Vous êtes sur la page 1sur 114

KASPERSKY LAB

Kaspersky Anti-Virus 5.0


for Windows File Servers
Administrators manual

KASPERSKY ANTI-VIRUS 5.0


FOR WINDOWS FILE SERVERS

Administrators manual

Kaspersky Lab
http://www.kaspersky.com
Revision date: April 2004

Contents
CHAPTER 1. KASPERSKY ANTI-VIRUS FOR WINDOWS FILE SERVERS............. 6
1.1. What's new in version 5.0 ..................................................................................... 7
1.2. Hardware and software system requirements ..................................................... 8
1.3. Product package.................................................................................................... 9
1.4. Services for registered users ................................................................................ 9
1.5. Adopted conventions........................................................................................... 10
CHAPTER 2. SOFTWARE INSTALLATION AND REMOVAL ................................... 12
2.1. Software installation ............................................................................................ 13
2.2. Software removal................................................................................................. 15
2.3. Version upgrade from 4. to 5.0.......................................................................... 15
CHAPTER 3. APPLICATION MANAGEMENT CONCEPTS ...................................... 16
3.1. Introduction to software administration ............................................................... 17
3.2. User interface concepts....................................................................................... 17
3.2.1. Main application window .............................................................................. 18
3.2.2. Console tree.................................................................................................. 18
3.2.3. Context-sensitive (Right-click) menu............................................................ 19
CHAPTER 4. DEFAULT SERVER PROTECTION...................................................... 20
4.1. Levels of anti-virus protection.............................................................................. 20
4.2. Default settings .................................................................................................... 22
CHAPTER 5. RECOMMENDED SETUP DEPENDING UPON SERVER
CONFIGURATION..................................................................................................... 24
CHAPTER 6. LOCAL MANAGEMENT......................................................................... 25
6.1. Using the command line...................................................................................... 25
6.1.1. Scanning selected objects............................................................................ 26
6.1.2. Full scan........................................................................................................ 27
6.1.3. Launching update ......................................................................................... 28
6.1.4. Rolling back the last update ......................................................................... 29
6.1.5. Real-time protection...................................................................................... 29

Kaspersky Anti-Virus 5.0 for Windows File Servers

6.1.6. Application launch......................................................................................... 30


6.1.7. Application stop............................................................................................. 30
6.1.8. Task management........................................................................................ 30
6.1.9. Convert report to convenient format for reading.......................................... 32
6.1.10. Import / export of settings ........................................................................... 32
6.2. Application management using the Administration console .............................. 33
6.2.1. Task management........................................................................................ 33
6.2.1.1. Launching and stopping tasks............................................................... 34
6.2.1.2. Viewing and editing task settings .......................................................... 35
6.2.1.3. Task launch using a specified user account ......................................... 52
6.2.1.4. Task creation.......................................................................................... 53
6.2.2. Configuring application settings ................................................................... 57
6.2.2.1. General information about the application ............................................ 58
6.2.2.2. Configuring additional application settings............................................ 59
6.2.2.3. Setting up riskware detection parameters............................................. 60
6.2.2.4. Monitoring the activity of software processes ....................................... 63
6.2.2.5. Configuring Quarantine and Backup settings ....................................... 64
6.2.2.6. Working with Quarantine and Backup .................................................. 65
6.2.2.7. Viewing license key information ............................................................ 67
6.2.2.8. Configuring report generation settings .................................................. 68
CHAPTER 7. REMOTE MANAGEMENT..................................................................... 72
7.1. Policy management............................................................................................. 72
7.1.1. Creating a policy ........................................................................................... 72
7.1.2. Viewing and editing policy settings .............................................................. 76
7.2. Task management .............................................................................................. 76
7.2.1. Creating a task.............................................................................................. 76
7.2.1.1. Creating a local task .............................................................................. 77
7.2.1.2. Creating a group task ............................................................................ 78
7.2.1.3. Creating a global task ............................................................................ 79
7.2.2. Viewing and editing task settings ................................................................. 79
7.3. Configuring application settings .......................................................................... 80
CHAPTER 8. TESTING THE KASPERSKY ANTI-VIRUS OPERATION................... 82
8.1. EICAR test "virus" and its modifications ............................................................. 82
8.2. Testing correct operation of Kaspersky Anti-Virus ............................................. 84

General information about the product

CHAPTER 9. ANTI-VIRUS PROTECTION AND SERVER MAINTENANCE ............ 85


CHAPTER 10. FREQUENTLY ASKED QUESTIONS................................................. 86
APPENDIX A. GLOSSARY........................................................................................... 94
APPENDIX B. COMMAND LINE RETURN CODES ................................................. 100
A.1. General return codes ........................................................................................ 100
A.2. Return codes for on-demand scan................................................................... 100
A.3. Update service return codes............................................................................. 101
A.4. Licensing service return codes ......................................................................... 102
APPENDIX C. KASPERSKY LAB............................................................................... 103
C.1. Other Kaspersky Lab Products ........................................................................ 104
C.2. Contact Us ........................................................................................................ 108
APPENDIX D. LICENSE AGREEMENT .................................................................... 109

CHAPTER 1. KASPERSKY ANTIVIRUS FOR WINDOWS FILE


SERVERS
Kaspersky Anti-Virus for Windows File Servers (hereinafter also referred to
as Kaspersky Anti-Virus or the application) is designed to protect file servers
from viruses and malware.
The following features are implemented in the application:

Real-time protection of file system from malicious code in monitoring


mode: interception and analysis of calls to the computer's file system,
disinfection, removal of infected objects or isolation of suspicious objects
for further analysis.

Scanning and neutralization of malicious code at the administrators


request: search for infected or suspicious objects in defined scanning
areas and their analysis; disinfection, removal or isolation of objects for
further analysis.

Constant scanning of dangerous VBScript and JavaScript scripts:


scanning of script code prior to its execution by the OS script processing
engine; blocking execution of dangerous scripts.

Scanning of riskware: analysis of programs launched on a computer or


downloaded from the Internet and executables on hard drives or
removable media. Upon detection of a potentially dangerous program the
application (depending upon its settings) allows or blocks the execution
thereof or deletes the program,

Quarantine of suspicious objects: storage of suspicious objects in a


quarantine directory; an opportunity to send them to Kaspersky Lab for
further research; restoration of objects from the quarantine at
administrator's request.

Creation of backup copies for infected objects prior to disinfection or


removal in order to allow on-demand restoration of objects containing
valuable data or if necessary for further investigation.

Updating of the anti-virus database and application modules included in


the Anti-Virus package from the updates servers of Kaspersky Lab;
creation of backup copies for all files being updated so that the last
update can be rolled back; copying of received updates to a local source
for further sharing with other network computers saving Internet traffic.

General information about the product

Please keep in mind that new viruses emerge every day,


therefore you are advised to set up automatic product updates
to keep the product up-to-date.

Local administration of the application through the command line or via


Administration console, and centralized control through Kaspersky
Administration Kit.

1.1. What's new in version 5.0


The following changes have been implemented in Kaspersky Anti-Virus 5.0 for
Windows File Servers compared to 4. versions:

The new anti-virus core uses considerably less memory compared to


version 4.0.

Use of iChecker and iStreams technologies allows an increase of the


anti-virus protection performance over version 4.0.

The speed of anti-virus database updating has been increased through


automatic detection of the least busy updates server of Kaspersky Lab;
an algorithm for downloading just the remaining update part in case of
disconnection has been added; received updates can now be copied to a
local source for further sharing.

The anti-virus settings can be adjusted through selection of one of three


preset protection levels with specific settings defined by Kaspersky Lab:
maximum protection, recommended and high speed.

An opportunity for scanning and processing of riskware in the real-time


protection and on-demand scanning modes has been added,

The ability to disinfect files in ZIP, ARJ, CAB, and RAR archives has been
added.

The Control Centre component has been replaced with a more


convenient and simple administrator interface, enabling flexible
management of the application.

It is possible now to perform simultaneous remote application deployment


to several file servers through Kaspersky Administration Kit 5.0.

Quarantine operations have been enhanced: now it is possible to restrict


the storage duration for suspicious objects in quarantine.

Backup storage for original objects has been created in order to preserve
backup copies of suspicious or infected objects created prior to their
disinfection or removal.

Kaspersky Anti-Virus 5.0 for Windows File Servers

The event report functionality has been extended, enabling logged events
to trigger corresponding actions, for example: saving to Windows Event
Log, E-mail notification, notification using NET SEND or run an operating
system command.

It is possible now to build a list of trusted software processes, which


Kaspersky Anti-Virus does not have to control in real time.

An opportunity to download all or selected updates has been added: for


all products of Kaspersky Lab or only for Kaspersky Anti-Virus 5.0 for
Windows Workstations and Kaspersky Anti-Virus 5.0 for Windows File
Servers.

1.2. Hardware and software system


requirements
Optimal operation of the application requires the following minimum server
specification:

Windows NT 4.0 Server with installed Service Pack 6a or later:

Intel Pentium or higher CPU;

32 MB of free RAM;

30 MB of available disk space.

Windows 2000 Server/Advanced Server with installed Service Pack 2 or


later:

Intel Pentium or higher CPU;

64 MB of free RAM;

30 MB of available disk space.

Windows 2003 Server:

Intel Pentium or higher CPU;

128 MB of free RAM;

30 MB of available disk space.


The 64-bit version of MS Windows 2003 Server for
IA-64 platform is not supported.

General information about the product

1.3. Product package


You can purchase the software from our distributors (retail box), or from one of
our web shops (for example, www.kaspersky.com, E-Store section).
If you purchase a box product, the software bundle includes:

sealed envelope with an installation CD containing software files;

user's manual;

license key file included in the program distribution package or stored on


the floppy disk;

license agreement.
Please read the license agreement carefully before opening the CD
envelope.

If you purchase our product from a web shop, you will copy it from the Kaspersky
Lab's website; the copy also contains this manual. Your license key is either
included in the installation file or sent to you by e-mail after payment.
The license agreement constitutes a legal agreement between you and
Kaspersky Lab containing the terms and conditions under which you may use the
purchased software.
Please read the license agreement carefully!
If you do not agree with the terms of the license agreement you must return the
box containing Kaspersky Anti-Virus to the distributor where you purchased it;
you will be refunded the amount you've paid for subscription, provided the CD
envelope remains sealed.
Opening the sealed envelope of the installation CD or installing the product to a
computer confirms your acceptance of all the terms and conditions of the license
agreement.

1.4. Services for registered users


Kaspersky Lab offers its legal users a broad range of services maximizing the
efficiency of Kaspersky Anti-Virus use.
By purchasing a subscription you become a registered software user entitled to
the following services throughout the license period:

10

Kaspersky Anti-Virus 5.0 for Windows File Servers

software upgrades;

consultations regarding issues pertaining to installation, configuration and


use of this software, available over the telephone or via e-mail;

notifications about new software products from the Kaspersky Lab, and
new viruses outbreaks. This service is provided to users who have
subscribed to the Kaspersky Lab e-mail newsletter service.
No consulting is offered for issues pertaining to operating systems'
functioning or use, or to the use of non-Kaspersky technologies.

1.5. Adopted conventions


The text in this document uses various styles depending upon its purpose. The
table below lists adopted conventions used in the text.
Style

Purpose
Used to indicate menu titles, menu
items, window titles, parts of dialog
boxes, and other graphical interface
items.

Bold type

Note.

Additional information, notes.

Attention!

Information requiring special attention.

In order to perform the


action,
1.

Step 1.

2.

Task, example

Procedure description for user's steps


and possible actions.

Statement of a problem, example for


using the software features.

11

General information about the product

Style

Solution

Purpose

Solution to a defined problem.

[key] key purpose.

Command line keys.

Text of information
messages and the command
line

Text of configuration files, information


messages and the command line.

CHAPTER 2. SOFTWARE
INSTALLATION AND
REMOVAL
There are two main choices for the installation of Kaspersky Anti-Virus: local
installation, and remote installation, through a centralized administration
computer using Kaspersky Administration Kit 5.0. This manual describes the
local installation of Kaspersky Anti-Virus. For details regarding remote
product installation please consult the administrators guide for Kaspersky
Administration Kit 5.0.
Further installation choices must be made depending upon the intended use of
the application:

Command line management: install Kaspersky Anti-Virus to a server


computer. In this case the product does not offer a graphical user
interface, and the application is managed from the command line using
the kavshell.exe utility.

Management through Administration console: install Kaspersky AntiVirus on the server, together with Administration Agent and Administration
console which are included in the Kaspersky Administration Kit package.
In this case the application is managed locally through Administration
console.
If you are planning to control the Anti-Virus later remotely via
Kaspersky Administration Kit 5.0, then ensure during
installation of Administration Agent that the Administration
Server name has been specified correctly.

Centralized management using Kaspersky Administration Kit:

install Kaspersky Anti-Virus and Administration Agent on the


server computer;

deploy Administration Server on your LAN, and install


Administration console to the administrators workplace (please
see details in the Administrator's guide for Kaspersky
Administration Kit 5.0).

Software installation and removal

13

2.1. Software installation


In order to install the application run the setup.exe executable file included in the
distribution package. The installation runs in interactive mode. Each window
contains certain buttons controlling the installation process. There are four main
buttons:

OK accept the suggested actions;

Cancel cancel the suggested actions;

Next moves one step further;

Back returns one step back.

Step 1. Reading the license agreement


The License Agreement dialog box contains the text of the license agreement.
Please read it. Click Yes if you agree with the terms. In order to reject installation
of the software, click No.

Step 2. Entering user information


Enter the required information in the Customer Information dialog box. Enter
the user name in the User Name field, and the organization in the Company
Name field. By default this information is taken from the Windows registry.

Step 3. Selection of the target directory


The target directory for installation of Kaspersky Anti-Virus is defined in the
Choose Destination Location dialog box. By default it will be Program
Files\Kaspersky Lab\Kaspersky Anti-Virus for File Servers 5.
You can change the target directory using the Browse button.

Step 4. Read important information about the program


You will have to read important information in this window before you actually
start using the program. The window described the main features of Kaspersky
Anti-Virus, peculiarities of its operation, etc.
When you have read the information, click Next.

14

Kaspersky Anti-Virus 5.0 for Windows File Servers

Step 5. License key installation


In the License key dialog box you should locate the license key, which
Kaspersky Anti-Virus will use for checking the presence of a license agreement
and its validity.
The license key is your personal "key" containing service information
required to unlock complete software functionality, namely:

support information
information);

license title, number and its expiry date.

(support

provider

and

its

contact

The License key window may have a different look depending on key
availability; the key may be bundled with the installation package or you may
have to load it from the Internet.
The installer will add the license key file automatically, if it can be found on the
installation disk or in the target directory specified for installation. Information
about the key being installed will appear on the screen during the procedure.
If the installer cannot locate the license key file, you will be offered this choice of
license file locations:
Local license key to install a key located on the computer.
Internet license key to obtain the key via Internet from the Kaspersky
Lab's website.
Selection of the first option opens a window where you should locate your license
key file with the .key extension using the Browse button.
Selection of the Internet license key option opens a dialog box where you
should fill in the information fields and enter your key activation code (provided at
the time of product purchase). When you have entered the information, click
Next.

Step 6. Completion of the installation procedure


The Setup Wizard Complete window displays information about the completion
of Kaspersky Anti-Virus setup on your computer.
As a rule, setup completion does not require restarting the computer. If you do
not wish to enable anti-virus computer protection immediately after product
installation then you should disable the checkbox Launch Kaspersky Anti-Virus
5.0 for Windows File Servers. Click the Finish button.

Software installation and removal

15

If you disable that checkbox, anti-virus protection will be automatically


activated only after the restart of your computer.

2.2. Software removal


If for some reason you need to remove Kaspersky Anti-Virus, run
StartProgramsKaspersky
Anti-Virus
5.0
for
Windows
File
ServersRemove Kaspersky Anti-Virus or use the standard Windows Add or
Remove Programs Control Panel applet.
You will be prompted to confirm removal. Click OK in order to begin the uninstall
procedure.
When removal of the application is completed, you will be prompted to restart
your computer. Postpone the restart if necessary and click the Finish button to
close the wizard.

