Avira Professional Security User Manual
Introduction Trademarks and Copyright Trademarks Windows is a registered trademark of the Microsoft Corporation in the United States and other countries. All other brand and product names are trademarks or registered trademarks of their respective owners. Protected trademarks are not marked as such in this manual. This does not mean, however, that they may be used freely. Copyright information Code provided by third party providers was used for Avira Professional Security.
Introduction Table of Contents 1. Introduction .................................................................................... 7 1.1 Icons and emphases ............................................................................................................... 7 2. Product information ......................................................................... 9 2.1 Delivery scope..........................................................................................................................
Introduction 4.1.10 Entries in the context menu ....................................................................................................................36 4.2 How to...?................................................................................................................................ 37 4.2.1 Activate license ...........................................................................................................................................37 4.2.
Introduction 9. Viruses and more........................................................................... 74 9.1 Threat categories ................................................................................................................... 74 9.2 Viruses and other malware ................................................................................................... 77 10. Info and Service............................................................................. 81 10.1 Contact address ...
Introduction 11.6.6 Display settings........................................................................................................................................ 154 11.7 Web Protection..................................................................................................................... 155 11.7.1 Scan ............................................................................................................................................................ 155 11.7.2 Report .
Introduction 1. Introduction Your Avira product protects your computer against viruses, worms, Trojans, adware and spyware and other risks. In this manual these are referred to as viruses or malware (harmful software) and unwanted programs. The manual describes the program installation and operation. For further options and information, please visit our website: http://www.avira.
Introduction Note Placed before a link to particularly important information or a tip which makes your Avira product easier to use. The following emphases are used: Emphasis Explanation Italics File name or path data. Displayed software interface elements (e.g. window section or error message). Bold Clickable software interface elements (e.g. menu item, navigation area, option box or button). Avira Professional Security - User Manual (Status: 23 Sep.
Product information 2. Product information This chapter contains all information relevant to the purchase and use of your Avira product: see Chapter: Delivery scope see Chapter: System requirements see Chapter: Licensing and Upgrade see Chapter: License Manager Avira products are comprehensive and flexible tools you can rely on to protect your computer from viruses, malware, unwanted programs and other dangers.
Product information ProActiv component for the permanent monitoring of program actions (for 32-bit system only, not available under Windows 2000) Mail Protection (POP3 Scanner, IMAP Scanner and SMTP Scanner) for the permanent checking of emails for viruses and malware.
Product information For the program installation: Administrator rights For all installations: Windows Internet Explorer 6.0 or higher Internet connection where appropriate (see Installation) 2.3 Licensing and Upgrade In order to be able to use your Avira product, you require a license. You thereby accept the license terms. The license is issued via a digital license code in the form of the file hbedv.key. This digital license code is the key to your personal license.
Product information Avira Professional Security License Manager You can install the license by selecting the license file in your file manager or in the activation email with a double click and following the relevant instructions on the screen. Note The Avira Professional Security License Manager automatically copies the corresponding license in the relevant product folder. If a license already exists, a note appears as to whether the existing license file is to be replaced.
Installation and uninstallation 3. Installation and uninstallation 3.1 Overview This chapter contains information relating to the installation and uninstallation of your Avira product.
Installation and uninstallation 3.2 Pre-Setup Note Before installation, check whether your computer fulfils all the minimum system requirements. If your computer satisfies all requirements, you can install the Avira product. Note When installing on a server operating system, the Realtime Protection and the files protection are not available. Pre-Setup Close your email program. It is also recommended to end all running applications. Make sure that no other virus protection solutions are installed.
Installation and uninstallation Install The installation program runs in self-explanatory dialog mode. Every window contains a certain selection of buttons to control the installation process. The most important buttons are assigned the following functions: OK: Confirm action. Abort: Abort action. Next: Go to next step. Back: Go to previous step.
Installation and uninstallation The dialog Language selection appears. Select the language you want to use to install your Avira product and confirm your language selection by clicking Next. The dialog box Download appears. All files necessary for installation are downloaded from the Avira web servers. The Download window closes after conclusion of the download. Installation with an installation package The window Preparing installation appears. The installation file is extracted.
Installation and uninstallation The Avira Tray Icon is placed in the taskbar. In order to ensure effective protection for your computer, the module Updater will search for possible updates. The Luke Filewalker window opens and a short system scan is performed. The status of the check as well as the results are displayed. If after the scan you are asked to restart your computer, click Yes to ensure that your system is fully protected.
Installation and uninstallation Note By default Express installation is preset. All standard components will be installed which you may not configure. If you like to execute an Express installation, please refer to the chapter: Installation > Express installation. Choose Custom to install individual program components. Confirm that you accept the End User License Agreement. For reading the detailed text of the End User License Agreement, click the EULA link. Click Next.
Installation and uninstallation The Installation Wizard is closed and the Configuration Wizard will open. 3.5 Configuration Wizard At the end of a user-defined installation, the configuration wizard is opened. The configuration wizard enables you to define custom settings for your Avira product. Click Next in the welcome window of the configuration wizard to begin configuration of the program. The Configure AHeAD dialog box enables you to select a detection level for the AHeAD technology.
Installation and uninstallation In the following Select email settings dialog box, you can define the Server settings for sending emails. Your Avira product uses SMTP to send emails as well as send email alerts. Where appropriate, make the necessary adjustments to the server settings and continue the configuration by clicking Next. In the following System scan dialog box, a short system scan can be enabled or disabled.
Installation and uninstallation Avira Professional Security This module contains all components required for successful installation of your Avira product. Avira Realtime Protection The Avira Realtime Protection runs in the background. It monitors and repairs, if possible, files during operations such as open, write and copy in on-access mode. Whenever a user carries out a file operation (e.g. load document, execute, copy), the Avira product automatically scans the file.
Installation and uninstallation 3.8 Uninstallation If you wish to remove the Avira product from your computer, you can use the option Add or Remove Programs to Change/Remove programs in the Windows Control Panel. To uninstall your Avira product (e.g. in Windows XP and Windows Vista): Open the Control Panel via the Windows Start menu. Double click on Programs (Windows XP: Software). Select your Avira product in the list and click Remove. You will be asked if you really want to remove the program.
Installation and uninstallation Note Please note that an installation package for the Avira product is required for installation via a network. An installation file for Internet-based installation cannot be used. Avira products can be easily shared on the network with a server login script or via SMS. For information on installation and uninstallation on the network: see Chapter: Command line parameters for the setup program see Chapter: Parameter of the file setup.
Installation and uninstallation Begin installation with the parameter /inf or integrate the parameter into the login script of the server. Example: presetup.exe /inf="c:\temp\setup.inf" The installation starts automatically. To uninstall Avira products on the network automatically: You must have administrator rights (also required in batch mode) Start the uninstallation with the parameter/remsilent or /remsilentaskreboot or integrate the parameter into the login script of the server.
Installation and uninstallation /remsilentaskreboot The setup program uninstalls the Avira product without displaying dialogs and requests a computer restart after uninstallation. Example: presetup.exe /remsilentaskreboot The following parameter is available as an option for the uninstallation log: /unsetuplog All actions during uninstallation are logged. Example: presetup.exe /remsilent /unsetuplog="c:\logfiles\unsetup.log" In the control file setup.
Installation and uninstallation Guard Installs the Avira Realtime Protection (on-access Scanner). 1: Install Avira Realtime Protection 0: Do not install Avira Realtime Protection Example: Guard=1 MailScanner Installs the Avira Mail Protection. 1: Install Avira Mail Protection 0: Do not install Avira Mail Protection Example: MailScanner=1 KeyFile Specifies the path for the license file that is copied during installation. For initial installation: obligatory.
Installation and uninstallation AVWinIni (optional) Specifies the destination path for the configuration file that may be copied during installation. The file name must be specified completely (fully qualified). Example: AVWinIni=d:\inst\config\avwin.ini Password This option assigns the password that was set for the (modification) installation and uninstallation to the setup routine. The entry is only scanned by the setup routine when a password has been set.
Overview of Avira Professional Security 4. Overview of Avira Professional Security This chapter contains an overview of the functionality and operation of your Avira product. see Chapter Interface and operation see Chapter How to...? 4.
