Home » McAfee Manuals » Computer Software » McAfee AVDCDE-AA-AA » Manual Viewer

McAfee AVDCDE-AA-AA User Guide - Page 26

“Double heuristics” analysis, Wide-spectrum coverage, combination - observer

View all McAfee AVDCDE-AA-AA manuals

Add to My Manuals
Save this manual to your list of manuals

Page 26 highlights

About VirusScan Software This meant that the simple pattern-matching method that earlier scan engine incarnations used to find many viruses simply no longer worked, since no constant sequence of bytes existed to detect. To respond to this threat, McAfee researchers developed the PolyScan Decryption Engine, which locates and analyzes the algorithm that these types of viruses use to encrypt and decrypt themselves. It then runs this code through its paces in an emulated virtual machine in order to understand how the viruses mutate themselves. Once it does so, the engine can spot the "undisguised" nature of these viruses, and thereby detect them reliably no matter how they try to hide themselves. "Double heuristics" analysis As a further engine enhancement, McAfee researchers have honed early heuristic scanning technologies-originally developed to detect the astonishing flood of macro virus variants that erupted after 1995-into a set of precision instruments. Heuristic scanning techniques rely on the engine's experience with previous viruses to predict the likelihood that a suspicious file is an as-yet unidentified or unclassified new virus. The scan engine now incorporates ViruLogic, a heuristic technique that can observe a program's behavior and evaluate how closely it resembles either a macro virus or a file-infecting virus. ViruLogic looks for virus-like behaviors in program functions, such as covert file modifications, background calls or invocations of e-mail clients, and other methods that viruses can use to replicate themselves. When the number of these types of behaviors-or their inherent quality-reaches a predetermined threshold of tolerance, the engine fingers the program as a likely virus. The engine also "triangulates" its evaluation by looking for program behavior that no virus would display-prompting for some types of user input, for example-in order to eliminate false positive detections. This double-heuristic combination of "positive" and "negative" techniques results in an unsurpassed detection rate with few, if any, costly misidentifications. Wide-spectrum coverage As malicious agents have evolved to take advantage of the instant communication and pervasive reach of the Internet, so VirusScan software has evolved to counter the threats they present. A computer "virus" once meant a specific type of agent-one designed to replicate on its own and cause a limited type of havoc on the unlucky recipient's computer. In recent years, however, an astounding range of malicious agents has emerged to assault personal computer users from nearly every conceivable angle. Many of these agents-some of the fastest-spreading worms, for instance-use updated versions of vintage techniques to infect systems, but many others make full use of the new opportunities that web-based scripting and application hosting present. 26 McAfee VirusScan Anti-Virus Software

