What's New in VirusScan for Windows NT v3.1.4a (3101a) Copyright (c) 1994-1998 by Network Associates, Inc., and its Affiliated Companies. All Rights Reserved. Thank you for using VirusScan for Windows NT. This What's New file contains important information regarding the current version of this product. Network Associates strongly recommends that you read the entire document. Network Associates welcomes your comments and suggestions. Please use the information provided in this file to contact us. **NOTE: Do not attempt to install the Intel version of VirusScan on a Digital Equipment (DEC) Alpha system, and do not attempt to install the DEC version of VirusScan on an Intel-based computer. ___________________ WHAT'S IN THIS FILE - New Features - Issues Addressed in this Release - Known Issues - Installation - Documentation - Frequently Asked Questions - Additional Information - Contacting Network Associates ____________ NEW FEATURES 1. In addition to supporting the Network Associates macro virus variant detection technology, VirusScan also includes the new Network Associates macro virus heuristics scanning technology, which permits it to identify new and previously unknown macro viruses. 2. VirusScan has numerous performance enhancements in its on-access, on-demand, and scheduled scanning components. For example, VirusScan's new Intelligent Caching feature significantly improves on-access scanning performance. 3. VirusScan now provides on-access scanning of network drives. This provides real-time protection from viruses when working with files located on a Windows NT or NetWare-based network drive. 4. VirusScan can now be installed to either your local system or multiple remote systems via VirusScan's SETUP program. 5. An improved AutoUpdate feature allows you to configure VirusScan so that it effortlessly updates .DAT files and upgrades the entire product to protect your system from the latest virus threats. Updates and upgrades can be performed automatically on a scheduled basis, or they can be performed on-demand. VirusScan supports obtaining updates and upgrades via a FTP site or UNC pathname, and includes support for proxy servers. 6. VirusScan's on-access scanning component automatically uses new .DAT files as soon as a successful AutoUpdate has completed. Users no longer need to reboot their workstations, or restart the VirusScan Task Manager service, before these files are put into use. 7. This version of VirusScan features improved interoperability between the Windows NT and Novell NetWare versions of NetShield. The two products can now share alert messages, giving administrators the ability to centralize alerts across both Windows NT and NetWare environments. 8. Further extending the robust Network Associates Alert Manager feature, VirusScan can now generate DMI alerts and play a .WAV file when a virus is found, or when an alert is generated. 9. VirusScan now provides the option to scan floppy drives during shutdown of the system. 11. VirusScan includes the Network Associates ISeamless technology, which enables administrators to pre-configure VirusScan prior to deploying it. 12. VirusScan is now able to scan files contained within Microsoft CAB compressed files. 13. VirusScan is now able to scan and clean UUENCODED files. * NEW VIRUSES DETECTED * VirusScan for Windows NT v3.1.4a uses .DAT File 3101a, which detects the following 124 new viruses. Locations that have experienced particular problems with specific viruses are also identified. Note: DAT File 3101a corrects a defect in .DAT File 3101 that, under unusual circumstances, caused false detections of the virus OKTAWIN.5664. +STONED 1205 1330 1STVIR 3584_(COM/EXE) AKUKU.1111 AKUKU.889 (Mexico) ANXIETY.POPPY.II (U.S., Denmark, Italy) APPDER.L APPDER.Q APRIL APRIL.B BACHKHOA.3544 BACHKHOA.3999 BAD.A (Brazil) BISHKEK.A (Mexico) BLASHYRKH.A BOWL.903 BOZA.D CEBU.A CEBU.A CHANG.3584 CHOM.718 COMMFIX_TROJAN CONCEPT.BB CONCEPT.BE CONCEPT.BG CONCEPT.BK CONCEPT.BR CONCEPT.BZ (Norway) COUNTER.A DBOMB.A DELTA.1128 DMV.J GOODNIGHT.K GSIS.A HARRY.DROPPER HLLT.KRILE.5880 INFLUENZA.B IVP.APRIL.986 JORGITO.543 KEYPRESS.1232.A KEYPRESS.KILLER KOMPU.I (U.S.) LOUVADO.A (Brazil) LUCIFER.1733 MDMA(DAMAGE) MDMA.AE (Brazil) MDMA.AF MDMA.R (U.S.) MINIMAL.W MINIMAL.X MIRC/ANANAS MIRC/DURAK MIRC/SIMPSAL MIRC/TOOCOOL MIRC/WASS_UPP MRKLUNKYVXD MUNCH.A NEWYEAR.A NOGZOEEN_TROJAN NOP.P:DE NOT!