Home » McAfee Manuals » Computer Software » McAfee AVDCDE-BA-CA » Manual Viewer

McAfee AVDCDE-BA-CA User Guide - Page 282

VirusScan software as an Alert Manager client, Configuring the Alert Manager client utility

View all McAfee AVDCDE-BA-CA manuals

Add to My Manuals
Save this manual to your list of manuals

Page 282 highlights

Using VirusScan Utilities VirusScan software as an Alert Manager client VirusScan software works as a client program with respect to NetShield software and an Alert Manager server. It can send alert "events" whenever it detects a virus or malicious software to any Alert Manager server you specify. The Alert Manager server then relays those events-and any others it receives from other workstations-as alert messages, via the methods you or your system administrator defined for alert distribution. VirusScan software can instead send these same alert messages as text (.ALR) files to a Centralized Alerting directory visible to the Alert Manager server. The Alert Manager server checks the Centralized Alerting directory periodically, looking for any new .ALR files, and distributing the alert messages from any it finds. Š NOTE: McAfee recommends that you send alert events directly to an Alert Manager server rather than via Centralized Alerting, unless your network configuration does not permit you to use Alert Manager servers. The Alert Manager server can work in conjunction with Network Associates Event Orchestrator software to tie alert messages into the Network Associates Magic HelpDesk application for trouble-ticket generation and other features. Alert Manager messages also contain much richer data than do those sent via Centralized Alerting. Enabling SNMP traps for Alert Manager will collect a host of information about the computer that generates the alert message and its software configuration. The VirusScan client can supplement either method with Desktop Management Interface (DMI) alerts for network management software, such as Hewlett-Packard OpenView, to process. Configuring the Alert Manager client utility VirusScan software includes a simple client configuration utility that allows you to choose the Alert Manager server that you want to receive alert events, designate a Centralized Alerting directory to receive alert messages, and specify the numeric value of DMI alert messages you want to send. Setting up a complete alert system is a two-part process: First, you must enable the Alert Manager Client Configuration utility and point it to the correct Alert Manager server or Centralized Alerting location. Next, you must verify that you have selected the Notify Alert Manager checkbox in the VirusScan Advanced Alert property page, in the Alert page for the E-Mail Scan extension and in the Alert pages for each VShield module you have enabled. 282 McAfee VirusScan Anti-Virus Software