Overview of Avira Professional Security The Control Center window is divided into three areas: The Menu bar, the Navigation bar and the detail window Status: Menu bar: In the Control Center menu bar, you can access general program functions and information on the program. Navigation area: In the navigation area, you can easily swap between the individual sections of the Control Center.
Overview of Avira Professional Security Close the Control Center via the menu command Close in the menu File or by clicking on the close tab in the Control Center. 4.1.3 Operate Control Center To navigate in the Control Center Select an activity in the navigation bar. The activity opens and other sections appear. The first section of the activity is selected and displayed in the view. If necessary, click another section to display this in the detail window.
Overview of Avira Professional Security report file. More detailed information on the last virus or unwanted program detected can be obtained practically "at the push of a button". Online protection: In Online protection you will find the components to protect your computer system against viruses and malware from the Internet, and against unauthorized network access. The Mail Protection section shows you all the emails scanned by Mail Protection, their properties and other statistical data.
Overview of Avira Professional Security The Configuration opens a dialog box: You can save your configuration settings via the OK or Apply buttons, delete your settings by clicking the Cancel button or restore your default configuration settings using the Default values button. You can select individual configuration sections in the left-hand navigation bar. 4.1.6 Accessing the Configuration You have several options for accessing the configuration: via the Windows control panel.
Overview of Avira Professional Security configuration registers. In this case, a dialog appears asking you to activate expert mode. 4.1.7 Configuration operation Navigate in the configuration window as you would in Windows Explorer: Click an entry in the tree structure to display this configuration section in the detail window. Click the plus symbol in front of an entry to expand the configuration section and display configuration subsections in the tree structure.
Overview of Avira Professional Security 4.1.8 Configuration profiles You have the option of saving your configuration settings as configuration profiles. In the configuration profile, i.e. of a configuration, all configuration options are saved in a group. The configuration is displayed in the navigation bar as a node. You can add other configurations to the default configuration.
Overview of Avira Professional Security Configuration of cache, empty cache Configuration of a footer in sent emails Report function setting Web Protection: Configuration of Web Protection Scan options, enabling and disabling the Web Protection Action on detection Blocked access: Unwanted file types and MIME types, Web filter for known unwanted URLS (malware, phishing, etc.
Overview of Avira Professional Security Icon Description Avira Realtime Protection is enabled and the FireWall is enabled Avira Realtime Protection is disabled and the FireWall is disabled The tray icon displays the status of the Realtime Protection and the FireWall service. Central functions of your Avira product can be quickly accessed via the context menu of the tray icon. To open the context menu, click the tray icon with the right-hand mouse button. 4.1.
Overview of Avira Professional Security 4.2 How to...? 4.2.1 Activate license To activate your Avira product’s license: Activate your license for your Avira product with the license file hbedv.key. You can obtain the license file by email from Avira. The license file contains the license for all products that you have ordered in one order process. If you have not yet installed your Avira product: Save the license file to a local directory on your computer. Install your Avira product.
Overview of Avira Professional Security Click Next. The dialog box Type of job is displayed. Select Update job from the list. Click Next. The dialog box Time of job appears. Select a time for the update: Immediately Daily Weekly Interval Single Login Note We recommend regular and frequent updates. The recommended update interval is: 60 minutes. Where appropriate, specify a date according to the selection.
Overview of Avira Professional Security View properties of a job Edit job Delete job Start job Stop job 4.2.3 Start a manual update You have various options for starting an update manually: When an update is started manually, the virus definition file and scan engine are always updated.
Overview of Avira Professional Security Note You can also carry out a manual update directly via the Windows security center. 4.2.4 Using a scan profiles to scan for viruses and malware A scan profile is a set of drives and directories to be scanned. The following options are available for scanning via a scan profile: Use predefined scan profile If the predefined scan profile corresponds to your requirements.
Overview of Avira Professional Security -ORCreate a new scan profile Click the icon (Windows XP: or Windows Vista: ). The Luke Filewalker window appears and a system scan is started. When the scan is completed, the results are displayed. If you want to adapt a scan profile: In the scan profile, expand Manual Selection the file tree so that all the drives and directories you want to scan are open. Click the + icon: The next directory level is displayed.
Overview of Avira Professional Security Use the left-hand mouse button to drag the highlighted file or directory into the Control Center. The Luke Filewalker window appears and a system scan is started. When the scan is completed, the results are displayed. 4.2.6 Scan for viruses and malware via the context menu To scan for viruses and malware systematically via the context menu: Click with the right-hand mouse button (e.g.
Overview of Avira Professional Security Daily Weekly Interval Single Login Where appropriate, specify a date according to the selection. Where appropriate, select the following additional options (availability depends on job type): Repeat job if the time has already expired Past jobs are performed that could not be performed at the required time, for example because the computer was switched off. Click Next. The dialog box Selection of the display mode appears.
Overview of Avira Professional Security 4.2.8 Targeted scan for Rootkits and active malware To scan for active rootkits, use the predefined scan profile Scan for Rootkits and active malware. To scan for active rootkits systematically: Go to Control Center and select the section PC protection > System Scanner. Predefined scan profiles appear. Select the predefined scan profile Scan for Rootkits and active malware.
Overview of Avira Professional Security Action options for the Realtime Protection: Interactive In interactive action mode, data access is denied and a desktop notification is displayed. In the desktop notification you can remove the malware detected or transfer the malware to the System Scanner component using the Details button for further virus management.
Overview of Avira Professional Security This option is only available if the infected file can be repaired. Rename The file is renamed with a *.vir extension. Direct access to these files (e.g. with doubleclick) is therefore no longer possible. Files can be repaired and given their original name at a later time. Quarantine The file is packaged into a special format (*.qua) and moved to the Quarantine directory INFECTED on your hard disk, so that direct access is no longer possible.
Overview of Avira Professional Security Note If you carry out actions on running processes, the processes in question are terminated before the actions are performed. Actions of the Realtime Protection for detections made by the ProActiv component (notification of suspicious actions of an application): Trusted program The application continues to run. The program is added to the list of permitted applications and is excluded from monitoring by the ProActiv component.
Overview of Avira Professional Security Move attachment to quarantine The infected attachment is placed in quarantine and then deleted (replaced by a default text). The body of the email is delivered. The affected attachment can later be delivered via the quarantine manager. Ignore The affected email is delivered. Warning This could allow viruses and unwanted programs to access your computer system. Only select the Ignore option in exceptional cases.
Overview of Avira Professional Security Move to quarantine The website requested from the web server and/or any data or files transferred are moved to quarantine. The affected file can be recovered from quarantine manager if it has an informative value or - if necessary - sent to the Avira Malware Research Center. Ignore The website requested from the web server and/or the data and files that were transferred are forwarded on by Web Protection to your web browser.
Overview of Avira Professional Security Scanning a file is recommended if the virus definition file of your Avira product has been updated and a false positive report is suspected. This enables you to confirm a false positive with a rescan and restore the file. Highlight the file and click on . The file is scanned for viruses and malware using the system scan settings. After the scan, the dialog Rescan statistics appears which displays statistics on the status of the file before and after the rescan.
Overview of Avira Professional Security Note The size of the files you upload is limited to 20 MB uncompressed or 8 MB compressed. If you want to copy a quarantined object from quarantine to another directory: Highlight the quarantined object and click on . The dialog Browse For Folder opens from which you can select a directory. Select a directory where you want to save a copy of the quarantined object and confirm your selection. The selected quarantined object is saved to the selected directory.
Overview of Avira Professional Security This icon restores the files to their original directory. If extended administrator rights are necessary to access this directory, a corresponding request appears. To restore files in quarantine: Warning This could result in loss of data and damage to the operating system of the computer! Only use the function Restore selected object in exceptional cases. Only restore files that could be repaired by a new scan. File rescanned and repaired.
Overview of Avira Professional Security The file is restored to the selected directory. 4.2.12 Move suspicious files to quarantine To move a suspect file to quarantine manually: In the Control Center, select the section Administration > Quarantine section. Click on . The Windows default window for selecting a file appears. Select the file and confirm with Open. The file is moved to quarantine.