_TROJAN NUKE.POX.1602 NUTCRACKER.C OKTAWIN.5664 OLK.4245 OLK.4245 PEJUANG.A PEMPE.1943 (The Philippines) PWD.A RAHACK.981 ROGUE.1807 SAVER.B SCHOO.A SCHUMANN.F SHRAPNEL.6067 BS/MBR SHRAPNEL.6067 COM/EXE SHRAPNEL.6067 NE_EXE SILLY.A SPANSKA.1008 (U.S., Italy) SPANSKA.1509 SPANSKA.4250 (U.S., Brazil) SPLIT SECOND SPLIT SECOND 1035 SPOOF95 TROJAN TCHAO.A TUNGUSKA.A:IT (Italy) TWNO.AE:TW (Taiwan) TYSON ULTIMATE.419 ULTIMATE.982 UNKM.123 UNKM.329 UNKM.767 VICTORTAN.A VRAPEXE.3730 VTE.2502 (COM) VTE.2502 (EXE) W95.MEMORIAL.VXD WAZZU.CR (France) WAZZU.DL WAZZU.DO WON.2343 XENIXOS:DE XM/DMV.B XM/IMPORT.A XM/LAROUX.AD XM/LAROUX.AQ XM/LAROUX.AR XM/LAROUX.AS XM/LAROUX.AT XM/LAROUX.AU XM/LAROUX.AV XM/LAROUX.AW XM/LAROUX.AX XM/LAROUX.AY XM/LAROUX.AZ XM/LAROUX.BB XM/LAROUX.BD XM/LAROUX.G XM/LAROUX.H XM/LAROUX.N XM/LAROUX.R * NEW VIRUSES CLEANED * This .DAT file cleans the following 70 new viruses: 3584_(COM/EXE) APPDER.L APPDER.Q BACHKHOA.3544 BACHKHOA.3999 BAD.A BISHKEK.A BLASHYRKH.A BOWL.903 CONCEPT.BZ COUNTER.A DBOMB.A DMV.J GOODNIGHT.K GSIS.A INFLUENZA.B IVP.APRIL.986 JORGITO.543 KOMPU.I LOUVADO.A MDMA(DAMAGE) MDMA.AE MDMA.AF MINIMAL.W MINIMAL.X MUNCH.A NEWYEAR.A NOP.P:DE NUKE.POX.1602 OLK.4245 PEJUANG.A PEMPE.1943 PWD.A SAVER.B SCHOO.A SHRAPNEL.6067 COM/EXE SILLY.A SPANSKA.1008 SPANSKA.1509 TCHAO.A TUNGUSKA.A:IT UNKM.329 UNKM.767 VICTORTAN.A VRAPEXE.3730 W95.MEMORIAL.VXD WAZZU.CR WAZZU.DL WAZZU.DO WON.2343 XM/DMV.B XM/IMPORT.A XM/LAROUX.AD XM/LAROUX.AQ XM/LAROUX.AR XM/LAROUX.AS XM/LAROUX.AT XM/LAROUX.AU XM/LAROUX.AV XM/LAROUX.AW XM/LAROUX.AX XM/LAROUX.AY XM/LAROUX.AZ XM/LAROUX.BB XM/LAROUX.BD XM/LAROUX.G XM/LAROUX.H XM/LAROUX.N XM/LAROUX.R YANKEE.1202 ________________________________ ISSUES ADDRESSED IN THIS RELEASE 1. VirusScan for Windows NT v3.1.4a fixes a STOP condition that may occur with version 4.11a of Novell's NetWare redirector for Windows NT and VirusScan v3.1.4. Network Associates recommends that customers use v3.1.4a instead of v3.1.4 to avoid potential problems. 2. VirusScan Task Manager's improved memory allocation methods prevent potential problems (including GPFs) on systems with a low amounts of free physical and virtual memory. Network Associates recommends that customers use v3.1.4a instead of v3.1.4 to avoid potential problems. ____________ KNOWN ISSUES 1. If your system has a beta or release candidate version of VirusScan installed, you must uninstall it before installing this version. (You cannot use AutoUpgrade for this procedure.) 2. The new 3000 series .DATs contained in VirusScan v3.1.4a are not backward compatible with the VirusScan v2.x series. The 3000 series .DATs should not be used with VirusScan v2.x products. 3. After installing Service Pack 2 on a Windows NT 4.0 system, you may receive a STOP 0x0000000A error message when you try to access your CD-ROM drive or floppy disk drive while anti-virus software is running. Solution: Apply the fix available from Microsoft Technical Support or install the latest available servicepack. See Microsoft Knowledge Base Article ID: Q165814 for more information. 4. When using Windows NT 4.0 and Microsoft Internet Information Server with VirusScan, you must install Microsoft Service Pack 2 with the Kernel Hot Fix or Service Pack 3 to avoid the following error message: STOP 0x0000000A. 5. When using Windows NT 4.0 and Microsoft Distributed File System with VirusScan, you must install Microsoft Service Pack 3, or the following error message may occur: STOP 0x00000035. 6. When using Microsoft Services for Macintosh (SFMSRV.SYS) with VirusScan, you must install Microsoft Service Pack 3 for Windows NT 4.0 (Service Pack 5 for Windows NT 3.51) plus the SFM Hotfix, which is available from Microsoft. See Microsoft Knowledge Base Article ID: Q172511 for more information. Without these patches installed, you may experience a STOP 0x0000000A error. Please contact Microsoft Technical Support. 