5

Local Installation ... 6

3. Centrally Managing F-Secure Anti-Virus ... 9

3.1 F-Secure Policy Manager Console Features ... 9

Configuring Settings ... 9

Operations ... 10

3.2 Settings ... 11

(4)

4.1 Real-Time Protection ... 30

4.2 Scanning for Viruses Manually ... 31

Shortcut Menu ... 32

Status Indicator ... 33

Windows Start Menu ... 34

4.3 How Disinfection Wizard Removes a Virus ... 35

4.4 F-Secure Anti-Virus Local Settings ... 40

Statistics ... 40

Real-Time Protection ... 41

Manual Scanning ... 45

Updates ... 48

5. Updating Virus Definition Databases ... 49

5.1 Update Methods ... 49

Appendix A. Parameters & Return Codes ... 54

Using Command-Line Scanner ... 54

Command-Line Scanner Parameters ... 56

Command-Line Scanner Return Codes ... 57

Appendix B. F-Secure Anti-Virus for DOS ... 61

Installation ... 62

Scanning for Viruses ... 62

Updating ... 62

(5)

Electronic Mail Support ... 68

About F-Secure Corporation ... 71

(6)

(7)

Today's Challenges

Seven to ten new viruses are found each day, some of them with the ability to spread globally within hours. If a virus enters the corporate network, fighting against it can be very costly, difficult and time consuming. Virus infections often cause big financial losses due to network disruptions, decreased productivity, corrupted data and leaks of confidential data. Also, the company reputation can be in danger if it spreads viruses to its business associates.

The Solution

F-Secure Anti-Virus for Windows Servers ensures that users who connect with infected machines to the corporate file servers do not spread viruses to others on the network. With F-Secure, antivirus protection is fast, efficient and easy. antivirus installations and management can be done remotely from one central location.

1.1 F-Secure Anti-Virus

F-Secure Anti-Virus has an easily accessible user interface, which not only provides important update information, but also makes it possible for users to perform manual scans. You do not have to worry about manually updating virus database updates; F-Secure Anti-Virus with F-Secure BackWeb make sure that the databases are kept up-to-date.

F-Secure Anti-Virus provides the network administrator with comprehensive security management features and a three-tier architecture that will scale from a small LAN with only a few workstations, all the

(8)

way up to a large WAN with hundreds of thousands of nodes distributed around the globe. Every major function of F-Secure Anti-Virus is transparent to the user, which reduces maintenance costs.

Software distribution and alerting functions are based on a three-tier system that uses the HTTP protocol to work in any TCP/IP network. The HTTP protocol will work easily with your existing routers, firewalls, and other components of your network infrastructure.

Administration

• The F-Secure Policy Manager Console utility provides central administration under a three-tier management architecture. The administration tasks include software distribution, updating, alerting, and configuration management.

• F-Secure Anti-Virus is scalable to enterprise-wide networks through distributed F-Secure Policy Manager Servers and HTTP protocol.

• F-Secure Management Agent provides statistics from each workstation and sends alerts when a virus is found.

• The administrator can create and distribute policies that specify different settings for manual scans and real-time protection.

• Alerts, reports, and messages are viewed in F-Secure Policy Manager Console. • Improved support for the industry-standard SNMP protocol.

• Installation and updates are supported under the Microsoft Systems Management Server (SMS) on Windows networks.

Local Interface

• A new and simple user interface makes the most common functions available from a shortcut menu.

• A new Disinfection Wizard guides the user through the removal of viruses from the system. • The new and easy-to-use virus information database on the F-Secure Web site can be

conveniently accessed.

• All F-Secure Anti-Virus settings can be centrally managed by the administrator.

• The administrator can determine what is visible in the user interface, thus controlling the level of transparency to the user.

(9)

This chapter describes the different installation methods for system administrators who need to install F-Secure Anti-Virus with centrally managed features.

2.1 System Requirements

Operating System: MS Windows NT Server 4.0 with Service Pack 6 or later, MS Windows 2000 Server with Service Pack 3 or later,

MS Windows 2000 Advanced Server with Service Pack 3 or later, MS Windows Server 2003, Standard Edition with latest service pack, MS Windows Server 2003, Enterprise Edition with latest service pack Processor: Intel Pentium processor

Memory: 64 MB for Windows NT Server 4.0

128 MB for Windows 2000 Server, Windows Server 2003 Free Hard Disk

space:

Approximately 30MB During installation 60 MB

(10)

2.2 Remote Installation

Remote installation is recommended for network environments with more than 50 hosts. This installation method uses F-Secure Policy Manager to “push” F-Secure Anti-Virus to the hosts.

This section describes what F-Secure Policy Manager is and how it works, and what the installation order is. Please read the F-Secure Policy Manager manual on the F-Secure CD if you are not familiar with F-Secure Policy Manager.

F-Secure Policy Manager

F-Secure Policy Manager provides a scalable way to manage the security of multiple applications on multiple operating systems from one central location. F-Secure Policy Manager can be used to keep security software up-to-date, manage configurations, oversee enterprise compliance and be scaled to handle even the largest, most mobile workforce.

F-Secure Policy Manager provides a tightly integrated infrastructure for defining security policies, deploying both policies and applications software to local and remote systems, and monitoring the activities of all systems in the enterprise to ensure compliance with corporate policies and centralized control.

F-Secure Policy Manager consists of the following architectural components: • F-Secure Policy Manager Server

• F-Secure Policy Manager Console

F-Secure Policy Manager Console can be run on several different platforms. It can be used to remotely deploy F-Secure Management Agent on other hosts with no need for local login scripts, rebooting, or any actions by the end user. F-Secure Management Agent handles all management functions on local hosts. It provides a common interface for all F-Secure applications, and operates within the policy-based

management infrastructure to enforce the policies set by the administrator.

Policy-Based Management

F-Secure Policy Manager uses a concept known as policy-based management. A security policy is a set of well-defined rules that regulate how sensitive information and other resources are managed, protected, and distributed. F-Secure Policy Manager uses policies that are configured by the administrator centrally.

(11)

management implements many functions, including:

• Remotely controlling and monitoring the behavior of the products.

• Monitoring statistics provided by the products and F-Secure Management Agent. • Remotely starting predefined operations.

• Transmitting alerts and notifications from the products to the system administrator.