2.3. Version upgrade from 4. to 5.0


You are advised to process objects preserved in quarantine or backup
storage prior to launching the Kaspersky Anti-Virus upgrade procedure.
In order to upgrade version 4.x of Kaspersky Anti-Virus for Windows File Servers
to version 5.0 run the setup.exe executable file. During the setup procedure the
installer will remove the previous version.
After the upgrade completes, you will have to restart the operating system.
In case of remote software deployment performed using Kaspersky
Administration Kit (see details in the Administrator's guide for Kaspersky
Administration Kit 5.0) the application upgrade from version 4.x to 5.0 will be
automatic. The earlier version of the Anti-Virus will be removed at that and the
remote computer will be restarted.
Please note that the Anti-Virus settings will not be preserved during an
upgrade from version 4.x. You can use the default settings or customize
the application settings again.

CHAPTER 3. APPLICATION
MANAGEMENT CONCEPTS
Kaspersky Anti-Virus is installed on servers and can either be controlled locally,
or remotely through Kaspersky Administration Kit if the computer is included in a
centralized control system.
The application recognizes two categories of users:

Anti-virus security administrator (hereinafter referred


administrator) performs local control of the application.

Logical network administrator controls Anti-Virus operation via Kaspersky


Administration Kit's centralized remote control system.

to

as

Local administrators by default also become anti-virus security administrators.


If the application is locally managed, the application is installed on a server and
controlled either using the command line or through the Administration console.
In this case the administrator can perform the following tasks:

manage application settings;

set up and launch anti-virus tasks;

update anti-virus database and application modules;

install license keys;

view contents of quarantine and backup storage;

view reports about application activity.

In the case of centralized control via Kaspersky Administration Kit, the


application is controlled remotely from a computer with Administration console
installed, provided that the network includes an Administration server. The logical
network administrator can perform the following functions, in addition to the
above-listed tasks:

remote installation of the application on client computers;

apply policies and manage tasks on client computers;

install license keys to client computers;

view reports about application operations on client computers.

Please see details of centralized management concepts in the Administrator's


guide for Kaspersky Administration Kit 5.0.

17

Application management concept

3.1. Introduction to software


administration
If Kaspersky Anti-Virus is locally controlled, computer protection is based on the
settings defined for the application and local tasks by the administrator.
A task is a named action performed by the application. The tasks are subdivided
in accordance with their purpose, for instance: full system scanning task, the task
for updating anti-virus database and application modules. Each task has a set of
parameters specified to control its execution, which are referred to as the task
settings.
Application settings represent a set of supplementary parameters defined for
the operation of Kaspersky Anti-Virus including quarantine, backup, reporting
service options.
If the application is centrally controlled via Kaspersky Administration Kit, the
administrator can also define task and application settings for instances of the
application installed on remote client computers in the LAN.
Centralized control allows the administrator to create logical groups of
computers, allocate remote computers to these groups, and manage their
settings by defining group policies.
A policy is a set of parameters for the functioning of the application within a
logical network group, as well as a set of restrictions on how far those
parameters may be redefined during application or task setup.
A policy includes all required parameters for executing each of the application
features. Thus, it includes both application settings and settings for all task types,
except for those parameters which are not reused and so are set each time the
task is started.
To disable modification of policy settings, "lock" them:
which may be modified are marked with

. Settings

3.2. User interface concepts


A graphical user interface for program administration is provided by the
Administration console component included in Kaspersky Administration Kit 5.0.
It is a specialized independent snap-in for Microsoft Management Console
(MMC). Consequently, Kaspersky Administration Kit has a standard MMC
interface.

18

Kaspersky Anti-Virus 5.0 for Windows File Servers

In this section we shall discuss the interface's most important elements: the main
window, console tree and right-click context menu.

3.2.1. Main application window


The main window of the application (see Figure 1) contains:

The menu it contains the main features used to manage files and dialog
boxes and provides access to Help topics.

The toolbar its buttons provide quick access to frequently used menu
options.

The view pane, which displays the list of anti-virus system objects as a
console tree.

The results pane, which shows a list of elements for the object selected
in the console tree.

Figure 1. Administration console

3.2.2. Console tree


The console tree represents the logical networks existing in the corporate LAN,
as well as the properties of the local computer where the Administration console
is installed.
The Kaspersky Administration Kit namespace may include several nodes
representing Administration servers deployed within your LAN and the Local
computer object.

Application management concept

19

The Local computer object is designed for the local management of Kaspersky
Anti-Virus installed on the server computer. The context-sensitive (right-click)
menu allows to you to open the application settings dialog box, which also allows
the tuning of local server tasks.
If an Administration server is present on the LAN you can control Kaspersky AntiVirus on remote servers. When a connection to an Administration server is
established the <Server name> node will display a list of folders (please see
details in the Administrator's guide for Kaspersky Administration Kit 5.0).
Selecting a folder in the console tree displays its contents in the results pane.
Objects within the folders can be managed using the context-sensitive menu.
The Policies and Tasks folders in the Groups folder are intended for the
management of group policies (see Chapter 6 on p. 25) and tasks (see section
7.2 on p. 76). You can modify application settings (see section 7.3 on p. 80) and
local task parameters (see section 7.2 on p. 76) for all remote computers on
which Kaspersky Anti-Virus is installed, provided that they are included in the
Groups folder.

3.2.3. Context-sensitive (Right-click) menu


Every type of object in the Kaspersky Administration Kit namespace of the
console tree has a context-sensitive (right-click) menu, which enable both the
standard MMC right-click commands, and specific options for treating objects.
In the results pane, each element of an item selected in the console tree also has
a context-sensitive menu, containing actions that can be performed on the
element.

CHAPTER 4. DEFAULT SERVER


PROTECTION
Anti-virus protection will be enabled immediately after application setup on a
computer using the default settings. Those settings are recommended by experts
at Kaspersky lab for optimal protection of your computer.
Besides, the application provides an opportunity for quick modification of its
settings by selecting any of three predefined protection levels specified by
Kaspersky Lab experts: maximum protection, recommended or high speed.

4.1. Levels of anti-virus protection


The anti-virus settings can be conveniently adjusted through selection of one of
three preset protection levels (see Table 1):

Maximum protection provides maximum possible protection, at the


expense of a certain performance decrease.

Recommended the default level of anti-virus protection with settings


recommended by Kaspersky Lab, which ensures the optimal balance
between performance and protection.

High speed provides top system performance at the expense of a


somewhat lower protection.

If you modify any of the predefined level settings the level of anti-virus protection
will change to Customized. It is the fourth anti-virus protection level using
custom user settings.
The table below contains the settings of real-time protection tasks (protection)
and on-demand scanning tasks (scanning) for the predefined security levels.
Legend:
+

enabled setting;
disabled setting;
the setting is not applicable for the task.

21

Default server protection

Table 1. Parameter settings of different protection levels


Maximum protection
Setting
Use
IChecker
Use
IStreams
Scanning
level
Maximum
size of
objects to
be
scanned,
(MB)
Maximum
duration for
object
scanning,
(sec)
Hard drives
Removable
media
Network
drives
NTFS
streams
Drive boot
sectors
Packed files
Archives
Selfextracting
archives
E-mail
databases
Files in text
e-mail
formats
OLE
objects

Recommended

High speed

Protection

Scanning

Protection

Scanning

Protection

Scanning

+
Files by
format

Files by
format

All files

Files by
format

All files

Files by
extension

60

60

60

60

22

Kaspersky Anti-Virus 5.0 for Windows File Servers

4.2. Default settings


The application provides anti-virus protection immediately after installation using
its default, recommended, settings.
Details of the default settings for anti-virus protection tasks are as follows:
REAL-TIME PROTECTION IN THE MONITORING MODE
The recommended level of protection for real-time protection has the following
settings:

infectable files are analyzed when they are opened for reading, writing
and execution, namely:

files on hard, removable and network drives, boot sectors;

packed files, OLE objects.

Archives, e-mail databases, are files in e-mail text formats are not
checked.

iChecker and iStreams technologies are enabled.

If an infected object is detected the application will attempt to disinfect it; if


disinfection fails the object is removed; if a suspicious object is detected it
is quarantined.

If a riskware program is detected, Kaspersky Anti-Virus will block its


execution and append the information to its report.

VBScript and JavaScript dynamic scripts processed by the Windows


system script processing engine are checked. If a suspicious script is
detected the application will block its execution.

The scanning duration is limited to 60 seconds for compound objects.

ON-DEMAND VIRUS SCANNING


The default recommended level of protection for full system scanning is as
follows:

complete weekly scanning is scheduled for 20:00 each Friday;

the following files are scanned:

archives, self-extracting archives;

packed files, OLE objects;

drive boot sectors and alternate NTFS streams;

startup objects;

Default server protection

23

objects in RAM;

e-mail databases and files in e-mail text formats are not scanned;

iChecker and iStreams technologies are enabled.

If a riskware program is detected, Kaspersky Anti-Virus will skip it and add


a corresponding record to its report.

If an infected object is detected the application will attempt to disinfect it


and removes the object if disinfection fails; if a suspicious object is
detected it is quarantined.

UPDATING ANTI-VIRUS DATABASE AND APPLICATION MODULES


The default settings for updating the anti-virus database and the application are:

the anti-virus database update procedure is scheduled to run every 3


hours following installation;

updating of the anti-virus database and critical application modules


updates are enabled;

downloading of all available application modules updates is disabled.

ISOLATION OF SUSPICIOUS OBJECTS


The default settings for quarantine of suspicious objects are:

quarantined objects are rescanned after each update of the anti-virus


database;

quarantine storage size is unlimited;

stored quarantined objects are preserved for 90 days.

PRESERVATION OF AN INFECTED OBJECT COPY


Prior to attempted disinfection or deletion, a copy of each infected object is made
in backup storage. The default settings are:

backup storage size is unlimited;

stored backup objects are preserved for 90 days.

CHAPTER 5. RECOMMENDED
SETUP DEPENDING UPON
SERVER CONFIGURATION
A computer may perform several roles simultaneously. For instance, it can act at
the same time as a file server, e-mail server, application server, and database
server etc.
During Anti-Virus setup you are advised to configure your server following the
guidelines below:

If you are working with large databases of particular formats it is advisable


to exclude them from the scan scope. Scanning of databases may slow
down and possibly interrupt connections between client applications and
the database.

If the anti-virus package is installed on a server acting as domain


controller, you are advised to exclude from the scan scope directories
containing any data which is accessed in real time by the domain
controller services (log files, initialization files, etc.).

You are advised to avoid double scanning of the same objects by different
anti-virus tools, as rescanning reduces application performance. This is
especially true for data transferred by client-server applications, which
should only be scanned on the server.

CHAPTER 6. LOCAL
MANAGEMENT
6.1. Using the command line
Kaspersky Anti-Virus can be controlled using the command line, which supports
the following tasks:
SCAN

Scanning of selected objects

FULLSCAN

Complete computer scanning

UPDATE

Updating of the anti-virus database and application


modules

ROLLBACK

Rolling back of the last anti-virus database update

RTP

Real-time protection mode control

START

Launches Kaspersky Anti-Virus

STOP

Stops Kaspersky Anti-Virus

TASK

Management of Kaspersky Anti-Virus tasks

CONVERT

Report conversion into a convenient format for reading.

IMPORT

Imports Kaspersky Anti-Virus settings from a file

EXPORT

Exports Kaspersky Anti-Virus settings to a file

Enter the following to view command syntax:


KAVSHELL HELP command
KAVSHELL command /?
Examples:
KAVSHELL HELP SCAN
KAVSHELL SCAN /?

26

Kaspersky Anti-Virus 5.0 for Windows File Servers

In order to display this help:


KAVSHELL [ /? | HELP ]

6.1.1. Scanning selected objects


Command syntax:
KAVSHELL SCAN [objects] [/L[!]:objects_file] [/F(A|E|C)]
[/DISINFECT|/DELETE] [/W]:report_file]
objects

[files] [directories] [PREDEFINED]


Specifies a list of one or more files, directories or
predefined objects (PREDEFINED) delimited by spaces.
Notes:
- An object name must be specified in quotes if it
contains a space character;
- Masks may be used to scan multiple files (see
examples of masks in section 6.2.1.2.1 on p.36).
- If a directory is specified, all files within the directory
will be scanned.

PREDEFINED

[/MEMORY] scan objects in RAM;


[/STARTUP] scan startup objects;
[/REMDRIVES] scan all removable drives;
[/FIXDRIVES] scan all local drives;
[/NETDRIVES] scan all network drives.

/L[!]:objects_file

Specifies a file containing the list of objects to be


scanned. Each object is specified in a new line. The '!'
character forces the removal of the file containing the list
of objects after scan completion.
Use of either absolute or relative file path is allowed. The
path must be specified in quotes if it contains a space
character.

[/F(A|E|C)]

Types of files to be scanned:

/FA

scan all files.

27

Local management

/FC

scan infectable files, by format

/FE

scan infectable files, by extension

/W:report_file

Writes only important events to specified report_file.


Use of either absolute or relative file path is allowed. The
path must be specified in quotes if it contains a space
character.

/WA:report_file

Writes all events to specified report_file.


Use of either absolute or relative file path is allowed. The
path must be specified in quotes if it contains a space
character.
Operations on infected objects:

/DISINFECT

Cure, delete if disinfection fails.

/DELETE

Delete all infected objects.


Notes:
- if no action has been specified, an infected object will
be skipped and relevant information about its detection
will be added to program report;
- compound files will not be deleted.

Examples:
KAVSHELL SCAN "C:\Program Files" C:\Downloads\test.exe
/MEMORY /STARTUP /FA /DISINFECT /WA:log.txt
KAVSHELL SCAN /MEMORY /STARTUP C:\Downloads\test.exe /FC
/W:log.txt

6.1.2. Full scan


Command syntax:
KAVSHELL FULLSCAN [/W[A]:report_file]
/W:report_file

Writes only important events to specified report_file.


Use of either absolute or relative file path is allowed. The
path must be specified in quotes if it contains a space
character.

28

Kaspersky Anti-Virus 5.0 for Windows File Servers

/WA:report_file

Writes all events to specified report_file.


Use of either absolute or relative file path is allowed. The
path must be specified in quotes if it contains a space
character.

Example:
KAVSHELL FULLSCAN
KAVSHELL FULLSCAN /WA:fullscan.log

6.1.3. Launching update


Command syntax:
KAVSHELL UPDATE [update source] [/W[A]:report_file] [/APP]
[update source]

HTTP or FTP server or network directory to be used as


the source while downloading the updates. If no path has
been specified, the source of updates will be copied from
the settings defined in the update task for the anti-virus
database and application modules.

/W:report_file

Writes only important events to specified report_file.


Use of either absolute or relative file path is allowed. The
path must be specified in quotes if it contains a space
character.

/WA:report_file

Writes all events to specified report_file.


Use of either absolute or relative file path is allowed. The
path must be specified in quotes if it contains a space
character.

/APP

Updates application modules.

Examples:
KAVSHELL UPDATE /WA:avbases_upd.txt
KAVSHELL UPDATE /APP

29

Local management

6.1.4. Rolling back the last update


Command syntax:
KAVSHELL ROLLBACK [/W[A]:report_file]
/W:report_file

Writes only important events to specified report_file.


Use of either absolute or relative file path is allowed. The
path must be specified in quotes if it contains a space
character.

/WA:report_file

Writes all events to specified report_file.


Use of either absolute or relative file path is allowed. The
path must be specified in quotes if it contains a space
character.

Examples:
KAVSHELL ROLLBACK /WA:rollback.log

6.1.5. Real-time protection


Command syntax:
KAVSHELL RTP [taskid] { /START [/W[A]:report_file] |
/STOP }
/START

Turns on real-time protection or the specified task.

/W:report_file

Writes only important events to specified report_file.


Use of either absolute or relative file path is allowed. The
path must be specified in quotes if it contains a space
character.

/WA:report_file

Writes all events to specified report_file.


Use of either absolute or relative file path is allowed. The
path must be specified in quotes if it contains a space
character.