7. Under heavy load situations, when using Windows NT 3.51 or 4.0, your system may stop responding (hang) while running a filter driver such as the one used by VirusScan. Microsoft has confirmed this to be a problem in the Windows NT file SRV.SYS. Solution: If you are using Windows NT 4.0, apply the fix available from Microsoft Technical Support. If you are using Windows NT 3.51, apply a fix as soon as it is made available by Microsoft. At the time VirusScan v3.1.4a was released, Microsoft was in the process of developing a fix for this problem and was expected to make it available in the near future. See Microsoft Knowledge Base Article ID: Q178413 for more information. 8. When using Windows NT 3.51, a system may fail during a rename operation under heavy load situations. Microsoft has confirmed that this is caused by a problem in the Windows NT 3.51 file system (NTFS.SYS). The STOP message will vary, but the most common is STOP 0x0000000A. Solution: Apply the fix available from Microsoft Technical Support. See Microsoft Knowledge Base Article ID: Q164267 for more information. 9. If you have manually uninstalled a previous installation of VirusScan, and have not rebooted, a silent installation of VirusScan will fail. 10. If you are upgrading from VirusScan v2.5.3 or v3.0.0 to the current version, there are some situations that can cause an NT STOP error message. The problem is related to the device drivers in the previous product and is not related to VirusScan v3.1.4a. Network Associates recommends uninstalling previous versions of VirusScan and rebooting before installing this release. 11. When installing using the default Windows NT SYSTEM account, some product functionality is not available. This includes: alert forwarding to other NT servers, sending alerts to printers, scheduled AutoUpdates from NT file shares, remote event logging, and scheduled scans of network drives. 12. Automatic uninstallation of VirusScan sometimes does not remove all registry items and files associated with VirusScan. See the INSTALLATION section of this file for information on manually uninstalling. 13. On-access scanning of write-protected floppies infected with a boot-sector virus may return multiple notification messages. 14. The VirusScan Task Manager cannot be stopped while any user-initiated scan tasks are in operation. You must close the scanning session or complete the scan before stopping the VirusScan Task Manager. 15. To upgrade a component of VirusScan, you must perform the full installation. If a partial installation is performed, an error message appears when the system is restarted. 16. The user ID and password used to access FTP servers (when performing updates and upgrades via AutoUpdate) is stored in plain text in the registry. Administrators are urged to specify a user account that only has limited access to the server where anti-virus product upgrades and updates are stored. This issue will be resolved in a future release of VirusScan. ____________ INSTALLATION * INSTALLING THE PRODUCT * To install VirusScan, run SETUP.EXE and follow the prompts. Note: It is not necessary to uninstall VirusScan versions 3.02 and 3.03 before upgrading to a newer version. If, however, VirusScan is uninstalled before applying the upgrade, you must reboot the system and then install the upgraded version. To perform a "silent" installation of this product, with minimal user interaction and with all default or "Typical" installation settings, add -s (i.e., SETUP.EXE -s) to the setup command when you install the product. Network administrators can customize the silent installation feature by following these steps: 1. Check the Windows directory to ensure that a file named SETUP.ISS does not already exist. If one does, rename it, back it up, or delete it. 2. Run SETUP.EXE with the -r switch, (i.e., SETUP.EXE -r). 3. Select the components you want to install during the silent installation. Your choices will be recorded. 