Overview of Avira Professional Security 4.2.14 Create desktop shortcut for scan profile You can start a system scan directly from your desktop via a desktop shortcut to a scan profile without accessing your Avira product‟s Control Center. To create a desktop shortcut to the scan profile: In the Control Center, go to the PC protection > System Scanner section. Select the scan profile for which you want to create a shortcut. Click the icon . The desktop shortcut is created. 4.2.
Overview of Avira Professional Security Uncheck the box of the program components to hide the events of the deactivated components. Check the event type box to display these events. - OR Uncheck the event type box to hide these events. 4.2.16 Exclude email addresses from scan To define which email addresses (senders) are excluded from the Mail Protection scan (white listing): Go to Control Center and select the section Internet protection > Mail Protection. The list shows incoming emails.
Overview of Avira Professional Security Medium Suspicious TCP and UDP packages are discarded. Flooding and port scan are prevented. High Computer is not visible on the network. Connections from outside are blocked. Flooding and port scan are prevented. User User-defined rules: If this security level is selected, the program automatically recognizes that the adapter rules have been modified. Note The default security level setting for all predefined rules of the Avira FireWall is Medium.
System Scanner 5. System Scanner With the System Scanner component, you can carry out targeted scans (on-demand scans) for viruses and unwanted programs. The following options are available for scanning for infected files: System scan via context menu The system scan via the context menu (right-hand mouse button - entry Scan selected files with Avira) is recommended if, for example, you wish to scan individual files and directories.
Updates 6. Updates The effectiveness of anti-virus software depends on how up-to-date the program is, in particular the virus definition file and the scan engine. To carry out regular updates, the Updater component is integrated into your Avira product. The Updater ensures that your Avira product is always up-to-date and able to deal with the new viruses that appear every day.
Updates Updates can be obtained from the Internet via a proprietary web server or via a web or file server on an intranet which downloads the update files from the Internet and makes them available to other computers on the network. This is useful if you want to update Avira products on more than one computer in a network. A download server on an intranet can be used to ensure Avira products are up-to-date on the protected computers using a minimum of resources.
Firewall 7. Firewall Avira FireWall monitors and regulates incoming and outgoing data traffic on your computer system and protects you from a wide range of attacks and threats from the Internet: Incoming or outgoing data traffic or listening to ports will be allowed or denied based on security guidelines. You will receive a desktop notification if Avira FireWall denies network activity and thus blocks network connections.
FAQ, Tips 8. FAQ, Tips This chapter contains important information on troubleshooting and further tips on using your Avira product. see Chapter Help in case of a problem see Chapter Shortcuts see Chapter Windows Security Center 8.1 Help in case of a problem Here you will find information on causes and solutions of possible problems. The error message The license file cannot be opened appears. The error message Connection failed while downloading the file ...
FAQ, Tips Test whether other Internet services such as WWW or email work. If not, re-establish the Internet connection. Reason: The proxy server cannot be reached. Check whether the login for the proxy server has changed and adapt it to your configuration if necessary. Reason: The update.exe file is not fully approved by your personal firewall. Ensure that the update.exe file is fully approved by your personal firewall.
FAQ, Tips configuration panel Services with a double-click (under Windows 2000 and Windows XP the services applet is located in the sub-directory Administrative Tools). Find the entry Avira Realtime Protection. Automatic must be entered as the startup type and Started as the status. If necessary, start the service manually by selecting the relevant line and the button Start. If an error message appears, please check the event display. The computer is extremely slow when I perform a data back-up.
FAQ, Tips Settings > Control Panel > Add or Remove Programs", restart the computer and then reinstall your Avira product. General POP3 connections encrypted via SSL (Secure Sockets Layer, also frequently referred to as TLS (Transport Layer Security)) cannot currently be protected and are ignored. Verification to the mail server is currently only supported via "passwords". "Kerberos" and "RPA" are not currently supported. Your AntiVir program does not check outgoing emails for viruses and unwanted programs.
FAQ, Tips Check if the rule is directly above the rule Deny all IP packets. Warning This rule is potentially dangerous because it will allow UDP packets without any filtering! After working with the virtual machine change to your previous security level. Virtual Private Network (VPN) Connection is blocked, if the security level of Avira FireWall is set to medium or high.
FAQ, Tips 8.2 Shortcuts Keyboard commands - also called shortcuts - offer a fast possibility to navigate through the program, to retrieve individual modules and to start actions. Below we provide you with an overview of the available keyboard commands. Please find further indications regarding the functionality in the corresponding chapter of the help. 8.2.1 In dialog boxes Shortcut Description Ctrl + Tab Ctrl + Page down Navigation in the Control Center Go to next section.
FAQ, Tips Enter Start command for the active option or button. 8.2.2 In the help Shortcut Description Alt + Space Display system menu. Alt + Tab Shift between the help and the other opened windows. Alt + F4 Close help. Shift + F10 Display context menu of the help. Ctrl + Tab Go to next section in the navigation window. Ctrl + Shift + Tab Go to previous section in the navigation window.
FAQ, Tips F5 Refresh F8 Open configuration F9 Start update Scan section Shortcut Description F2 Rename selected profile F3 Start scan with the selected profile F4 Create desktop link for the selected profile Ins Create new profile Del Delete selected profile FireWall section Shortcut Description Return Properties Quarantine section Shortcut Description F2 Rescan object F3 Restore object Avira Professional Security - User Manual (Status: 23 Sep.
FAQ, Tips F4 Send object F6 Restore object to... Return Properties Ins Add file Del Delete object Scheduler section Shortcut Description F2 Edit job Return Properties Ins Insert new job Del Delete job Reports section Shortcut Description F3 Display report file F4 Print report file Return Display report Del Delete report(s) Avira Professional Security - User Manual (Status: 23 Sep.
FAQ, Tips Events section Shortcut Description F3 Export event(s) Return Show event Del Delete event(s) 8.3 Windows Security Center - Windows XP Service Pack 2 or higher - 8.3.1 General The Windows Security Center checks the status of a computer for important security aspects. If a problem is detected with one of these important points (e.g. an outdated anti-virus program), the Security Center issues an alert and gives recommendations on how to protect your computer better. 8.3.
FAQ, Tips Firewall INACTIVE / Firewall off You will receive the following message as soon as you disable the Avira FireWall: Note You can enable or disable the Avira FireWall via the Status tab in the Control Center. Warning If you turn the Avira FireWall off, your computer is no longer prevented by unauthorized users from gaining access to it through a network or the Internet.
FAQ, Tips Note Install your Avira product on your computer to protect it against viruses and other unwanted programs! Virus protection OUT OF DATE If you have already installed Windows XP Service Pack 2 or Windows Vista and then install your Avira product or you install Windows XP Service Pack 2 or Windows Vista on a system on which your Avira product has already been installed, you will receive the following message: Note In order for the Windows Security Center to recognize your Avira product as upto-d
FAQ, Tips Note You can enable or disabled Avira Realtime Protection in the Overview > Status section of the Control Center. You can also see that the Avira Realtime Protection is enabled if the red umbrella in your taskbar is open. Virus protection NOT MONITORED If you receive the following message from the Windows Security Center, you have decided that you want to monitor your anti-virus software yourself. Note This function is not supported by Windows Vista.
Viruses and more 9. Viruses and more 9.1 Threat categories Adware Adware is software that presents banner ads or in pop-up windows through a bar that appears on a computer screen. These advertisements usually cannot be removed and are consequently always visible. The connection data allow many conclusions on the usage behavior and are problematic in terms of data security. Your Avira product detects Adware.
Viruses and more Dialer Certain services available in the Internet have to be paid for. They are invoiced in Germany via dialers with 0190/0900 numbers (or via 09x0 numbers in Austria and Switzerland; in Germany, the number is set to change to 09x0 in the medium term). Once installed on the computer, these programs guarantee a connection via a suitable premium rate number whose scale of charges can vary widely.
