home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
BUG 14
/
BUGCD1998_05.ISO
/
_util
/
_virscan
/
wnt
/
whatsnew.txt
< prev
Wrap
Text File
|
1998-02-18
|
38KB
|
1,141 lines
What's New in VirusScan for Windows NT v3.1.4a (3101a)
Copyright (c) 1994-1998 by Network Associates, Inc.,
and its Affiliated Companies. All Rights Reserved.
Thank you for using VirusScan for Windows NT. This What's
New file contains important information regarding the
current version of this product. Network Associates strongly
recommends that you read the entire document.
Network Associates welcomes your comments and suggestions.
Please use the information provided in this file to contact
us.
**NOTE: Do not attempt to install the Intel version of
VirusScan on a Digital Equipment (DEC) Alpha system, and do
not attempt to install the DEC version of VirusScan on an
Intel-based computer.
___________________
WHAT'S IN THIS FILE
- New Features
- Issues Addressed in this Release
- Known Issues
- Installation
- Documentation
- Frequently Asked Questions
- Additional Information
- Contacting Network Associates
____________
NEW FEATURES
1. In addition to supporting the Network Associates macro
virus variant detection technology, VirusScan also
includes the new Network Associates macro virus
heuristics scanning technology, which permits it to
identify new and previously unknown macro viruses.
2. VirusScan has numerous performance enhancements in its
on-access, on-demand, and scheduled scanning components.
For example, VirusScan's new Intelligent Caching feature
significantly improves on-access scanning performance.
3. VirusScan now provides on-access scanning of network
drives. This provides real-time protection from viruses
when working with files located on a Windows NT or
NetWare-based network drive.
4. VirusScan can now be installed to either your local
system or multiple remote systems via VirusScan's SETUP
program.
5. An improved AutoUpdate feature allows you to configure
VirusScan so that it effortlessly updates .DAT files and
upgrades the entire product to protect your system from
the latest virus threats. Updates and upgrades can be
performed automatically on a scheduled basis, or they
can be performed on-demand. VirusScan supports obtaining
updates and upgrades via a FTP site or UNC pathname, and
includes support for proxy servers.
6. VirusScan's on-access scanning component automatically
uses new .DAT files as soon as a successful AutoUpdate
has completed. Users no longer need to reboot their
workstations, or restart the VirusScan Task Manager
service, before these files are put into use.
7. This version of VirusScan features improved
interoperability between the Windows NT and Novell
NetWare versions of NetShield. The two products can now
share alert messages, giving administrators the ability
to centralize alerts across both Windows NT and NetWare
environments.
8. Further extending the robust Network Associates Alert
Manager feature, VirusScan can now generate DMI alerts
and play a .WAV file when a virus is found, or when an
alert is generated.
9. VirusScan now provides the option to scan floppy drives
during shutdown of the system.
11. VirusScan includes the Network Associates ISeamless
technology, which enables administrators to
pre-configure VirusScan prior to deploying it.
12. VirusScan is now able to scan files contained within
Microsoft CAB compressed files.
13. VirusScan is now able to scan and clean UUENCODED files.
* NEW VIRUSES DETECTED *
VirusScan for Windows NT v3.1.4a uses .DAT File 3101a, which
detects the following 124 new viruses. Locations that have
experienced particular problems with specific viruses are
also identified.
Note: DAT File 3101a corrects a defect in .DAT File 3101
that, under unusual circumstances, caused false detections
of the virus OKTAWIN.5664.
+STONED
1205
1330
1STVIR
3584_(COM/EXE)
AKUKU.1111
AKUKU.889 (Mexico)
ANXIETY.POPPY.II (U.S., Denmark, Italy)
APPDER.L
APPDER.Q
APRIL
APRIL.B
BACHKHOA.3544
BACHKHOA.3999
BAD.A (Brazil)
BISHKEK.A (Mexico)
BLASHYRKH.A
BOWL.903
BOZA.D
CEBU.A
CEBU.A
CHANG.3584
CHOM.718
COMMFIX_TROJAN
CONCEPT.BB
CONCEPT.BE
CONCEPT.BG
CONCEPT.BK
CONCEPT.BR
CONCEPT.BZ (Norway)
COUNTER.A
DBOMB.A
DELTA.1128
DMV.J
GOODNIGHT.K
GSIS.A
HARRY.DROPPER
HLLT.KRILE.5880
INFLUENZA.B
IVP.APRIL.986
JORGITO.543
KEYPRESS.1232.A
KEYPRESS.KILLER
KOMPU.I (U.S.)