/STOP

Turns off real-time protection or the specified task.

30

Kaspersky Anti-Virus 5.0 for Windows File Servers

taskid

Real-time protection (RTP) task identifier. If taskid is not


specified then commands are applied to the whole RTP.
Can be one of the following:

on-access real-time file protection

script-checker real-time checking of scripts

Examples:
KAVSHELL RTP /START /W:rtp.log
KAVSHELL RTP on-access /START /WA:oas.log
KAVSHELL RTP script-checker /STOP

6.1.6. Application launch


Command syntax:
KAVSHELL START
This command is only accessible to local computer administrators.

6.1.7. Application stop


Command syntax:
KAVSHELL STOP
This command is only accessible to local computer administrators.

6.1.8. Task management


Command syntax:
KAVSHELL TASK [taskid { /START [/W[A]:report_file] |
/STOP |
/PAUSE |
/RESUME |
/DELETE ]
Without options

Lists all available tasks with their unique identifiers,


names and statuses.

31

Local management

/START

Starts the task with the specified taskid.

/W:report_file

Writes only important events to specified report_file.


Use of either absolute or relative file path is allowed.
The path must be specified in quotes if it contains a
space character.

/WA:report_file

Writes all events to specified report_file.


Use of either absolute or relative file path is allowed.
The path must be specified in quotes if it contains a
space character.

/STOP

Stops the task with the specified taskid.

/PAUSE

Suspends the task with the specified taskid.

/RESUME

Resumes the task with the specified taskid.

/DELETE

Deletes the task with the specified taskid.

taskid

Task unique identifier. To obtain a full list of identifiers


use KAVSHELL TASK without any option.
System tasks can be managed using the following
predefined identifiers:

scan-computer full scan of PC

scan-critical scan of boot sectors, memory,


startup objects

update-bases update anti-virus bases

update-app update application modules

rollback rollback the last update of the antivirus database

on-access real-time protection of files

script-checker real-time checking of scripts

32

Kaspersky Anti-Virus 5.0 for Windows File Servers

Examples:
KAVSHELL TASK
KAVSHELL TASK update-app /START /WA:update_
application.log
KAVSHELL TASK _LOCAL_0630cddf-0793-4c2d-be1e-a3daed0904c6
/START /WA:task.log
KAVSHELL TASK _LOCAL_0630cddf-0793-4c2d-be1e-a3daed0904c6
/DELETE

6.1.9. Convert report to convenient format


for reading
Command syntax:
KAVSHELL CONVERT /I:report_file /O: output_report_file
/I:report_file

Initial report file generated by a task in optimized


format.
Use of either absolute or relative file path is allowed.
The path must be specified in quotes if it contains a
space character.

/O:output_report_file

Report file in convenient format for reading.


Use of either absolute or relative file path is allowed.
The path must be specified in quotes if it contains a
space character.

Examples:
KAVSHELL CONVERT /I:scan.log /O:scan.txt

6.1.10. Import / export of settings


Command syntax:
KAVSHELL IMPORT settings_file
KAVSHELL EXPORT settings_file

33

Local management

settings_file

The name of the file used as the source or target


while importing or exporting the settings of
Kaspersky Anti-Virus.

Examples:
KAVSHELL IMPORT c:\kav50settings.xml
KAVSHELL EXPORT c:\kav50settings.xml

6.2. Application management using


the Administration console
When Kaspersky Anti-Virus is managed locally using Administration console you
are actually dealing only with the Local computer object in the console tree.
In this mode only the tasks and settings of the locally installed instance of the
application (Kaspersky Anti-Virus) can be controlled.

6.2.1. Task management


During application setup a list of system tasks is generated for each computer.
The list includes real-time protection tasks (file system protection, e-mail
protection, scanning of macros and scripts), on-demand scanning tasks
(scanning My Computer, automatic scanning at the launch of Kaspersky AntiVirus) and updating tasks (updates of the anti-virus databases, updates of
application modules, roll-back feature for the updates to anti-virus databases).
The real-time protection tasks apply globally and run in the background. System
tasks for on-demand scanning and updating of the anti-virus database are
scheduled.
You can start the system tasks and edit their parameters and schedule;
those tasks cannot be deleted.
The administrator can create and manage custom tasks.

34

Kaspersky Anti-Virus 5.0 for Windows File Servers

In order to review tasks for Kaspersky Anti-Virus,


select the Local computer object in the console tree and use the
Properties command of the right-click menu. In the next window, titled
<Computer name> Properties, switch to the Tasks tab (see Fig. 2).
You can edit the task list using the Add and Delete buttons; task settings can be
modified in the window that opens after clicking the Properties button.

Figure 2. Task list of Kaspersky Anti-Virus

6.2.1.1. Launching and stopping tasks


The tasks on a computer can be started only if the corresponding
application is running. If the application is terminated, the running tasks
are also aborted.
Tasks can be launched and stopped either automatically, according to the
schedule, or manually, using the context sensitive menu options or from the task
settings viewing window. Running tasks can be paused and subsequently
resumed.

Local management

35

To manually start / stop / pause / resume a task,


select the required task from the list (see Fig. 2), open the right-click
menu, and select the Start / Stop / Pause / Resume command.
Similar commands can be accessed from the task configuration window on the
General tab (see Fig. 3), using the Start, Stop, Pause and Resume buttons.

6.2.1.2. Viewing and editing task settings


To view and / or edit task settings,
1.

In the console tree select the Local computer item. Open its right-click
menu and select the Properties command, or press the Properties
button.

2.

In the following Local computer Properties dialog box switch to the


Tasks tab (see Fig. 2) and click Properties to view and edit the task
settings.

The Task properties dialog box (see Fig. 3) contains the following tabs:
General, Settings, Account, Schedule, and Notification. The caption of the
dialog box contains the task name.

36

Kaspersky Anti-Virus 5.0 for Windows File Servers

Figure 3. The General tab

All tabs (except for the Settings and Account tabs) are standard tabs for
Kaspersky Administration Kit 5.0. More information about these tabs is available
in the administrators guide for that product. The Account tab can be used to set
up task launch from a selected account (see section 6.2.1.3 on p. 52). The
Settings tab displays specific settings for Kaspersky Anti-Virus depending on the
type of the selected task: the next section contains a detailed description of this
tab.

6.2.1.2.1. On-demand scanning


In the Settings tab (see Fig. 4) you can specify the parameters for an ondemand scanning task.

37

Local management

Figure 4. Setting up an on-demand scanning task

The Scan Scope field displays a list of objects to be scanned while the current
task is running. Objects for scanning (for instance, a drive, directory or file) can
be added in the window which opens after clicking the Add button. The list of
objects can be edited using the Edit button, and objects can be removed from
the scan list by clicking the Delete button.
In the Protection Level drop-down list you can select one of the three preset
levels of anti-virus protection (see section 4.1 on p. 20).
Clicking the Advanced button opens a window where you can review the
settings corresponding to the selected level or use them as the basis for your
own setup. The protection level value in that case will be changed to
Customized.
The window for advanced task configuration contains the Scan Scope, Actions
and Additional tabs.
The Scan Scope tab (see Fig. 5) can be used to specify the objects to be
included in and excluded from scanning.

38

Kaspersky Anti-Virus 5.0 for Windows File Servers

Figure 5. The Scan Scope tab

In the Scan Scope area you can select and deselect the resources which will be
scanned while running the task by checking the appropriate boxes.
In the Objects to scan area, select the types of objects to be scanned:

All objects analyze all objects in your file system;

Infectable objects analyze only potentially infectable objects. The


application analyzes the file contents, namely the format identifier in the
file header, to determine whether the file is potentially infectable;

Objects infectable by extension analyze only potentially infectable


objects. The application determines whether the file is potentially
infectable on the basis of the file extension.

In the Exclusion mask field, you can define objects to be excluded from ondemand scans. To add new masks, enable the Exclusion mask checkbox, click
the button to the right and edit the list of excluded masks using the Add, Edit
and Delete buttons in the new dialog box.

39

Local management

You may use masks to specify excluded objects.


Examples of allowed exceptions:

Masks without paths:

*.exe all files with the *.exe mask;

*.ex? all files with the *.ex? mask;

test all files named test.

Masks with absolute paths:

C:\dir\*.* - all files in the C:\dir\ directory;

C:\dir\*.exe all files matching the *.exe mask in the C:\dir\


directory;

C:\dir\*.ex? all files matching the *.ex? mask in the C:\dir\


directory;

C:\dir\test the file C:\dir\test only;

C:\dir\ all files in the C:\dir\ directory and its subdirectories.

Masks with relative paths:

dir\*.* all files in all dir\ directories;

dir\test all files named test in all the dir\ directories;

dir\*.exe all files matching the *.exe mask in all dir\


directories;

dir\*.ex? all files matching the *.ex? mask in all dir\


directories;

dir\ all files in all dir\ directories and all their subdirectories.

Masks consisting solely of ? and * characters are not allowed.


In the Actions area (see Fig. 6) select one of the following actions to be applied
to infected or suspicious objects:

Disinfect; delete if disinfection fails means that the application will attempt
disinfection; if the object cannot be restored, it will be deleted.

Move to quarantine transfers a suspicious object to the quarantine


directory for subsequent additional scanning using updated anti-virus
database or restoration.

40

Kaspersky Anti-Virus 5.0 for Windows File Servers

Delete deletes an infected or suspicious object. If you select that action


for an object, a copy of it will be created and stored in the backup storage.
You may use the copy to restore the file or send it for examination to
Kaspersky Lab.

Report only means that no actions will be performed on infected or


suspicious objects, the application will just log their detection (see details
on setting up the reporting service in section 6.2.2.8 on p. 68). You are
advised not to use this mode since infected or suspicious files will remain
in your computer, making it practically impossible to avoid infection.

Figure 6. The Actions tab

Within the Additional tab (see Fig. 7) you can enable/disable scanning for
various types of compound files, exclude the trusted riskware from scanning and
also enable some restrictions for the scanning process.
Do not detect trusted riskware (see section 6.2.2.3 on p. 60
Check the box
for details) to skip scanning of riskware installed on your computer.
You can restrict the duration of scanning. In order to do so enter the maximum
value (in seconds) in the Maximum scan time, sec. box. Scanning will be
terminated if its duration exceeds the defined limit. Enter the desired limits for

41

Local management

compound objects to be scanned in the Scan compound objects not larger


than, MB.
Use iChecker, Use iStreams checkboxes enable your scanner to use
these technologies for scanning acceleration.

Figure 7. The Additional tab

6.2.1.2.2. Real-time protection of files


Use the Settings tab (see Figure 8) to specify the parameters which apply to the
real-time protection of file system objects.
The Scan Scope field contains a list of objects, which will be scanned while the
task is running. You can add an object for scanning (a drive, directory or file) in a
window that appears after clicking the Add button. Use the Edit button to modify
the list of objects and the Delete button to remove objects from the list.
In the Protection Level drop-down list you can select one of the three preset
levels of anti-virus protection (see section 4.1 on p. 20).

42

Kaspersky Anti-Virus 5.0 for Windows File Servers

Figure 8. Setting up a task for real-time protection of files

Clicking the Advanced button opens a window where you can review the
settings corresponding to the selected level, or use them as the basis for your
own setup. The protection level value in that case will be changed to
Customized.
The window for advanced setup contains the Scan Scope, Actions and
Additional tabs.
Use the Scan Scope tab (see Fig. 9) to define the objects to be scanned, and
those to be excluded from real-time scanning. The range of settings is similar to
that within the Scan Scope tab for on-demand scans (see details in section
6.2.1.2.1 on p. 36).
The Anti-Virus will scan boot sectors only if the Sectors / Hard Drives or
Sectors / Removable Media checkboxes are enabled.

43

Local management

Figure 9. The Scan Scope tab

Use the Actions tab (see Fig. 10) to determine the action taken when the
application detects infected or suspicious objects:

Block access and disinfect; delete if disinfection fails means that the
application will attempt disinfection using the records from its anti-virus
database; if the object cannot be disinfected, it will be deleted.

Block access and move to quarantine transfers a suspicious object to


quarantine, either for subsequent additional scanning using an updated
anti-virus database, or for restoration.

Block access and delete deletes an infected or suspicious object. If this


action is chosen, a copy of the object will be created and stored in the
backup storage. You may use the copy to restore the file or send it for
examination to Kaspersky Lab.

Block access blocks the access to an infected or suspicious object to


external applications.

44

Kaspersky Anti-Virus 5.0 for Windows File Servers

Figure 10. The Actions tab

Use the Additional tab (see Fig. 11) to enable/disable scanning for various types
of compound files, to exclude the trusted riskware from scanning, to restrict
scanning duration and to enable/disable iChecker and iStreams technologies.
Do not detect trusted riskware (see section 6.2.2.3 on p. 60
Check the box
for details) to skip scanning of riskware installed on your computer.
You can restrict the duration of scanning. In order to do so, enter the maximum
value (in seconds) in the Maximum scan time, sec. box. Scanning will be
terminated if its duration exceeds the defined limit.
Use iChecker, Use iStreams checkboxes enable your scanner to use
these technologies for scanning acceleration.

45

Local management

Figure 11. The Additional tab

6.2.1.2.3. Real-time monitoring of scripts


You can set up the parameters for real-time scanning for potentially dangerous
VBScript and Java Script scripts using the Settings tab.
Selection of the protection level and switching to the advanced setup window are
identical to the task for real-time protection of files (see section 6.2.1.2.2 on p.
41).
The advanced setup window (see Fig. 12) contains the Forbid execution action
for all protection levels. Selection of the Allow execution action will change your
protection level to Customized.

46

Kaspersky Anti-Virus 5.0 for Windows File Servers

Figure 12. The Actions tab

6.2.1.2.4. Updating anti-virus database and


application modules
The Settings window (see Fig. 13) looks identical for the tasks for updating antivirus database and application modules. The task for rolling back the updates to
anti-virus database has no specific settings.

Local management

47

Figure 13. Setting up a task for update of the anti-virus database and application modules

Update anti-virus database check this box to receive updates for the
anti-virus database.
Copy updates automatically check this box to enable automatic
downloading and installation of updates to application modules:
All available updates all available updates for the
application components will be installed automatically.
Urgent updates only urgent (critical) updates for the
application components will be installed automatically.
Disable installation of updates that require reboot. If the checkbox is
disabled, the server will be automatically restarted after downloading and
installation of updates, which require a mandatory restart
If the box is checked and computer restart is forbidden, application of updates
will depend upon the Allow partial updating checkbox:

checkbox disabled: a package of updates will be copied to the directory


used for updates storage, but it will not be applied.

48

Kaspersky Anti-Virus 5.0 for Windows File Servers

checkbox enabled: a package of updates will be copied to the directory


used for updates storage. Patches included in the package will be
arranged into a chain for sequential application. The updating procedure
will apply all files from the chain beginning up to the first one, which
requires computer restart

Use the Updates' source section to specify the source of updates and its
settings:

Kaspersky Administration Server a centralized updates storage


located on the administration server of Kaspersky Administration Kit.

Kaspersky Lab's Update Servers HTTP or FTP updates' servers of


Kaspersky Lab accessible via the Internet and containing fresh updates
published daily.

HTTP-, FTP-server or network folder a local server or directory, where


the security administrator copies updates downloaded from the Internet.

If updating from an Administration Server of Kaspersky Administration Kit or from


a local server / folder fails because of an error, you can set up automatic
downloading of updates from updates servers of Kaspersky Lab in the Internet.
To do so, enable the checkbox
Use Kaspersky Labs Update Servers if
HTTP-, FTP server or network folder are not accessible.
Click LAN Settings to specify your network settings (see Fig. 14)

49

Local management

Figure 14. LAN settings

Use passive FTP mode if possible check this box if your server is
protected with a firewall and you cannot connect to an FTP-site in active
mode.
Use the Connection timeout, sec. field to enter the desired timeout for
connecting to an updates' server of Kaspersky Lab.
If you are accessing the source of updates through a proxy server, enable
proxy use and select the connection settings:
Use proxy for Kaspersky Lab servers to receive updates from the
updates servers of Kaspersky Lab through the proxy.
Use a proxy for customs servers to retrieve updates from a local
server / folder through the proxy:
Use IE Proxy Settings when connecting through a proxy-server,
use the MS Internet Explorer proxy settings.
Use custom settings to customize proxy settings, type the IP
address of the proxy server and the port number into the Address
and Port fields, respectively.
In the Authorization settings section select the type of authorization to be used
it can be either NTLM or Basic. If you select Basic authorization fill in the User
name and Password fields.