Information between F-Secure Policy Manager Console and the hosts is exchanged through the transfer of policy files.

2.3 Installation

F-Secure Anti-Virus for Windows Server provides real-time protection for the entire corporate network by protecting information stored on your server. It protects the server by automatically searching for viruses in every file that is being accessed from any host connected to the server. If a virus is found in a file, access to that file is blocked. F-Secure Anti-Virus provides extensive logging, communication and administration features making the administrator’s job easier, simpler, and safer.

F-Secure Anti-Virus supports all Windows-compatible networks and integrates in F-Secure Policy Manager.

Remote Installation

You need to have F-Secure Policy Manager already installed before you can install F-Secure Anti-Virus. F-Secure Policy Manager is not installed, install the components in the following order:

Step 1

Install F-Secure Policy Manager Server.

NOTE:

The management architecture is covered in detail in the F-Secure Policy Manager Administrator’s Guide available on the F-Secure CD. Please refer to the manual if you are not familiar with the F-Secure Policy Manager product.

(12)

Step 2

Install F-Secure Policy Manager Console.

Step 3

Install F-Secure Management Agent.

Step 4

Install F-Secure Anti-Virus.

The following list describes which components are installed on the network computers: 1. Administrator’s machine

F-Secure Policy Manager Console controls all the hosts remotely. 2. Policy Manager Server

The Web server that enables communication between hosts and the administrator’s machine. 3. File Servers

Servers running WinNT 4.0 or Windows 2000/2003 operating systems. F-Secure Management Agent must be remotely installed on the hosts before F-Secure Anti-Virus can be installed remotely.

Local Installation

To install the software from the F-Secure CD directly, do the following:

Step 1

Insert the F-Secure CD in the CD-ROM drive.

Step 2

Choose Corporate Use and click Next to continue.

Step 3

(13)

Enter the keycode you received with your software and click Next to continue.

Step 5

Click on the product name to start the installation.

Step 6

When prompted for the Administration Method, choose Centralized Administration Through Network.

Step 7

Under Choose Products to Install, be sure to select the F-Secure Management Agent checkbox. F-Secure Management Agent handles communication between the administrator and the host.

Step 8

If you have had F-Secure Anti-Virus previously installed on the server, you are now given an opportunity to add components or to re-install all components.

Step 9

When installing F-Secure Anti-Virus, sometimes it may be necessary to change public-key settings and communication settings. You can keep the existing settings or you can define new settings. If you decide to keep the existing settings, the next screen will display the list of changes to the system and the installation will be complete. Otherwise, proceed to Step 10.

Step 10

Enter the path to the public Management Key that you created during the F-Secure Policy Manager Console setup. Click the Browse button to search for this key. You can transfer the key to the host by using any of the following methods:

1. Use a shared folder on the file server, or 2. Use a floppy disk, or

(14)

Step 11

If you are using F-Secure Policy Manager Server with HTTP protocol, you only need to enter the Web address of the server to complete the installation. If you are using the shared Communication Directory to administer the hosts, you have to enter the user name and password for the domain user account that you created for accessing the Communication Directory on the file server. See the F-Secure Policy Manager Administrator’s Guide for more information.

Step 12

After you have entered all the information, the changes to your system will be displayed, and you can finish the installation by clicking Finish.

(15)

Anti-Virus

This chapter describes the F-Secure Policy Manager Console settings and operations. For detailed information on the F-Secure Anti-Virus settings, operations and statistics, see “Settings” on page 11. In order to distribute F-Secure Anti-Virus and policies to hosts, F-Secure Policy Manager must be installed on an administrator’s machine, and F-Secure Management Agent must be installed on the hosts. For more information on installing F-Secure Policy Manager , see the “F-Secure Policy Manager” on page 4.

3.1 F-Secure Policy Manager Console Features

Configuring Settings

The behavior of F-Secure Anti-Virus is determined by settings stored in policy files. All of the settings can be configured centrally using F-Secure Policy Manager Console. Most of the settings can be viewed at the host using F-Secure Settings and Statistics, which can be launched by double-clicking the “F” icon in

the system tray, or by double-clicking the Status Indicator icon .

For more information on settings that can be configured, see “Settings” on page 11.

For information on using F-Secure Policy Manager Console to change settings, see the F-Secure Policy Manager Administrator’s Guide.

(16)

Operations

Operations are tasks that the administrator can launch on hosts through F-Secure Policy Manager Console. To display a list of available operations for F-Secure Anti-Virus, select a domain or host in the Domain pane of F-Secure Policy Manager Console, and open the Operations folder in the Product pane. This will display a list of available operations for F-Secure Anti-Virus.

When you have selected an operation, click Start to start it. An operation is not actually started until you have distributed the policy and the hosts have received it. You can undo an operation before you have distributed the policy to the hosts.

ILaunching a Manual Scan

To launch a manual scan of all the hard disks on any host or logical domain, do the following in F-Secure Policy Manager Console:

1. In the Domain pane, select the domain.

2. In the Product pane, browse to Operations and choose Launch Manual Scanning.

3. Click Start. This will force the host to perform a manual scan on all hard disks, according to the manual scanning settings on each host.

Distributing Virus Database Updates

You can force a host to get new updates of the virus definition databases. To do this, follow this procedure using F-Secure Policy Manager Console:

1. In the Domain pane, select the domain that will receive the update.

NOTE:

Using this feature will force the host to scan all the local hard drives. Scanning all the local hard drives usually takes a long time, so this feature should not be used carelessly.

(17)

Manager Server. 4. Distribute the policy.

To automatically update the virus database files on the F-Secure Policy Manager Server, go to

http://www.f-secure.com/download-purchase/updates.html and download the F-Secure Anti-Virus Update utility.

In order to use the automatic database updates, hosts must have both read and write rights to the folder

Program Files\F-Secure Anti-Virus and the directory Program Files\F-Secure\Common\commdir and their

subdirectories.

3.2 Settings

F-Secure Anti-Virus settings can be modified in F-Secure Policy Manager Console through the Policy tab of the Properties pane. New settings will take effect only after the modified policy has been distributed to the hosts.

The settings listed below are for Language, Plug-Ins, Virus Definition Database Updates, Real-Time Protection, Manual Scanning and Scheduler.

Language

Language used in the user interface of F-Secure Anti-Virus.