Section	Page
Preface	7
What happened?	7
Why worry?	7
Where do viruses come from?	8
Virus prehistory	8
Viruses and the PC revolution	9
Boot-sector viruses	9
File infector viruses	10
Stealth, mutation, encryption, and polymorphic techniques	11
Macro viruses	12
On the frontier	12
Java, ActiveX, and scripted objects	13
Where next?	14
How to protect yourself	15
How to contact McAfee and Network Associates	16
Customer service	16
Technical support	17
Download support	18
Network Associates training	18
Comments and feedback	18
Reporting new items for anti-virus data file updates	19
International contact information	20
1 About VirusScan Software	23
Introducing VirusScan anti-virus software	23
How does VirusScan software work?	25
Fast, accurate virus detection	25
Encrypted polymorphic virus detection	25
“Double heuristics” analysis	26
Wide-spectrum coverage	26
What comes with VirusScan software?	27
What’s new in this release?	31
Installation and distribution features	31
Interface enhancements	32
Changes in product functionality	33
New update options for your VirusScan software	33
2 Installing VirusScan Software	35
Before you begin	35
System requirements	35
Other recommendations	35
Preparing to install VirusScan software	36
Installation options	36
Installation steps	37
Using the Emergency Disk Creation utility	49
Determining when you must restart your computer	54
Testing your installation	55
Modifying or removing your VirusScan installation	56
3 Removing Infections From Your System	59
If you suspect you have a virus...	59
Deciding when to scan for viruses	62
Recognizing when you don’t have a virus	63
Understanding false detections	64
Responding to viruses or malicious software	65
Responding when the VShield scanner detects malicious software	65
Responding when the System Scan module detects a virus	65
Responding when the E-mail Scan module detects a virus	68
Responding when the Download Scan module detects a virus	69
Responding when Internet Filter detects a virus	70
Responding when the VirusScan application detects a virus	70
Responding when the E-Mail Scan extension detects a virus	72
Viewing virus information	74
Viewing file information	75
Submitting a virus sample	76
Using the SendVirus utility to submit a file sample	76
Capturing boot sector, file-infecting, and macro viruses	79
Capturing boot-sector infections	79
Capturing file-infecting or macro viruses	80
Making disk images	81
Preparing file archives to send	81
Sending samples via e-mail	82
Mailing infected floppy disks	83
4 Using the VShield Scanner	85
What does the VShield scanner do?	85
Why use the VShield scanner?	86
Browser and e-mail client support	87
Enabling or starting the VShield scanner	88
Starting the scanner automatically	89
Enabling the VShield scanner and its modules	90
Method 1: Use the VShield shortcut menu	90
Method 2: Use the System Scan Status dialog box	90
Method 3: Use the VShield Properties dialog box	91
Method 4: Use the VirusScan Console	92
Understanding the VShield system tray icon states	92
Using the VShield configuration wizard	93
Setting VShield scanner properties	97
Configuring the System Scan module	98
Choosing Detection options	99
Choosing Action options	105
Choosing Alert options	108
Choosing Report options	110
Choosing Exclusion options	112
Configuring the E-mail Scan module	115
Choosing Detection options	116
Choosing Action options	121
Choosing Alert options	124
Choosing Report options	127
Configuring the Download Scan module	130
Choosing Detection options	130
Choosing Action options	134
Choosing Alert options	136
Choosing Report options	138
Configuring the Internet Filter module	140
Choosing Detection options	141
Choosing Action options	145
Choosing Alert options	146
Choosing Report options	148
Configuring the Security module	149
Enabling password protection	150
Entering your password to configure settings	151
Protecting individual property pages	152
Using the VShield shortcut menu	153
Disabling or stopping the VShield scanner	153
Preventing the scanner from starting automatically	154
Stopping the VShield scanner completely	154
Method 1: Use the VShield shortcut menu	154
Method 2: Use the VirusScan Console	155
Method 3: Use the VirusScan control panel	156
Disabling the VShield scanner and its modules	156
Method 1: Use the VShield shortcut menu	157
Method 2: Use the System Scan Status dialog box	157
Method 3: Use the VShield Properties dialog box	158
Tracking VShield software status information	159
Viewing VShield task status information	160
5 Using the VirusScan application	161
What is the VirusScan application?	161
Why use the VirusScan application?	162
Starting the VirusScan application	163
Method 1: Displaying the VirusScan application main window	163
Method 2: Starting a scan task from the VirusScan Console	165
Method 3: Starting a scan task from a settings file	166
Method 4: Starting the application from the command line	168
Configuring the VirusScan Classic interface	169
Choosing Where & What options	169
Choosing Action options	171
Choosing Report options	173
Configuring the VirusScan Advanced interface	174
Choosing Detection options	175
Choosing Action options	180
Choosing Alert options	182
Choosing Report options	183
Choosing Exclusion options	186
Enabling password protection	189
6 Creating and Configuring Scheduled Tasks	191
What does VirusScan Console do?	191
Why schedule scan operations?	191
Starting the VirusScan Console	192
Using the Console window	194
Working with default tasks	196
Working with the VShield task	198
Working with the AutoUpgrade and AutoUpdate tasks	199
Creating new tasks	200
Enabling tasks	204
Checking task status	206
Configuring VirusScan application options	208
Choosing Detection options	209
Choosing Action options	213
Choosing Alert options	216
Choosing Report options	217
Choosing Exclusion options	220
Choosing security options	223
7 Updating and Upgrading VirusScan Software	227
Developing an updating strategy	227
What are .DAT files?	227
What is the scan engine?	227
Update and upgrade methods	228
Understanding the AutoUpdate utility	230
Configuring the AutoUpdate Utility	231
Configuring update options	235
Configuring advanced update options	237
Understanding the AutoUpgrade utility	240
Configuring the AutoUpgrade utility	241
Configuring upgrade options	246
Configuring advanced upgrade options	248
Using the AutoUpgrade and SuperDAT utilities together	250
8 Using Specialized Scanning Tools	253
Scanning Microsoft Exchange and Outlook mail	253
When and why you should use the E-Mail Scan extension	253
Using the E-Mail Scan extension	254
Configuring the E-Mail Scan extension	255
Choosing Detection options	257
Choosing Action options	260
Choosing Alert options	262
Choosing Report options	266
Scanning cc:Mail	269
Using the ScreenScan utility	269
9 Using VirusScan Utilities	277
Understanding the VirusScan control panel	277
Opening the VirusScan control panel	277
Choosing VirusScan control panel options	278
Using the Alert Manager Client Configuration utility	281
VirusScan software as an Alert Manager client	282
Configuring the Alert Manager client utility	282
A Default Vulnerable and Compressed File Extensions	287
Adding file name extensions for scanning	287
Current list of vulnerable file name extensions	288
Current list of compressed files scanned	292
B Network Associates Support Services	295
Adding value to your McAfee product	295
PrimeSupport options for corporate customers	295
The PrimeSupport KnowledgeCenter plan	295
The PrimeSupport Connect plan	296
The PrimeSupport Priority plan	297
The PrimeSupport Enterprise plan	297
Ordering a corporate PrimeSupport plan	298
PrimeSupport options for home users	300
How to reach international home user support	302
Ordering a PrimeSupport plan for home users	302
Network Associates consulting and training	303
Professional Services	303
Jumpstart Services	303
Network consulting	304
Total Education Services	304
C Using the SecureCast Service to Get New Data Files	305
Introducing the SecureCast service	305
Why should I update my data files?	306
Which data files does the SecureCast service deliver?	306
Installing the BackWeb client and SecureCast service	307
System requirements	307
Phase 1: Download and install BackWeb	307
Phase 2: Register with the Enterprise SecureCast service	312
Troubleshooting the Enterprise SecureCast service	317
Registration problems	317
Unsubscribing from the SecureCast service	317
Support resources	317
SecureCast service	317
BackWeb client	318
D Understanding iDAT Technology	319
Understanding incremental .DAT files	319
Product requirements	319
How does iDAT updating work?	320
What does McAfee post each week?	321
Best practices	322
Three-stage updating	322
Scheduling internal .DAT updates	323
Frequently asked questions	323
Connectivity issues	323
Corrupted data	324
Incremental vs. full .DAT update	324
Network configuration issues	324
Scheduling issues	324