LOUVADO.A (Brazil)
LUCIFER.1733
MDMA(DAMAGE)
MDMA.AE (Brazil)
MDMA.AF
MDMA.R (U.S.)
MINIMAL.W
MINIMAL.X
MIRC/ANANAS
MIRC/DURAK
MIRC/SIMPSAL
MIRC/TOOCOOL
MIRC/WASS_UPP
MRKLUNKYVXD
MUNCH.A
NEWYEAR.A
NOGZOEEN_TROJAN
NOP.P:DE
NOT!_TROJAN
NUKE.POX.1602
NUTCRACKER.C
OKTAWIN.5664
OLK.4245
OLK.4245
PEJUANG.A
PEMPE.1943 (The Philippines)
PWD.A
RAHACK.981
ROGUE.1807
SAVER.B
SCHOO.A
SCHUMANN.F
SHRAPNEL.6067 BS/MBR
SHRAPNEL.6067 COM/EXE
SHRAPNEL.6067 NE_EXE
SILLY.A
SPANSKA.1008 (U.S., Italy)
SPANSKA.1509
SPANSKA.4250 (U.S., Brazil)
SPLIT SECOND
SPLIT SECOND 1035
SPOOF95 TROJAN
TCHAO.A
TUNGUSKA.A:IT (Italy)
TWNO.AE:TW (Taiwan)
TYSON
ULTIMATE.419
ULTIMATE.982
UNKM.123
UNKM.329
UNKM.767
VICTORTAN.A
VRAPEXE.3730
VTE.2502 (COM)
VTE.2502 (EXE)
W95.MEMORIAL.VXD
WAZZU.CR (France)
WAZZU.DL
WAZZU.DO
WON.2343
XENIXOS:DE
XM/DMV.B
XM/IMPORT.A
XM/LAROUX.AD
XM/LAROUX.AQ
XM/LAROUX.AR
XM/LAROUX.AS
XM/LAROUX.AT
XM/LAROUX.AU
XM/LAROUX.AV
XM/LAROUX.AW
XM/LAROUX.AX
XM/LAROUX.AY
XM/LAROUX.AZ
XM/LAROUX.BB
XM/LAROUX.BD
XM/LAROUX.G
XM/LAROUX.H
XM/LAROUX.N
XM/LAROUX.R
* NEW VIRUSES CLEANED *
This .DAT file cleans the following 70 new viruses:
3584_(COM/EXE)
APPDER.L
APPDER.Q
BACHKHOA.3544
BACHKHOA.3999
BAD.A
BISHKEK.A
BLASHYRKH.A
BOWL.903
CONCEPT.BZ
COUNTER.A
DBOMB.A
DMV.J
GOODNIGHT.K
GSIS.A
INFLUENZA.B
IVP.APRIL.986
JORGITO.543
KOMPU.I
LOUVADO.A
MDMA(DAMAGE)
MDMA.AE
MDMA.AF
MINIMAL.W
MINIMAL.X
MUNCH.A
NEWYEAR.A
NOP.P:DE
NUKE.POX.1602
OLK.4245
PEJUANG.A
PEMPE.1943
PWD.A
SAVER.B
SCHOO.A
SHRAPNEL.6067 COM/EXE
SILLY.A
SPANSKA.1008
SPANSKA.1509
TCHAO.A
TUNGUSKA.A:IT
UNKM.329
UNKM.767
VICTORTAN.A
VRAPEXE.3730
W95.MEMORIAL.VXD
WAZZU.CR
WAZZU.DL
WAZZU.DO
WON.2343
XM/DMV.B
XM/IMPORT.A
XM/LAROUX.AD
XM/LAROUX.AQ
XM/LAROUX.AR
XM/LAROUX.AS
XM/LAROUX.AT
XM/LAROUX.AU
XM/LAROUX.AV
XM/LAROUX.AW
XM/LAROUX.AX
XM/LAROUX.AY
XM/LAROUX.AZ
XM/LAROUX.BB
XM/LAROUX.BD
XM/LAROUX.G
XM/LAROUX.H
XM/LAROUX.N
XM/LAROUX.R
YANKEE.1202
________________________________
ISSUES ADDRESSED IN THIS RELEASE
1. VirusScan for Windows NT v3.1.4a fixes a STOP condition
that may occur with version 4.11a of Novell's NetWare
redirector for Windows NT and VirusScan v3.1.4. Network
Associates recommends that customers use v3.1.4a instead
of v3.1.4 to avoid potential problems.