50

Kaspersky Anti-Virus 5.0 for Windows File Servers

Use the window (see Fig. 15) displayed after clicking the Sharing settings
button to configure the updates' sharing service. The service allows downloaded
updates to the anti-virus database and application modules to be stored in a local
directory for future sharing with other LAN computers, saving thus web traffic.
Check the
Copy to updates' shared folder box in order to enable the
updates sharing service. Specify below the types of updates to be added to the
local folder for further sharing:
Anti-virus database updates means that received updates for the antivirus database will be saved in the shared folder containing updates.
Application modules updates means that received updates for
application components will be saved in the shared folder containing
updates:
All available updates means that all application modules
updates will be shared.
Urgent updates means that only urgent (critical) updates for
application modules will be shared.
In addition, you can select the method to be used while downloading updates:

complete, copying the anti-virus databases, content filtration databases


and updates to application modules for all products of Kaspersky Lab. To
For all applications.
enable complete updating, enable the checkbox

selective, copying updates to the anti-virus databases and application


modules just for Kaspersky Anti-Virus 5.0 for Windows Workstations and
Kaspersky Anti-Virus 5.0 for Windows File Servers. Selection of that
mode is possible if only the
For all applications checkbox is disabled
(default setting).

Specify the path to the shared folder in the Updates' shared folder field.

51

Local management

Figure 15. Setting up the updates sharing service

Perform the following actions in order to grant access for computers in


your LAN to a local directory assigned for sharing of updates:
1.

Allow common access to the local source directory containing the


updates.

2.

On the client computer, specify the network path to the local source
directory in the update task settings.

6.2.1.2.5. License key installation


This task is created by the administrator when a new license key has to be
added.
Use the Browse button to locate the path of the key file in the Settings tab (see
Fig. 16).
Use as the
To make the key being added your current key check the box
current license key.
Do not check the box if the key is added as a reserved key. An additional license
key becomes your current key when the current license key expires.

52

Kaspersky Anti-Virus 5.0 for Windows File Servers

Figure 16. License key installation

6.2.1.3. Task launch using a specified user


account
Kaspersky Anti-Virus includes an implemented service that allows running its
tasks from another user account (impersonation).
The service is disabled by default, and the tasks are started using the current
account. When the service is enabled, the administrator has to enter the login
information of an account with sufficient rights to access the objects of a
respective task, e.g.: while running on-demand scanning tasks the corresponding
account must have rights to access the objects being scanned; while running
update tasks it must have rights to access the corresponding the local update
directory or have authorized user rights on a proxy server.
That helps to avoid errors while running on-demand scanning and updating
tasks, which occur when a user launching the task has no required access rights.
You can set up the launch of anti-virus tasks from another user account within
the Account tab (see Fig. 17).

53

Local management

Figure 17. The Account tab

Default account option means that the current account will be used.
Specified account option serves to enter the parameters of a different
account. If you select that variant, fill in the Run as user, Password
and Confirm password fields.

6.2.1.4. Task creation


To create a task, perform the following actions:
1.

Select the Local computer object in console tree. Open its rightclick menu and select the Properties command.

2.

Switch to the Tasks tab (see Fig. 2), which lists the available tasks.

3.

Click Add to open the new task creation wizard, which will guide
you through the process. To navigate the wizard dialogs boxes
click Back and Next. To finish working with the wizard, click Finish.
To stop working with the wizard at any stage, click Cancel.

54

Kaspersky Anti-Virus 5.0 for Windows File Servers

Step 1. General information about the new task


The first wizard dialog box is introductory: here you should enter the task name
in the Name field.

Step 2. Select the application and type of the task


Select Kaspersky Anti-Virus 5.0 for Windows File Servers application from
the Choose the application for which to define a task drop-down list. Then
select the task type from the Choose type of task for execution drop-down list.
The following tasks can be created for Kaspersky Anti-Virus for Windows File
Servers:

Anti-virus database and application modules update;

Rollback of updates to anti-virus database;

On-demand scan;

License key installation.

Step 3. Configure task settings


The contents of the following wizard windows will vary depending on the type of
the task selected during the previous stage. Please refer to section 6.2.1.2 on
p. 35 for details about the settings of each task type.
The task for rolling back an update to the anti-virus databases has no
specific settings.

Step 4. Set up task launch using the specified user account


During this step (see Fig. 18) you can set up the launch of the task being created
from another user account with sufficient rights to access the object of scanning
or an updates source (please see section 6.2.1.3 on p. 52 for details).

Local management

55

Figure 18. Setting up task launch using a specified account

Step 5. Schedule tasks


After you have configured the selected task type, the wizard will open the Task
scheduling settings dialog box (see Fig. 19), where you can schedule this task.

56

Kaspersky Anti-Virus 5.0 for Windows File Servers

Figure 19. Scheduling a new task

Select the desired task frequency from the Schedule for drop-down list. The
following variants are possible: Every N hours, Every N days, Every N weeks,
Manually, and At application launch. Depending on your choice, the elements of
this dialog box will vary.
Tasks for rolling back the anti-virus database and installing license keys
can be launched manually only.
Please see details on setup of scheduled task launch in the Administrators guide
for Kaspersky Administration Kit 5.0.

Step 6. Finish creating a task


The last wizard window will inform you that the task has been successfully
created.

57

Local management

6.2.2. Configuring application settings


To review / change application settings,
1.

In the console tree, select the Local computer item and click the
Properties command in the right-click menu.

2.

You will see Local computer Properties window. Select the


Applications tab (see Fig. 20) that displays a list of Kaspersky Lab
applications installed on the computer.

Figure 20. The list of Kaspersky Lab applications

3.

Select Kaspersky Anti-Virus 5.0 for Windows File Servers.


Below the list, you can see the Events, Statistics, and Properties
control buttons that serve to:

View a list of events, which occurred on the computer while the


application was running (for report details, see the
Administrators guide for Kaspersky Administration Kit 5.0).

58

Kaspersky Anti-Virus 5.0 for Windows File Servers

View current statistics about application performance.

Access application settings. Clicking the Properties button


opens a window including the following tabs: General,
Additional, Quarantine, Backup, Storage objects,
Riskware, Trusted processes, Licenses, and Event
processing. Please see detailed description of each tab
below.

6.2.2.1. General information about the


application
In the General tab (see Fig. 21) you can review general information about
Kaspersky Anti-Virus, start or stop its operation.
The upper portion of the window displays the title of the application, its version,
date of installation, its status (whether the application is running or stopped on a
local computer) as well as information about the condition of the anti-virus
database.
You can start and stop the application using the appropriate buttons.

Figure 21. Application properties window. The General tab

Local management

59

6.2.2.2. Configuring additional application


settings
The Additional tab (see Fig. 22) displays the settings for service parameters.
Launch application at system startup in order to allow
Check the box
Kaspersky Anti-Virus to launch when Windows starts up.

Figure 22. Application properties window. The Additional tab

In the window (see Figure 24), which opens after clicking the Troubleshooting
options button, you can define the system load while on-demand scanning
tasks are running. That can be accomplished by enabling the checkbox
Limit
system usage (%) and then using the field to the right to specify the peak load
value (in percents). The recommended value established during testing is 30%.
Lower values result is longer scanning and migration of resources to user
applications.

60

Kaspersky Anti-Virus 5.0 for Windows File Servers

Figure 23. The Troubleshooting options window

In the window (see Figure 25) that opens upon clicking the Notifications
button you can enter the conditions for receipt of notifications about the status of
tasks for updating of the anti-virus database and full computer scanning. Two
levels of events exist for both of those task types, they are warning and error.

Figure 24. The Notifications window

Specify in the field to the right of each event the interval in days, after which a
user should see the respective notification displayed every day at the launch of
Kaspersky Anti-Virus. The specified time period will be counted beginning with
the date, when the respective task was performed last time.

6.2.2.3. Setting up riskware detection


parameters
Kaspersky Anti-Virus allows detection of riskware, running on a computer or
loaded from the internet as well as the same stored on its hard drive or
removable media.
Riskware means software that may harm your computer: lawful software
containing security breaches or bugs, remote administration software, spyware
tracking keyboard input, password recovery software, automatic dialers making
charged calls to specific sites, etc.

61

Local management

Such software cannot be referred to as viruses (not-a-virus class), but it may be


subdivided into types, e.g., Adware, Joke, Riskware, Hack Tools, etc. (please
check Virus Encyclopedia at www.viruslist.com for such information about
potentially insecure programs detectable by Kaspersky Anti-Virus). Kaspersky
Anti-Virus employs an extended anti-virus database for detection of such
programs.
Scanning of riskware is enabled by default. Upon detection of any such program
in the real-time protection mode Kaspersky Anti-Virus blocks its execution and
logs the relevant information in its report; in the on-demand scanning mode it
skips the programs and also appends the information to the report.
In the Riskware tab (see Fig. 25) you can set up the parameters for riskware
detection and create a list of trusted programs allowed to run on computers in
your network.

Figure 25. The Riskware tab

In order to make Kaspersky Anti-Virus check whether program files belong to a


certain riskware type check the
Detect riskware, adware, pornware, etc
box.
Check the

Detect hack tools box to enable search for hacker software.

62

Kaspersky Anti-Virus 5.0 for Windows File Servers

Use the Trusted riskware to create a list of exceptions, which will be skipped
during riskware scanning. Programs in the list are considered to be approved
and may be executed on a computer. You can fill the list or modify it using the
buttons to the right.
Pressing the Add/Edit button opens an additional window (see Fig. 26). Fill in
one of the window fields to add/edit a program name.

Figure 26. Adding a program to the trusted riskware list

Use the File path mask field to specify the path to the directory containing
program files. In the Riskware verdict mask: field you can enter any of the
following:

complete program name as it appears in the Virus Encyclopedia at


www.viruslist.com (e.g., not-a-virus:RiskWare.RemoteAdmin.RA.311 or
Flooder.Win32.Fuxx);
masked program name, e. g.:

not-a-virus* to exclude from scanning trusted but potentially


dangerous programs and jokes;

*Riskware.* to exclude from scanning all potentially dangerous


programs belonging to the Riskware type;

*RemoteAdmin.* to exclude all


administration software from scanning.

versions

of

remote

* and ? wildcards can be used for mask entry.


Together with a riskware mask you can enter the path to the directory, where the
software matching the mask should not be detected.
E. g., if you enter the "*Riskware.*" mask together with the "C:\Program Files\"
path, the Anti-Virus will stop detection of all potentially dangerous programs of
"Riskware" type in "C:\Program Files\" and its subdirectories.

63

Local management

6.2.2.4. Monitoring the activity of software


processes
Kaspersky Anti-Virus allows the user to build a list of software processes, whose
file activity should not be monitored by the anti-virus application.
E.g., you may believe that the objects used by Notepad, a standard Microsoft
Windows application, are safe and require no real-time protection. In other
words, you trust the process of that program. Add Notepad to the list of trusted
processes, to exclude objects used by that process from scanning.
You can build a list of trusted processes on the Trusted processes tab (see
Fig. 27).

Figure 27. The Trusted processes tab

By default, Kaspersky Anti-Virus checks objects opened, launched or saved by


any software process. To disable the control over file activity of trusted
processes, check the box
Do not control activity of trusted processes.
Use the List of trusted processes section to build a list of processes for which
the Anti-Virus should not scan accessed objects. You can fill the list or edit it
using the buttons to the right.
Pressing the Add/Edit button opens an additional window (see Fig. 28).

64

Kaspersky Anti-Virus 5.0 for Windows File Servers

Figure 28. Adding a trusted process

You can select the process file name using the Browse button. Upon name
selection, Kaspersky Anti-Virus registers internal attributes of the process file and
then uses them to identify the process as a trusted one during anti-virus
scanning.
File path will be substituted automatically after name selection. You can modify it
manually or specify the path as a mask.
In case of remote management using the Administration Console, you
will have to specify the path to process file on a remote host.

6.2.2.5. Configuring Quarantine and Backup


settings
Kaspersky Anti-Virus can isolate suspicious objects in quarantine storage and
save backup copies of infected objects prior to their disinfection or removal.
When a suspicious object is detected, the application will isolate it in the
quarantine directory, where you can rescan, delete or restore it.
A backup copy of the object will be created before the first attempt to disinfect or
delete it. The copy will be saved to special storage directory from which it can be
restored should it contain valuable data.
The Quarantine (see Fig. 29) and Backup tabs allow you to specify parameters
for those storage directories. The parameters are identical for both storage
directories, so they will only be described once here.

65

Local management

Figure 29. The Quarantine tab

Enter the location of the quarantine directory in the Storage path box.
Delete objects stored longer than, days a restriction for the objects
storage duration. Quarantined files are preserved for 90 days by default.
You can modify the period by entering the corresponding number in the
box to the right.
Maximum quarantine size, MB a restriction for the combined size of
preserved quarantined files. The Anti-Virus will delete the oldest
quarantined files when this limit is exceeded.
Rescan quarantine upon anti-virus database update. Check the box if
you wish to enable automatic rescanning of quarantined suspicious
objects after each update of the anti-virus database.

6.2.2.6. Working with Quarantine and Backup


You can review objects quarantined and backed-up on a computer using the
Storage objects tab (see Fig. 30).

66

Kaspersky Anti-Virus 5.0 for Windows File Servers

To do so, click the List of objects button in the Quarantine or Backup copy
storage section respectively.

Figure 30. The Storage objects tab

The dialog boxes displaying the contents of both storage areas are similar (see
Fig. 31). In the central part of the dialog box, you can see a list of quarantined or
backup files. The following information is available for each object: name, status,
the date when an object has been added to storage directory and its original
path.
Above the list there is an object management toolbar. Use the buttons to:
Restore an object. Click this button to restore the selected object,
specifying the location in which it will be restored. Objects can be
restored only to a computer where Administration console is installed.
In case of remote management via Kaspersky Administration
Kit objects are restored only to the computer used for remote
control.
Delete the object from the storage folder.
Refresh the storage contents.

67

Local management

Scan an object (only for quarantined objects).

Figure 31. Quarantine storage

6.2.2.7. Viewing license key information


The Licenses tab (see Fig. 32) is purely informational. It displays information
about the current and the reserved license keys installed on the current client
computer.

68

Kaspersky Anti-Virus 5.0 for Windows File Servers

Figure 32. The Licenses tab

6.2.2.8. Configuring report generation settings


The Event processing tab (see Fig. 33) displays the types of events occurring
and being registered in reports, the location for storing the reports, and the
settings for notifying the administrator and / or other users thereof.

69

Local management

Figure 33. Editing a policy. The Event processing tab

Kaspersky Anti-Virus generates events during its operation (see Table 2), each
with its own priority status. There are four priority statuses:

Critical event;

Error;

Warning;

Informational message.

Events of the same type can be assigned different priority statuses, depending
on the particular situation in which the event occurred.
Select the priority level from the Events severity drop-down list to define event
status. In the information field below the list, you can view the types of events for
the selected priority level.

70

Kaspersky Anti-Virus 5.0 for Windows File Servers

Table 2. Application events


Event type
Object was cured
Infected object was deleted

Priority status
Warning
Warning

RTP level was changed

Informational
message

License will expire soon (two weeks before the


expiration date)

Warning

License has expired


License is invalid.

Critical event
Error

Suspicious object was found

Warning

Malfunction

Warning
Error

Anti-virus database update has expired:


a week ago*

Warning
Critical event

two weeks ago*


Virus was found

Critical event

Internal error

Error

Operating system had to be restated because of


application installation

Warning

Password-protected archive was found

Warning

Object was not cured

Warning

Full scan of the computer was performed a long


time ago:
two weeks ago*
a month ago*

Warning
Critical event

Local management

71

* Those are the default values. You can modify them in the Notifications window
(see section 6.2.2.2 on p. 59).
For each event you can specify whether it should be appended to a report, and
the method used to notify the administrator when the event occurs.
For more detailed description of the Event processing tab refer to the
Kaspersky Administration Kit 5.0 administrators manual.