Plug-Ins

Opens a table of plug-ins you have installed for F-Secure Anti-Virus. Plug-ins can include third-party scanning engines. The table below describes settings that can be made for each plug-in. Settings followed by an asterisk (*) should not be changed.

NOTE:

Distributing virus definition databases is not usually needed, since the default setting for centrally managed hosts is to get the updates automatically – the administrator only has to make sure that the updates are downloaded to the F-Secure Policy Manager Server regularly.

(18)

To disable a scan engine, change its "Status" value to "Disabled" and distribute the policy. The given scan engine will be disabled on the hosts and it will cease to consume CPU and memory resources.

Virus Definition Database Updates

The polling interval is specified in F-Secure Management Agent Settings, under Communications >

Protocols > Incoming Packages Polling Interval.

For more information about F-Secure Management Agent, see the F-Secure Policy Manager Administrator’s Guide.

Update Reminder

Setting Definition

Poll Automatically (Default = Enabled)

Launch Scan After Update

(Default = Disabled)

Host will be scanned immediately after being updated with a new virus database.

Information Site The URL path to an ISP (Internet Service Provider) defined information

site, where users are directed after pressing the More Information button in the Update page of the F-Secure Anti-Virus Properties pane.

Reminder Status (Default = Disabled). Enables the automatic virus definition database update reminders. If this status has been disabled, the user cannot access the Remind me about updates every X days check box in the Updates

NOTE:

Note that virus protection will be effectively removed if all scan engines are disabled.

(19)

Alert Administrator When Databases Are Old

Visual

Settings for Real-Time Protection

Allow Manual Updates

(Default = Disabled). Specifies whether manual updates are available to the user or not. If this feature is not available, the Update Reminders dialog and the Update Now button in the Update page of the F-Secure Anti-Virus

Properties pane cannot be used.

Force URL URL for virus signature database downloads.

Send a Trap When Databases Are Old

(Default = Enabled) Specifies whether a trap is sent to the administrator when the virus definition databases have become old.

Number of Days for Databases to Become Old

(Default = 30 days) This value (number of days) specifies when the virus definition databases are considered “old”. An alert will be sent to the administrator when the latest database has become older than the specified number of days.

Status Indicator (Default = Enabled). The Status Indicator is an icon in the System Tray that

shows the state of real-time protection to the user.

Scanning Enabled

(20)

Memory Scan Specifies whether system memory will be scanned for viruses at start-up. Boot Sector

Scanning

Allows you to set the following options:

Action on Infection. Specifies the action taken when an infection is

detected. Set by default to Disinfect Automatically.

Scan Floppy Disk Boot Sectors.

Scan Floppy Boot Sectors on Shutdown. This is done to prevent boot

sec-tor viruses from spreading.

File Scanning Allows you to set the following options:

Scan Files. Specifies which files to scan. This can be all files, or only files

with extensions that are listed under Inclusions and Exclusions (see below).

Action on Infection. The action taken when a virus is detected. The action

value "Default" means that the action as defined here under this setting will be applied. Set by default to Disinfect Automatically.

Scan Network Drives. When enabled, F-Secure Anti-Virus real-time

protection scans files accessed over the network (Default =Enabled).

Scan when Created or Modified. (Default =Enabled).

Scan Inside Archives (Default =Disabled). Scan inside archived files, such

as ZIP ARJ LZH TAR TGZ GZ CAB RAR BZ2, MSI, Z and JAR. This depends on the setting Included extensions for compressed files.

(21)

Actions, Advanced

These advanced settings specify the behavior of software when detecting infected files with real-time scanning. Under normal conditions, it is not necessary to change the default settings under this branch.

Inclusions and Exclusions.

Specifies files to be scanned or excluded from scanning. If this option is enabled, objects or file extensions can be specified to determine which files will be scanned or excluded from scanning. Options:

Included Extensions = list of extensions included

Included Extensions for Compressed Files (Default = ZIP ARJ LZH TAR

TGZ GZ CAB RAR BZ2, MSU, Z and JAR)

Add Extensions Defined in Database Updates (Default = Enabled) Excluded Extensions Enabled (Default = Disabled)

Excluded Extensions

Excluded Objects Enabled (Default = Disabled)

Actions Entry Definition

Index The index column

Action Description

Verbal description of action. This does not affect the operation of the software in any way.

Primary Action Primary action to be carried out if specified conditions are met.

If the primary actions are set to something other than "Default", the action as specified by the "Action on Infection" setting has no effect. This means that any action the user selects from the F-Secure Anti-Virus user interface will be overridden by the action specified in this table. In case the primary actions in this table are set to something other than "Default", it is

recommended to change the "Action on Infection" setting to match the selected primary action in this table, and to set the access restriction of the "Action on Infection" setting to "Final".

(22)

Actions, Advanced; User Input Timeouts

Settings for Manual Scanning

Secondary Action

Secondary action is carried out in case the primary action fails.

File State Condition specifying file state. Can be “Undefined”, “Existing” or “Created”.

User State Condition specifying the user state. Can be “Undefined”, “Logged On” or “Not Logged On”.

File Type Condition specifying file type.Can be “Undefined”, “OLE” or “Mailbox”.

User Input Timeout Setting

Definition

Ask After Scan Timeout (Default=5) Specifies a timeout value in minutes; the setting will be

used if the action to be carried out on infected file has been specified as "Ask After Scan". A value of zero means that the action prompt will never time out.

Ask After Scan Timeout for New Infected Files

Same as Ask After Scan Timeout but applies to infections found in new files created on the system.

Memory Scan Specifies whether the system memory will be scanned for viruses once a manual scan has been launched. The Excluded Segment setting specifies the memory segments to be excluded from scanning.

(23)

Actions, Advanced

Boot Sector Scanning

Allows you to set the following options:

Action on infection. The action taken when an infection is detected. Set by

default to Disinfect Automatically.

Scan Floppy Disk Boot Sectors.

File Scanning Allows you to set the following options:

Scan Files. Specifies which files to scan. This can be all files, or only files

with extensions that are listed under Inclusions and Exclusions (see below).

Action on infection. The action taken when a virus is detected. This is set

by default to Disinfect Automatically.

Scan Inside Archives. Scan inside archived files, such as ARJ, ZIP, and

LZH files. This depends on the setting Included extensions for compressed

files.