2. VirusScan Task Manager's improved memory allocation
methods prevent potential problems (including GPFs) on
systems with a low amounts of free physical and virtual
memory. Network Associates recommends that customers use
v3.1.4a instead of v3.1.4 to avoid potential problems.
____________
KNOWN ISSUES
1. If your system has a beta or release candidate version
of VirusScan installed, you must uninstall it before
installing this version. (You cannot use AutoUpgrade for
this procedure.)
2. The new 3000 series .DATs contained in VirusScan v3.1.4a
are not backward compatible with the VirusScan v2.x
series. The 3000 series .DATs should not be used with
VirusScan v2.x products.
3. After installing Service Pack 2 on a Windows NT 4.0
system, you may receive a STOP 0x0000000A error
message when you try to access your CD-ROM drive or
floppy disk drive while anti-virus software is running.
Solution: Apply the fix available from Microsoft
Technical Support or install the latest available
servicepack. See Microsoft Knowledge Base Article
ID: Q165814 for more information.
4. When using Windows NT 4.0 and Microsoft Internet
Information Server with VirusScan, you must install
Microsoft Service Pack 2 with the Kernel Hot Fix or
Service Pack 3 to avoid the following error message:
STOP 0x0000000A.
5. When using Windows NT 4.0 and Microsoft Distributed File
System with VirusScan, you must install Microsoft
Service Pack 3, or the following error message may
occur: STOP 0x00000035.
6. When using Microsoft Services for Macintosh (SFMSRV.SYS)
with VirusScan, you must install Microsoft Service Pack
3 for Windows NT 4.0 (Service Pack 5 for Windows NT
3.51) plus the SFM Hotfix, which is available from
Microsoft. See Microsoft Knowledge Base Article
ID: Q172511 for more information.
Without these patches installed, you may experience a
STOP 0x0000000A error. Please contact Microsoft
Technical Support.
7. Under heavy load situations, when using Windows NT 3.51
or 4.0, your system may stop responding (hang) while
running a filter driver such as the one used by
VirusScan. Microsoft has confirmed this to be a problem
in the Windows NT file SRV.SYS.
Solution: If you are using Windows NT 4.0, apply the fix
available from Microsoft Technical Support. If you are
using Windows NT 3.51, apply a fix as soon as it is made
available by Microsoft. At the time VirusScan v3.1.4a
was released, Microsoft was in the process of developing
a fix for this problem and was expected to make it
available in the near future. See Microsoft Knowledge
Base Article ID: Q178413 for more information.
8. When using Windows NT 3.51, a system may fail during a
rename operation under heavy load situations. Microsoft
has confirmed that this is caused by a problem in the
Windows NT 3.51 file system (NTFS.SYS). The STOP message
will vary, but the most common is STOP 0x0000000A.
Solution: Apply the fix available from Microsoft
Technical Support. See Microsoft Knowledge Base Article
ID: Q164267 for more information.
9. If you have manually uninstalled a previous installation
of VirusScan, and have not rebooted, a silent
installation of VirusScan will fail.
10. If you are upgrading from VirusScan v2.5.3 or v3.0.0 to
the current version, there are some situations that can
cause an NT STOP error message. The problem is related
to the device drivers in the previous product and is
not related to VirusScan v3.1.4a. Network Associates
recommends uninstalling previous versions of VirusScan
and rebooting before installing this release.
11. When installing using the default Windows NT SYSTEM
account, some product functionality is not available.
This includes: alert forwarding to other NT servers,
sending alerts to printers, scheduled AutoUpdates
from NT file shares, remote event logging, and scheduled
scans of network drives.
12. Automatic uninstallation of VirusScan sometimes does not
remove all registry items and files associated with
VirusScan. See the INSTALLATION section of this file for
information on manually uninstalling.
13. On-access scanning of write-protected floppies infected
with a boot-sector virus may return multiple notification
messages.
14. The VirusScan Task Manager cannot be stopped while any
user-initiated scan tasks are in operation. You must
close the scanning session or complete the scan before
stopping the VirusScan Task Manager.