CHAPTER 7. REMOTE
MANAGEMENT
Using centralized management of Kaspersky Anti-Virus via Kaspersky
Administration Kit you can control the policies, tasks and settings of Kaspersky
Anti-Virus application installed on remote computers in your LAN.

7.1. Policy management


This section describes how to create and manage policies for Kaspersky AntiVirus. Detailed information about managing policies is available in the
Administrators guide for Kaspersky Administration Kit 5.0.

7.1.1. Creating a policy


To create a new policy, perform the following actions:
1.

In the Groups folder of the console tree, select a group of computers to


be assigned the new policy.

2.

Select the Policies folder within the selected group, open the right-click
menu, and click NewPolicy to launch the new policy wizard.

To switch between the wizard dialog boxes, use Back and Next. To finish
working with the wizard, click Finish. To cancel the program at any stage, click
Cancel.
During policy creation (Step 2. Step 6. ) you can prohibit modification
of settings in the policies of nested groups, in application and task
settings. To disable the modification of settings "lock" them up:
. The
settings allowed for modification will be marked with
.

Step 1. General information about the policy


The first wizard dialog boxes are introductory steps, where you should enter the
policy name into the Name field and select Kaspersky Anti-Virus 5.0 for
Windows File Servers from the Choose the application for which to define a
policy drop-down list.

Remote management

73

Only one group policy can be created for an application. If an upper


level group policy for an application already exists, then lower level
policies can only alter parameters that were labeled as modifiable by
the upper level policy.

Step 2. Define the anti-virus protection level for real-time


scanning
In this dialog box, define the anti-virus protection level for the new policy (see
section 4.1 on p. 20), which will be used while running the real-time protection
tasks.

Step 3. Define the anti-virus protection level for on-demand


scanning
In this dialog box, define the anti-virus protection level for the new policy (see
section 4.1 on p. 20), which will be used while running the on-demand scanning
tasks.
Clicking the Additional button opens a window containing advanced settings for
the on-demand scanning mode (see Fig. 5). If you modify any of the predefined
level settings the level of anti-virus protection will change to Customized.

Step 4. Select the source of updates


In this dialog box (see Fig. 34) you must specify the source of updates to both
anti-virus database and application modules, and define local network
parameters (please refer to section 6.2.1.2.4 on p. 46 for details).

74

Kaspersky Anti-Virus 5.0 for Windows File Servers

Figure 34. Selecting the source of updates

Step 5. Define updating service parameters


In this dialog box (see Fig. 35) you must specify parameters for the updating
service for both anti-virus database and application modules (please refer to
section 6.2.1.2.4 on p. 46 for details).

Remote management

75

Figure 35. Selection of the updating service parameters

Step 6. Finish creating a policy


In this last dialog box, the wizard informs you that a new policy has been
successfully created.
After the wizard is closed, the policy for this application will be shown on the
results pane and added to the Policies folder of the corresponding group.
To apply a policy, edit its settings and define restrictions for modification of its
parameters if you have not done so during policy creation. The new policy will be
applied to client computers upon the first synchronization of the clients with the
server.
Changes to a policy are applied as follows: if there are some resident tasks (for
example, real-time protection) running on a client computer, they will continue
with the new policy settings. Currently running regular tasks, such as on-demand
scanning or updating, will continue with old settings. In this case, the changes
will be applied the next time the application starts. You can view the current
parameters of the new policy in the properties of a specific remote client
computer within the Products and Tasks tabs (see section 7.3 on p. 80).
You can copy and move policies from one group to another and handle the
policies using the standard commands in the right-click menu, such as
Copy/Paste, Cut/Paste, and Delete, or identical commands in the Action menu.
To relocate a policy, drag the policy icon with your mouse to another location.

76

Kaspersky Anti-Virus 5.0 for Windows File Servers

7.1.2. Viewing and editing policy settings


At the editing stage, you can customize policy settings, prevent changes in the
policy settings for nested groups, and lock application and task settings so that
users cannot modify them.
To lock the policy configuration settings so that users cannot change
them, mark this policy with the "lock" icon:
changed are marked as

. The settings that can be

To view the current policy settings and / or change them:


1.

In the Groups folder of the console tree, select a group of


computers for which you want to change policy settings.

2.

Select the Policies folder in this group. All policies available for this
group will be displayed on the results pane.

3.

In the list, point to a policy for Kaspersky Anti-Virus 5.0 for


Windows File Servers (the application name is displayed in the
Application column).

4.

Open the right-click menu for the selected policy and click
Properties. You will see a dialog box with the policy properties for
Kaspersky Anti-Virus 5.0 for Windows File Servers application.

In this dialog box, the General, Enforcement, and Event processing tabs are
standard Kaspersky Administration Kit tabs (please refer to the Administrators
guide for Kaspersky Administration Kit for details).
The remaining tabs display specific settings for Kaspersky Anti-Virus and
correspond to the task setup tabs (see section 6.2.1.2 on p. 35) and application
setup tabs (see section 6.2.2 on p. 57).

7.2. Task management


This section describes how to create and manage tasks for Kaspersky Anti-Virus.

7.2.1. Creating a task


Using Kaspersky Administration Kit, you can create the following tasks for
Kaspersky Anti-Virus:

local tasks assigned to each client computer;

Remote management

77

group tasks assigned to the groups of client computers;

global tasks assigned to a number of client computer from arbitrary


groups on a logical network.

You can change task settings, control their execution, and copy, move and
delete tasks using the Copy/Paste, Cut/Paste, and Delete commands, either on
the right-click menu or in the Action menu.
The parameters used by a client computer to execute tasks comply with the
group policy, specific task settings, and the application settings on the client
computer.
All tasks are scheduled by default. Tasks can be temporarily excluded from the
list of scheduled tasks, in which case they remain in the task list but are not
launched.
You can manually launch, abort, suspend, or resume a task using the commands
Start/Stop/Pause/Resume in the right-click menu or in the Action menu.

7.2.1.1. Creating a local task


To create a local task for Kaspersky Anti-Virus, perform the following
actions:
1.

In the Groups folder select a folder bearing the name of the group
containing the target client computer.

2.

In the results pane select the computer for which the local task is to
be created. Then select the Properties command, either on the
right-click menu or the Action menu. The <Computer name>
Properties window will open, where you can review client
computer properties.

3.

Select the Tasks tab (see Fig. 36), which contains a list of existing
tasks available for the selected client computer. You can create a
new task by clicking the Add button.

A wizard for creating a new task will appear. The wizard is organized similarly to
the task creation wizard used in case of local application management (see
section 6.2.1.3 on p. 52 for details). Follow the guidelines offered by the wizard.

78

Kaspersky Anti-Virus 5.0 for Windows File Servers

Figure 36. Creating a local task. The Tasks tab

7.2.1.2. Creating a group task


To create a group task for Kaspersky Anti-Virus, perform the following
actions:
1.

In the console tree, select a group of computers the new task will be
applied to.

2.

Select the Tasks folder within this group, and select the NewTask
command on the right-click menu or the Action menu. The new group
task wizard for appear and guide you through the creation process. The
wizard is organized similarly to the local task wizard (see section 6.2.1.3
on p. 52 for details). Follow the instructions offered by the wizard.

After the task is created, it will be added to the Tasks folder for the selected
group and displayed within the results pane.

79

Remote management

7.2.1.3. Creating a global task


To create a global task for Kaspersky Anti-Virus:
1.

In the console tree, select the Tasks node, and select the NewTask
command, either on the right-click menu or the Action menu.

2.

A global task creation wizard will appear to guide you through the
creation procedure. The wizard is organized similarly to the local task
wizard (see section 6.2.1.3 on p. 52 for details). The only difference is
that you should additionally define a list of client computers on the
logical network to which this global task applies.

3.

Select within the logical network the desired computers that the new
task will be assigned to. You can either select computers from different
folders or select the entire folder (for more details refer to the
Administrators guide for Kaspersky Administration Kit 5.0).
Global tasks are applied only to a specified set of computers. A
task assigned to a group will not be performed on new client
computers added to this group later. You will have to create a
new task or make appropriate changes to the existing task.

After the task is created, it will be added to the Tasks node of the console tree
and displayed within the results pane.

7.2.2. Viewing and editing task settings


To view and edit task settings,

For a local task, in the Groups folder select the folder containing the
client computer. Then select the required computer in the results pane
and use the Properties command in the right-click menu. It will open the
<Computer name> Properties dialog box. In this dialog box, switch to
the Tasks tab (see Fig. 36), select the task, and click Properties to view
and edit the task settings.
The Tasks tab displays a full list of tasks assigned to this local
computer, including both global and group tasks. Global and
group tasks are indicated with the "folder" icon. Note that you
can view settings for all tasks but you will be able to edit only
those for local tasks.

80

Kaspersky Anti-Virus 5.0 for Windows File Servers

For a group task, select the required group in the console tree and
choose the Tasks folder within this group. The results pane will display all
tasks assigned to this group. Select the desired task and click the
Properties command, either on the right-click menu or the Action menu.

To modify global task settings, select the Tasks node in the console tree.
Select the desired task and click the Properties command, either on the
right-click menu or the Action menu.

You will see the <Task name> Task properties dialog box consisting of the
following tabs: General, Settings, Account, Schedule, and Notification. The
global task configuration dialog box contains the additional Target computers
tab.
All tabs, except for the Settings and Account tabs, are standard tabs for
Kaspersky Administration Kit 5.0. Details about these tabs are available in the
Kaspersky Administration Kit administrators guide.
The Account tab can be used to set up task launch from a selected account
(see section 6.2.1.3 on p. 52). The Settings tab displays specific settings for
Kaspersky Anti-Virus for Windows File Servers depending on the type of the
selected task (see section 6.2.1.2 on p. 35 for details).

7.3. Configuring application settings


You can change application parameters for individual client computers in a
group. You can redefine only those settings that are defined as modifiable by the
policy for this application (see section 7.1.2 on p.76).
To change application settings,
1.

In the Groups folder select the folder bearing the name of the
group which contains the target client computer.

2.

In the results pane select the target computer for which application
settings are to be modified, and click the Properties command
from the right-click menu or on the Action menu.

3.

The program will display a <Computer name> Properties window.


Select the Applications tab (see Fig. 37) that displays a full list of
Kaspersky Lab applications installed on client computer.

81

Remote management

Figure 37. List of Kaspersky Lab applications.

4.

Select Kaspersky Anti-Virus 5.0 for Windows File Servers


application and click the Properties button.

Management of application settings through remote administration is identical to


their local administration (see section 6.2.2 on p. 57 for details).

CHAPTER 8. TESTING THE


KASPERSKY ANTI-VIRUS
OPERATION
8.1. EICAR test "virus" and its
modifications
After installing and adjusting Kaspersky Anti-Virus, we recommend that you test
the correctness of its settings and operation of the application using a test "virus"
or its modifications.
The test virus was specially designed by the European Institute for Computer
Antivirus Research organization,

, for testing anti-virus products.

The test "virus" IS NOT ACTUALLY A VIRUS because it does not contain code
that can really harm your computer. However, most anti-virus products identify
this file as a virus.
Never use real viruses for testing the operation of an anti-virus product!
You can download the test "virus" from the official website of the EICAR
organization at http://www.eicar.org/anti_virus_test_file.htm. If you have no
Internet connection, you can create your own test "virus". To create a test "virus",
type the following string in any text editor and save the file as eicar.com:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TESTFILE!$H+H*
The file downloaded from the EICAR website or created as described above
contains the body of a standard test "virus". The anti-virus application will detect
it, assign the Infected type to it and apply the action defined by the administrator
for handling objects belonging to that type.
To test the response of your anti-virus application to other types of objects,
modify the body of this standard test "virus" by adding one of the prefixes listed
in Table 3.

83

Testing the Kaspersky Anti-Virus operation

You can test the correctness of Kaspersky Anti-Virus operation using


the modified EICAR "virus" only if your anti-virus database was last
updated on or after October 24, 2003, or has the cumulative updates for
October, 2003.
Table 3. Test "virus" modifications
Prefix

Object type

No
prefix,
standard test
"virus"

Infected. An error occurs during an attempt to cure an


object; the object gets deleted.

CORR

Corrupted.

SUSP

Suspicious (unknown viral code).

WARN

Warning (modified code of a known virus).

ERRO

Error when scanning the object.

CURE

Infected. The object is disinfected; the text of the "virus"


body is changed for CURE.

DELE

Infected. The object is automatically deleted.

The first table column lists prefixes to be added at the beginning of the string of
the standard test "virus" (for example,
DELEX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUSTEST-FILE!$H+H*).
After adding a prefix to the test "virus" save it, for example, to a file under the
name eicar_dele.com; assign names to all the modified "viruses" in the same
manner.
The second column of this table contains the types of objects identified by an
anti-virus application after you have added a prefix. The actions for each type of
objects are defined by anti-virus application settings customized by the
administrator.

84

Kaspersky Anti-Virus 5.0 for Windows File Servers

8.2. Testing correct operation of


Kaspersky Anti-Virus
In order to test the settings and correct operation of Kaspersky AntiVirus,

Make a directory on disk and save to it the test "viruses", which you have
created.

Create an on-demand scanning task for that directory (see section 6.2.1.3
on p. 52).

To enable logging of application events ensure that the corresponding


boxes within the Event processing tab are checked (see section 6.2.2.8
on p. 68).

Run the task.

Check the reports for correct event description and the presence of the
respective objects in quarantine or backup storage if the settings define
their relocation (see section 6.2.2.6 on p. 65).

CHAPTER 9. ANTI-VIRUS
PROTECTION AND SERVER
MAINTENANCE
During server maintenance, follow the recommendations of operating systems
vendors and disable anti-virus protection in the following situations:

Disk defragmentation.

Installation of new data media. When a new disk or any removable media
already containing some data is connected to a server you are advised to:

immediately after connection run an on-demand scanning


procedure for that device;

ensure that the device is included in the analyzed area when


the anti-virus runs its full system scanning and real-time
protection tasks.

Data backup or restoration. During these procedures you are advised to


scan the data assigned for backup, to check it for malicious code, just
before the backup operation.

Updating of the operating system.

The anti-virus complex does not have to be stopped during operations which do
not require fast access to large data arrays (e.g. during replication on a server).
Kaspersky Anti-Virus for Windows File Servers works correctly with other
Windows applications.
It is not possible for the same computer to run Kaspersky Lab
applications together with the anti-virus products of other vendors. We
cannot guarantee the correct operation either of applications or of the
operating system as a whole in that case.