Inclusions and Exclusions

Specifies files to be scanned or excluded from scanning. If this option is enabled, objects or file extensions can be specified to determine which files will be scanned or excluded from scanning. Options:

Included Extensions = list of extensions included

Included Extensions for Compressed Files (Default = ZIP ARJ LZH TAR

TGZ GZ CAB RAR BZ2, MSI, Z and JAR)

Add Extensions Defined in Database Updates (Default= Enabled) Excluded Extensions Enabled (Default = Disabled)

Excluded Extensions

Excluded Objects Enabled (Default = Disabled)

Actions Entry Definition

(24)

Scheduler

You can set specific scanning, database update and generic tasks with the scheduler. The table below explains the settings for the scheduled tasks.

Action Description

Verbal description of action. This does not affect the operation of the software in any way.

Primary Action Primary action to be carried out if specified conditions are met.

If the primary actions are set to something other than "Default", the action as specified by the "Action on Infection" setting has no effect. This means that any action the user selects from the F-Secure Anti-Virus user interface will be overridden by the action specified in this table. In case the primary actions in this table are set to something other than "Default", it is

recommended to change the "Action on Infection" setting to match the selected primary action in this table, and to set the access restriction of the "Action on Infection" setting to "Final".

Secondary Action

Secondary action is carried out in case the primary action fails.

User State Condition specifying the user state. Can be “Undefined”, “Logged On” or “Not Logged On”.

File Type Condition specifying file type.Can be “Undefined”, “OLE” or “Mailbox”.

Task Entry Description

Name Name of the scheduled task. The name will be visible in the user interface

for the scheduled tasks on the user’s computer. Note: each task must have a unique name.

(25)

Scheduling Parameters

A command-line type of setting consisting of parameters that determine when the scheduled task is to be executed. The following parameters are supported:

Execution time (required): "/tHH:MM", where HH:MM specifies the start

time (local time) of the task execution.

Execution time, alternative format for "system idle" tasks: "/tiMINUTES",

where MINUTES specifies the number of minutes the system must remain idle for the task to start. "/t" and "/ti" parameters are mutually exclusive.

Begin date (optional): "/bYYYY-MM-DD", where YYYY-MM-DD specifies

the first date to which the scheduled task execution applies. The year number value must have four digits; if the parameter is not specified, the task's scheduling will apply as soon as the policy with the scheduled task is retrieved by the user's computer.

End date (optional): "/eYYYY-MM-DD", where YYYY-MM-DD specifies the

last date to which the scheduled task execution applies. The year number value must have four digits.

Repeat mode (optional): "/rREPEAT_MODE", where REPEAT_MODE has

one of the following values: "once" (task will be executed once only), "daily", "weekly", "monthly" (task will be executed once per day, week or month respectively); if the parameter is not specified, the task will be executed daily.

Examples:

"/t18:00 /b2001-10-15 /rweekly" : execute a task weekly starting on Oct 15, 2001 (Monday), at 18:00.

"/ti30" : execute a task daily after the computer has been idle for 30 minuted.

Task Type Specifies one of the following task types: ” Scan local drives”, “Poll for

(26)

Operations

The operations settings are in the Policy tab of the Properties pane. These settings let you start a remote operation on a host from the administrator's machine. Operations settings also show the status of

operations reported through the incremental policy.

Operations are not triggered immediately. Operations are triggered on a host only after the policy has been distributed to the host and read by the host.

Reset Statistics

Reset: Contains a Start button for starting the operation.

Variables to Reset: Allow you to select which variables you want to have reset during the operation. Task Type

Specific Parameters

Parameters specific to the task type:

Generic tasks: command-line for task (name of executable and command-line parameters).

Scan Local Drives and Poll for Updates tasks: this parameter is not used.

Realtime / Object Counters / Scanned Files

(Scanned Files) – Total number of files scanned.

.../ Object

Counters / Scanned Boot Sectors

(Scanned Boot Sectors) –Total number of boot sectors scanned.

... / Object (Infected Files) – Total number of files infected.

(27)

Get Virus Database Update: Contains a Start button for forcing the host to poll for updates. Launch Manual Scanning: Contains a Start button for launching a manual scan on the host. The scanning task will run only after the policy has been distributed to the host.

.../ Object

Counters / Infected Boot Sectors

(Infected Boot Sectors) – Total number of boot sectors infected.

... / Object

Counters / Disinfected Files

(Disinfected Files) – Total number of files disinfected.

... / Disinfected

Boot Sectors

Total number of boot sectors disinfected.

... / Renamed

Files

Total number of files renamed.

.../ Deleted Files Total number of files deleted. ... / Viruses

Found in Memory

Total number of infections found in memory.

.../ Suspected Files

Total number of suspected files found.

... / Suspected

Boot Sectors

Total number of suspected boot sectors found.

../ Remotely Accessed Files

(28)

Statistics

The F-Secure Anti-Virus statistics can be viewed in the Status tab in F-Secure Policy Manager Console’s

Properties pane.

Previous Reset of Statistics

Timestamp of the previous reset of statistics. The value is the number of seconds elapsed since 1.1.1970 0:00 UTC. If reset has never been done, the value is zero.

MIB Version The running version number of the product MIB.

Installation Directory

Complete directory path where the product is installed on the host.

Common/Product Name/ Hotfixes

HotfixesEntry:

Index: For indexing hotfix applications.

ID: Hotfix package identifier as assigned by F-Secure Corporation. Description: Short description indicating the content or purpose of the

hotfix.

Release Timestamp: Hotfix manufacture or release timestamp.

Product Version: Product version on top of which the hotfix was applied. Product Build: Product build on top of which the hotfix was applied. Application Timestamp: Timestamp of the hotfix application.

Plug-Ins Information and status of the plug-ins installed on the host; displayed as a table.

Plug-in statuses: 0 = Not loaded

1 = Loaded but disabled 2 = Loaded and enabled

(29)

Real-Time Statistics

Real-Time Statistics/ Object Counters

Last Remind Date

When the virus signature database update reminder was shown the last time.

Number of Database Updates Received

Number of virus definition database updates received since the first-time installation of the product.

Current Detection Rate

Measures the detection rate of the product. It is the sum of virus definition database record counts of all scan engines used by the product. This value should not be interpreted as the count of different viruses detected by the product.

