Transcription
NOD32Antivirus 3.0Integrated components:ESET NOD32 AntivirusESET NOD32 AntispywareUser Guidewe protect your digital worlds
contents1. ESET NOD32 Antivirus 3.0.41.1 What’s new. 41.2 System requirements. 42. Installation.52.12.22.32.42.5Typical installation. 5Custom installation. 6Using original settings. 7Entering User name and password. 7On‑demand computer scan. 83. Beginner’s guide.93.1Introducing user interface design – modes. 93.1.1Checking operation of the system.93.1.2What to do if the program doesn’t work properly. 103.2 Update setup.103.3 Proxy server setup.103.4 Settings protection.114. Work with ESET NOD32 Antivirus.124.1ESET NOD32 Antivirus 3.0Copyright 2007 by ESET, spol. s r. o.ESET NOD32 Antivirus was developed by ESET, spol. s r.o.For more information visit www.eset.com.All rights reserved. No part of this documentation may bereproduced, stored in a retrieval system or transmitted in anyform or by any means, electronic, mechanical, photocopying,recording, scanning, or otherwise without a permission inwriting from the author.ESET, spol. s r.o. reserves the right to change any of thedescribed application software without prior notice.Customer Care Worldwide: www.eset.com/supportCustomer Care for Europe: www.eset.eu/supportREV.20071129-003Antivirus protection. 124.1.1Real‑time file system protection.124.1.1.1Control setup.124.1.1.1.1Scanning of media .124.1.1.1.2Event‑triggered scanning.124.1.1.1.3Checking of newly created files.124.1.1.1.4 Advanced setup.124.1.1.2Cleaning levels.124.1.1.3When to modify real‑time protectionconfiguration .124.1.1.4Checking real‑time protection .134.1.1.5What to do if the real‑time protection doesnot work.134.1.2Email protection.134.1.2.1POP3 tion with Microsoft Outlook,Outlook Express, Windows Mail.144.1.2.2.1 Appending tag messages to email body.144.1.2.3Removing infiltrations.144.1.3Web access protection.144.1.3.1HTTP.154.1.3.1.1Blocked / excluded addresses.154.1.3.1.2 Web browsers.154.1.4Computer scan.154.1.4.1Type of scan.164.1.4.1.1 Standard scan.164.1.4.1.2 Custom scan.164.1.4.2Scan targets.164.1.4.3Scan profiles.164.1.5ThreatSense engine parameters setup. 174.1.5.1Objects setup. 174.1.5.2Options. 174.1.5.3Cleaning. 174.1.5.4Extensions.184.1.6An infiltration is detected.184.2 Updating the program. 194.2.1Update setup.194.2.1.1Update profiles.194.2.1.2Advanced update setup.194.2.1.2.1 Update mode. 204.2.1.2.2 Proxy server. 204.2.1.2.3 Connecting to LAN. 214.2.1.2.4 Creating update copies – Mirror. 214.2.1.2.4.1 Updating from the Mirror. 214.2.1.2.4.2 Troubleshooting Mirror update problems. 224.2.2How to create update tasks. 22
4.3 Scheduler.234.3.1Purpose of scheduling tasks. 234.3.2Creating new tasks. 234.4 Quarantine.244.4.1Quarantining files. 244.4.2Restoring from Quarantine. 244.4.3Submitting file from Quarantine. 244.5 Log files.244.5.1Log maintenance. 254.6 User interface.254.6.1Alerts and notifications. 264.7 ThreatSense.Net. 264.7.1Suspicious files. 264.7.2Statistics. 274.7.3Submission. 274.8 Remote administration. 284.9 License. 285. Advanced user. 295.1 Proxy server setup. 295.2 Export / import settings. 295.2.1Export settings. 295.2.2Import settings. 295.3 Command Line. 306. Glossary.316.1Types of infiltrations. 316.1.1Viruses.316.1.2Worms.316.1.3Trojan horses.316.1.4Rootkits.316.1.5Adware. 326.1.6Spyware. 326.1.7Potentially unsafe applications. 326.1.8Potentially unwanted applications. 32
1. ESET NOD32 Antivirus 3.0ESET NOD32 Antivirus 3.0 is the successor to the award-winningproduct ESET NOD32 Antivirus 2.*. It utilizes the scanning speed andthe precision of ESET NOD32 Antivirus, granted by the most recentversion of the ThreatSense scanning engine.The implemented advanced techniques are capable of proactivelyblocking viruses, spyware, trojans, worms, adware and rootkitswithout slowing down the system or annoying you as you work orplay with your computer.1.1What’s newThe long-time development experience of our experts is demonstratedby the entirely new architecture of the ESET NOD32 Antivirusprogram, which guarantees maximum detection with minimumsystem requirements. Antivirus & antispywareThis module is built upon the ThreatSense scanning core, which wasused for the first time in the award‑winning NOD 32 Antivirus system.The ThreatSense core is optimized and improved with the new ESETNOD32 Antivirus architecture.FeatureImproved CleaningBackgroundScanning ModeSmaller Update FilesPopular EMail ClientProtectionDescriptionThe antivirus system now intelligently cleansand deletes most of the detected infiltrationswithout requiring user intervention.Computer scanning can be launched inthe background without slowing downperformance.Core optimization processes keep the size ofupdate files smaller than in version 2.7. Also,the protection of update files against damagehas been improved.It is now possible to scan incoming mailnot only in MS Outlook but also in OutlookExpress and Windows Mail.