CHAPTER 10. FREQUENTLY


ASKED QUESTIONS
This chapter is devoted to the most frequently asked users questions pertaining
to installation, setup and operation of the Kaspersky Anti-Virus; here we shall try
to answer them in detail.
Question: Is it possible to use Kaspersky Anti-Virus 5.0 for Windows
File Servers with anti-virus products of other vendors?
No. We recommend uninstalling anti-virus products of other vendors
prior to installation of Kaspersky Anti-Virus.
Question: Does Kaspersky Anti-Virus rescan files?
No, Kaspersky Anti-Virus does not rescan files which are unchanged
since their last scan.
That has become possible due to new iChecker and iStreams
technologies. The technology is implemented in the program using a
database of file checksums and file checksum storage in alternate
NTFS streams.
Question: Is it possible to scan all e-mail traffic using Kaspersky AntiVirus similarly to Kaspersky Anti-Virus Personal 5.0?
Kaspersky Anti-Virus is intended for protection of file system objects on
a server. Please contact Kaspersky Lab for information about software
for protection of mail servers.
Question: Is it necessary to install Kaspersky Administration Kit 5.0 to
manage Kaspersky Anti-Virus?
Kaspersky Anti-Virus does not have its own graphical interface so that
control is through either the command line interface or the
Administration console included in Kaspersky Administration Kit.
If the software is managed via Administration console you do not have
to install Kaspersky Administration Kit 5.0 completely: it will be sufficient

Frequently asked questions

87

to install just the Administration console and Administration agent


components.
Question: Is it possible to receive notifications (e-mail, net send)
about events occurring during operation of Kaspersky Anti-Virus?
You can receive notifications about events that occur during Kaspersky
Anti-Virus operation through a mail server, through the NET Send
service within a LAN or by configuring the launch of a particular
program or executable file on the occurrence of predefined events
(please refer to the administrators guide for Kaspersky Administration
Kit 5.0 for details).
Question: I am planning to control Kaspersky Anti-Virus through the
command line. How can I check the current status of Kaspersky AntiVirus?
It is presumed that Kaspersky Anti-Virus is constantly active.
If the application is stopped you will see the "Unable to connect to
Kaspersky Anti-Virus" message upon entry of any command. Run the
KAVSHELL START command to launch the application.
Question: why does the real-time protection skip computer folders
connected as network drives?
To enable scanning of a folder on the same computer, which has been
connected as a network drive in Explorer or with the Net Use
command, you should enable the Hard drives, Removable media
checkboxes in the Scan scope tab (see section 6.2.1.2.2 on p. 41) of
the real-time protection task.
Question: Why does Kaspersky Anti-Virus cause a certain decrease in
computer performance, noticeably loading the CPU?
Virus detection is a computationally intensive mathematical problem
requiring structural analysis, checksum calculation and mathematical
data conversions. Processor time is therefore the main resource
consumed by the Anti-Virus, and each new virus added to the anti-virus
database increases the overall scanning time.
Other anti-virus products speed up scanning by excluding from their
databases both viruses which are less easily detectable or less frequent
in the geographic location of the anti-virus vendor, and file formats that
require complicated analysis (e.g., PDF).

88

Kaspersky Anti-Virus 5.0 for Windows File Servers

Kaspersky Lab believes that the purpose of anti-virus protection is to


establish real and complete anti-virus security for its users.
Experienced users can, of course, accelerate anti-virus scanning by
disabling scanning of various file types. However, please keep in mind
that it will decrease the overall security level.
Kaspersky Anti-Virus recognizes more than 700 formats of archived and
packed files. This is essential for anti-virus security because harmful
executable code may be hidden inside files of any recognized format.
However, despite the daily growth in the number of viruses detected by
Kaspersky Anti-Virus (approximately 30 new viruses appear daily) as
well as the ever increasing number of recognized file formats, this new
version of our product functions faster than previous ones. That is
achieved through the use of new unique technologies, such as
iChecker and iStreams, developed at Kaspersky Lab.
Question: Why do I need the key file? Will my copy of the Anti-Virus
work without it?
No, Kaspersky Anti-Virus does not work without a license key.
If you are still deciding whether or not to purchase Kaspersky Anti-Virus,
we can provide you with a temporary key file (trial key), which will only
work either for two weeks or for a month. When this period expires, the
key will be blocked.
Question: What happens when the license expires?

After expiration of the license, Kaspersky Anti-Virus will continue


operating, but anti-virus database updating will be disabled. The antivirus application will continue cleaning infected objects but only using
the old anti-virus database.
If such a situation arises, contact either the company from which you
purchased Kaspersky Anti-Virus, or Kaspersky Lab directly, for license
extension.
Question: My installation of Kaspersky Anti-Virus does not work.
What should I do?
First, check if a solution for your problem is provided in this
documentation, especially in this section or at our website.
In addition, we recommend that you apply for support to the distributor
from whom you purchased Kaspersky Anti-Virus or write to Kaspersky

89

Frequently asked questions

Lab's Technical Support (support@kaspersky.com) or to the address


contained in the license key information.
To make sure your request is answered as soon as possible, follow
these suggestions:
1.

In the message header, specify your servers operating system, the


name of the component you are experiencing problems with, and
briefly describe the problem. For example:

MS Windows 2000, Kaspersky Anti-Virus 5.0 for File Servers, antivirus database updates do not work.
2.

Compose your messages in plain text format.

3.

At the beginning of the message, specify the exact versions of the


operating system and Kaspersky Anti-Virus distribution package
and provide the number of your license.

4.

Clearly describe the problem in brief. Keep in mind that, when


reading your mail, the support service officers do not yet know
about your problem. They can only help after fully understanding
and reproducing it.

5.

Send the following data, packed into one archive, to the Technical
support service:

6.

Anti-Virus log file;

License key.

Make sure to specify in your mail if your computer system contains


any of the following:

SCSI controller;

A very old or very new brand of processor, or more than


one processor;

Less than 64 MB or more than 2 GB of RAM.

Question: What are the daily updates for?


A few years ago viruses were transmitted on floppy disks, and adequate
computer protection could be achieved by installation of an anti-virus
program followed by rare updates to its anti-virus database. However,
recent virus epidemics spread around the world in several hours, and
anti-virus protection with old database may be helpless against a new
threat. In order to resist new viruses, you should update the anti-virus
database on a daily basis.

90

Kaspersky Anti-Virus 5.0 for Windows File Servers

Each year Kaspersky Lab increases the frequency of its issued updates
to the anti-virus database. Currently it is updated every hour.
Updating of the Anti-Virus application modules is an additional feature
that allows both correction of discovered vulnerabilities and addition of
new functions.
Question: What are the changes to the updating service of version 5.0?
The Kaspersky Lab 5.0 product suite features a new updating service
which has been developed in accordance with the requests of our
users. It automates the whole updating procedure, from the preparation
of updates in Kaspersky Lab to the moment that relevant files are
updated on clients' computers.
Advantages of the new updating service include:

Ability to resume downloading of files after disconnection. Upon


reconnection only files which have not been downloaded are
retrieved.

Cumulative updates are now half the size. A cumulative update


contains the whole anti-virus database, therefore its size
exceeds considerably the size of typical updates. The new
service employs a special technology which allows using
already existing anti-virus database for a cumulative update.

Accelerated downloading from the Internet. Kaspersky AntiVirus picks up a Kaspersky Lab's updates server located in your
region. Furthermore, servers are allocated according to their
performance, so you will not be sent to an overloaded server
while there is another idle server available.

Use of key black lists. Unlicensed and illegal users are now
prevented from using the updating service. Licensed users
therefore do not suffer from inability to contact overloaded
updates servers.

Corporate enterprises can now create a local updates' server.


This feature is designed for organizations where a single LAN
unites computers protected by Kaspersky Lab products. Any
computer on the LAN can be turned into an updates server that
retrieves updates from the Internet and shares them with the
other networked computers.

Frequently asked questions

91

Question: Is it possible for an intruder to replace the anti-virus


database?
Every anti-virus database has a unique signature checked by Kaspersky
Anti-Virus when accessing the database. If the signature is wrong or the
date of the database is later than that of the license expiration,
Kaspersky Anti-Virus will not use it.
Question: How should I set up updating for a single computer from the
Internet, to enable further sharing of those updates with other
networked computers?
Let us refer to the computer to be updated from the Internet as the
server, and to other computers as clients of that server.
You can use several methods to set up updating in a local area network:

Enable use of a local updates source within Kaspersky


Administration Kit 5.0 server.
Kaspersky Administration Kit has built-in functionality for
distribution of updates within corporate networks. It can update
a shared source of updates according to a specified schedule
and launch updating tasks on other computers. Kaspersky
Administration Kit will check that the volume of data
downloaded from the Internet does not exceed the actual needs
of the installed applications. You can review the list of available
patches on the server. The setup procedure is described in
detail in the administrators guide for Kaspersky Administration
Kit 5.0.

Enable use of a local updates source in one of Kaspersky Lab


products.
This option should be used when you cannot employ Kaspersky
Administration Kit, or when you need to arrange a more
complicated
structure
of
updates
server
networks.
In order to do so:
o

Identify the computers which will act as servers of updates.


They should have Kaspersky Lab applications (version 5.0)
installed.

Create a network resource to be used for further sharing of


updates on each of the selected computers. It can be a
network folder on a Windows computer, FTP or HTTP
server. Set the rights to access that folder for reading.

Create a new updating task or modify an existing one.


Enable the sharing of updates through a local source and
specify the created folder.

92

Kaspersky Anti-Virus 5.0 for Windows File Servers

Specify the local updates folder of the server as the source


of updates on all computers, which should be updated from
that server.

Question: I use a proxy server and the updater does not work on my
computer. What should I do?
The following problems may cause inability to retrieve updates while
working through a proxy server:

Incorrect network setting.


There are two options for entering network settings when setting up
the updating service: you may use Internet Explorer settings or
custom settings. The updating service sometimes incorrectly uses
Internet Explorer settings. This may occur in the following cases:

Internet connection is not set up on a computer;

Internet Explorer settings are unavailable if none of the


users has logged in;

the proxy server requires authorization.

In all these cases, you should specify your network parameters


directly in the settings of the update service.

The proxy server being used belongs to a type unsupported by the


updating service of Kaspersky Anti-Virus.
The updating service does not work through Kerio WinRoute, since
WinRoute does not completely support HTTP 1.0 protocol. In this
case, it is recommended to use another proxy server.
The updating service also cannot work through Microsoft ISA
Server using the FTP protocol. In this case, we recommend
obtaining updates from the Kaspersky Lab servers using the HTTP
protocol.

Question: How can I receive a debug log of the updating service


activity?
Kaspersky Anti-Virus offers an opportunity to receive reports on the
updating tasks activity. A more detailed report will be available if you
enable logging of all events in the advanced setup tab.
If Kaspersky Lab's Technical Support ask you to send a debug log of
your updating task, you can obtain it using the following steps:

Launch regedit

Frequently asked questions

93

Create the branch


HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\Compon
ents\34\Fileserver\5.0.0.0\Debug

Create within that branch a "TraceLevel" key of type DWORD


and specify 10 as its value

Launch the updating task; the program will generate a


$Up2Date-Fileserver.log log file in the application folder

Compress the file and send it to the Technical Support service

The example will be valid for Kaspersky Anti-Virus 5.0 for Windows File
Servers; for other applications select the branch bearing the name of
that application.

APPENDIX A. GLOSSARY
These documents use terms and concepts specific to the sphere of anti-virus
protection. This glossary serves as a dictionary containing definitions for those
concepts. For convenience the glossary is arranged in alphabetic order.
A
Administration agent a special application, which provides for interaction
between an administration server and applications from the corporate
products of Kaspersky Lab. The administration agent is included in the
Kaspersky Administration Kit 5.0.
Administration console a component, which provides a graphical
interface for controlling Kaspersky Anti-Virus for Windows File Servers.
It is included into Kaspersky Administration Kit 5.
Administration group a number of computers combined into a group for
convenient control. The group is managed as a whole entity, may have
a group policy, may include other groups and may receive
administration commands.
Administration server a special application functioning as a controller
and centralized data storage for Kaspersky Lab applications installed in
a corporate network. Administration server is included in the Kaspersky
Administration Kit 5.0 application package.
AdWare software code for advertisement demonstration added into a
program without informing the users about that. As a rule, adware is
built into free software. The advertisement appears within the program
interface. Such programs frequently collect and transmit to their
developers some personal information about users, change various
browser parameters (home and search pages security levels, etc.),
generating additional traffic, which users do not control. All of the above
may cause violations of the security policy or even direct financial
losses.
Alternate NTFS streams (NTFS streams) data streams on a drive with
NTFS file system, supplementing the main stream.
Anti-virus database database created by Kaspersky Lab, containing
detailed descriptions of all currently existing viruses and methods for
their detection and disinfection. Our anti-virus database is regularly
updated with information about new viruses; therefore, to keep your
computer constantly protected from viruses, you need to keep your antivirus database updated.
Anti-virus protection status the current status of anti-virus protection
that characterizes the security level for your computer.
Application management plug-in a specialized component which
provides an interface for control of application through an Administration

Appendix A

95

console. Each application requires its own application management


plug-in, which is included in the packages of all Kaspersky Lab
applications that can be controlled via Kaspersky Administration Kit 5.0.
Application modules files included into the distribution package of
Kaspersky Anti-Virus 5.0 for Windows File Servers and implementing
the main product features. Each type of the tasks performed by the AntiVirus (real-time protection, on-demand scanning, updating),
corresponds to its own executable module. Launching a full scan from
the main program window, you actually initiate the start of a module
implementing that feature.
Available updates Service Packs containing a collection of urgent
updates and modifications to the application architecture, accumulated
over a specified period of time.
B
Backing up creating a backup of a file in the backup storage before
treating it (disinfection or deletion). The file can later be restored from its
backup, for example, for subsequent scanning using the updated
version of the anti-virus database.
Backup storage a special storage area designed to preserve backup
copies of objects made prior to their disinfection or removal.
"Black list" the database containing the information about license keys
belonging to owners who have committed violations of the License
Agreement, and about keys that have been generated but remained
unsold for some reason. The content of the black list is updated
together with the anti-virus database; Kaspersky Anti-Virus will not work
without it.
C
Centralized application control remote application control performed
through administration services provided by Kaspersky Administration
Kit 5.0.
Current license key the license key installed and currently used by
Kaspersky Anti-Virus. It determines the period of license validity and
licensing policy as regards the product. An application can only have
one key with the "current" status.
D
Deleting an object a method of treating a suspicious object. To delete an
object is to remove it physically from a computer. This method is
recommended for treating infected objects. If deleting is the first action
applied to an object, it is necessary to create a backup copy of this
object before deleting it. If necessary the backup can be used to restore
the original object.
Disinfection a method of treating infected objects. Disinfection implies
partial or full recovery of data, or results in a decision that these files

96

Kaspersky Anti-Virus 5.0 for Windows File Servers

cannot be disinfected. Objects are disinfected using the anti-virus


database. If disinfection is the first action to be applied to an object, i.e.
the first action after detection of a suspicious object, the application
creates a backup copy of this file. If some data are lost during
disinfection, the backup can be used to recover this object.
Disinfection of objects at restart a method of processing infected
objects which are being accessed by other programs while the
application attempts their disinfection. The application creates a copy of
the infected object, cures the copy and substitutes it for the original
infected object during the next restart.
E
E-mail databases databases that contain e-mail messages stored on your
computer. Every incoming/outgoing message is saved in the database
after you receive/send it. Such databases are scanned in the ondemand scanning mode.
Exclusions user-defined settings that exclude certain objects from the
scan. You can customize the exclusion rules for real-time protection and
on-demand scans by creating masks. Thus, for instance, the scanning
of archives during a full scan can be disabled.
Extended anti-virus database standard database plus additional
database, which allow detection of riskware on your computer.
F
Full scan a task designed to scan all areas of the computer for malicious
code, at the instigation of the security administrator, with subsequent
disinfection and removal of any suspicious or infected objects.
File mask description of file name and extension using generic characters.
* and ? are two main wildcards used in file masks (where * stands for
any number of characters while ? means any single character). One can
represent any file name using the wildcards. Please note that file name
and extension are always separated by a dot.
G
Group policy a set of parameters for application functioning in an
administration group controlled via Kaspersky Administration Kit 5.0.
H
Hack Tools software employed by intruders for their own purposes to gain
access to your computer. The category includes various illegal scanners
of vulnerabilities, password recovery tools, other types of software for
breaking into network resources or intrusion into an attacked system.
High speed the level of computer security, which provides top system
performance at the expense of a lower anti-virus protection.