4. Finish the installation, and locate the file SETUP.ISS in the Windows directory. Result: A SETUP.ISS file is created that has your installation options recorded. Use this file to install all product files to the same installation directory on every client machine. The ISS file specifies the installation directory under the [SdSetupType-x] header, szDir parameter, which was recorded in step 3. This overrides the default installation directory on each client machine, which might vary according to operating system. Having the same directory name on every client helps to ease administration in the future; for example, you might assign all client machines the directory C:\ANTIVIRUS. Note: If, however, you want to allow SETUP.EXE to determine where to locate the installed files, modify the SETUP.ISS file so that the target machine will disregard the szDir, as follows: A. Locate the section [SdSetupType-x] in the SETUP.ISS file and go to the line: Result = xxx. The actual value will most likely be 301, 302, or 303, depending on what options you selected during the ISS file creation process. B. Add 100 to this number so that, for example, 301 becomes 401. This tells each target machine to disregard the szDir and assign a directory according to its own particular operating system. 5. Copy the installation files onto a local or mapped drive; then rename, back up, or delete the SETUP.ISS file. Note: You cannot perform a silent install from multiple media because the silent operation will be compromised when the install prompts the user for more media. 6. Copy the new SETUP.ISS from the Windows directory to the location of the installation files. Note: The file used for the silent installation, SETUP.ISS, is product-specific. For example, you cannot use a SETUP.ISS file created by a VirusScan for Windows 95 installation for a VirusScan for Windows NT installation. 7. Run SETUP.EXE with the -s switch (i.e., SETUP.EXE -s). Note: If you do not specify a "recorded" answer for all dialog boxes during the initial installation, the silent installation will fail. 8. When the silent installation is complete, the machine reboots automatically. * COMPONENTS INSTALLED WITH VIRUSSCAN * 1. VirusScan 2. Alert Manager * PRIMARY PROGRAM FILES FOR VIRUSSCAN * Files located in the Install directory: ======================================= 1. Installed for the Alert Manager/Console/Server: README.1ST = Network Associates information MCARCHIV.DLL = Archive library file MCCOMM.DLL = NetWare communications MCKRNL32.DLL = Cross-platform file MCRPC.DLL = RPC library MCRUTIL.DLL = NetWare utility library MCUTIL32.DLL = Multipurpose file SHUTIL.DLL = NT utility library AMGRCNFG.EXE = Alert Manager configuration program MCSEVSHL.EXE = Service installation SCNCFG32.EXE = Task configuration SCNSTAT.EXE = Task statistics SHCFG32.EXE = On-access scanning configuration SHSTAT.EXE = Shield status monitor program SVCPWD.EXE = Service account configuration program VALIDATE.EXE = McAfee file validation program VIRNOTFY.EXE = Notification utility WCMDR.EXE = Uninstall helper MCCONSOL.HLP = Console help PKGDESC.INI = Update description file WCMDR.INI = Uninstall helper WCMDRSIL.INI = Silent uninstall helper DEISL1.ISU = Uninstall file PACKING.LST = Packing list RESELLER.TXT = Network Associates authorized resellers WHATSNEW.TXT = What's New document 2. Installed for Alert Manager: SAMPLE.CMD = Sample alert command file DMIALERT.DLL = DMI alerting library MCALSNMP.DLL = SNMP alerting MCSERVIC.DLL = Service installation library POWERP32.DLL = Alert manager paging AMGRSRVC.EXE = Alert manager service program ALRTMGR.HLP = Alert manager help file MCALERT.MIB = SNMP trap template MODEMS.TXT = List of modems and initialization strings OHNO.WAV = Sound file WARNING.WAV = Default sound file CENTALRT.TXT = Centralized alerting file 3. Installed for the Console: SHIELD.CNT = Help link file BROWSENT.DLL = NT browser library INETWH16.DLL = Help file library INETWH32.DLL = Help file library REGEMUL.DLL = Registry emulator library IMPTASK.EXE = Import task file MCCONSOL.EXE = Console manager MCREGEDT.EXE = McAfee registry editor MCUPDATE.EXE = AutoUpdate file