.../ Object

Counters / Scanned Boot Sectors

(Scanned Boot Sectors) – Total number of boot sectors scanned.

.../ Object Counters / Infected Files

(30)

... / Object Counters / Infected Boot Sectors

... / Object

.../ Disinfected

Boot Sectors

... / Renamed

Files

.../ Deleted Files Total number of files deleted. ... / Viruses

Found in Memory

Total number of infections found in memory.

.../ Suspected

Files

Total number of suspected files found.

... / Suspected

Boot Sectors

Total number of suspected boot sectors found.

... / Remotely

Accessed Files

An estimate of the number of remotely accessed files found infected.

/ Last Time Infected Object Was Detected

The last time an infection was found (elapsed seconds since 1.1.1970 0:00 UTC).

(31)

Real-Time Statistics / File Scanning

Object Counters that will not be reset at reboot.

Definition

Scanned Files Number of files scanned. Scanned Boot

Sectors

Number of boot sectors scanned.

Infected Files Number of infected files detected. Infected Boot

Sectors

Number of infected boot sectors detected.

Disinfected Files Number of files disinfected. Disinfected Boot

Sectors

Number of boot sectors disinfected.

Renamed Files Number of files renamed. Deleted Files Number of files deleted. Real-Time

Protection Daeactivations

Shows the number of times real-time protection has been deactivated on the computer since first-time installation.

Inclusions and Exclusions

Included Extensions:

List of file name extensions included for scanning. The list is a combination of extensions defined in policy and database updates, unless adding of extensions defined in database updates has been disabled.

(32)

Manual Scanning Statistics

Manual Scanning Statistics / Object Counters

.../ Object Counters / Scanned Boot Sectors

(Scanned Boot Sectors) – Total number of boot sectors scanned.

.../ Object

Counters / Infected Files

(Infected Files) – Total number of files infected.

... / Object

Counters / Infected Boot Sectors

... / Object

... / Disinfected

Boot Sectors

.../ Renamed

Files

(33)

Manual Scanning Statistics / Object Counters, Since First-Time Installation

... / Suspected

Files

Total number of files found with a suspected virus.

... / Suspected

Boot Sectors

Total number of boot sectors found with a suspected virus.

.../ Last Time

Infected Object Was Detected

The last time an infection was found (elapsed seconds since 1.1.1970 0:00 UTC).

Database Date Tells the current virus signature database date (elapsed seconds since

1.1.1970 0:00 UTC).

Scanned Files Number of files scanned. Scanned Boot

Sectors

Number of boot sectors scanned.

Infected Files Number of infected files detected. Infected Boot

Sectors

Number of infected boot sectors detected.

Disinfected Files Number of files disinfected. Disinfected Boot

Sectors

Number of boot sectors disinfected.

Renamed Files Number of files renamed. Deleted Files Number of files deleted.

(34)

Manual Scanning Statistics / File Scanning

Common Scanning Statistics

Statistics common to both real-time scanning and manual scanning.

Inclusions and Excllusions

Included Extensions:

List of file name extensions included for scanning. The list is a combination of extensions defined in policy and database updates, unless adding of extensions defined in database updates has been disabled.

Last Infection Information

Information about the last infection detected on the computer.

.../Timestamp Time of encountering the infection (as seconds since 1.1.1970 0:00 UTC). .../Virus Name Name of the virus, trojan or worm.

.../Infected Object Name

Name of the infected object.

(35)

Statistics for scheduled tasks. Setting Defintion Scheduled TasksEntry/ Name = “Scheduled task”

Name of the scheduled task. The name will be visible in user interface for scheduled tasks on user's computer. Note: each task must have a unique name.

.../Last Execution Time

Date and time of last execution of the task, in format "YYYY-MM-DD hh:mm" (local time). If empty then the task has not been executed yet.

.../Last Exit Code=0

Exit code of last execution of the task.

.../System Scheduler Error Code =0

Error code from the Windows System Task Scheduler (component of the operating system that is responsible for executing the scheduled tasks).

(36)

This chapter covers the following topics:

• What Real-Time Protection is, and how it functions • How to run manual scans on disks, folders and diskettes

• How F-Secure Anti-Virus Disinfection Wizard works when a virus is detected • What the F-Secure Anti-Virus user settings are, and how to use them.

4.1 Real-Time Protection

To see if Real-Time Protection is active, check the Status Indicator icon in the System Tray in the lower right corner of the screen. Alternatively, you can double-click the (F-Secure) icon in the System tray to open F-Secure Settings and Statistics. If the status of F-Secure Anti-Virus is Enabled, Real-time Protection is active and providing continuous protection.

Status Indicator Status

(37)

For information on the Status Indicator features, go to the section “Status Indicator” on page 33.

4.2 Scanning for Viruses Manually

The real-time detection features of F-Secure Anti-Virus ensure the strongest protection against viruses automatically. The information in this section is for reference in case you want to run a manual scan. During manual scanning the Manual Scan Statistics dialog box displays a progress indicator and statistics for the scan. The scan can be interrupted by clicking Stop. A report is generated after the scan is

completed. You can view the report in your Web browser by clicking Show Report.

Real-Time Protection is malfunctioning. These may mean that some components are not working.You can test the virus protection with the EICAR Standard Anti-Virus Test File.

Virus definition databases are old. To update them, right-click the Status Indicator icon and select Update Virus Definition Databases.

(38)

You can start a manual scan from one of the following: • Shortcut menu (right-click on a file, folder or disk)

• Status Indicator (right-click on the icon to select one of the scan actions) • Windows Start menu (right-click on the menu)

Shortcut Menu

To scan a file, folder, or disk for viruses, right-click its icon, and choose Scan Folders for Viruses from the shortcut menu. Any file, folder, or drive can be scanned this way, regardless of extension.

(39)

Status Indicator

The Status Indicator icon is next to the F-Secure icon in the system tray. Right-click the Status Indicator to open the pop-up menu. The pop-up menu has the following actions:

• Scan All Hard Disks • Scan Diskette • Scan Target • Properties

(40)

Scan Options

To start a manual scan, right-click the Status Indicator, and choose one of the scan actions listed in the pop-up menu: Scan All Hard Disks, Scan Diskette or Scan Target.

If you choose Scan All Hard Disks, all of the hard disks will be scanned. If you choose Scan Diskette, the diskette you inserted will be skanned.