Section	Page
Preface	7
What happened?	7
Why worry?	7
Where do viruses come from?	8
Virus prehistory	8
Viruses and the PC revolution	9
Boot-sector viruses	9
File infector viruses	10
Stealth, mutation, encryption, and polymorphic techniques	11
Macro viruses	12
On the frontier	12
Java, ActiveX, and scripted objects	13
Where next?	14
How to protect yourself	15
How to contact McAfee and Network Associates	16
Customer service	16
Technical support	17
Download support	18
Network Associates training	18
Comments and feedback	18
Reporting new items for anti-virus data file updates	19
International contact information	20
1 About VirusScan Software	23
Introducing VirusScan anti-virus software	23
How does VirusScan software work?	25
Fast, accurate virus detection	25
Encrypted polymorphic virus detection	25
“Double heuristics” analysis	26
Wide-spectrum coverage	26
What comes with VirusScan software?	27
What’s new in this release?	31
Installation and distribution features	31
Interface enhancements	32
Changes in product functionality	33
New update options for your VirusScan software	33
2 Installing VirusScan Software	35
Before you begin	35
System requirements	35
Other recommendations	35
Preparing to install VirusScan software	36
Installation options	36
Installation steps	37
Using the Emergency Disk Creation utility	49
Determining when you must restart your computer	54
Testing your installation	55
Modifying or removing your VirusScan installation	56
3 Removing Infections From Your System	59
If you suspect you have a virus...	59
Deciding when to scan for viruses	62
Recognizing when you don’t have a virus	63
Understanding false detections	64
Responding to viruses or malicious software	65
Responding when the VShield scanner detects malicious software	65
Responding when the System Scan module detects a virus	65
Responding when the E-mail Scan module detects a virus	68
Responding when the Download Scan module detects a virus	69
Responding when Internet Filter detects a virus	70
Responding when the VirusScan application detects a virus	70
Responding when the E-Mail Scan extension detects a virus	72
Viewing virus information	74
Viewing file information	75
Submitting a virus sample	76
Using the SendVirus utility to submit a file sample	76
Capturing boot sector, file-infecting, and macro viruses	79
Capturing boot-sector infections	79
Capturing file-infecting or macro viruses	80
Making disk images	81
Preparing file archives to send	81
Sending samples via e-mail	82
Mailing infected floppy disks	83
4 Using the VShield Scanner	85
What does the VShield scanner do?	85
Why use the VShield scanner?	86
Browser and e-mail client support	87
Enabling or starting the VShield scanner	88
Starting the scanner automatically	89
Enabling the VShield scanner and its modules	90
Method 1: Use the VShield shortcut menu	90
Method 2: Use the System Scan Status dialog box	90
Method 3: Use the VShield Properties dialog box	91
Method 4: Use the VirusScan Console	92
Understanding the VShield system tray icon states	92
Using the VShield configuration wizard	93
Setting VShield scanner properties	97
Configuring the System Scan module	98
Choosing Detection options	99
Choosing Action options	105
Choosing Alert options	108
Choosing Report options	110
Choosing Exclusion options	112
Configuring the E-mail Scan module	115
Choosing Detection options	116
Choosing Action options	121
Choosing Alert options	124
Choosing Report options	127
Configuring the Download Scan module	130
Choosing Detection options	130
Choosing Action options	134
Choosing Alert options	136
Choosing Report options	138
Configuring the Internet Filter module	140
Choosing Detection options	141
Choosing Action options	145
Choosing Alert options	146
Choosing Report options	148
Configuring the Security module	149
Enabling password protection	150
Entering your password to configure settings	151
Protecting individual property pages	152
Using the VShield shortcut menu	153
Disabling or stopping the VShield scanner	153
Preventing the scanner from starting automatically	154
Stopping the VShield scanner completely	154
Method 1: Use the VShield shortcut menu	154
Method 2: Use the VirusScan Console	155
Method 3: Use the VirusScan control panel	156
Disabling the VShield scanner and its modules	156
Method 1: Use the VShield shortcut menu	157
Method 2: Use the System Scan Status dialog box	157
Method 3: Use the VShield Properties dialog box	158
Tracking VShield software status information	159
Viewing VShield task status information	160
5 Using the VirusScan application	161
What is the VirusScan application?	161
Why use the VirusScan application?	162
Starting the VirusScan application	163
Method 1: Displaying the VirusScan application main window	163
Method 2: Starting a scan task from the VirusScan Console	165
Method 3: Starting a scan task from a settings file	166
Method 4: Starting the application from the command line	168
Configuring the VirusScan Classic interface	169
Choosing Where & What options	169
Choosing Action options	171
Choosing Report options	173
Configuring the VirusScan Advanced interface	174
Choosing Detection options	175
Choosing Action options	180
Choosing Alert options	182
Choosing Report options	183
Choosing Exclusion options	186
Enabling password protection	189
6 Creating and Configuring Scheduled Tasks	191
What does VirusScan Console do?	191
Why schedule scan operations?	191
Starting the VirusScan Console	192
Using the Console window	194
Working with default tasks	196
Working with the VShield task	198
Working with the AutoUpgrade and AutoUpdate tasks	199
Creating new tasks	200
Enabling tasks	204
Checking task status	206
Configuring VirusScan application options	208
Choosing Detection options	209
Choosing Action options	213
Choosing Alert options	216
Choosing Report options	217
Choosing Exclusion options	220
Choosing security options	223
7 Updating and Upgrading VirusScan Software	227
Developing an updating strategy	227
What are .DAT files?	227
What is the scan engine?	227
Update and upgrade methods	228
Understanding the AutoUpdate utility	230
Configuring the AutoUpdate Utility	231
Configuring update options	235
Configuring advanced update options	237
Understanding the AutoUpgrade utility	240
Configuring the AutoUpgrade utility	241
Configuring upgrade options	246
Configuring advanced upgrade options	248
Using the AutoUpgrade and SuperDAT utilities together	250
8 Using Specialized Scanning Tools	253
Scanning Microsoft Exchange and Outlook mail	253
When and why you should use the E-Mail Scan extension	253
Using the E-Mail Scan extension	254
Configuring the E-Mail Scan extension	255
Choosing Detection options	257
Choosing Action options	260
Choosing Alert options	262
Choosing Report options	266
Scanning cc:Mail	269
Using the ScreenScan utility	269
9 Using VirusScan Utilities	277
Understanding the VirusScan control panel	277
Opening the VirusScan control panel	277
Choosing VirusScan control panel options	278
Using the Alert Manager Client Configuration utility	281
VirusScan software as an Alert Manager client	282
Configuring the Alert Manager client utility	282
A Default Vulnerable and Compressed File Extensions	287
Adding file name extensions for scanning	287
Current list of vulnerable file name extensions	288
Current list of compressed files scanned	292
B Network Associates Support Services	295
Adding value to your McAfee product	295
PrimeSupport options for corporate customers	295
The PrimeSupport KnowledgeCenter plan	295
The PrimeSupport Connect plan	296
The PrimeSupport Priority plan	297
The PrimeSupport Enterprise plan	297
Ordering a corporate PrimeSupport plan	298
PrimeSupport options for home users	300
How to reach international home user support	302
Ordering a PrimeSupport plan for home users	302
Network Associates consulting and training	303
Professional Services	303
Jumpstart Services	303
Network consulting	304
Total Education Services	304
C Using the SecureCast Service to Get New Data Files	305
Introducing the SecureCast service	305
Why should I update my data files?	306
Which data files does the SecureCast service deliver?	306
Installing the BackWeb client and SecureCast service	307
System requirements	307
Phase 1: Download and install BackWeb	307
Phase 2: Register with the Enterprise SecureCast service	312
Troubleshooting the Enterprise SecureCast service	317
Registration problems	317
Unsubscribing from the SecureCast service	317
Support resources	317
SecureCast service	317
BackWeb client	318
D Understanding iDAT Technology	319
Understanding incremental .DAT files	319
Product requirements	319
How does iDAT updating work?	320
What does McAfee post each week?	321
Best practices	322
Three-stage updating	322
Scheduling internal .DAT updates	323
Frequently asked questions	323
Connectivity issues	323
Corrupted data	324
Incremental vs. full .DAT update	324
Network configuration issues	324
Scheduling issues	324