Viruses and more them pay to eliminate it. There are also cases when the victims are lead to believe they were attacked and they are instructed to carry out an action, which in reality is the real attack. Your Avira product detects scareware. If the option Fraudulent software is enabled with a check mark in the configuration Threat categories, you receive a corresponding alert if your Avira product detects such files.
Viruses and more registration authorities. When submitting your email address on the Internet, filling in online forms, accessing newsgroups or websites, your data can be stolen by "Internet crawling spiders" and then used without your permission to commit fraud or other crimes. Your Avira product recognizes "Phishing". If the option Phishing is enabled with a check mark in the configuration under Threat categories, you receive a corresponding alert if your Avira product detects such behavior.
Viruses and more Boot viruses The boot or master boot sector of hard disks is mainly infected by boot sector viruses. They overwrite important information necessary for the system execution. One of the awkward consequences: the computer system cannot be loaded any more… Bot-Net A bot-net is defined as a remote network of PCs (on the Internet) that is composed of bots that communicate with each other.
Viruses and more reason he is never addressed. If an attacker examines a network for the weak points and uses the services which are offered by a honeypot, it is logged and an alert is triggered. Macro viruses Macroviruses are small programs that are written in the macro language of an application (e.g. WordBasic under WinWord 6.0) and that can normally only spread within documents of this application. Because of this, they are also called document viruses.
Viruses and more Rootkits A rootkit is a collection of software tools that are installed after a computer system has been infiltrated to conceal logins of the infiltrator, hide processes and record data generally speaking: to make themselves invisible. They attempt to update already installed spy programs and reinstall deleted spyware.
Info and Service 10. Info and Service This chapter contains information on how to contact us. see Chapter Contact address see Chapter Technical support see Chapter Suspicious files see Chapter Report false positives see Chapter Your feedback for more security 10.1 Contact address If you have any questions or requests concerning the Avira product range, we will be pleased to help you.
Info and Service 10.3 Suspicious file Viruses that may not yet be detected or removed by our products or suspect files can be sent to us. We provide you with several ways of doing this. Identify the file in the quarantine manager of the Control Center and select the item Send file via the context menu or the corresponding button. Send the required file packed (WinZIP, PKZip, Arj etc.) in the attachment of an email to the following address: virus-professional@avira.
Reference: Configuration options 11. Reference: Configuration options The configuration reference documents all available configuration options. 11.1 System Scanner The System Scanner section of configuration is responsible for the configuration of the on-demand scan. (Options available in expert mode only.) 11.1.1 Scan You can define the behavior of the on-demand scan routine (options available in expert mode only).
Reference: Configuration options Note If Use smart extensions is enabled, the button File extensions cannot be selected. Use file extension list If this option is enabled, only files with a specified extension are scanned. All file types that may contain viruses and unwanted programs are preset. The list can be edited manually via the button "File extension".
Reference: Configuration options an amended file is detected, this is reported as suspect. This function uses a lot of computer capacity. That is why the option is disabled as the default setting. Note This option is only available with Windows Vista and higher. The option is not available if you are managing the Avira program under AMC. Note This option should not be used if you are using third-party tools that modify system files and adapt the boot or start screen to your own requirements.
Reference: Configuration options Note The rootkits scan is not available for Windows XP 64 bit ! Scan Registry If this option is enabled, the Registry is scanned for references to malware. Ignore files and paths on network drives If this option is enabled, network drives connected to the computer are excluded from the on-demand scan. This option is recommended when the servers or other workstations are themselves protected with anti-virus software. This option is disabled as the default setting.
Reference: Configuration options Action on detection You can define the actions to be performed by System Scanner when a virus or unwanted program is detected. (Options available in expert mode only.) Interactive If this option is enabled, the results of the System Scanner scan are displayed in a dialog box. When carrying out a scan with the System Scanner, you will receive an alert with a list of the affected files at the end of the scan.
Reference: Configuration options Default The button is used to define a default action by the System Scanner to handle the files encountered. Highlight an action and click the "Default" button. Only the selected default action for the relevant files can be executed in combined notification mode. The selected default action for the relevant files is preselected in individual and expert notification mode. Note The action repair cannot be selected as the default action.
Reference: Configuration options Repair If this option is enabled, the System Scanner repairs affected files automatically. If the System Scanner cannot repair an affected file, it carries out the action selected under Secondary action. Note An automatic repair is recommended, but means that the System Scanner modifies files on the workstation. Rename If this option is enabled, the System Scanner renames the file. Direct access to these files (e.g. with double-click) is therefore no longer possible.
Reference: Configuration options Quarantine If this option is enabled, the System Scanner moves the file to Quarantine. These files can later be repaired or - if necessary - sent to the Avira Malware Research Center. Delete If this option is enabled, the file is deleted. This process is much faster than "overwrite and delete". Ignore If this option is enabled, access to the file is allowed and the file is left as it is.
Reference: Configuration options This button opens a window in which you can select the desired program with the aid of the file selection dialog. Arguments In this input box you can enter command line parameters for the program to be started if necessary. Event log Use event log If this option is enabled, an event report with the results of the scan is transferred to the Windows Event Log after a System Scanner scan has been completed. The events can be called up in the Windows Event Viewer.
Reference: Configuration options Note In order to find a virus or an unwanted program in an archive, the System Scanner must scan up to the recursion level in which the virus or the unwanted program is located. Maximum recursion depth In order to enter the maximum recursion depth, the option Limit recursion depth must be enabled. You can either enter the requested recursion depth directly or by means of the right arrow key on the entry field. The permitted values are 1 to 99.
Reference: Configuration options Input box In this input box you can enter the name of the file object that is not included in the ondemand scan. No file object is entered as the default setting. The button opens a window in which you can select the required file or the required path. When you have entered a file name with its complete path, only this file is not scanned for infection.
Reference: Configuration options positives do sometimes occur. The decision on how to handle affected code is to be made by the user, e.g. based on his or her knowledge of whether the source of the code is trustworthy or not. Macrovirus heuristic Macrovirus heuristic Your Avira product contains a highly powerful macrovirus heuristic. If this option is enabled, all macros in the relevant document are deleted in the event of a repair, alternatively suspect documents are only reported, i.e.
Reference: Configuration options Off If this option is enabled, the System Scanner does not report the actions and results of the on-demand scan. Default When this option is activated, the System Scanner logs the names of the files concerned with their path. In addition, the configuration for the current scan, version information and information on the licensee is written in the report file.
Reference: Configuration options Note If All files is enabled, the File extensions button cannot be selected. Use smart extensions If this option is enabled, the selection of the files scanned for viruses or unwanted programs is automatically chosen by the program. This means that the program decides whether the files are scanned or not based on their content. This procedure is somewhat slower than Use file extension list, but more secure, since not only on the basis of the file extension is scanned.
Reference: Configuration options Scan when writing If this option is enabled, the Realtime Protection scans a file when writing. You can only access the file again after this process has been completed. Scan when reading and writing If this option is enabled, the Realtime Protection scans files before opening, reading and executing and after writing. This option is enabled as the default setting and is recommended.
Reference: Configuration options Scan archives If this option is enabled, then archives will be scanned. Compressed files are scanned, then decompressed and scanned again. This option is deactivated by default. The archive scan is restricted by the recursion depth, the number of files to be scanned and the archive size. You can set the maximum recursion depth, the number of files to be scanned and the maximum archive size.
Reference: Configuration options Rename Realtime Protection renames the file. Direct access to these files (e.g. with doubleclick) is therefore no longer possible. The file can be repaired at a later time and renamed again. Quarantine Realtime Protection moves the file to Quarantine. The file can be recovered from Quarantine manager if it has an informative value or - if necessary - sent to the Avira Malware Research Center. Depending on the file, further options are available in the Quarantine manager.
Reference: Configuration options You can also send the backup copy to the Avira Malware Research Center. Depending on the object, more selection options are available in the Quarantine manager. Display detection alerts If this option is enabled, then for each detection of a virus or unwanted program an alert appears. Primary action Primary action is the action performed when the Realtime Protection finds a virus or an unwanted program.