– Direct access to file systems for high speedand throughput.Variety of Other– Blocking access to infected filesMinor Improvements– Optimization for the Windows SecurityCenter, including Vista.1.2System requirementsFor seamless operation of ESET NOD32 Antivirus, the system shouldmeet the following hardware and software requirements:ESET NOD32 Antivirus:Windows 2000, XPWindows Vista400 MHz 32-bit / 64-bit (x86 / x64)128 MB RAM of system memory35 MB available spaceSuper VGA (800 600)1 GHz 32-bit / 64-bit (x86 / x64)512 MB RAM of system memory35 MB available spaceSuper VGA (800 600)ESET NOD32 Antivirus Business Edition:Windows 2000,400 MHz 32-bit / 64-bit (x86 / x64)2000 Server, XP, 2003 128 MB RAM of system memoryServer35 MB available spaceSuper VGA (800 600)Windows Vista1 GHz 32-bit / 64-bit (x86 / x64)512 MB RAM of system memory35 MB available spaceSuper VGA (800 600)4
2. InstallationAfter purchase, the ESET NOD32 Antivirus installer can be downloadedfrom ESET’s website as an .msi package. Launch the installer and theinstallation wizard will guide you through the basic setup. There aretwo types of installation available with different levels of setup details:1.Typical installationThe next step in the installation is configuration of the ThreatSense.Net Early Warning System. The ThreatSense.Net Early WarningSystem helps to ensure that ESET is immediately and continuouslyinformed about new infiltrations in order to quickly protect itscustomers. The system allows for submission of new threats to ESET‘svirus laboratory, where they are analyzed, processed and added to thevirus signature databases.2. Custom installation2.1Typical installationThe Typical installation is recommended for users who want to installESET NOD32 Antivirus with the default settings. The default settingsof the program provide the maximum level of protection, a factappreciated by those users who do not want to configure detailedsettings.The first (very important) step is to enter the user name and passwordfor automatic updating of the program. This plays a significant role inproviding constant protection of the system.Enter your User name and Password, i.e. the authentication datayou received after the purchase or registration of the product, into thecorresponding fields. If you do not currently have your User name andPassword available, select the Set update parameters later option.Authentication data can be inserted at any time later on, directlyfrom the program.By default, the Enable ThreatSense.Net Early Warning Systemcheck box is selected, which will activate this feature. Click Advancedsetup. to modify detailed settings for the submission of suspiciousfiles.The next step in the installation process is to configure the Detectionof potentially unwanted applications. Potentially unwantedapplications are not necessarily intended to be malicious, but canoften negatively affect the behavior of the operating system.These applications are often bundled with other programs and maybe difficult to notice during the installation process. Although theseapplications usually display a notification during installation, theycan easily be installed without your consent.Select the Enable detection of potentially unwanted applicationsoption to allow ESET NOD32 Antivirus to detect this type of threat(recommended).5
The last step in the Typical installation mode is confirmation of theinstallation by clicking the Install button.2.2Custom installationThe Custom installation is designed for users who have experiencewith fine‑tuning programs and who wish to modify advanced settingsduring installation.If you use a proxy server, it must be correctly configured in order forvirus signature updates to work properly. If you don’t know whetheryou use a proxy server to connect to the Internet, leave the defaultsetting I am unsure if my Internet connection uses a proxy server.Use the same settings as Internet Explorer and click Next. If you donot use a proxy server, select the corresponding option.The first step is to select the destination location for the install. Bydefault, the program installs into C:\Program Files\ESET\ESET SmartSecurity\. Click Browse to change this location (not recommended).Next, Enter your User name and Password. This step is the same asin the Typical installation (see page 5).After entering your User name and Password, click Next to Configureyour Internet connection.6To configure your proxy server settings, select I use a proxy serverand click Next. Enter the IP address or URL of your proxy server in theAddress field. In the Port field, specify the port where the proxy serveraccepts connections (3128 by default). In the event that the proxyserver requires authentication, a valid user name and password mustbe entered, granting access to the proxy server. Proxy server settingscan also be copied from Internet Explorer if desired. To do this, clickApply and confirm the selection.