Match case Limit results 1 per page

Using VirusScan Utilities

282

McAfee VirusScan Anti-Virus Software

VirusScan software as an Alert Manager client

VirusScan software works as a client program with respect to NetShield

software and an Alert Manager server. It can send alert

“

events

”

whenever it

detects a virus or malicious software to any Alert Manager server you specify.

The Alert Manager server then relays those events

—

and any others it receives

from other workstations

—

as alert messages, via the methods you or your

system administrator defined for alert distribution.

VirusScan software can instead send these same alert messages as text (.ALR)

files to a Centralized Alerting directory visible to the Alert Manager server.

The Alert Manager server checks the Centralized Alerting directory

periodically, looking for any new .ALR files, and distributing the alert

messages from any it finds.

NOTE:

McAfee recommends that you send alert events directly to an

Alert Manager server rather than via Centralized Alerting, unless your

network configuration does not permit you to use Alert Manager servers.

The Alert Manager server can work in conjunction with Network

Associates Event Orchestrator software to tie alert messages into the

Network Associates Magic HelpDesk application for trouble-ticket

generation and other features.

Alert Manager messages also contain much richer data than do those sent

via Centralized Alerting. Enabling SNMP traps for Alert Manager will

collect a host of information about the computer that generates the alert

message and its software configuration.

The VirusScan client can supplement either method with Desktop

Management Interface (DMI) alerts for network management software, such

as Hewlett-Packard OpenView, to process.

Configuring the Alert Manager client utility

VirusScan software includes a simple client configuration utility that allows

you to choose the Alert Manager server that you want to receive alert events,

designate a Centralized Alerting directory to receive alert messages, and

specify the numeric value of DMI alert messages you want to send.

Setting up a complete alert system is a two-part process: First, you must enable

the Alert Manager Client Configuration utility and point it to the correct Alert

Manager server or Centralized Alerting location. Next, you must verify that

you have selected the

Notify Alert Manager

checkbox in the VirusScan

Advanced Alert property page, in the Alert page for the E-Mail Scan extension

and in the Alert pages for each VShield module you have enabled.