15. To upgrade a component of VirusScan, you must perform the
full installation. If a partial installation is performed,
an error message appears when the system is restarted.
16. The user ID and password used to access FTP servers (when
performing updates and upgrades via AutoUpdate) is stored
in plain text in the registry. Administrators are urged
to specify a user account that only has limited access
to the server where anti-virus product upgrades and
updates are stored. This issue will be resolved in a
future release of VirusScan.
____________
INSTALLATION
* INSTALLING THE PRODUCT *
To install VirusScan, run SETUP.EXE and follow the prompts.
Note: It is not necessary to uninstall VirusScan versions
3.02 and 3.03 before upgrading to a newer version. If,
however, VirusScan is uninstalled before applying the
upgrade, you must reboot the system and then install
the upgraded version.
To perform a "silent" installation of this product, with
minimal user interaction and with all default or "Typical"
installation settings, add -s (i.e., SETUP.EXE -s) to the
setup command when you install the product.
Network administrators can customize the silent installation
feature by following these steps:
1. Check the Windows directory to ensure that a file named
SETUP.ISS does not already exist. If one does, rename it,
back it up, or delete it.
2. Run SETUP.EXE with the -r switch, (i.e., SETUP.EXE -r).
3. Select the components you want to install during the
silent installation. Your choices will be recorded.
4. Finish the installation, and locate the file SETUP.ISS
in the Windows directory.
Result: A SETUP.ISS file is created that has your
installation options recorded. Use this file to install all
product files to the same installation directory on every
client machine.
The ISS file specifies the installation directory under the
[SdSetupType-x] header, szDir parameter, which was
recorded in step 3. This overrides the default installation
directory on each client machine, which might vary
according to operating system. Having the same directory
name on every client helps to ease administration in the
future; for example, you might assign all client machines
the directory C:\ANTIVIRUS.
Note: If, however, you want to allow SETUP.EXE to determine
where to locate the installed files, modify the SETUP.ISS
file so that the target machine will disregard the szDir,
as follows:
A. Locate the section [SdSetupType-x] in the SETUP.ISS file
and go to the line: Result = xxx. The actual value will
most likely be 301, 302, or 303, depending on what
options you selected during the ISS file creation process.
B. Add 100 to this number so that, for example, 301 becomes
401. This tells each target machine to disregard the szDir
and assign a directory according to its own particular
operating system.
5. Copy the installation files onto a local or mapped drive;
then rename, back up, or delete the SETUP.ISS file.
Note: You cannot perform a silent install from multiple media
because the silent operation will be compromised when the
install prompts the user for more media.
6. Copy the new SETUP.ISS from the Windows directory to the
location of the installation files.
Note: The file used for the silent installation, SETUP.ISS,
is product-specific. For example, you cannot use a SETUP.ISS
file created by a VirusScan for Windows 95 installation for
a VirusScan for Windows NT installation.
7. Run SETUP.EXE with the -s switch (i.e., SETUP.EXE -s).
Note: If you do not specify a "recorded" answer for
all dialog boxes during the initial installation, the
silent installation will fail.
8. When the silent installation is complete, the machine
reboots automatically.