If you choose Scan Target, the folder or disk that you selected will be scanned.

The Manual Scan Statistics dialog box displays a progress indicator and statistics during all of the scan actions described above.

Properties

If you select Properties from the Status Indicator pop-up menu, you can view the F-Secure Anti-Virus status and user settings information. The status is Enabled if real-time protection is active, and Disabled if it is not active. Click the Properties button to access the user settings information. For more details on user settings, go to “F-Secure Anti-Virus Local Settings” on page 40.

You can also open the Properties dialog directly by double-clicking the Status Indicator icon in the system tray.

Update Virus Definition Databases

For information on virus definition databases, go to “Updating Virus Definition Databases” on page 49.

Windows Start Menu

You can scan hard disks, diskettes, and folders from the Windows Start menu. To start a manual scan, select one of the following scan commands on the menu: Scan all local hard disks, Scan diskette or Scan

(41)

4.3 How Disinfection Wizard Removes a Virus

When F-Secure Anti-Virus detects a virus, it starts Disinfection Wizard by default. Administrators can change this in the security policy.

NOTE:

The default is disinfect automatically.

(42)

Step 1 Virus Detected

Disinfection Wizard opens a dialog with the name of the detected virus displayed. Disinfection Wizard will disinfect the object by default within the time set. You can stop the timer by clicking the Stop Timer button, or by clicking Next. If you are a corporate user, you can view the timer settings in “Settings” on page 11. For information about the virus, click on its name, and then click the Virus Info button. The Virus Information page will display information about the virus detected. If the virus is new, it may not yet be described here. Check the Virus Information Database at our Web site for the latest information. To proceed with the virus disinfection, click Next.

(43)

A list of infected objects will be displayed. An object can, for example, be a document file that a virus has used to spread. In the Action to Take box, choose the action to be taken on the infected objects. Disinfect and Rename are the recommended actions, as these actions do not destroy the objects the virus is attached to.

After you have chosen the action to be taken, click Next, and Disinfection Wizard will perform the action automatically on all of the selected objects.

WARNING:

Please remember that if you select Delete as the action to be taken, the object that is infected will also be deleted.

(44)

Step 3 Action Results

The results of the action will be displayed after the action has been taken. Click Next to exit Disinfection Wizard.

(45)

Click Finish to close the dialog.

The scan report is sent to the administrator if the program is centrally managed. The administrator can view the report in F-Secure Policy Manager Console (in the Reports page of the Properties pane). The report contains links to corresponding virus descriptions in the Web Club’s virus database.

The administrator can configure F-Secure Anti-Virus to automatically remove viruses from the computer without prompting for any action. In this case, Disinfection Wizard does not run.

NOTE:

A report is generated in manual scanning only. In real-time scanning the Finish button does not contain the option to generate a report.

(46)

4.4 F-Secure Anti-Virus Local Settings

You can view and modify the F-Secure Anti-Virus local settings by double-clicking the Status Indicator icon

in the system tray. The F-Secure Anti-Virus user settings dialog will open directly .You can also open the user settings by double-clicking the F-Secure icon in the system tray. The F-Secure Settings and

Statistics dialog will open and display a list of installed F-Secure products. You can either double-click the

F-Secure Anti-Virus application, or click Properties to open the F-Secure Anti-Virus Properties dialog box. In the F-Secure Anti-Virus Properties dialog box, you can specify different settings for Real-time

Protection, Manual Scanning and Updates. The F-Secure Anti-Virus Properties dialog box also has

information on scan statistics since the initial start-up of the computer.

Real-time scans should be restricted so that they do not use a large amount of system resources, which can occur when scanning compressed files and other special files. One way to save system resources is to avoid scanning archives.

Because manual scans are only performed when desired, they can be set to scan larger groups of files, which will consume more system resources.

Statistics

Action Description

Statistics Displays results of the real-time scan. Real-Time

Protection

Settings for transparent, continuous protection provided by F-Secure Anti-Virus while it runs in the background, scanning files as they are accessed.

Manual Scanning Settings for the scanning tasks that are started manually.

Updates Settings for virus definition database update reminders for manual updates. The Update Now button starts immediate definition database updates

(47)

Real-Time Protection

In the Real-Time Protection dialog of the F-Secure Anti-Virus Properties dialog box, you can set what action is taken when an infected file is found, and which files are scanned during real-time scanning. To enable Real-Time Protection, tick the Enable Protection check box. To disable Real-Time Protection, clear the Enable Protection check box.

Action to Take on Infected Files

In the Action to Take on Infected Files box, you can choose what action F-Secure Anti-Virus will take when an infected file is detected. Choose one of the following actions:

Action Definition

(48)

Scanning Options

Under Scanning Options, you can choose which files will be scanned in real-time. Disinfect

automatically

Disinfects the file automatically when a virus is detected (by default).

Rename automatically

Renames the file automatically when a virus is found.

Delete automatically

Deletes the file automatically when a virus is found. Note that this option also deletes the object the virus is attached to, so this option is not recommended.

Report only Indicates that a virus is found, and does not let you open the infected object. This option only reports, it does does not take any action against the virus.

(49)

• All files

All files will be scanned, regardless of their file extension. This option is not recommended because it might slow down system performance considerably.

• Files with these extensions

Files with specified extensions will be scanned. To specify files that have no extension, type ‘.’ You can use the wildcard ‘?’. Enter each file extension separated by a space. This option is

recommended for real-time protection. • Exclude files with these extensions

You can specify files that will not be scanned.

• Exclude objects

You can specify individual files or folders that will not be scanned. To do so, click the Select button to open the Exclude from scanning dialog box (see screenshot below). In the dialog box, select the files or folders you want to exclude from scanning and click the Add button. To remove any files or folders from the Excluded objects list, select the files or folders, and click the Remove button. The files or folders will then be included in the scans again.

NOTE:

Invalid characters are not accepted in these fields. They are replaced with the underscore ( _ ) symbol if copied from the clipboard.

(50)

• Scan inside compressed files

Select this check box to scan inside compressed ZIP, ARJ, LZH, RAR, CAB, TAR, BZ2, GZ, JAR , .MSI, .Z and TGZ files. Scanning inside large compressed files might use a lot of system

(51)

The settings for manual scan operations can be specified in the Manual Scanning dialog of the F-Secure

Anti-Virus Properties dialog box. You can set what action is taken when an infected file is found, and which

files are scanned during manual scanning.