SETBROWS.EXE = Sets default browser SHIELD.HLP = On-access scanning help 4. Installed for the VirusScan Task Manager: SCAN32.EXE = On-demand scanner VIRUSCAN.CNT = Help link file CLEAN.DAT = Virus clean definition data MCALYZE.DAT = Virus definition data strings NAMES.DAT = Virus names definition data SCAN.DAT = Virus scan definition data MCALYZE.DLL = Hunter scan engine library MCSCAN32.DLL = Scan32 main library MCSERVIC.DLL = Service installation library VSTSKMGR.EXE = VirusScan Task Manager service VIRUSCAN.HLP = Scan 32 help DEFAULT.VSC = Default scan32 values Files located in %SYSTEMROOT%\SYSTEM32: ======================================= 1. Installed for the Console/Server/Alert Manager: CTL3D32.DLL = 32-bit 3D Windows controls library (*) (*) File will be installed upon installation of VirusScan on Windows NT 3.51 Workstation if the file does not already exist, or if an older version is found. Files located in %SYSTEMROOT%\SYSTEM32\DRIVERS: =============================================== 1. Installed for the Server: MCFILTER.SYS = System files MCFSREC.SYS = System files MCKRNL.SYS = System files MCSCAN.SYS = System files MCUTIL.SYS = System files MCSHIELD.SYS = System files * TESTING YOUR INSTALLATION * The Eicar Standard AntiVirus Test File is a combined effort by anti-virus vendors throughout the world to come up with one standard by which customers can verify their anti-virus installation. To test your installation, copy the following line into its own text file and name it EICAR.COM. X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* When done, you will have a 69- or 70-byte file. When VirusScan for Windows NT is applied to this file, Scan will report finding the EICAR-STANDARD-AV-TEST-FILE virus. It is important to know that THIS IS NOT A VIRUS. However, users often have the need to test that their installations function correctly. The anti-virus industry, through the European Institute for Computer Antivirus Research, has adopted this standard to facilitate this need. Please delete the file when installation testing is completed so unsuspecting users are not unnecessarily alarmed. * MANUALLY UNINSTALLING THE PRODUCT * 1. Before starting, run the Windows NT utility RDISK to create an emergency repair disk. 2. Stop the VirusScan Task Manager service and the AlertManager service in Control Panel/Services. 3. Stop the VirusScan console if running. 4. Using the NT Task Manager, end the SHSTAT process. 5. If you use SNMP, stop the SNMP service in Control Panel/Services. 6. Delete the VirusScan installation directory (the directory that contains the VirusScan executables). 7. Delete the following device driver files from %SYSTEMROOT%\SYSTEM32\DRIVERS: MCFSREC.SYS MCSCAN.SYS MCUTIL.SYS MCKRNL.SYS MCFILTER.SYS MCSHIELD.SYS 8. If you are using Windows NT 4.0 and if NetShield was set to load at startup, remove the following registry key: HKLM\software\microsoft\windows\CurrentVersion\Run\ Shstatexe 9. Remove VirusScan installation registry keys: HKLM\software\mcafee\mcalsnmp HKLM\software\mcafee\virusscan HKLM\software\mcafee\alertmanager (Do not remove this key if you have other Network Associates products installed that use Alertmanager.) 10. Remove VirusScan device driver and service registry keys: HKLM\system\CurrentControlSet\Services\Alertmanager HKLM\system\CurrentControlSet\Services\McFilter HKLM\system\CurrentControlSet\Services\McFsrec HKLM\system\CurrentControlSet\Services\McKrnl HKLM\system\CurrentControlSet\Services\McScan HKLM\system\CurrentControlSet\Services\McUtil HKLM\system\CurrentControlSet\Services\McShield HKLM\system\CurrentControlSet\Services\McTaskManager 11. If you are using Windows NT 4.0 and the context-sensitive scanning option was installed, remove the following registry keys: HKLM\software\classes\comfile\shell\virusscan HKLM\software\classes\directory\shell\virusscan HKLM\software\classes\drive\shell\virusscan HKLM\software\classes\exefile\shell\virusscan HKLM\software\classes\word.document.6\shell\virusscan HKLM\software\classes\word.document.8\shell\virusscan HKLM\software\classes\word.template\shell\virusscan 