Appendix A

97

I
iChecker the technology which allows the application to skip the
rescanning of objects which are unchanged since their previous
scanning. The technology is implemented using a database of objects
checksums.
Infected object an object containing harmful code. You are advised to
abandon working on these objects because they can infect your
computer.
iStreams the technology which allows the application to skip the
rescanning of objects located on drives with NTFS file system and
unchanged since the last scanning. The technology is implemented on
the basis of checksum storage in alternate NTFS streams.
K
Kaspersky Administration Kit 5.0 an application included in Kaspersky
Business Optimal and Kaspersky Corporate Suite and designed for
centralized administration of an anti-virus protection system in a
corporate network built on the basis of Kaspersky Lab applications.
L
License key a file with the *.k extension that serves as your personal
"key". This file is required for correct operation of Kaspersky Anti-Virus.
The license key is included in the distribution kit if you purchased your
copy of Kaspersky Anti-Virus from Kaspersky Lab distributors. If you
purchased the product online, the license key is sent to you via e-mail.
Without the license key, Kaspersky Anti-Virus DOES NOT WORK.
License period a period during which you have the right to use full
functionality of Kaspersky Anti-Virus. As a rule, the license period
defined by the license key is one calendar year from the date of license
key activation. After your license expires, the product will operate but
you will not be able to update the anti-virus database and application
modules.
Logical network administrator a person who controls the operation of
the application via the remote centralized administration system of the
Kaspersky Administration Kit 5.0.
M
Maximum protection the level of computer security which corresponds to
maximum possible protection, at the expense of a certain performance
decrease.
O
Object blocking denying access to an object to external applications. A
blocked object cannot be accessed for reading, execution, modification
or removal.

98

Kaspersky Anti-Virus 5.0 for Windows File Servers

OLE object objects or documents embedded in other files using OLE


technology.
P
PornWare programs that establish charged modem connections to
various Internet sites, mostly with adult content.
Q
Quarantine a special data storage designed for isolation of suspicious
objects.
Quarantining (moving to a quarantine folder) a method for treating a
suspicious object, which involves blocking access to the object and
moving it to a quarantine folder for subsequent treatment.
R
Real-time protection a mode of application functioning in which the
application resides permanently in computer memory controlling calls to
file system objects. Before granting access to an object, the application
scans it for virus presence. If a virus is detected, the application either
disinfects the object, removes it or blocks access to it, depending upon
the settings you have defined.
Recommended level the default level of anti-virus protection with settings
recommended by Kaspersky Lab, which ensures the optimal balance
between performance and protection.
Recovering, restoring moving an original file from the quarantine or
backup storage back to its original location, where it was stored before
quarantining, disinfection, or deleting. In case of remote control, objects
are restored to a computer with Administration console installed.
Reserved license key the license key which has been installed to enable
due functionality of Kaspersky Anti-Virus but has not been activated yet.
That additional key will be activated as soon as the license provided by
the current key expires.
Riskware software that does not have any harmful functions but may be
employed by intruders as an auxiliary component for malware programs
because of the security breaches and errors it contains. The category
includes, for example, remote administration software, IRC clients, FTP
servers, various utilities used to terminate processes or hide their
activity.
S
Scan infectable files, by extension while scanning the application takes
into account the filename's extension and scans the file if the filename
extension indicates that it is potentially infectable.
Scan infectable files, by format while scanning the application analyzes
internal file contents, namely the format identifier in the file header, and
scans the file if the file contents indicate that it is potentially infectable.

Appendix A

99

Security administrator a person who controls the operation of the


application locally using the command line or remotely using
Administration console.
SpyWare software designed for unauthorized access to user data,
tracking of actions performed on a computer, collection of information
about hard drive contents. Such tools allow an intruder to gather data or
even control a computer from outside. Spyware is usually distributed
with free software and deploy on a computer imperceptibly for its user.
Spyware category includes software tracking keyboard input, password
recovery tools, programs for collection of confidential data (e. g., credit
card numbers).
Standard anti-virus database anti-virus database, which allows detection
of all malware existing at the moment and cure the objects or data it
may have infected.
Startup objects a set of programs that are necessary for the launching
and correct operation of the operating system and other programs
installed on your computer. Your operating system launches these
objects during each startup. Some viruses attempt to infect the startup
objects and can cause a startup failure.
Suspicious object an object that contains either a modified code of a
well-known virus or a code reminiscent of a virus, but not yet known to
Kaspersky Lab.
T
Task a named action performed by an application of Kaspersky Lab.
Trusted processes a list of software processes, whose file activity is not
monitored by Kaspersky Anti-Virus in real time. It means that all objects
launched, opened or saved by a trusted process are not scanned.
U
Unknown virus a new virus that is not recorded in the anti-virus database.
As a rule, Kaspersky Anti-Virus detects unknown viruses using an
heuristic code analyzer and objects containing these viruses are
identified as suspicious.
Update the procedure of replacement/addition of new files (the anti-virus
database or application modules) downloaded from updates servers of
Kaspersky Lab.
Kaspersky Lab's Update Servers a list of http- and ftp-servers of
Kaspersky Lab from which Kaspersky Anti-Virus copies the anti-virus
database and application modules updates to your computer.
Urgent updates critical updates of application modules.

APPENDIX B. COMMAND LINE


RETURN CODES
Command line return codes may mean success or failure. Success codes have
positive values, while for failure codes the values are negative.

A.1. General return codes


General codes may be returned by any command entered in the command line.
Code

Description

Operation has been performed successfully

Operation has been cancelled

-1

Error initializing the application

-2

Service unavailable

-3

Access rights error

-4

Object not found

-5

Invalid command syntax

-6

Incorrect control attempt (e. g., an attempt to launch a task,


which is already running)

-99

Internal error

A.2. Return codes for on-demand


scan
This group includes general return codes (see section A.1 on p. 100) as well as
task-specific codes:

101

Appendix B

Code

Description

101

Not all the infected or suspicious objects have been


removed

102

All infected objects have been cured

103

All variations of infected and suspicious objects have been


relocated to quarantine

104

All infected and suspicious objects have been deleted

105

Infected objects have been detected

106

Variations of infected objects have been detected

107

Suspicious object have been detected

108

Not all the objects have been processed

A.3. Update service return codes


This group includes general return codes (see section A.1 on p. 100) as well as
task-specific codes:
Code

Description

200

All files have current versions, no updates are required

201

Not all the updates have been applied (e. g., updates that
require service restart have not been installed (section
6.2.1.2.4 on p. 46)

-2

Updating service error, where stands for a respective


error code:
04 files are missing or damaged
06 file not found
07 update source is locked; source files are being
updated

102

Kaspersky Anti-Virus 5.0 for Windows File Servers

Code

Description
08, 11, 12, 15, 27, 31 internal application error
09 error connecting to the list of available servers
17 file signature error
18 file operation error
20 an attempt to update with an older version
21 rollback impossible (no available backup copies of
files)
22 corrupted index file
28 failure downloading files
32 error during authorization on a proxy server
33 DNS error
34 error while connecting to an Administration Server of
Kaspersky Administration Kit

A.4. Licensing service return codes


This group includes general return codes (see section A.1 on p. 100) as well as
task-specific codes:
Code

Description

-301

License has not passed validation (e. g., no such license


exists, license found in the black list)

-302

License has expired

APPENDIX C. KASPERSKY LAB


Founded in 1997, Kaspersky Lab has become a recognized leader in information
security technologies. It produces a wide range of data security software and
delivers high-performance, comprehensive solutions to protect computers and
networks against all types of malicious programs, unsolicited and unwanted
email messages, and hacker attacks.
Kaspersky Lab is an international company. Headquartered in the Russian
Federation, the company has representative offices in the United Kingdom,
France, Germany, Japan, USA (CA), the Benelux countries, China and Poland. A
new company department, the European Anti-Virus Research Centre, has
recently been established in France. Kaspersky Lab's partner network
incorporates more than 500 companies worldwide.
Today, Kaspersky Lab employs more than 250 specialists, each of whom is
proficient in anti-virus technologies, with 9 of them holding M.B.A. degrees, 15
holding Ph.Ds, and two experts holding membership in the Computer Anti-Virus
Researchers Organization (CARO).
Kaspersky Lab offers best-of-breed security solutions, based on its unique
experience and knowledge, gained in over 14 years of fighting computer viruses.
A thorough analysis of computer virus activities enables the company to deliver
comprehensive protection from current and future threats. Resistance to future
attacks is the basic policy implemented in all Kaspersky Lab's products. At all
times, the companys products remain at least one step ahead of many other
vendors in delivering extensive anti-virus coverage for home users and corporate
customers alike.
Years of hard work have made the company one of the top security software
manufacturers. Kaspersky Lab was one of the first businesses of its kind to
develop the highest standards for anti-virus defense. The companys flagship
product, Kaspersky Anti-Virus, provides full-scale protection for all tiers of a
network, including workstations, file servers, mail systems, firewalls and Internetgateways, hand-held computers. Its convenient and easy-to-use management
tools ensure advanced automation for rapid virus protection across an enterprise.
Many well-known manufacturers use the Kaspersky Anti-Virus kernel, including
Nokia ICG (USA), F-Secure (Finland), Aladdin (Israel), Sybari (USA), G Data
(Germany), Deerfield (USA), Alt-N (USA), Microworld (India) and BorderWare
(Canada).
Kaspersky Lab's customers benefit from a wide range of additional services that
ensure both stable operation of the company's products, and compliance with
specific business requirements. Kaspersky Lab's anti-virus database is updated
every 3 hours. The company provides its customers with a 24-hour technical
support service, which is available in several languages to accommodate its
international clientele.

104

Kaspersky Anti-Virus 5.0 for Windows File Servers

C.1. Other Kaspersky Lab Products


Kaspersky Anti-Virus Personal
Kaspersky Anti-Virus Personal has been designed to provide anti-virus
protection to personal computers running Windows 98/ME or Windows
2000/NT/XP against all known viruses, including potentially dangerous software.
Kaspersky Anti-Virus Personal provides real-time monitoring of all sources of
virus intrusion - e-mail, internet, CD, etc. The unique system of heuristic data
analysis allows efficient processing of yet unknown viruses. This application can
work in the following modes (that can be used separately or jointly):

Real-time computer protection - anti-virus scanning of all objects run,


opened on or saved to the users computer.

On-demand computer scan - scan and disinfection of the entire users


computer or of individual disks, files or folders. You can start such scan
manually or configure an automatic scheduled scan.

Kaspersky Anti-Virus Personal does not re-scan objects that had been already
scan during a previous scan and have not changed since then not only when
performing real-time protection, but also during an on-demand scan. This
considerably increases the speed of the programs operation.
The application creates a reliable barrier to viruses when they attempt to intrude
your computer via e-mail. Kaspersky Anti-Virus Personal performs automatic
scan and disinfection of all incoming and outgoing mail sent or received using
POP3 and STMP protocol and provides highly efficient detection of viruses in
mail databases.
The application support over 700 formats of archived and compressed files and
provides automatic scan of their content as well as removal of malicious code
from ZIP, CAB, RAR and ARJ archives.
Configuring the application is made simple and intuitive due to the possibility to
select of the preset protection levels: Maximum Protection, Recommended and
High Speed.
The anti-virus database is updated every three hours and its delivery to your
computer is guaranteed even when your computer gets temporarily disconnected
from the internet or the connection has been changed.

Kaspersky Anti-Virus Personal Pro

This package has been designed to deliver comprehensive anti-virus protection


to home computers running Windows 98/ME/2000/NT/XP as well as MS Office
2000 applications. Kaspersky Anti-Virus Personal Pro includes an easy-to-use
application for automatic retrieval of daily updates for the anti-virus database and
the program modules. A second-generation heuristic analyzer efficiently detects

Error! Reference source not found.

105

unknown viruses. Kaspersky Anti-Virus Personal includes many interface


enhancements, making it easier than ever to use the program.

Kaspersky Anti-Virus Personal Pro has the following features:

On-demand scan of local disks;

Real-time automatic protection of all accessed files from viruses;

Mail Filter automatically scans and disinfects all incoming and outgoing
mail for any mail client that uses POP3 and SMTP protocols and
effectively detects viruses in mail databases;

Behavior blocker that provides maximum protection of MS Office


applications from viruses;

Archive scans Kaspersky Anti-Virus recognizes over 700 formats of


archived and compressed files and ensures automatic anti-virus scanning
of their content and removal of malicious code from files within ZIP, CAB,
RAR and ARJ archives.

Kaspersky Anti-Hacker

Kaspersky Anti-Hacker is a personal firewall that is designed to safeguard a


computer running any Windows operating system. It protects your computer
against unauthorized access and external hacker attacks from either the Internet
or the local network.

Kaspersky Anti-Hacker monitors the TCP/IP network activity of all applications


running on your machine. When it detects a suspicious action, the application
blocks the suspicious application from accessing the network. This helps deliver
enhanced privacy and 100% security of confidential data stored on your
computer.

The products SmartStealth technology prevents hackers from detecting your


computer from the outside. In this stealthy mode, the application works
seamlessly to keep your computer protected while you are on the Web. The
application provides conventional transparency and accessibility of information.

Kaspersky Anti-Hacker also blocks most common network hacker


attacks and monitors for attempts to scan computer ports.

Configuration of the application is simply a matter of choosing one of five


security levels. By default, the application starts in self-learning mode,
which will automatically configure your security system depending on your
responses to various events. This makes your personal guard adjustable
to your specific preferences and your particular needs.

106

Kaspersky Anti-Virus 5.0 for Windows File Servers

Kaspersky Personal Security Suite


Kaspersky Personal Security Suite is a program suite designed for organizing
comprehensive protection of personal computers running Windows. The suite
prevents malicious and potentially dangerous programs from penetrating through
any possible data sources and protects you from unauthorized attempts to
access your computers data, as well as blocking spam.
Kaspersky Personal Security Suite has the following features:

anti-virus protection for data saved on your computer;

protection for users of Microsoft Outlook and Microsoft Outlook Express


from spam;

protection for your computer from unauthorized access, and also from
network hacker attacks from your LAN or the Internet.

Kaspersky Security for PDA


Kaspersky Security for PDA provides reliable anti-virus protection for data
saved on various types of Pocket PCs and smartphones. The program
includes an optimal set of anti-virus defense tools:

anti-virus scanner that scans information (saved both on the PDA and
smartphones) on user demand;

anti-virus monitor to intercept viruses in files that are either copied from
other handhelds or are transferred using HotSync technology.

Kaspersky Security for PDA protects your handheld (PDA) from unauthorized
intrusion by encrypting both access to the device and data stored on memory
cards.
Kaspersky Anti-Virus Business Optimal
This package provides a configurable security solution for small- and mediumsized corporate networks.

Kaspersky Anti-Virus Business Optimal includes full-scale anti-virus protection1


for:

Workstations running
Workstation, and Linux;

Windows

Depending on the type of distribution kit.

98/ME,

Windows

NT/2000/XP

107

Error! Reference source not found.

File and application servers running Windows NT 4.0 Server, Windows


2000, 2003 Server/Advanced Server, Windows 2003 Server, Novell
Netware, FreeBSD and OpenBSD, and Linux;

E-mail clients, namely Microsoft Exchange 5.5/2000/2003,


Notes/Domino, Postfix, Exim, sendmail, and qmail;

Internet-gateways: CheckPoint Firewall 1; MS ISA Server.

Lotus

The Kaspersky Anti-Virus Business Optimal distribution kit includes Kaspersky


Administration Kit, a unique tool for automated deployment and administration.

You are free to choose from any of these anti-virus applications, according to the
operating systems and applications you use.
Kaspersky Corporate Suite
This package provides corporate networks of any size and complexity with
comprehensive, scalable anti-virus protection. The package components have
been developed to protect every tier of a corporate network, even in mixed

computer environments. Kaspersky Corporate Suite supports the majority of


operating systems and applications installed across an enterprise. All package
components are managed from one console and have a unified user interface.
Kaspersky Corporate Suite delivers a reliable, high-performance protection
system that is fully compatible with the specific needs of your network
configuration.
Kaspersky Corporate Suite provides comprehensive anti-virus protection for:

Workstations running Windows 98/ME, Windows NT/2000/XP, and Linux;

File and application servers running Windows NT 4.0 Server, Windows


2000, 2003 Server/Advanced Server, Novell Netware, FreeBSD,
OpenBSD and Linux;

E-mail clients, including Microsoft Exchange Server 5.5/2000/2003, Lotus


Notes/Domino, Sendmail, Postfix, Exim and Qmail;

Internet-gateways: CheckPoint Firewall 1; MS ISA Server;

Hand-held computers (PDAs), running Windows CE and Palm OS, and


also smartphones running Windows Mobile 2003 for Smartphone and
Microsoft Smartphone 2002.