Reference: Configuration options Warning The affected file remains active on your workstation! It may cause serious damage on your workstation! Overwrite and delete If this option is enabled, the Realtime Protection overwrites the file with a default pattern and then deletes it. It cannot be restored. Deny access If this option is enabled, the Realtime Protection only enters the detection in the report file if the report function is enabled.
Reference: Configuration options Overwrite and delete If this option is enabled, the Realtime Protection overwrites the file with a default pattern and then deletes it. It cannot be restored. Deny access If this option is enabled, the affected file is not written; the Realtime Protection only enters the detection in the report file if the report function is enabled. In addition, the Realtime Protection writes an entry in the Event log, if this option is enabled.
Reference: Configuration options When entering the process, Unicode symbols are accepted. You can therefore enter process or directory names containing special symbols. Drive information must be entered as follows: [Drive letter]:\ The colon symbol (:) is only used to specify drives. When specifying the process, you can use the wildcards * (any number of characters) and ? (a single character). C:\Program C:\Program C:\Program C:\Program Files\Application\application.exe Files\Application\applicatio?.
Reference: Configuration options Delete With this button you can delete a selected process from the display window. File objects to be omitted by the Realtime Protection All file accesses to objects in this list are excluded from monitoring by the Realtime Protection. Input box In this box you can enter the name of the file object that is not included in the onaccess scan. No file object is entered as the default setting. The entries in the list must have no more than 6000 characters in total.
Reference: Configuration options Add With this button, you can add the file object entered in the input box to the display window. Delete With this button you can delete a selected file object from the display window. Please note the further information when specifying exceptions: In order to also exclude objects when they are accessed with short DOS file names (DOS name convention 8.3), the relevant short file name must also be entered in the list.
Reference: Configuration options C:\Program Files1\*.exe All processes for executable files located under the path C:\Program Files1 are excluded from the Realtime Protection scan. Examples for files to be excluded: *.mdb All files with the extension 'mdb‟ are excluded from the Realtime Protection scan. *.xls* All files with a file extension beginning 'xls‟ are excluded from the Realtime Protection scan, e.g. files with the extensions .xls and .xlsx. C:\Directory\*.
Reference: Configuration options alternatively suspect documents are only reported, i.e. you receive an alert. This option is enabled as the default setting and is recommended. Advanced Heuristic Analysis and Detection (AHeAD) enable AHeAD Your Avira program contains a very powerful heuristic in the form of Avira AHeAD technology, which can also detect unknown (new) malware. If this option is enabled, you can define how "aggressive" this heuristic should be. This option is enabled as the default setting.
Reference: Configuration options Enable Avira ProActiv If this option is enabled, programs on your computer system are monitored and checked for suspicious actions. You will receive a message if typical malware behavior is detected. You can block the program or select "Ignore" to continue to use the program.
Reference: Configuration options The button opens a window in which you can select the application to be blocked. Add With the "Add" button you can transfer the application specified in the input box to the list of applications to be blocked. Note Applications required for the proper operation of the operating system cannot be added. Delete The "Delete" button lets you remove a highlighted application from the list of applications to be blocked.
Reference: Configuration options application through an update. The originally harmless application is now malware. Note Some trusted applications, including for example all application components of your Avira product, are by default excluded from monitoring by the ProActiv component even though they are not included in the list. Input box In this box you enter the application to be excluded from monitoring by the ProActiv component.
Reference: Configuration options Default If this option is enabled, Realtime Protection records important information (concerning detections, alerts and errors) in the report file, with less important information ignored for improved clarity. This option is enabled as the default setting. Extended If this option is enabled, Realtime Protection logs less important information to the report file as well.
Reference: Configuration options Variable Windows XP 32 Bit (**English) Windows 7 32 Bit (**English) Windows 7 64 Bit (**English) %WINDIR% C:\Windows C:\Windows C:\Windows %SYSDIR% C:\Windows\Syste m32 C:\Windows\System3 2 C:\Windows\System3 2 %ALLUSERSPROFI LE% C:\Documents and Settings\All Users ** C:\ProgramData C:\ProgramData %PROGRAMFILES% C:\Program Files ** C:\Program Files ** C:\Program Files (x86) ** %PROGRAMFILES( x86)% %PROGRAMFILES( x86)% %PROGRAMFILES(x8 6)% C:\Program F
Reference: Configuration options Automatic update Activate If this option is enabled, automatic updates are performed for the enabled events at the specified interval. All n Day(s) / Hour(s) / Minute(s) In this box you can specify the interval at which the automatic update is performed. To change the update interval, highlight one of the time options in the box and change it using the arrow key to the right of the input box.
Reference: Configuration options 11.4.1 Product update Under Product update, configure how product updates or the notification of available product updates are handled. (Options available in expert mode only.) Product updates Download and install product updates automatically If this option is enabled, product updates are downloaded and automatically installed by the Update component as soon as they become available.
Reference: Configuration options Warning An update of the virus definition file and of the search engine is performed during every update process independent of the settings for the product update (see Chapter Updates). Note If you have enabled an option for an automatic product update, you can configure further restart notification and cancellation options under Restart settings. (Options available in expert mode only.) 11.4.
Reference: Configuration options Query whether computer should be restarted If this option is enabled, the restart which is necessary after a product update has been executed is not performed automatically. You will receive only one message, which offers the option to perform a restart directly or cancel the restart routine. Restart computer without query If this option is enabled, the restart which is necessary after a product update has been executed is performed automatically.
Reference: Configuration options 11.4.4 Web Server The update can be performed directly via a web server on the Internet or the intranet. (Options available in expert mode only.) Web server connection Use existing connection (network) This setting is displayed if your connection is used via a network. Use the following connection This setting is displayed if you define your connection individually. The Updater automatically detects which connection options are available.
Reference: Configuration options Priority server In this field, enter the update directory and URL of the web server that will first be requested to provide the update. If this server cannot be reached, the standard servers indicated will be used. The format for the address of the web server is as follows: http://
[:Port]/update. If you do not specify a port, port 80 will be used.Reference: Configuration options Address Enter the computer name or IP address of the proxy server you want to use to connect to the web server. Port Please enter the port number of the proxy server you want to use to connect to the web server. Login name Enter a user name to log in on the proxy server. Login password Enter the relevant password for logging in on the proxy server here. For security reasons, the actual characters you type in this space are replaced by asterisks (*).
Reference: Configuration options Note The default Security level setting for all predefined rules of the Avira FireWall is Medium. ICMP protocol The Internet Control Message Protocol (ICMP) is used to exchange error and information messages on networks. The protocol is also used for status messages with ping or tracer. With this rule, you can define the incoming and outgoing blocked message types, the behavior in case of flooding and the reaction to fragmented ICMP packets.
Reference: Configuration options Assume Flooding With a mouse click on the link, a dialog box is displayed where you can enter the maximum allowed ICMP delay. Example: 50 milliseconds. Fragmented ICMP packets With a mouse click on the link, you have the choice between "Reject" and "Don't reject" fragmented ICMP packets. TCP port scan With this rule, you can define when a TCP port scan is assumed by the FireWall and what should be done in this case.
Reference: Configuration options Rule With a mouse click on the link you have the choice between "add" and "don't add" the rule to block the TCP port scan attack. UDP Port Scan With this rule, you can define when a UDP port scan is assumed by the FireWall and what should be done in this case. This rule prevents so-called UDP port scan attacks that result in a detection of open UDP ports on your computer.
Reference: Configuration options Incoming Rules Incoming rules are defined to control incoming data traffic by the Avira FireWall. Warning When a packet is filtered, the corresponding rules are applied successively, therefore the rule order is very important. Change the rule order only if you are completely aware of what you are doing. Predefined rules for the TCP traffic monitor Avira Professional Security - User Manual (Status: 23 Sep.
Reference: Configuration options Setting Rules Low No incoming data traffic is blocked by the Avira FireWall. Medium Allow Established TCP Connections on 135 Allow TCP packets from address 0.0.0.0 with mask 0.0.0.0 if local ports in {135} and remote port is in {0-65535}. Apply for packets of existing connections. Don't log when packet matches rule. Advanced: Discard packets that have following bytes with mask at offset 0. Deny TCP packets on 135 Deny TCP packets from address 0.0.0.