12. If you are using Windows NT 4.0 and you want to remove the Scan for Viruses right-click option, remove the following registry keys: HKCR\comfile\shell\VirusScan HKCR\Directory\shell\VirusScan HKCR\Drive\shell\VirusScan HKCR\exefile\shell\VirusScan HKCR\Excel.Addin\shell\VirusScan HKCR\Excel.Chart.5\shell\VirusScan HKCR\Excel.Macrosheet\shell\VirusScan HKCR\Excel.Sheet.5\shell\VirusScan HKCR\Excel.Template\shell\VirusScan HKCR\Excel.Workspace\shell\VirusScan HKCR\Excel.XLL\shell\VirusScan HKCR\exefile\shell\VirusScan HKCR\WinZip\shell\VirusScan HKCR\Word.Document.6\shell\VirusScan HKCR\Word.Template\shell\VirusScan 13. To remove SNMP extension agent, remove the following registry value: HKLM\system\CurrentControlSet\services\SNMP\parameters\ ExtensionAgent\McAlSNMP 14. Since entries in HkeyClassesRoot are not derived from a hive, it is unneccessary to delete these keys manually. When you reboot, VirusScan-specific keys under HkeyClassesRoot will be removed. 15. Reboot the system. _____________ DOCUMENTATION For more information, refer to the VirusScan's User's Guide, included on the CD-ROM versions of this program or available from the Network Associates BBS and FTP sites. This file is in Adobe Acrobat Portable Document Format (.PDF) and can be viewed using Adobe Acrobat Reader. This form of electronic documentation includes hypertext links and easy navigation to assist you in finding answers to questions about your Network Associates product. Adobe Acrobat Reader is available on CD-ROM in the ACROREAD subdirectory. Adobe Acrobat Reader also can be downloaded from the World Wide Web at: http://www.adobe.com/Acrobat/readstep.html VirusScan documentation can be downloaded from the Network Associates BBS or the World Wide Web at: http://www.nai.com For more information on viruses and virus prevention, see the McAfee Virus Information Library, MCAFEE.HLP, included on the CD-ROM version of this product or available from the Network Associates BBS or FTP site. Documentation feedback is welcome. Send e-mail to documentation@cc.nai.com. __________________________ FREQUENTLY ASKED QUESTIONS Regularly updated lists of frequently asked questions about Network Associates products also are available on the Network Associates BBS, website, and CompuServe and AOL forums. Q: How can I scan mapped Novell drives with scheduled on-demand scans? A: If you want to scan any Novell-server drives (mapped or via UNC) from scheduled tasks, you must create the same account/password on the Novell server as configured under McAfee VirusScan services on the Windows NT system. Q: As an administrator, how can I scan private directories that are accessible only to individual users? A: On-demand (scheduled) scans are launched by the VirusScan Task Manager service. If you specify a user name and password for the service, then the scheduled scan will only scan directories for which the service name has privileges. If no user name was specified, then the service has SYSTEM privileges. To perform an on-demand, or scheduled, scan of private directories, the VirusScan Task Manager service must have access to these private areas. Following are two ways to address this issue: Solution A: 1. Create a custom user name to be used by the Service. 2. Give this user name privileges to access the private spaces. Considerations with Solution A: This account can be used to access the private directories. To prepare these directories with proper rights, open a DOS prompt and enter: CACLS /E /G (domain name)\(service account name) Enter CACLS at the DOS prompt to get a complete list of options. Solution B: 1. Do not associate a user name to the Service. 