* COMPONENTS INSTALLED WITH VIRUSSCAN *
1. VirusScan
2. Alert Manager
* PRIMARY PROGRAM FILES FOR VIRUSSCAN *
Files located in the Install directory:
=======================================
1. Installed for the Alert Manager/Console/Server:
README.1ST = Network Associates
information
MCARCHIV.DLL = Archive library file
MCCOMM.DLL = NetWare communications
MCKRNL32.DLL = Cross-platform file
MCRPC.DLL = RPC library
MCRUTIL.DLL = NetWare utility library
MCUTIL32.DLL = Multipurpose file
SHUTIL.DLL = NT utility library
AMGRCNFG.EXE = Alert Manager configuration
program
MCSEVSHL.EXE = Service installation
SCNCFG32.EXE = Task configuration
SCNSTAT.EXE = Task statistics
SHCFG32.EXE = On-access scanning
configuration
SHSTAT.EXE = Shield status monitor
program
SVCPWD.EXE = Service account
configuration program
VALIDATE.EXE = McAfee file validation
program
VIRNOTFY.EXE = Notification utility
WCMDR.EXE = Uninstall helper
MCCONSOL.HLP = Console help
PKGDESC.INI = Update description file
WCMDR.INI = Uninstall helper
WCMDRSIL.INI = Silent uninstall helper
DEISL1.ISU = Uninstall file
PACKING.LST = Packing list
RESELLER.TXT = Network Associates
authorized resellers
WHATSNEW.TXT = What's New document
2. Installed for Alert Manager:
SAMPLE.CMD = Sample alert command file
DMIALERT.DLL = DMI alerting library
MCALSNMP.DLL = SNMP alerting
MCSERVIC.DLL = Service installation
library
POWERP32.DLL = Alert manager paging
AMGRSRVC.EXE = Alert manager service
program
ALRTMGR.HLP = Alert manager help file
MCALERT.MIB = SNMP trap template
MODEMS.TXT = List of modems and
initialization strings
OHNO.WAV = Sound file
WARNING.WAV = Default sound file
CENTALRT.TXT = Centralized alerting file
3. Installed for the Console:
SHIELD.CNT = Help link file
BROWSENT.DLL = NT browser library
INETWH16.DLL = Help file library
INETWH32.DLL = Help file library
REGEMUL.DLL = Registry emulator library
IMPTASK.EXE = Import task file
MCCONSOL.EXE = Console manager
MCREGEDT.EXE = McAfee registry editor
MCUPDATE.EXE = AutoUpdate file
SETBROWS.EXE = Sets default browser
SHIELD.HLP = On-access scanning help
4. Installed for the VirusScan Task Manager:
SCAN32.EXE = On-demand scanner
VIRUSCAN.CNT = Help link file
CLEAN.DAT = Virus clean definition data
MCALYZE.DAT = Virus definition data
strings
NAMES.DAT = Virus names definition data
SCAN.DAT = Virus scan definition data
MCALYZE.DLL = Hunter scan engine library
MCSCAN32.DLL = Scan32 main library
MCSERVIC.DLL = Service installation
library
VSTSKMGR.EXE = VirusScan Task Manager
service
VIRUSCAN.HLP = Scan 32 help
DEFAULT.VSC = Default scan32 values
Files located in %SYSTEMROOT%\SYSTEM32:
=======================================
1. Installed for the Console/Server/Alert Manager:
CTL3D32.DLL = 32-bit 3D Windows
controls library (*)
(*) File will be installed upon installation of
VirusScan on Windows NT 3.51 Workstation if the file
does not already exist, or if an older version is found.
Files located in %SYSTEMROOT%\SYSTEM32\DRIVERS:
===============================================
1. Installed for the Server:
MCFILTER.SYS = System files
MCFSREC.SYS = System files
MCKRNL.SYS = System files
MCSCAN.SYS = System files
MCUTIL.SYS = System files
MCSHIELD.SYS = System files
* TESTING YOUR INSTALLATION *
The Eicar Standard AntiVirus Test File is a combined effort
by anti-virus vendors throughout the world to come up with
one standard by which customers can verify their anti-virus
installation. To test your installation, copy the following
line into its own text file and name it EICAR.COM.
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
When done, you will have a 69- or 70-byte file.
When VirusScan for Windows NT is applied to this file,
Scan will report finding the EICAR-STANDARD-AV-TEST-FILE
virus.
It is important to know that THIS IS NOT A VIRUS. However,
users often have the need to test that their installations
function correctly. The anti-virus industry, through the
European Institute for Computer Antivirus Research, has
adopted this standard to facilitate this need.
Please delete the file when installation testing is
completed so unsuspecting users are not unnecessarily
alarmed.
* MANUALLY UNINSTALLING THE PRODUCT *
1. Before starting, run the Windows NT utility RDISK to
create an emergency repair disk.
2. Stop the VirusScan Task Manager service and the
AlertManager service in Control Panel/Services.
3. Stop the VirusScan console if running.
4. Using the NT Task Manager, end the SHSTAT process.
5. If you use SNMP, stop the SNMP service in
Control Panel/Services.
6. Delete the VirusScan installation directory (the
directory that contains the VirusScan executables).