Action to Take on Infected Files

In the Action to Take on Infected Files box, you can choose what action F-Secure Anti-Virus will take when an infected file is detected. You can choose Ask after Scan, Disinfect automatically, Rename automatically,

Delete automatically or Report Only:

Scanning Options

Under Scanning Options, you can choose which files will be scanned during the manual scanning operation.

Action Definition

Ask after Scan Starts the Disinfection Wizard when an infected file is detected. Disinfect

automatically

Disinfects the file automatically when a virus is detected (by default).

Rename automatically

Renames the file automatically when a virus is found.

Delete automatically

Deletes the file automatically when a virus is found. Note that this option also deletes the object the virus is attached to, so this option is not recommended.

Report only Generates an HTML report regardless whether infections were found or not.

(52)

The following options are available:

• All files

All files will be scanned, regardless of their file extension. This option is not recommended because it may slow down system performance considerably.

• Files with these extensions

Files with specified extensions will be scanned. Enter each file extension separated by a space. To specify files that have no extension, type ‘.’ You may use the wildcard ‘?’.

• Exclude files with these extensions

You may specify files that will not be scanned.

• Exclude objects

You can specify individual files or folders that will not be scanned. To do so, click the Select button to open the Exclude from scanning dialog box (see screenshot below). In the dialog box, select the files or folders you want to exclude from scanning and click the Add button. To remove any files or folders from the Excluded objects list, select the file or folder, and click the Remove button. The file or folder will then be included in the scan again.

NOTE:

Invalid characters are not accepted in these fields. They are replaced with the underscore ( _ ) symbol if copied from the clipboard.

(53)

• Scan inside compressed files

Select this check box to scan inside compressed ZIP, ARJ, LZH, RAR, CAB, TAR, GZ, BZ2, JAR , .MSI, .Z and TGZ files.

(54)

Updates

The Updates page has information on installed scanning engines and virus database updates. It also has a direct link from the More Information button to the F-Secure web site.

Installed Scanning Engines

In the Installed Scanning Engines box you can find information on the currently installed scanning engine names, the individual database dates and the scanning engine revision numbers. The scanning engines used are F-Secure Libra, F-Secure AVP and F-Secure Orion.

Virus Definition Database Updates

The Virus Definition Database Updates section informs you about the current status of the virus definition databases. It will, for example, inform of any immediate updates that should be made if virus definition databases are old.

Remind me about updates

With the Remind me about updates check box you can enable the automatic virus definition database update reminders. You can determine how often an update dialog appears by inserting a number in the

(55)

Databases

F-Secure Anti-Virus uses special databases - virus definition databases - to detect viruses. Whenever a new virus is found, the databases need to be updated for F-Secure Anti-Virus to be able to detect it. This is why it is of the utmost importance that you regularly update the virus definition databases.

This chapter describes the different methods you can use to update virus definition databases.

5.1 Update Methods

You can choose between the different update methods listed below.

Automatic Update

Automatic updates with F-Secure Automatic Update Agent (may be referred to as F-Secure Backweb) is the best way to keep the virus definition databases up-to-date. F-Secure Automatic Update Agent updates the virus definition databases automatically when your network connection is open. The update may take several minutes, so make sure your network connection is open long enough.

F-Secure Automatic Update Agent is usually installed with F-Secure Anti-Virus

Semi-Automatic Update: Download the package from the F-Secure

Web site — automatic distribution to hosts

(56)

http://www.f-secure.com/download-purchase/updates.html

or from the European mirror site. Only one virus definition database is required. The database file is named

Latest.zip.

After downloading the package to a local disk, it needs to be imported into F-Secure Policy Manager Console. F-Secure Policy Manager Console places the package in the F-Secure Policy Manager Server or the Communication Directory. The F-Secure Management Agent on each host polls for the package according to its polling policy, and takes the package into use.

To import the package to F-Secure Policy Manager Console, do the following: 1. Choose Import Virus Signatures Database from the Tools menu.

2. Choose Open from the File menu. In the File Open dialog box, select the database package from the directory it was stored in.

To distribute the database to the hosts, do the following:

1. Enable automatic polling for the virus definition databases on the hosts where you want to automatically receive the database. Enable the Poll Automatically setting in F-Secure Anti-Virus /

Settings / Virus Database Updates / Poll Automatically.

2. Distribute the policy to the hosts by choosing Distribute from the File menu.

3. The hosts will download the database package from the F-Secure Policy Manager Server or from the Communication Directory the next time they poll for new database versions.

Manual Update

You can use the Update Now button in the F-Secure Anti-Virus user settings, or the Status Indicator icon in the system tray to manually update the virus definition databases.

If you want to use the Update Now button, go to “Updates” on page 48 to view the settings.

If you want to use the Status Indicator to update the databases, select Update Virus Definition Databases from the Status Indicator pop-up menu described in “Status Indicator” on page 33.

During manual updates, a dialog is shown during the download process, and you can cancel the update by clicking the Cancel Update button. Remember that the databases should be updated at least once a

(57)

Automatic distribution to hosts (recommended method)

This is the best way to update the virus definition database. Updated databases will be automatically delivered by F-Secure Corporation to F-Secure Policy Manager Server or F-Secure Policy Manager Console when they become available. The F-Secure Management Agent on each host polls for the package according to its polling policy, and takes the package into use.

Follow these steps:

1. Download F-Secure Automatic Update Agent Client (may be referred to as F-Secure Backweb Client) CD rom:

http://www.f-secure.com/download-purchase/updates.html

2. Install it on the computer running F-Secure Policy Manager Server or F-Secure Policy Manager Console.

Automatic polling for the Virus Definition Database on the hosts that will automatically receive the Virus Definition Database should be enabled by default. Verify that the “Poll Automatically” setting in F-Secure Anti-Virus / Settings / Virus Database Updates / Poll Automatically is enabled. 3. Distribute the policy to the hosts by choosing Distribute from the File menu.

4. The hosts will download the database package from the F-Secure Policy Manager Server or from the Communication Directory the next time they poll for new database versions.