Reference: Configuration options With a mouse click on the link you have the choice to allow or deny special defined incoming TCP packets. IP address By clicking on this link with the mouse, a dialog box opens in which you can enter the required IPv4 or IPv6 address. IP mask By clicking on this link with the mouse, a dialog box opens in which you can enter the required IPv4 or IPv6 mask.
Reference: Configuration options Predefined rules for the UDP data traffic monitor Setting Rules Low - Medium UDP accepted traffic monitor Allow UDP packets from address 0.0.0.0 with mask 0.0.0.0 if local port is in {0- 66535} and remote port is in {0-66535}. Apply rule to open ports for all streams. Don't log when packet matches rule. Advanced: Discard packets that have following bytes with mask at offset 0. Discard UDP traffic Deny UDP packets from address 0.0.0.0 with mask 0.0.0.
Reference: Configuration options Local ports With a mouse click on this link a dialog box appears in which you can define the local port number(s) or complete port ranges. Remote ports With a mouse click on this link a dialog box appears in which you can define the remote port number(s) or complete port ranges. Application method Ports With a mouse click on this link you have the choice to apply this rule to all ports or only to all opened ports.
Reference: Configuration options Predefined rules for the ICMP traffic monitor Setting Rules Low - Medium Do not discard ICMP based on IP address Allow ICMP packets from address 0.0.0.0 with mask 0.0.0.0. Don't log when packet matches rule. Advanced: Discard packets that have following bytes with mask at offset 0. High Same rule as for medium level. Allow/ Deny ICMP packets With a mouse click on the link you have the choice to allow or deny special defined incoming ICMP packets.
Reference: Configuration options Filtered content: offset With a mouse click on the link a dialog box appears in which you can define the filtered content offset. The offset is computed from where ICMP header ends. Predefined rules for IP packets Setting Rules Low - Medium - High Deny all IP packets Deny IPv4 packets from address 0.0.0.0 with mask 0.0.0.0. Don't log when packet matches rule.
Reference: Configuration options IP address By clicking on this link with the mouse, a dialog box opens in which you can enter the required IPv4 or IPv6 address. IP mask By clicking on this link with the mouse, a dialog box opens in which you can enter the required IP mask. IP Protocol By clicking on this link with the mouse, a dialog box opens in which you can enter the required IP protocol.
Reference: Configuration options Rename rule Allows you to give the selected rule another name. Note You can add new rules for individual adapters or for all adapters present on the computer. To add an adapter rule for all adapters, select My Computer from the adapter hierarchy that is displayed and click on the Add rule button. See Add new rule. Note To change the position of a rule you can also use the mouse to drag the rule to the required position. 11.5.
Reference: Configuration options Action Shows the action that the Avira FireWall will automatically take when the application is using the network, whatever the network usage type is. With a mouse click on the link you can switch to another action type. The action types are Ask, Allow or Deny. Ask is the default action.
Reference: Configuration options If you want to create specific rules for an application, select the Advanced entry under Filtering. The Rules entry is then displayed in the Action column. Click on Rules to open the window for creating specific application rules. Specified application rules in the advanced configuration Using the specified application rules, you can allow or deny specified data traffic for the application or you can allow or deny passive listening to individual ports.
Reference: Configuration options Buttons Button Description Add application Allows you to create a new application rule. If you press this button, a dialog box is opened. Here you can select the required application for creating a new rule. Remove rule Removes the selected application rule. Show details The window "Properties" displays the details of the application selected in the application list box.(Option available in expert mode only.
Reference: Configuration options Buttons Button Description Remove The highlighted entry is removed from the list of trusted vendors. To permanently remove the selected provider from the list, click Apply or OK in the configuration window. Reload The changes made are reversed. The last list saved is loaded. Note If you remove vendors from the list and then select Apply the vendors will be permanently removed from the list. The change cannot be reversed with Reload.
Reference: Configuration options Block forever If this option is enabled, a rule that was automatically created, for example, during a port scan is retained. Remove rule after n seconds If this option is enabled, a rule that was automatically created for example during a port scan, is removed again after the time you have defined. This option is enabled as the default setting. In the box you can specify the number of seconds after which the rules is to be removed.
Reference: Configuration options 11.5.5 Popup settings Options available in expert mode only. Inspect process launch stack If this option is enabled, the process stack inspection allows a more accurate control.The FireWall will assume that any of the untrustworthy processes in the stack may actually be the one accessing the network through its child process. Therefore a different popup window will be opened for each untrustworthy process in the process stack. This option is disabled as the default setting.
Reference: Configuration options Show details on demand If this option is enabled, the detailed information is only displayed in the "Network event" window on request, i.e. the detailed information is displayed by clicking on the "Show details" button in the "Network event" window. Always show details If this option is enabled, detailed information is always displayed in the "Network event" window.
Reference: Configuration options Stop Windows FireWall on startup If this option is enabled, the Windows FireWall is deactivated when the computer is rebooted. This option is enabled as the default setting. Learn mode If the option is activated, the learn mode of Avira FireWall is enabled. Automatic rule timeout Block forever If this option is enabled, a rule that was automatically created, for example, during a port scan is retained.
Reference: Configuration options TCP Port Scan UDP Port Scan Incoming rules Incoming IP protocol rule Outgoing rules Buttons to manage the rules ICMP protocol The Internet Control Message Protocol (ICMP) is used to exchange error and information messages on networks. The protocol is also used for status messages with ping or tracer.
Reference: Configuration options Outgoing blocked types: no types/several types With a mouse click on the link a list of ICMP packet types is displayed. From this list you can select the desired outgoing ICMP message types you want to block. Flooding With a mouse click on the link, a dialog box is displayed where you can enter the maximum allowed ICMPA delay. Fragmented ICMP packets With a mouse click on the link, you have the choice to reject or not to reject fragmented ICMP packets.
Reference: Configuration options Report file With a mouse click on the link you have the choice to log or not to log the attacker's IP address. Rule With a mouse click on the link you have the choice to add or not to add the rule to block the TCP port scan attack. UDP port scan With this rule, you can define when a UDP port scan is assumed by the FireWall and what should be done in this case. This rule prevents so-called UDP port scan attacks that result in a detection of open UDP ports on your computer.
Reference: Configuration options Rule With a mouse click on the link you have the choice to add or not to add the rule to block the UDP port scan attack. 11.6.2 Incoming Rules Incoming rules are defined to control incoming data traffic by the Avira FireWall. Warning When a packet is filtered the corresponding rules are applied successively, therefore the rule order is very important. Change the rule order only if you are completely aware of what you are doing.
Reference: Configuration options Setting Rules Low No incoming data traffic is blocked by the Avira FireWall. Medium Allow established TCP connections on 135 Allow TCP packets from address 0.0.0.0 with mask 0.0.0.0 if local ports in {135} and remote ports in {0-65535}. Apply for packets of existing connections. Don't log when packet matches rule. Advanced: Discard packets that have following bytes with mask at offset 0 Deny TCP packets on 135 Deny TCP packets from address 0.0.0.
Reference: Configuration options High Monitor established TCP data traffic Allow TCP packets from address 0.0.0.0 with mask 0.0.0.0 if local ports in {0-65535} and remote ports in {0-65535}. Apply for packets of existing connections. Don't log when packet matches rule. Advanced: Discard packets that have following bytes with mask at offset 0. Accept / reject TCP packets With a mouse click on the link you have the choice to allow or deny special defined incoming TCP packets.
Reference: Configuration options Filtered content: Data With a mouse click on the link a dialog box appears in which you can select a file that contains the specific buffer. Filtered content: Mask With a mouse click on the link a dialog box appears in which you can select the specific mask. Filtered content: Offset With a mouse click on the link a dialog box appears in which you can define the filtered content offset. The offset is computed from where TCP header ends.
Reference: Configuration options High Monitor established UDP traffic Allow UDP packets from address 0.0.0.0 with mask 0.0.0.0 if the local port is in range {0-65535} and the remote port is in range {53, 67, 68, 123}. Apply rule to open ports. Don't log when packet matches rule. Advanced: Discard packets that have following bytes with mask at offset 0. Accept / reject UDP packets With a mouse click on the link you have the choice to allow or deny special defined incoming UDP packets.