7. Delete the following device driver files from
%SYSTEMROOT%\SYSTEM32\DRIVERS:
MCFSREC.SYS
MCSCAN.SYS
MCUTIL.SYS
MCKRNL.SYS
MCFILTER.SYS
MCSHIELD.SYS
8. If you are using Windows NT 4.0 and if NetShield was
set to load at startup, remove the following registry
key:
HKLM\software\microsoft\windows\CurrentVersion\Run\
Shstatexe
9. Remove VirusScan installation registry keys:
HKLM\software\mcafee\mcalsnmp
HKLM\software\mcafee\virusscan
HKLM\software\mcafee\alertmanager (Do not remove this
key if you have
other Network
Associates products
installed that use
Alertmanager.)
10. Remove VirusScan device driver and service registry
keys:
HKLM\system\CurrentControlSet\Services\Alertmanager
HKLM\system\CurrentControlSet\Services\McFilter
HKLM\system\CurrentControlSet\Services\McFsrec
HKLM\system\CurrentControlSet\Services\McKrnl
HKLM\system\CurrentControlSet\Services\McScan
HKLM\system\CurrentControlSet\Services\McUtil
HKLM\system\CurrentControlSet\Services\McShield
HKLM\system\CurrentControlSet\Services\McTaskManager
11. If you are using Windows NT 4.0 and the
context-sensitive scanning option was installed, remove
the following registry keys:
HKLM\software\classes\comfile\shell\virusscan
HKLM\software\classes\directory\shell\virusscan
HKLM\software\classes\drive\shell\virusscan
HKLM\software\classes\exefile\shell\virusscan
HKLM\software\classes\word.document.6\shell\virusscan
HKLM\software\classes\word.document.8\shell\virusscan
HKLM\software\classes\word.template\shell\virusscan
12. If you are using Windows NT 4.0 and you want to remove
the Scan for Viruses right-click option, remove the
following registry keys:
HKCR\comfile\shell\VirusScan
HKCR\Directory\shell\VirusScan
HKCR\Drive\shell\VirusScan
HKCR\exefile\shell\VirusScan
HKCR\Excel.Addin\shell\VirusScan
HKCR\Excel.Chart.5\shell\VirusScan
HKCR\Excel.Macrosheet\shell\VirusScan
HKCR\Excel.Sheet.5\shell\VirusScan
HKCR\Excel.Template\shell\VirusScan
HKCR\Excel.Workspace\shell\VirusScan
HKCR\Excel.XLL\shell\VirusScan
HKCR\exefile\shell\VirusScan
HKCR\WinZip\shell\VirusScan
HKCR\Word.Document.6\shell\VirusScan
HKCR\Word.Template\shell\VirusScan
13. To remove SNMP extension agent, remove the following
registry value:
HKLM\system\CurrentControlSet\services\SNMP\parameters\
ExtensionAgent\McAlSNMP
14. Since entries in HkeyClassesRoot are not derived
from a hive, it is unneccessary to delete these keys
manually. When you reboot, VirusScan-specific keys
under HkeyClassesRoot will be removed.
15. Reboot the system.
_____________
DOCUMENTATION
For more information, refer to the VirusScan's User's
Guide, included on the CD-ROM versions of this program
or available from the Network Associates BBS and FTP sites.
This file is in Adobe Acrobat Portable Document Format
(.PDF) and can be viewed using Adobe Acrobat Reader. This
form of electronic documentation includes hypertext links
and easy navigation to assist you in finding answers
to questions about your Network Associates product.
Adobe Acrobat Reader is available on CD-ROM in the
ACROREAD subdirectory. Adobe Acrobat Reader also can be
downloaded from the World Wide Web at:
http://www.adobe.com/Acrobat/readstep.html
VirusScan documentation can be downloaded from the Network
Associates BBS or the World Wide Web at:
http://www.nai.com
For more information on viruses and virus prevention,
see the McAfee Virus Information Library, MCAFEE.HLP,
included on the CD-ROM version of this product or
available from the Network Associates BBS or FTP site.
Documentation feedback is welcome. Send e-mail to
documentation@cc.nai.com.
__________________________
FREQUENTLY ASKED QUESTIONS
Regularly updated lists of frequently asked questions
about Network Associates products also are available on
the Network Associates BBS, website, and CompuServe and AOL
forums.
Q: How can I scan mapped Novell drives with scheduled
on-demand scans?
A: If you want to scan any Novell-server drives
(mapped or via UNC) from scheduled tasks, you must
create the same account/password on the Novell server
as configured under McAfee VirusScan services on the
Windows NT system.
Q: As an administrator, how can I scan private
directories that are accessible only to
individual users?