The next step in the installation is to Enter a password to protectprogram parameters. Choose a password you wish to protect theprogram with. Retype the password to confirm.Click Next to proceed to the Configure automatic update settingswindow. This step allows you to designate how automatic programcomponent updates are to be handled on your system. Click Change.to access the advanced settings.If you do not want program components to be updated, selectNever update program components. Enabling the Ask beforedownloading program components option will display aconfirmation window before downloading program components. Toenable automatic program component upgrades without prompting,select the option Perform program component upgrade if available.The steps Configuration of the ThreatSense.Net Early WarningSystem and Detection of potentially unwanted applications arethe same as for a Typical installation, and are not shown here (seepage 5).The last step shows a window requiring your consent to install.2.3Using original settingsIf you reinstall ESET NOD32 Antivirus, the Use current settings optionis displayed. Select this option to transfer setup parameters fromthe original installation to the new one.2.4Entering User name and passwordFor optimal functionality, it is important that the program isautomatically updated. This is only possible if the correct user nameand password are entered in the update setup.NOTE: After a program component upgrade, a reboot is usuallyrequired. The recommended setting is: If necessary, restartcomputer without notifying.7
If you did not enter your user name and password during theinstallation, you can do so now. In the main program window, clickUpdate and then click User name and Password Setup. Enter thedata you received with your product license into the License detailswindow.2.5 On‑demand computer scanAfter installation of ESET NOD32 Antivirus, a computer scan for thepresence of malicious code should be performed. To quickly launcha scan, select Computer scan from the main menu and then selectStandard scan in the main program window. For more informationabout the Computer scan feature, see the chapter “Computer scan”.8
3. Beginner’s guideThis chapter provides an initial overview of ESET NOD32 Antivirus andits basic settings.3.1Introducing user interface design – modesThe main window of ESET NOD32 Antivirus is divided into two mainsections. The left column provides access to the user‑friendly mainmenu. The main program window on the right predominantly servesto display information corresponding to the option selected in themain menu.The following is a description of buttons within the main menu:Protection status – In a user‑friendly form, it provides informationabout the protection status of ESET Smart Security. If the Advancedmode is activated, the status of all protection modules is displayed.Click on a module to view its current status.Computer scan – This option allows the user to configure and launchthe On‑demand computer scan.Update – Select this option to access the update module thatmanages updates to the virus signature database.Setup – Select this option to adjust your computer’s security level.If the Advanced mode is activated, the submenus Antivirus andantispyware protection module will appear.Tools – This option is available only in Advanced mode. Providesaccess to Log files, Quarantine and the Scheduler.Help and support – Select this option to access help files, the ESETKnowledgebase, ESET’s web site and access a Customer Care supportrequest.Toggling to Advanced mode adds the Tools option to the main menu.The Tools option allows the user to access Scheduler, Quarantine, orview ESET NOD32 Antivirus log files.NOTE: All remaining instructions in this guide will take place inAdvanced mode.3.1.1Checking operation of the systemTo view the Protection status, click this option at the top of themain menu. The Antivirus and antispyware submenu will appeardirectly below and a status summary about the operation of ESETNOD32 Antivirus will be displayed in the main program window. ClickAntivirus and antispyware and the main program window ed statusof the individual protection modulesThe ESET NOD32 Antivirus user interface allows users to toggleStandard and Advanced modes. To toggle between modes, see theDisplay link located in the bottom left corner of the main ESET NOD32Antivirus window. Click this button to select the desired display mode.The standard mode provides access to features required for commonoperations. It does not display any advanced options.If the modules enabled are working properly, they are assigneda green check. If not, a red exclamation point or orange notificationicon is displayed, and additional information about the module isshown in the upper part of the window. A suggested solution forfixing the module is also displayed. To change the status of individualmodules, click Setup in the main menu and click on the desiredmodule.the main menu and click on the desired module.3.1.2What to do if the program doesn’t work properly9