Automatic Update Agent to F-Secure Policy Manager Server —

Distribution to hosts is triggered by the network administrator

Updated databases are automatically delivered by F-Secure Corporation to your network’s F-Secure Policy Manager Server or F-Secure Policy Manager. However, the virus definition database is not automatically distributed to the hosts from the Policy Manager Server or the Communication Directory. The administrator initiates the distribution to the hosts with the following steps:

1. Select the Get Virus Database Update setting in the F-Secure Anti-Virus / Operations / Get Virus

Database Update tree. Then click the Start button.

(58)

3. When a host next polls the Policy Manager Server or the Communication Directory according to its policy polling interval, it will fetch the new database.

Download the package from the F-Secure Web site — distribution to

hosts is triggered by the network administrator

The virus definition database is downloaded from the F-Secure Web site at :

http://www.f-secure.com/download-purchase/updates.html

or the European mirror site. However, the database is not automatically distributed to the hosts. To import the package to F-Secure Policy Manager Console, do the following:

1. Choose Import Virus Signatures Database from the Tools menu.

2. Choose Open from the File menu. In the File Open dialog box, select the database package from the directory it was stored in.

To distribute the virus definition databases to the hosts, do the following:

1. Select the Get Virus Database Update setting in the F-Secure Anti-Virus / Operations / Get Virus

Database Update tree. Then click the Start button.

2. Choose Distribute from the File menu. This will distribute the policy to the hosts.

3. When a host next polls the Policy Manager Server or the Communication Directory according to its policy polling interval, it will fetch the new database.

Using the FSUPDATE.exe Tool

FSUPDATE.exe is a tool for updating F-Secure Anti-Virus virus definition databases. To update the virus definition database, go to:

http://www.f-secure.com/download-purchase/updates.html

1. Click Download the latest update from USA or Download the latest update from Europe depending on your location. Save the fsupdate.exe file to a local disk.

(59)

F-Secure Anti-Virus Proxy retrieves virus definition database updates from a local update repository instead of from the F-Secure Policy Manager Server, and distributes the updates locally to the hosts. F-Secure Anti-Virus Proxy resides in the remote network and runs specially configured Policy Manager Server software. Hosts in remote offices communicate with the Master Policy Manager Server in the main office, but this communication is restricted to remote management and alerting.

You can install F-Secure Anti-Virus Proxy when you install F-Secure Policy Manager. For installation instructions and more detailed information about F-Secure Anti-Virus Proxy, read the F-Secure Policy Manager Administrator’s Guide available on the F-Secure CD.

(60)

Codes

The F-Secure Anti-Virus command-line scanner, its parameters and return codes are described in this Appendix.

F-Secure Anti-Virus command-line scanner is a tool you can use to easily access the virus scanner through the command prompt. F-Secure Anti-Virus command-line scanner (command-line scanner) is part of the standard F-Secure Anti-Virus product, you do not need to install it separately.

A-1 Using Command-Line Scanner

You can use command-line scanner in situations where, for example, scripted F-Secure Anti-Virus runs are needed. Command-line scanner is located in the F-Secure Anti-Virus directory. The default location is

C:\Program Files\F-Secure\Anti-Virus\fsav.exe. Running fsav.exe without any parameters outputs the

available parameters. The command-line scanner parameters and return codes are listed in this Appendix. The command-line format is:

FSAV [targets] [options]

All options start with "/". Any argument not starting with this character is considered a target.

(61)

example:

FSAV "C:\Program Files"

This can be overridden using the /NOBOOT option. For example: FSAV C:\*.* /NOBOOT /DISINF

only scans files on the hard disk. But if you type: FSAV C:\*.* /DISINF

both files and boot sectors on the hard disk are scanned. In both cases any viruses found will be disinfected.

To scan all the hard disk drives, type: FSAV /HARD

To abort a scan, press CTRL + C

Main Report File

The main report file can be created using the /REPORT=file command-line switch. This is a plain text file that lists the fully qualified names of all infected objects.

HTML Report File

The HTML report file is created if the /REPORT=file comand-line switch is specified. If you type /NOHTML the report is not generated.

Note that if the /REPORT -switch is not used, no report file of any kind is created.

AT Command

You can also use command-line scanner with the AT command. For example: at 07.30 am /next:Friday FSAV /HARD /DISINF

would scan all hard drives and disinfect viruses on Friday at 07.30 am

For more infomation about the scheduling service, consult your Microsoft Windows manual.

NOTE:

The HTML report file will be transferred to F-Secure Policy Manager also.

(62)

A-2 Command-Line Scanner Parameters

Parameter Function

/ALL Scan all files regardless of extension.

/APPEND Append in existing report. Default is to overwrite.

/ARCHIVE Include archives in the scan.

/BEEP Beep when a virus is found.

/DELETE Attempt to delete infected objects.

/DISINFECT Attempt to disinfect infected objects.

/EXCLUDEPATH=list Skip files/paths matching entries on the list. The excluded objects list is read in the policy. This switch will override the values in the policy. /EXCLUDEEXT=list Skip files with these extensions. The excluded extensions are read in the

policy. This switch will override the values in the policy (not suppported in 1.0/F-Secure Anti-Virus 5.30).

/EXT Valid abbreviation for /EXTENSIONS.

/HARD Scans all files on all hard disks in the computer.

/HELP Displays the list of command-line options.

/LIST Write list of scanned objects (fully qualified names). /NOBOOT Do not scan boot sectors, scan only files.

/NOBREAK Scan cannot be interrupted by the user.

(63)

A-3 Command-Line Scanner Return Codes

The following return codes are produced by the program:

/RENAME Attempt to rename infected objects.

/REPORT=file Write the report in TXT format to file. The report and all extended characters are printed in ANSI, so they will not be printed correctly when the report is viewed with a DOS -based editor.

/SCANNER=<s> Specify one scanner plug-in that will be used in the scan, instead of all enabled scanners. The default value is all scanners. ‘s’ can be one of the following strings: “Libra”, “AVP”, “Orion”. The scanner name parameter is not case sensitive.

Action with “/SCANNER” is included, which means that the scanner name is printed along with the error/infection messages.

/SCANNER When an object is reported as infected or erroneous, giving this parameter will list the name of the scanner plug-in that reported the infection or error. Sample output with the parameter given: “C:\foo\bar.exe Infected “Worm” [F-Secure Anti-Virus AVP Plug-in]”

/SILENT No screen output.

/VERSION Show scanner version information.

/ZIP Valid acronym for /ARCHIVES.