A: On-demand (scheduled) scans are launched by the
VirusScan Task Manager service. If you specify a
user name and password for the service, then the
scheduled scan will only scan directories for which the
service name has privileges. If no user name was
specified, then the service has SYSTEM privileges.
To perform an on-demand, or scheduled, scan of
private directories, the VirusScan Task Manager
service must have access to these private areas.
Following are two ways to address this issue:
Solution A:
1. Create a custom user name to be used by the Service.
2. Give this user name privileges to access the private
spaces.
Considerations with Solution A:
This account can be used to access the private
directories. To prepare these directories with proper
rights, open a DOS prompt and enter:
CACLS /E /G (domain name)\(service account name)
Enter CACLS at the DOS prompt to get a complete list
of options.
Solution B:
1. Do not associate a user name to the Service.
2. Give SYSTEM privileges to access the private spaces.
Considerations with Solution B:
Someone could create or use a Service to access your
information.
Network Associates recommends Solution B as a more
secure solution.
Q: VirusScan will not perform an on-demand (scheduled)
scan of some network drives. Why?
A: It is possible that the user name you are using for
the VirusScan Task Manager service does not have
sufficient rights to scan the drives in question. To
verify whether this is the issue, connect to each drive
using the user name and password utilized by the
VirusScan Task Manager service from the machine where
the service is running. Confirm that this user name has
rights on the device by manually running an on-demand
scan. If you can scan the device while you're logged in,
then the service should also be able to do it as a
scheduled scan. When scanning remote locations, Network
Associates recommends using the UNC path for scheduled
tasks.
Q: My scheduled tasks do not run when the VirusScan Task
Manager service is stopped. Why?
A: The VirusScan Task Manager service is responsible for
on-access scanning, starting scheduled on-demand tasks,
and AutoUpdate tasks. If the VirusScan Task Manager
service is stopped, all of these tasks are disabled.
Q: Can I update VirusScan's data files to detect
new viruses?
A: Yes, VirusScan now includes the new Network Associates
AutoUpdate feature, a powerful updating capability that
can ensure you have the latest VirusScan files installed.
AutoUpdate can automatically update both the VirusScan
product and the data (.DAT) files it uses to detect
viruses.
If you need additional assistance with downloading,
contact Network Associates Download Support at
(408) 988-3832.
Q: Does VirusScan protect users accessing files accessed
on my web server or FTP server on this system?
A: Yes, VirusScan detects infections in files transferred
with Microsoft Internet Information Server (IIS). This
protects remote users accessing files via HTTP or FTP.
______________________
ADDITIONAL INFORMATION
1. After completing your installation or upgrade of
VirusScan, you must reboot your computer before
VirusScan can be used.
2. SVCPWD.EXE is a utility for setting and/or changing
usernames and passwords used by the McAfee services.
SVCPWD requests one command-line parameter which is a
filename (i.e computers.txt). Use SVCPWD /? to get
additional command-line information. This file (i.e.
computers.txt) should contain a list of all the
computers that you want to modify the service accounts
(username and password)for.
Example:
\\COMPUTER1
\\COMPUTER2
\\SERVER
Start the SVCPWD utility by entering the file as
command-line (i.e. SVCPWD computers.txt). This utility
contacts all the computers via the network and changes
the username and password originally given to McAfee
services. The username and password are changed to the
value that the user is asked to set upon starting the
utility. All service accounts need to be set to user
"LocalSystem". If a domain\username is entered, then
the SVCPWD utility will require a password for the
domain\username.
When this is completed, the utility contacts all the
computers and changes the settings.
Note 1: The domain\username that is used by the services
needs to be an administrative account.
Note 2: The person running this utility must have an
administrative account for all the computers
that require such changes.
Note 3: Do not run this utility during an on-demand
scan.
3. When using an ISeamless Install Script, and running
setup in standard or silent mode without any parameters,
setup requires that the custom installation file
produced by ISeamless be named admin.sis or oem.sis.
4. If VirusScan finds an older version of the file
WININET.DLL during installation, it upgrades the file
to the current version.
5. If you are running any other anti-virus product on the
system, please exclude that product's installation
directory within the VirusScan Properties Exclusions
tab.