If ESET NOD32 Antivirus detects a problem in any of its protectionmodules, it is reported in the Protection status window. A potentialsolution to the problem is also offered here.copies (ESET NOD32 Antivirus Business Edition), click the Setup.button.3.3If it is not possible to solve a problem using the displayed list of knownproblems and solutions, click Help and support to access the helpfiles or search the Knowledgebase. If a solution still cannot be found,you can submit a support request to ESET Customer Care. Based onthis feedback, our specialists can quickly respond to your questionsand effectively advise you on the problem.Proxy server setupIf you use a proxy server to mediate connection to the Internet ona system using ESET Smart Security, it must be specified in AdvancedSetup (F5). To access the Proxy server configuration window, clickMiscellaneous Proxy server from the Advanced Setup tree. Selectthe Use proxy server check box, and enter the IP address and port ofthe proxy server, along with its authentication data.3.2 Update setupUpdating the virus signature database and updating programcomponents are an important part of providing completeprotection against malicious code. Please pay special attentionto their configuration and operation. From the main menu, selectUpdate and then click Update virus signature database in themain program window to instantly check for availability of a newerdatabase update. User name and Password setup. displays adialog box where the User name and Password received at the time ofpurchase should be entered.If the User name and Password were entered during the installationof ESET NOD32 Antivirus you will not be prompted for them at thispoint.If this information is not available, you can attempt to automaticallydetect proxy server settings for ESET NOD32 Antivirus by clicking theDetect proxy server button.NOTE: Proxy server options for various update profiles may differ. Ifthis is the case, configure the proxy server in the advanced updatesetup.The Advanced Setup window (to access, press F5) contains otherdetailed update options. The Update server: drop-down menushould be set to Choose automatically. To configure advancedupdate options such as the update mode, proxy server access,accessing updates on a local server and creating virus signature10
3.4 Settings protectionESET NOD32 Antivirus Settings can be very important from theperspective of your organization’s security policy. Unauthorizedmodifications can potentially endanger the stability and protectionof your system. To password protect the setup parameters, startfrom the main menu and click Setup Enter entire advanced setuptree. User interface Settings protection and click the Enterpassword. button.Enter a password, confirm it by typing it again, and click OK. Thispassword will be required for any future modifications to ESET NOD32Antivirus settings.11
4. Work with ESET NOD32 Antivirus4.1Antivirus and antispyware protectionAntivirus protection guards against malicious system attacks bycontrolling file, email and Internet communication. If a threat withmalicious code is detected, the Antivirus module can eliminateit by first blocking it, and then cleaning, deleting or moving it toquarantine.4.1.1Real‑time file system protectionReal‑time file system protection controls all antivirus‑related eventsin the system. All files are scanned for malicious code at the momentthey are opened, created or run on the computer. Real‑time filesystem protection is launched at system startup.4.1.1.1Control setupThe real‑time file system protection checks all types of media,and control is triggered by various events. Control utilizes theThreatSense technology detection methods (as described inThreatSense engine parameter setup). The control behavior may varyfor newly created files and existing files. For newly created files, it ispossible to apply a deeper level of control.4.1.1.1.3Checking of newly created filesThe probability of infection in newly‑created files is comparativelyhigher than in existing files. This is why the program checks thesefiles with additional scanning parameters. Along with commonsignature‑based scanning methods, advanced heuristics are used,which greatly improves detection rates. In addition to newly‑createdfiles, scanning is also performed on self‑extracting files (SFX)and runtime packers (internally compressed executable files).4.1.1.1.4Advanced setupTo provide the minimum system footprint when using real‑timeprotection, files which have already been scanned are not scannedrepeatedly (unless they have been modified). Files are scanned againimmediately after each virus signature database update. This behavioris configured using the Optimized scanning option. If this is disabled,all files are scanned each time they are accessed.By default, Real‑time protection is launched at operating systemstartup time and provides uninterrupted scanning. In special cases(e.g., if there is a conflict with another real‑time scanner), thereal‑time protection can be terminated by disabling the Automaticreal‑time file system protection startup option.4.1.1.2Cleaning levelsThe real‑time protection has three cleaning levels (to access, click theSetup. button in the Real-time file system protection section andthen click the Cleaning branch).4.1.1.1.1 The first level displays an