Reference: Configuration options Filtered content: Data With a mouse click on the link a dialog box appears in which you can select a file that contains the specific buffer. Filtered content: Mask With a mouse click on the link a dialog box appears in which you can select the specific mask. Filtered content: Offset With a mouse click on the link a dialog box appears in which you can define the filtered content offset. The offset is computed from where UDP header ends.
Reference: Configuration options The advanced feature enables content filtering. For example packets can be rejected if they contain some specific data at a certain offset. If you do not want to use this option do not select a file or choose an empty file. Filtered content: Data With a mouse click on the link a dialog box appears in which you can select a file that contains the specific buffer.
Reference: Configuration options Report file By clicking on the link with the mouse you can decide whether to write to a report file or not if the package complies with the rule. Incoming IP Protocol rule IP packages By clicking on the link with the mouse, you can decide whether you want to accept or reject specially defined IP packages. IP address By clicking on this link with the mouse, a dialog box opens in which you can enter the required IPv4 or IPv6 address.
Reference: Configuration options Buttons to manage the rules Button Description Add rule Allows you to create a new rule. If you press this button, the "Add new rule" dialog box is opened. In this dialog box you can select new rules. Remove rule Removes the selected rule. Rule up Moves the selected rule up one line, i.e. increases the rule priority. Rule down Moves the selected rule down one line, i.e. reduces the rule priority. Rename rule Allows you to give the selected rule another name.
Reference: Configuration options Application list This table shows the list of applications for which rules are defined. The symbols indicate whether network access by the applications is allowed or denied. The rules for the applications can be changed using a context menu. Buttons Button Description Add by path This button opens a dialog box in which you can select applications. The application is added to the application list with the rule "Allow".
Reference: Configuration options Buttons Button Description Add This button opens a dialog box in which you can select applications. The manufacturer of the application is established and added to the list of trusted vendors. Add group This button opens a dialog box in which you can select a directory. The manufacturers of all the applications in the selected path are established and added to the list of trusted vendors. Remove The highlighted entry is removed from the list of trusted vendors.
Reference: Configuration options Port scan If the option is activated, you will receive a desktop notification if a port scan has been detected by the FireWall. Flooding If the option is activated, you will receive a desktop notification if a flooding attack has been detected by the FireWall. Applications blocked If the option is activated, you will receive a desktop notification if the FireWall has denied, i.e. blocked, network activity by an application.
Reference: Configuration options Enabled for signed applications When this option is enabled, the option "Remember action for this application" of the dialog box "Network event" is automatically enabled during network access by signed applications. The manufacturers are: Microsoft, Mozilla, Opera, Yahoo, Google, Hewlet Packard, Sun, Skype, Adobe, Lexmark, Creative Labs, ATI, nVidia.
Reference: Configuration options used to set the behavior of the Web Protection component. (Options available in expert mode only.) Scan Enable Web Protection If this option is enabled, the Web Protection feature is active. Enable IPv6 support If this option is enabled, Internet Protocol version 6 is supported by the Web Protection. Drive-by protection Drive-by protection allows you to make settings to block I-Frames, also known as inline frames. I-Frames are HTML elements, i.e.
Reference: Configuration options In this box actions can be specified, which can be selected to be displayed in case of a virus detection. You must activate the corresponding options for this. Deny access The website requested from the web server and/or any data or files transferred are not sent to your web browser. An error message to notify you that access has been denied is displayed in the web browser. Web Protection logs the detection to the report file if the report function is activated.
Reference: Configuration options file can be recovered from the quarantine manager if it has any informative value or - if necessary - sent to the Avira Malware Research Center. Ignore The website requested from the web server and/ or the data and files that were transferred are forwarded on by Web Protection to your web browser. Access to the file is permitted and the file is ignored.
Reference: Configuration options Note No wildcards (* for any number of characters or ? for a single character) can be used when entering file types and MIME types. MIME types: Examples for media types: text = for text files image = for graphics files video = for video files audio = for sound files application = for files linked to a particular program Examples of excluded file and MIME types application/octet-stream = application/octet-stream MIME type files (executable files *.bin, *.exe, *.
Reference: Configuration options Note The Web filter is ignored for entries in the list of excluded URLs under Web Protection > Scan > Exceptions. Note Spam URLs are URLs sent with spam emails. The Fraud / Deception category covers web pages with “Subscription Expires” and other offers of services whose costs are hidden by the provider.
Reference: Configuration options by Web Protection: For all entries on the exclusion list, the entries on the list of file and MIME types to be blocked are ignored. No scan for viruses and malware is performed.
Reference: Configuration options .domainname.* *.domainname.com .*name*.com (valid but not recommended) Specifications without dots, like *name*, are interpreted as part of a top-level domain and are not advisable. Warning All websites on the list of excluded URLs are downloaded into the Internet browser without further scanning by the web filter or by Web Protection: For all entries in the list of excluded URLs, the entries in the web filter (see Web Protection > Scan > Blocked requests) are ignored.
Reference: Configuration options Warning Enter the URLs you want to exclude from the Web Protection scan as precisely as possible. Avoid specifying an entire top-level domain or parts of a secondlevel domain because there is a risk that Internet pages that distribute malware and undesirable programs will be excluded from the Web Protection scan through global specifications under exclusions. You are recommended to specify at least the complete second-level domain and the top-level domain: domainname.
Reference: Configuration options High detection level If this option is enabled, significantly more unknown malware is detected, but there are also likely to be false positives. 11.7.2 Report The Web Protection includes an extensive logging function to provide the user or administrator with exact notes about the type and manner of a detection. Reporting This group allows for the content of the report file to be determined. Off If this option is enabled, then Web Protection does not create a log.
Reference: Configuration options Note If you have not specified any report file restriction, older entries are automatically deleted when the report file reaches 100MB. Entries are deleted until the size of the report file reaches 80 MB. 11.8 Mail Protection The Mail Protection section of the Configuration is responsible for the configuration of the Mail Protection. 11.8.1 Scan Use Mail Protection to scan incoming emails for viruses and malware .
Reference: Configuration options Default This button resets the specified port to the default IMAP port. (Option available in expert mode only.) Scan outgoing emails (SMTP) If this option is enabled, outgoing emails are scanned for viruses and malware. Monitored ports In this field you should enter the port to be used as the outbox by the SMTP protocol. Multiple ports are separated by commas. (Option available in expert mode only.) Default This button resets the specified port to the default SMTP port.
Reference: Configuration options In this box actions can be specified, which can be selected to be displayed in case of a virus detection. You must activate the corresponding options for this. Move to quarantine When this option has been activated, the email including all attachments is moved to quarantine. It can be later be delivered via the quarantine manager. The affected email is deleted. The body of the text and any attachments of the email are replaced by a default text.
Reference: Configuration options Ignore If this option is enabled, the affected email is ignored despite detection of a virus or unwanted program. However, you can decide what is to be done with the affected attachment: Move to quarantine If this option is enabled, the complete email including all attachments is placed in Quarantine if a virus or unwanted program is found. If required, it can later be restored. The affected email itself is deleted.
Reference: Configuration options Default text for deleted and moved emails The text in this box is inserted in the email as a message instead of the affected email. You can edit this message. A text may contain a maximum of 500 characters. You can use the following key combination for formatting: Ctrl + Enter = inserts a line break. Default The button inserts a pre-defined default text in the edit box.
Reference: Configuration options you can define how "aggressive" this heuristic should be. This option is enabled as the default setting. Low detection level If this option is enabled, slightly less unknown malware is detected, the risk of false alerts is low in this case. Medium detection level This option is enabled as the default setting if you have selected use of this heuristic. This option is enabled as the default setting and is recommended.
Reference: Configuration options Malware When this option is enabled, the email address is no longer scanned for malware. Up You can use this button to move a highlighted email address to a higher position. If no entry is highlighted or the highlighted address is at the first position in the list, this button is not enabled. Down You can use this button to move a highlighted email address to a lower position.