6. If you use AutoUpdate to download files from an FTP site
containing more than one .ZIP file which follows the
DAT-XXXX.ZIP or DATXXXXY.ZIP naming conventions,
AutoUpdate downloads the .ZIP file whose name ranks
last in alphabetical order. To ensure that the correct
file is downloaded, Network Associates recommends that
you place the file used by AutoUpdate in the target
directory by itself.
7. When installing VirusScan to remote systems on your
network, the destination systems must have a proper
security relationship (i.e., they must reside on the
same domain or share a trust relationship, and the
account being used must have Administrator privileges on
the machine being installed to) with the system you are
performing the installation from. If the computers do
not have a proper security relationship, the remote
installation will not be performed properly.
8. If compressed file scanning is turned on, VirusScan
temporarily uses additional harddrive space when
scanning compressed files (i.e., ZIP, LZH/LHA, UUENCODE,
etc.).
9. When performing a silent installation using the default
SETUP.ISS file, via either AutoUpgrade or the command
setup -s, your service user resets to the LocalSystem
account and the server reboots automatically when the
installation is completed. If you wish to keep your
settings, record your own SETUP.ISS file for use during
silent installations (see the VirusScan User's Guide for
detailed information on creating your own setup.iss
file).
_____________________________
CONTACTING NETWORK ASSOCIATES
* FOR QUESTIONS, ORDERS, PROBLEMS, OR COMMENTS *
Contact the Network Associates Customer Care department:
1. Corporate-licensed customers, call (408) 988-3832
Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time
Retail-licensed customers, call (972) 278-6100
Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time
2. Fax (408) 970-9727
24-hour, Group III fax
3. Fax-back automated response system (408) 988-3034
24-hour fax
Send correspondence to any of the following
Network Associates locations:
Network Associates Corporate Headquarters
2805 Bowers Avenue
Santa Clara, CA 95051-0963
Network Associates Canada
139 Main Street, Suite 201
Unionville, Ontario
Canada L3R 2G6
Network Associates Europe B.V.
Gatwickstraat 25
1043 GL Amsterdam
The Netherlands
Network Associates (UK) Ltd.
Hayley House, London Road
Bracknell, Berkshire
RG12 2TH
United Kingdom
Network Associates France S.A.
50 rue de Londres
75008 Paris
France
Network Associates Deutschland GmbH
Industriestrasse 1
D-82110 Germering
Germany
Network Associates Japan Co, Ltd.
Toranomon 33 Mori Bldg.
3-8-21 Toranomon
Minato-Ku, Tokyo 105
Japan
Network Associates Korea
135-090, 18th Fl., Kyoung Am Bldg.
157-27 Samsung-Dong, Kangnam-Ku
Seoul, Korea
Network Associates South East Asia
7 Temasek Boulevard
The Penthouse
#44-01, Suntec Tower One
Singapore 038987
Network Associates Australia
Level 1, 500 Pacific Highway
St. Leonards, NSW 2065
Australia
Network Associates Latin America
150 South Pine Island Road, Suite 205
Plantation, FL 33324
USA
Or, you can receive online assistance through any of the
following resources:
1. Bulletin Board System: (408) 988-4004
24-hour US Robotics HST DS
2. Internet e-mail: support@nai.com
3. Internet FTP: ftp.nai.com
4. World Wide Web: http://www.nai.com
5. America Online: keyword MCAFEE
6. CompuServe: GO MCAFEE
Before contacting Network Associates, please make note of
the following information. When sending correspondence,
please include the same details.
- Product name and version number
- A complete WINMSD report
- Type and brand of your computer, hard drive, and any
peripherals
- Operating system type and version
- Network name, operating system, and version
- Microsoft service pack version number and any hotfixes
installed
- Network card installed, where applicable
- Modem manufacturer, model, and baud, where
applicable
- Relevant browsers/applications and version number,
where applicable
- Problem
- Specific scenario where problem occurs
- Conditions required to reproduce problem
- Statement of whether problem is reproducible on demand
- Your contact information: voice, fax, and e-mail
Other general feedback is also appreciated.
* FOR ON-SITE TRAINING INFORMATION *
Contact Network Associates Customer Service at
(800) 338-8754.
* FOR PRODUCT UPGRADES *
To make it easier for you to receive and use Network
Associates products, we have established a Resellers
program to provide service, sales, and support for our
products worldwide. For a listing of Network Associates
resellers outside the United States, click the Contact tab
on the Network Associates website, then click International
Resellers.