2. Give SYSTEM privileges to access the private spaces. Considerations with Solution B: Someone could create or use a Service to access your information. Network Associates recommends Solution B as a more secure solution. Q: VirusScan will not perform an on-demand (scheduled) scan of some network drives. Why? A: It is possible that the user name you are using for the VirusScan Task Manager service does not have sufficient rights to scan the drives in question. To verify whether this is the issue, connect to each drive using the user name and password utilized by the VirusScan Task Manager service from the machine where the service is running. Confirm that this user name has rights on the device by manually running an on-demand scan. If you can scan the device while you're logged in, then the service should also be able to do it as a scheduled scan. When scanning remote locations, Network Associates recommends using the UNC path for scheduled tasks. Q: My scheduled tasks do not run when the VirusScan Task Manager service is stopped. Why? A: The VirusScan Task Manager service is responsible for on-access scanning, starting scheduled on-demand tasks, and AutoUpdate tasks. If the VirusScan Task Manager service is stopped, all of these tasks are disabled. Q: Can I update VirusScan's data files to detect new viruses? A: Yes, VirusScan now includes the new Network Associates AutoUpdate feature, a powerful updating capability that can ensure you have the latest VirusScan files installed. AutoUpdate can automatically update both the VirusScan product and the data (.DAT) files it uses to detect viruses. If you need additional assistance with downloading, contact Network Associates Download Support at (408) 988-3832. Q: Does VirusScan protect users accessing files accessed on my web server or FTP server on this system? A: Yes, VirusScan detects infections in files transferred with Microsoft Internet Information Server (IIS). This protects remote users accessing files via HTTP or FTP. ______________________ ADDITIONAL INFORMATION 1. After completing your installation or upgrade of VirusScan, you must reboot your computer before VirusScan can be used. 2. SVCPWD.EXE is a utility for setting and/or changing usernames and passwords used by the McAfee services. SVCPWD requests one command-line parameter which is a filename (i.e computers.txt). Use SVCPWD /? to get additional command-line information. This file (i.e. computers.txt) should contain a list of all the computers that you want to modify the service accounts (username and password)for. Example: \\COMPUTER1 \\COMPUTER2 \\SERVER Start the SVCPWD utility by entering the file as command-line (i.e. SVCPWD computers.txt). This utility contacts all the computers via the network and changes the username and password originally given to McAfee services. The username and password are changed to the value that the user is asked to set upon starting the utility. All service accounts need to be set to user "LocalSystem". If a domain\username is entered, then the SVCPWD utility will require a password for the domain\username. When this is completed, the utility contacts all the computers and changes the settings. Note 1: The domain\username that is used by the services needs to be an administrative account. Note 2: The person running this utility must have an administrative account for all the computers that require such changes. Note 3: Do not run this utility during an on-demand scan. 3. When using an ISeamless Install Script, and running setup in standard or silent mode without any parameters, setup requires that the custom installation file produced by ISeamless be named admin.sis or oem.sis. 4. If VirusScan finds an older version of the file WININET.DLL during installation, it upgrades the file to the current version. 5. If you are running any other anti-virus product on the system, please exclude that product's installation directory within the VirusScan Properties Exclusions tab. 6. If you use AutoUpdate to download files from an FTP site containing more than one .ZIP file which follows the DAT-XXXX.ZIP or DATXXXXY.ZIP naming conventions, AutoUpdate downloads the .ZIP file whose name ranks last in alphabetical order. To ensure that the correct file is downloaded, Network Associates recommends that you place the file used by AutoUpdate in the target directory by itself. 