Corporate Suite distribution kit includes Kaspersky


The Kaspersky
Administration Kit, a unique tool for automated deployment and administration.

You are free to choose from any of these anti-virus applications, according to the
operating systems and applications you use.

108

Kaspersky Anti-Virus 5.0 for Windows File Servers

Kaspersky Anti-Spam
Kaspersky Anti-Spam is a cutting-edge software suite that is designed to help
organizations with small- and medium-sized networks wage war against the
onslaught of undesired e-mail (spam). The product combines the revolutionary
technology of linguistic analysis with modern methods of e-mail filtration,
including RBL lists and formal letter features. Its unique combination of services
allows users to identify and wipe out up to 95% of unwanted traffic.
Installed at the entrance to a network, where it monitors incoming e-mail traffic
streams for spam, Kaspersky Anti-Spam acts as a barrier to unsolicited e-mail.
The product is compatible with any mail system and can be installed on either an
existing mail server or a dedicated one.
Kaspersky Anti-Spams high performance is ensured by daily updates to the
content filtration database by samples provided by the Companys linguistic
laboratory specialists.
Kaspersky SMTP Gateway

Kaspersky SMTP-Gateway for Linux/Unix is a solution designed for processing


e-mail transmitted via SMTP for viruses. The application contains a number of
additional tools for filtering e-mail traffic by name and MIME type of attachments
and a series of tools that reduces the load on the mail system and prevents
hacker attacks. DNS Black List support provides protection from e-mails coming
from servers entered in these lists as sources for distributing e-mail.

C.2. Contact Us
If you have any questions, comments, or suggestions, please refer them to one
of our distributors or directly to Kaspersky Lab. We will be glad to assist you in
any matters related to our product by phone or via email. All of your
recommendations and suggestions will be thoroughly reviewed and considered.
Technical
support

Please find the technical support information at


http://www.kaspersky.com/supportinter.html

General
information

WWW: http://www.kaspersky.com
http://www.viruslist.com
Email: sales@kaspersky.com

APPENDIX D. LICENSE
AGREEMENT
End User License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE FOLLOWING LEGAL
AGREEMENT ("AGREEMENT") FOR THE LICENSE OF SPECIFIED
SOFTWARE ("SOFTWARE") PRODUCED BY KASPERSKY LAB
("KASPERSKY LAB").
IF YOU HAVE PURCHASED THIS SOFTWARE VIA THE INTERNET BY
CLICKING THE ACCEPT BUTTON, YOU (EITHER AN INDIVIDUAL OR
A SINGLE LEGAL ENTITY) CONSENT TO BE BOUND BY AND
BECOME PARTY TO THIS AGREEMENT. IF YOU DO NOT AGREE TO
ALL OF THE TERMS OF THIS AGREEMENT, CLICK THE BUTTON
THAT INDICATES THAT YOU DO NOT ACCEPT THE TERMS OF THIS
AGREEMENT, AND DO NOT INSTALL THE SOFTWARE.
IF YOU HAVE PURCHASED THIS SOFTWARE ON A PHYSICAL
MEDIUM, HAVING BROKEN THE CD'S SLEEVE YOU (EITHER AN
INDIVIDUAL OR A SINGLE ENTITY) ARE CONSENTING TO BE
BOUND BY THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF
THE TERMS OF THIS AGREEMENT DO NOT BREAK THE CD's
SLEEVE, DOWNLOAD, INSTALL OR USE THIS SOFTWARE.
IN ACCORDANCE WITH THE LEGISLATION, REGARDING
KASPERSKY SOFTWARE INTENDED FOR INDIVIDUAL CONSUMERS
(KASPERSKY ANTI-VIRUS PERSONAL, KASPERSKY ANTI-VIRUS
PERSONAL PRO, KASPERSKY ANTI-HACKER, KASPERSKY ANTISPAM PERSONAL, KASPERSKY SECURITY SUITE PERSONAL,
KASPERSKY SECURITY FOR PDA) PURCHASED ON LINE FROM THE
KASPERSKY LAB INTERNET WEB SITE, CUSTOMER SHALL HAVE A
PERIOD OF 7 WORKING DAYS AS FROM THE DELIVERY OF
PRODUCT TO MAKE RETURN OF IT TO THE MERCHANT FOR
EXCHANGE OR REFUND, PROVIDED THE SOFTWARE IS NOT
UNSEALED.
REGARDING THE KASPERSKY SOFTWARE INTENDED FOR
INDIVIDUAL CONSUMERS (KASPERSKY ANTI-VIRUS PERSONAL,
KASPERSKY ANTI-VIRUS PERSONAL PRO, KASPERSKY ANTIHACKER, KASPERSKY ANTI-SPAM PERSONAL, KASPERSKY
SECURITY SUITE PERSONAL, KASPERSKY SECURITY FOR PDA)
NOT PURCHASED ONLINE VIA INTERNET, THIS SOFTWARE
NEITHER WILL BE RETURNED NOR EXCHANGED EXCEPT FOR
CONTRARY PROVISIONS FROM THE PARTNER WHO SELLS THE

110

Kaspersky Anti-Virus 5.0 for Windows File Servers

PRODUCT. IN THIS CASE, KASPERSKY LAB WILL NOT BE HELD BY


THE PARTNER'S CLAUSES.
THE RIGHT TO RETURN AND REFUND EXTENDS ONLY TO THE
ORIGINAL PURCHASER.
All references to "Software" herein shall be deemed to include the software
activation key ("Key Identification File") with which you will be provided by
Kaspersky Lab as part of the Software.
1. License Grant. Subject to the payment of the applicable license fees, and
subject to the terms and conditions of this Agreement, Kaspersky Lab hereby
grants you the non-exclusive, non-transferable right to use one copy of the
specified version of the Software and the accompanying documentation (the
"Documentation") for the term of this Agreement solely for your own internal
business purposes. You may install one copy of the Software on one computer,
workstation, personal digital assistant, or other electronic device for which the
Software was designed (each a "Client Device"). If the Software is licensed as a
suite or bundle with more than one specified Software product, this license
applies to all such specified Software products, subject to any restrictions or
usage terms specified on the applicable price list or product packaging that apply
to any such Software products individually.
1.1 Use. The Software is licensed as a single product; it may not be used on
more than one Client Device or by more than one user at a time, except as set
forth in this Section.
1.1.1 The Software is "in use" on a Client Device when it is loaded into the
temporary memory (i.e., random-access memory or RAM) or installed into the
permanent memory (e.g., hard disk, CD-ROM, or other storage device) of that
Client Device. This license authorizes you to make only as many back-up copies
of the Software as are necessary for its lawful use and solely for back-up
purposes, provided that all such copies contain all of the Software's proprietary
notices. You shall maintain records of the number and location of all copies of
the Software and Documentation and will take all reasonable precautions to
protect the Software from unauthorized copying or use.
1.1.2 If you sell the Client Device on which the Software is installed, you will
ensure that all copies of the Software have been previously deleted.
1.1.3 You shall not decompile, reverse engineer, disassemble or otherwise
reduce any part of this Software to a humanly readable form nor permit any third
party to do so. The interface information necessary to achieve interoperability of
the Software with independently created computer programs will be provided by
Kaspersky Lab by request on payment of its reasonable costs and expenses for
procuring and supplying such information. In the event that Kaspersky Lab
notifies you that it does not intend to make such information available for any
reason, including (without limitation) costs, you shall be permitted to take such

Appendix D

111

steps to achieve interoperability, provided that you only reverse engineer or


decompile the Software to the extent permitted by law.
1.1.4 You shall not make error corrections to, or otherwise modify, adapt, or
translate the Software, nor create derivative works of the Software, nor permit
any third party to copy the Software (other than as expressly permitted herein).
1.1.5 You shall not rent, lease or lend the Software to any other person, nor
transfer or sub-license your license rights to any other person.
1.1.6 You shall not use this Software in automatic, semi-automatic or manual
tools designed to create virus signatures, virus detection routines, any other data
or code for detecting malicious code or data.
1.2 Server-Mode Use. You may use the Software on a Client Device or on a
server ("Server") within a multi-user or networked environment ("Server-Mode")
only if such use is permitted in the applicable price list or product packaging for
the Software. A separate license is required for each Client Device or "seat" that
may connect to the Server at any time, regardless of whether such licensed
Client Devices or seats are concurrently connected to or actually accessing or
using the Software. Use of software or hardware that reduces the number of
Client Devices or seats directly accessing or utilizing the Software (e.g.,
"multiplexing" or "pooling" software or hardware) does not reduce the number of
licenses required (i.e., the required number of licenses would equal the number
of distinct inputs to the multiplexing or pooling software or hardware "front end").
If the number of Client Devices or seats that can connect to the Software
exceeds the number of licenses you have obtained, then you must have a
reasonable mechanism in place to ensure that your use of the Software does not
exceed the use limits specified for the license you have obtained. This license
authorizes you to make or download such copies of the Documentation for each
Client Device or seat that is licensed as are necessary for its lawful use, provided
that each such copy contains all of the Documentations proprietary notices.
1.3 Volume Licenses. If the Software is licensed with volume license terms
specified in the applicable product invoicing or packaging for the Software, you
may make, use or install as many additional copies of the Software on the
number of Client Devices as the volume license terms specify. You must have
reasonable mechanisms in place to ensure that the number of Client Devices on
which the Software has been installed does not exceed the number of licenses
you have obtained. This license authorizes you to make or download one copy of
the Documentation for each additional copy authorized by the volume license,
provided that each such copy contains all of the Document's proprietary notices.
2. Duration. This Agreement is effective for the period specified in the Key File
(the unique file which is required to fully enable the Software, please see Help/
about Software or Software about, for Unix/Linux version of the Software see the
notification about expiration date of the Key File) unless and until earlier
terminated as set forth herein. This Agreement will terminate automatically if you
fail to comply with any of the conditions, limitations or other requirements

112

Kaspersky Anti-Virus 5.0 for Windows File Servers

described herein. Upon any termination or expiration of this Agreement, you


must immediately destroy all copies of the Software and the Documentation. You
may terminate this Agreement at any point by destroying all copies of the
Software and the Documentation.
3. Support.
(i) Kaspersky Lab will provide you with the support services ("Support Services")
as defined below for a period of one year following:
(a) Payment of its then current support charge, and:
(b) Successful completion of the Support Services Subscription Form as
provided to you with this Agreement or as available on the Kaspersky Lab
website, which will require you to produce the Key Identification File which will
have been provided to you by Kaspersky Lab with this Agreement. It shall be at
the absolute discretion of Kaspersky Lab whether or not you have satisfied this
condition for the provision of Support Services.
(ii) Support Services will terminate unless renewed annually by payment of the
then-current annual support charge and by successful completion of the Support
Services Subscription Form again.
(iii) By completion of the Support Services Subscription Form you consent to the
terms of the Kaspersky Lab Privacy Policy, which is deposited on
ww.kaspersky.com/privacy, and you explicitly consent to the transfer of data to
other countries outside your own as set out in the Privacy Policy.
(iv) "Support Services" means:
(a) Daily updates of the anti-virus database;
(b) Free software updates, including version upgrades;
(c) Extended technical support via e-mail and phone hotline provided by Vendor
and/or Reseller;
(d) Virus detection and disinfection updates 24 hours per day.
4. Ownership Rights. The Software is protected by copyright laws. Kaspersky
Lab and its suppliers own and retain all rights, titles and interests in and to the
Software, including all copyrights, patents, trademarks and other intellectual
property rights therein. Your possession, installation, or use of the Software does
not transfer any title to the intellectual property in the Software to you, and you
will not acquire any rights to the Software except as expressly set forth in this
Agreement.
5. Confidentiality. You agree that the Software and the Documentation, including
the specific design and structure of individual programs and the Key Identification
File, constitute confidential proprietary information of Kaspersky Lab. You shall
not disclose, provide, or otherwise make available such confidential information
in any form to any third party without the prior written consent of Kaspersky Lab.

Appendix D

113

You shall implement reasonable security measures to protect such confidential


information, but without limitation to the foregoing shall use best endeavours to
maintain the security of the Key Identification File.
6. Limited Warranty.
(i) Kaspersky Lab warrants that for six (6) months from first download or
installation the Software purchased on a physical medium will perform
substantially in accordance with the functionality described in the Documentation
when operated properly and in the manner specified in the Documentation.
(ii) You accept all responsibility for the selection of this Software to meet your
requirements. Kaspersky Lab does not warrant that the Software and/or the
Documentation will be suitable for such requirements nor that any use will be
uninterrupted or error free.
(iii) Kaspersky Lab does not warrant that this Software identifies all known
viruses, nor that the Software will not occasionally erroneously report a virus in a
title not infected by that virus.
(iv) Your sole remedy and the entire liability of Kaspersky Lab for breach of the
warranty at paragraph (i) will be at Kaspersky Lab option, to repair, replace or
refund of the Software if reported to Kaspersky Lab or its designee during the
warranty period. You shall provide all information as may be reasonably
necessary to assist the Supplier in resolving the defective item.
(v) The warranty in (i) shall not apply if you (a) make or cause to be made any
modifications to this Software without the consent of Kaspersky Lab, (b) use the
Software in a manner for which it was not intended, or (c) use the Software other
than as permitted under this Agreement.
(vi) The warranties and conditions stated in this Agreement are in lieu of all other
conditions, warranties or other terms concerning the supply or purported supply
of, failure to supply or delay in supplying the Software or the Documentation
which might but for this paragraph (vi) have effect between the Kaspersky Lab
and you or would otherwise be implied into or incorporated into this Agreement
or any collateral contract, whether by statute, common law or otherwise, all of
which are hereby excluded (including, without limitation, the implied conditions,
warranties or other terms as to satisfactory quality, fitness for purpose or as to
the use of reasonable skill and care).
7. Limitation of Liability.
(i) Nothing in this Agreement shall exclude or limit Kaspersky Lab's liability for (a)
the tort of deceit, (b) death or personal injury caused by its breach of a common
law duty of care or any negligent breach of a term of this Agreement, or (c) any
other liability which cannot be excluded by law.
(ii) Subject to paragraph (i) above, the Supplier shall bear no liability (whether in
contract, tort, restitution or otherwise) for any of the following losses or damage

114

Kaspersky Anti-Virus 5.0 for Windows File Servers

(whether such losses or damage were foreseen, foreseeable, known or


otherwise):
(a) Loss of revenue;
(b) Loss of actual or anticipated profits (including for loss of profits on contracts);
(c) Loss of the use of money;
(d) Loss of anticipated savings;
(e) Loss of business;
(f) Loss of opportunity;
(g) Loss of goodwill;
(h) Loss of reputation;
(i) Loss of, damage to or corruption of data, or:
(j) Any indirect or consequential loss or damage howsoever caused (including,
for the avoidance of doubt, where such loss or damage is of the type specified in
paragraphs (ii), (a) to (ii), (i).
(iii) Subject to paragraph (i), the liability of Kaspersky Lab (whether in contract,
tort, restitution or otherwise) arising out of or in connection with the supply of the
Software shall in no circumstances exceed a sum equal to the amount equally
paid by you for the Software.
8. (i)
This Agreement contains the entire understanding between the parties
with respect to the subject matter hereof and supersedes all and any prior
understandings, undertakings and promises between you and Kaspersky Lab,
whether oral or in writing, which have been given or may be implied from
anything written or said in negotiations between us or our representatives prior to
this Agreement and all prior agreements between the parties relating to the
matters aforesaid shall cease to have effect as from the Effective Date. Save as
provided in paragraphs (ii) - (iii) below, you shall not have any remedy in respect
of an untrue statement made to you upon which you relied in entering into this
Agreement ("Misrepresentation") and Kaspersky Lab shall not have any liability
to the other than pursuant to the express terms of this Agreement.
(ii)
Nothing in this Agreement shall exclude or limit Kaspersky Lab's liability
for any Misrepresentation made thereby if aware that it was untrue.
(iii)
The liability of Kaspersky Lab for Misrepresentation as a fundamental
matter, including a matter fundamental to the maker's ability to perform its
obligations under this Agreement, shall be subject to the limitation of liability set
out in paragraph 7(iii).