alert window with available options foreach infiltration found. The user must choose an action for eachinfiltration individually. This level is designed for more advanceduser who know what to do with every type of infiltration. The medium level automatically chooses and performsa predefined action (depending on the type of infiltration).Detection and deletion of an infected file is signaled by aninformation message located in the bottom right corner of thescreen. However, an automatic action is not performed if theinfiltration is located within an archive which also contains cleanfiles, and it is not performed on objects for which there is nopredefined action. The third level is the most “aggressive” – all infected objects arecleaned. As this level could potentially result in the loss of validfiles, we recommended that it be used only in specific situations.Scanning of mediaBy default, all types of media are scanned for potential threats.Local drives – Controls all system hard drivesRemovable media – Diskettes, USB storage devices, etc.Network drives – Scans all mapped drivesWe recommend that you keep the default settings and only modifythem in specific cases, such as when scanning certain mediasignificantly slows data transfers.4.1.1.1.2Event‑triggered scanningBy default, all files are scanned upon opening, execution or creation.We recommend that you keep the default settings, as these providethe maximum level of real‑time protection for your computer.The Diskette access option provides control of the diskette bootsector when this drive is accessed. The Computer shutdown optionprovides control of the hard disk boot sectors during computershutdown. Although boot viruses are rare today, we recommendthat you leave these options enabled, as there is still the possibility ofinfection by a boot virus from alternate sources.4.1.1.3When to modify real‑time protection configurationReal‑time protection is the most essential component of maintaininga secure system. Therefore, please be careful when modifying itsparameters. We recommend that you only modify its parameters12
in specific cases. For example, if there is a conflict with a certainapplication or real‑time scanner of another antivirus program.After installation of ESET NOD32 Antivirus, all settings are optimizedto provide the maximum level of system security for users. To restorethe default settings, click the Default button located at the bottomright of the Real-time file system protection window (AdvancedSetup Antivirus and antispyware Real-time file systemprotection).4.1.1.4Checking real‑time protectionTo verify that real‑time protection is working and detecting viruses,use a test file from eicar.com. This test file is a special harmless filedetectable by all antivirus programs. The file was created by the EICARcompany (European Institute for Computer Antivirus Research) to testthe functionality of antivirus programs. The file eicar.com is availableto download at http://www.eicar.org/download/eicar.com4.1.1.5What to do if the real‑time protection does not workIn the next chapter, we describe problem situations that may arisewhen using real‑time protection, and how to troubleshoot them.Real‑time protection is disabledIf real‑time protection was inadvertently disabled by a user, it needs tobe reactivated. To reactivate real‑time protection, navigate to Setup Antivirus and antispyware and click Enable in the Real-time filesystem protection section of the main program window.4.1.2Email protectionEmail protection provides control of email communicationreceived through the POP3 protocol. Using the plug-in program forMicrosoft Outlook, ESET NOD32 Antivirus provides control of allcommunications from the email client (POP3, MAPI, IMAP, HTTP).When examining incoming messages, the program uses all advancedscanning methods provided by the ThreatSense scanning engine.This means that detection of malicious programs takes place evenbefore being matched against the virus signature database. Scanningof POP3 protocol communications is independent of the email clientused.4.1.2.1POP3 checkingThe POP3 protocol is the most widespread protocol used to receiveemail communication in an email client application. ESET NOD32Antivirus provides protection of this protocol regardless of the emailclient used.The module providing this control is automatically initiated atoperating system startup time and is then active in memory. Forthe module to work correctly, please make sure it is enabled – POP3checking is performed automatically with no need for reconfigurationof the email client. By default, all communication on port 110 isscanned, but other communication ports can be added if necessary.Port numbers must be delimited by a comma.Encrypted communication is not controlled.If real‑time protection is not initiated at system startup, it is probablydue to the disabled option Automatic real‑time file systemprotection startup. To enable this option, navigate to AdvancedSetup (F5) and click Real‑time file system protection in theAdvanced Setup tree. In the Advanced set
Integrated components: ESET NOD32 Antivirus ESET NOD32 Antispyware we protect your digital worlds User Guide NOD32 Antivirus 3.0