7. When installing VirusScan to remote systems on your network, the destination systems must have a proper security relationship (i.e., they must reside on the same domain or share a trust relationship, and the account being used must have Administrator privileges on the machine being installed to) with the system you are performing the installation from. If the computers do not have a proper security relationship, the remote installation will not be performed properly. 8. If compressed file scanning is turned on, VirusScan temporarily uses additional harddrive space when scanning compressed files (i.e., ZIP, LZH/LHA, UUENCODE, etc.). 9. When performing a silent installation using the default SETUP.ISS file, via either AutoUpgrade or the command setup -s, your service user resets to the LocalSystem account and the server reboots automatically when the installation is completed. If you wish to keep your settings, record your own SETUP.ISS file for use during silent installations (see the VirusScan User's Guide for detailed information on creating your own setup.iss file). _____________________________ CONTACTING NETWORK ASSOCIATES * FOR QUESTIONS, ORDERS, PROBLEMS, OR COMMENTS * Contact the Network Associates Customer Care department: 1. Corporate-licensed customers, call (408) 988-3832 Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time Retail-licensed customers, call (972) 278-6100 Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time 2. Fax (408) 970-9727 24-hour, Group III fax 3. Fax-back automated response system (408) 988-3034 24-hour fax Send correspondence to any of the following Network Associates locations: Network Associates Corporate Headquarters 2805 Bowers Avenue Santa Clara, CA 95051-0963 Network Associates Canada 139 Main Street, Suite 201 Unionville, Ontario Canada L3R 2G6 Network Associates Europe B.V. Gatwickstraat 25 1043 GL Amsterdam The Netherlands Network Associates (UK) Ltd. Hayley House, London Road Bracknell, Berkshire RG12 2TH United Kingdom Network Associates France S.A. 50 rue de Londres 75008 Paris France Network Associates Deutschland GmbH Industriestrasse 1 D-82110 Germering Germany Network Associates Japan Co, Ltd. Toranomon 33 Mori Bldg. 3-8-21 Toranomon Minato-Ku, Tokyo 105 Japan Network Associates Korea 135-090, 18th Fl., Kyoung Am Bldg. 157-27 Samsung-Dong, Kangnam-Ku Seoul, Korea Network Associates South East Asia 7 Temasek Boulevard The Penthouse #44-01, Suntec Tower One Singapore 038987 Network Associates Australia Level 1, 500 Pacific Highway St. Leonards, NSW 2065 Australia Network Associates Latin America 150 South Pine Island Road, Suite 205 Plantation, FL 33324 USA Or, you can receive online assistance through any of the following resources: 1. Bulletin Board System: (408) 988-4004 24-hour US Robotics HST DS 2. Internet e-mail: support@nai.com 3. Internet FTP: ftp.nai.com 4. World Wide Web: http://www.nai.com 5. America Online: keyword MCAFEE 6. CompuServe: GO MCAFEE Before contacting Network Associates, please make note of the following information. When sending correspondence, please include the same details. - Product name and version number - A complete WINMSD report - Type and brand of your computer, hard drive, and any peripherals - Operating system type and version - Network name, operating system, and version - Microsoft service pack version number and any hotfixes installed - Network card installed, where applicable - Modem manufacturer, model, and baud, where applicable - Relevant browsers/applications and version number, where applicable - Problem - Specific scenario where problem occurs - Conditions required to reproduce problem - Statement of whether problem is reproducible on demand - Your contact information: voice, fax, and e-mail Other general feedback is also appreciated. * FOR ON-SITE TRAINING INFORMATION * Contact Network Associates Customer Service at (800) 338-8754. * FOR PRODUCT UPGRADES * To make it easier for you to receive and use Network Associates products, we have established a Resellers program to provide service, sales, and support for our products worldwide. For a listing of Network Associates resellers outside the United States, click the Contact tab on the Network Associates website, then click International Resellers.