Match case Limit results 1 per page

About VirusScan Software

McAfee VirusScan Anti-Virus Software

This meant that the simple pattern-matching method that earlier scan engine

incarnations used to find many viruses simply no longer worked, since no

constant sequence of bytes existed to detect. To respond to this threat, McAfee

researchers developed the PolyScan Decryption Engine, which locates and

analyzes the algorithm that these types of viruses use to encrypt and decrypt

themselves. It then runs this code through its paces in an emulated virtual

machine in order to understand how the viruses mutate themselves. Once it

does so, the engine can spot the

“

undisguised

”

nature of these viruses, and

thereby detect them reliably no matter how they try to hide themselves.

“

Double heuristics

”

analysis

As a further engine enhancement, McAfee researchers have honed early

heuristic scanning technologies

—

originally developed to detect the

astonishing flood of macro virus variants that erupted after 1995

—

into a set of

precision instruments. Heuristic scanning techniques rely on the engine

’

experience with previous viruses to predict the likelihood that a suspicious file

is an as-yet unidentified or unclassified new virus.

The scan engine now incorporates ViruLogic, a heuristic technique that can

observe a program

’

s behavior and evaluate how closely it resembles either a

macro virus

a file-infecting virus. ViruLogic looks for virus-like behaviors

in program functions, such as covert file modifications, background calls or

invocations of e-mail clients, and other methods that viruses can use to

replicate themselves. When the number of these types of behaviors

—

or their

inherent quality

—

reaches a predetermined threshold of tolerance, the engine

fingers the program as a likely virus.

The engine also

“

triangulates

”

its evaluation by looking for program behavior

that no virus would display

—

prompting for some types of user input, for

example

—

in order to eliminate false positive detections. This double-heuristic

combination of

“

positive

”

and

“

negative

”

techniques results in an

unsurpassed detection rate with few, if any, costly misidentifications.

Wide-spectrum coverage

As malicious agents have evolved to take advantage of the instant

communication and pervasive reach of the Internet, so VirusScan software has

evolved to counter the threats they present. A computer

“

virus

”

once meant a

specific type of agent

—

one designed to replicate on its own and cause a

limited type of havoc on the unlucky recipient

’

s computer. In recent years,

however, an astounding range of malicious agents has emerged to assault

personal computer users from nearly every conceivable angle. Many of these

agents

—

some of the fastest-spreading worms, for instance

—

use updated

versions of vintage techniques to infect systems, but many others make full

use of the new opportunities that web-based scripting and application hosting

present.