Reference: Configuration options Attach Mail Protection footer If this option is enabled, the Avira Mail Protection footer is displayed beneath the message text of the sent email. The Avira Mail Protection footer confirms that the sent email has been scanned for viruses and unwanted programs by Avira .
Reference: Configuration options Limit size to n MB If this option is enabled, the report file can be limited to a certain size; possible values: Permitted values are between 1 and 100 MB. Around 50 kilobytes of extra space are allowed when limiting the size of the report file to minimize the use of system resources. If the size of the log file exceeds the indicated size by more than 50 kilobytes, then old entries are deleted until the indicated size minus 50 kilobytes is reached.
Reference: Configuration options Unusual runtime packers By clicking on the relevant box, the selected type is enabled (check mark set) or disabled (no check mark). Select all If this option is enabled, all types are enabled. Default values This button restores the predefined default values. Note If a type is disabled, files recognized as being of the relevant program type are no longer indicated. No entry is made in the report file. 11.9.
Reference: Configuration options Password-protected area Function Control Center If this option is enabled, the pre-defined password is required to start the Control Center. Activate / deactivate Realtime Protection If this option is enabled, the pre-defined password is required to enable or disable AntiVir Realtime Protection. Activate / deactivate Mail Protection If this option is enabled, the pre-defined password is required to enable/disable Mail Protection.
Reference: Configuration options Affected object properties If this option is enabled, the pre-defined password is required to display the properties of an object. Delete affected objects If this option is enabled, the pre-defined password is required to delete an object. Send email to Avira If this option is enabled, the pre-defined password is required to send an object to the Avira Malware Research Center for examination.
Reference: Configuration options 11.9.3 Security Options available in expert mode only. Autostart Block autostart function If this option is enabled, the execution of the Windows autostart function is blocked on all connected drives, including USB sticks, CD and DVD drives and network drives. With the Windows autostart function, files on data media or network drives are read immediately on loading or connection, and files can therefore be started and copied automatically.
Reference: Configuration options considerably more computer resources than simple process protection. The option is enabled as the default setting. To disable this option, you have to restart your computer. Note Password protection is not available for Windows XP 64 bit ! Warning If process protection is enabled, interaction problems can occur with other software products. Disable process protection in these cases.
Reference: Configuration options and methods (stopping and starting processes) via an interface. WMI gives you the option of downloading operating data from the program and controlling the program. You can request a complete reference guide to the WMI interface from the manufacturer. The reference file is available in PDF format when you sign a confidentiality agreement. Enable WMI support When this option is enabled, you can download operating data from the program via WMI.
Reference: Configuration options Login name Enter a user name to log in on the proxy server. Login password Enter the relevant password for logging in on the proxy server here. For security reasons, the actual characters you type in this space are replaced by asterisks (*). Examples: Address: proxy.domain.com Port: 8080 Address: 192.168.1.100 Port: 3128 11.9.
Reference: Configuration options Insert With this button you can add a further computer. A window is opened in which you can enter the names of new computers. A computer name can be a maximum of 15 characters long. The button opens a window in which you can alternatively select a computer directly from your computer environment. Delete With this button you can delete the currently selected entry from the list.
Reference: Configuration options Wildcard Description %VIRUS% contains the name of the detected virus or of the unwanted program %FILE% contains the path and file name of the affected file %COMPUTER% contains the name of the computer on which the Realtime Protection is running %NAME% contains the name of the user who accessed the affected file %ACTION% contains the action performed after the detection of the virus %MACADDR% contains the MAC address of the computer on which the Realtime Protectio
Reference: Configuration options Shortcuts Description Ctrl + Tab Inserts a tab. The current line is indented by several characters to the right. Ctrl + Enter Inserts a line break. The message can include wildcards for information found during the search. These wildcards are replaced by the actual text when sent.
Reference: Configuration options Email messages for the following events The on-access scan detected a virus or unwanted program If this option is enabled, you always receive an email with the name of the virus or unwanted program and the affected file when the on-access scan detects a virus or an unwanted program. Edit The "Edit" button opens the "Email template" window in which you can configure the notification for an "On-access detection" event.
Reference: Configuration options The on-demand scan detected a virus or unwanted program If this option is enabled, you receive an email with the name of the virus or unwanted program and the affected file whenever the on-demand scan detects a virus or an unwanted program. Edit The "Edit" button opens the "Email template" window in which you can configure the notification for an "Scan detection" event. You have the option of inserting text for the subject line and body of the email.
Reference: Configuration options No update necessary. Your program is up-to-date If this option is enabled, an email is sent if the Updater has successfully made a connection to the download server but there are no new files available on the server. This means that your Avira product is up to date. Edit The "Edit" button opens the "Email template" window in which you can configure the notification for a "No update necessary" event.
Reference: Configuration options Recipient(s) Enter the email address(es) of the recipient(s) in this box. The individual addresses are separated by commas. The maximum length of all addresses together (i.e. the total character string) is 260 characters. Note Alerts are always sent by email for the following events if an SMTP server and a recipient address have been configured for Updater notifications: A product update is required for every further update of the program.
Reference: Configuration options %PRODUCTVER% Product version %PRODUCTNAME% Product name %MODULENAME% Name of the component sending the email %MODULEVER% Version of the component sending the email Specific component variables Variable Value Component emails %ENGINEVER% Version of scan engine used Realtime Protection System Scanner %VDFVER% Version of virus definition file used Realtime Protection System Scanner %SOURCE% Fully qualified file name Realtime Protection %VIRUSNAME% Name of
Reference: Configuration options %UPDFILESLIST% List of updated files Updater %UPDATETYPE% Update type: Update of scan engine and virus definition file, or product update with update of scan engine and virus definition file Updater %UPDATEURL% URL of download server used for update Updater %UPDATE_ERROR% Update error in words Updater %DIRCOUNT% Number of scanned directories System Scanner %FILECOUNT% Number of files scanned System Scanner %MALWARECOUNT% Number of viruses or unwanted prog
Reference: Configuration options %WARNINGCOUNT% Number of warnings System Scanner %ENDTYPE% Status of scan: Terminated/Successfully completed System Scanner %START_TIME% Start time of the scan: Start time of the update System Scanner, Updater %END_TIME% End of the scan End of the update System Scanner, Updater %TIME_TAKEN% Duration of scan in minutes System Duration of the update in minutes Scanner, Updater %LOGFILEPATH% Path and file name of the report file System Scanner, Updater Acousti
Reference: Configuration options Use PC speakers (only in interactive mode) If this option is enabled, there is an acoustic alert with the default signal when a virus is detected by the System Scanner or Realtime Protection. The acoustic alert is sounded on the PC's internal speaker. Use the following WAVE file (only in interactive mode) If this option is enabled, there is an acoustic alert with the selected WAVE file when a virus is detected by the System Scanner or Realtime Protection.
Reference: Configuration options Dial-up connection is used If this option is enabled, you will receive a desktop notification alert if a dialer creates a dial-up connection on your computer via the telephone or ISDN network. There is a danger that the connection may have been created by an unknown and unwanted dialer and that the connection may be chargeable.
Reference: Configuration options Limit reports Limit number to max. n piece When this option is enabled, the maximum number of reports can be limited to a specific amount. Values between 1 and 300 are permissible. If the specified number is exceeded, then the oldest report at that time is deleted. Delete all reports older than n day(s) If this option is enabled, reports are automatically deleted after a specific number of days. Permissible values are: 1 to 90 days.
Reference: Configuration options Report directory Input box This input box contains the path to the report directory. The button opens a window in which you can select the required directory. Default The button restores the pre-defined path to the report directory. Quarantine directory Input box This box contains the path to the quarantine directory. The button opens a window in which you can select the required directory. Default The button restores the predefined path to the quarantine directory.
This manual was created with great care. However, errors in design and contents cannot be excluded. The reproduction of this publication or parts thereof in any form is prohibited without previous written consent from Avira Operations GmbH & Co. KG. Issued Q4-2011 Brand and product names are trademarks or registered trademarks of their respective owners. Protected trademarks are not marked as such in this manual. However, this does not mean that they may be used freely. © 2011 Avira Operations GmbH & Co.
