Avira AntiVir Server – Windows User Manual
Trademarks and Copyright Trademarks AntiVir is a registered trademark of Avira GmbH. Windows is a registered trademark of the Microsoft Corporation in the United States and other countries. All other brand and product names are trademarks or registered trademarks of their respective owners. Protected trademarks are not marked as such in this manual. This does not mean, however that they may be used freely. Copyright information Code provided by third party providers was used for Avira AntiVir Server.
Table of Contents 1 Introduction ............................................................................................................ 1 2 Icons and emphases .................................................................................................. 2 3 Product information ................................................................................................ 3 3.1 3.2 3.3 3.4 4 Installation and uninstallation.....................................................................
Table of Contents 10.3 10.4 10.5 10.6 10.2.3 Exceptions ........................................................................................................... 40 10.2.4 Products .............................................................................................................. 43 10.2.5 Heuristics ............................................................................................................ 43 10.2.6 Report ..................................................................
1 Introduction Your AntiVir program protects your computer against viruses, worms, Trojans, adware and spyware and other risks. In this manual these are referred to as viruses or malware (harmful software) and unwanted programs. The manual describes the program installation and operation. For further options and information, please visit our website: http://www.avira.com The Avira website lets you...
2 Icons and emphases The following icons are used: Icon / designation Explanation Placed before a condition which must be fulfilled prior to execution of an action. Placed before an action step that you perform. Placed before an event that follows the previous action. Warning Placed before a warning of the danger of critical data loss. Note Placed before a link to particularly important information or a tip which makes your AntiVir program easier to use.
3 Product information 3.1 Functionality The Avira AntiVir Server protection package includes the Avira AntiVir Server service and the AntiVir Server Console. The Avira AntiVir Server service protects your Windows Server from viruses and malware. The AntiVir Server Console is used for management, control and monitoring of the servers to be protected or of the AntiVir services on the servers to be protected. You can access any number of servers via the AntiVir Server Console.
Avira AntiVir Server – The quarantine manager conveniently manages and monitors the files placed in quarantine. AntiVir Server Console ... provides a desktop for AntiVir Server services with which you can control, configure and monitor AntiVir Server services. You install the AntiVir Server Console on at least one computer with a network connection to the servers to be protected. AntiVir Server Console can also be installed on the servers to be protected.
Product information – Comprehensive logging, warning and messaging functions for the administrator; sending of warnings in Windows networks and by email (SMTP), SMTP authentication possible – Protection against modification of the program files as a result of intensive selftest – Extended terminal server support – Rootkit protection (not under Windows XP 64 bit, Windows 2003 64 bit, Windows Server 2003 64 bit) – Support for Windows Management Instrumentation 3.
Avira AntiVir Server 3.4.1 License models You can use the many functions of Avira AntiVir Server with the following license models: – Evaluation version: Complete range of functions, 30-day license. – Full version Licensing comprises a license for all platforms and depends on the number of users in the network who are to be protected by Avira AntiVir Server. For further information on the licensing versions and the optional support offers, please go to our website: http://www.avira.
4 Installation and uninstallation 4.1 Installation Before installing Avira AntiVir Server, certain conditions must be met: – Please ensure that the system requirements are met (see System requirements), and that the Windows Server used is running. – Ensure that you are logged in on the server as an administrator or as a user with administrator rights. – Ensure that an Internet connection or network connection to a download server exists for updating the Avira AntiVir Server.
Avira AntiVir Server – A target folder can be selected for the program files to be installed. Performing installation Installing the Avira AntiVir Server: – Start the setup by double-clicking the installation file that you have downloaded from the Internet or insert the program CD. The installation wizard opens. – Follow the instructions of the installation wizard.
Installation and uninstallation During uninstallation, the AntiVir services are stopped, all report files and infected files (in quarantine) are deleted. During uninstallation you can specify that the directories with the report files and the quarantine are not deleted. 4.
Avira AntiVir Server Begin installation with the parameter /inf or integrate the parameter into the login script of the server. • Examples: presetup.exe /inf="c:\temp\setup.inf" 4.3.2 Uninstallation on the network To uninstall AntiVir programs on the network automatically: You must have administrator rights (also required in batch mode) Start the uninstallation with the parameters /inf and /AVUNINSTALL or integrate the parameters into the login script of the server. 4.3.
Installation and uninstallation – LicenseFile= Avira AntiVir Server is installed with the license. If you enter the file name only, the license file will be searched in the source folder of the setup only. Example: LicenseFile="A:\hbedv.key" – RestartWindows= 0 | 1 If a restart of the system is required after the installation, this can be performed automatically (standard) or a message box is displayed.
Avira AntiVir Server Installs the Systray tool. An Avira AntiVir Server tray icon is visible in the notification area of the protected server. The Tray Icon lets you monitor the status of the Avira AntiVir Server and gives you access to other Avira AntiVir Server functions.
5 User interface and operation 5.1 User interface: AntiVir Server Console The Avira AntiVir Server service that is installed on the servers to be protected is managed via the AntiVir Server Console. The AntiVir Server Console is a snap-in of the Microsoft Management Console (MMC). You can create any number of servers to be protected on the AntiVir Server Console in order to configure and monitor them on the AntiVir Server Console.
Avira AntiVir Server – When configuring a server, you must confirm information in the window Settings with the button OK or Accept in order to accept the new settings. Your settings are cancelled with the button Cancel. AntiVir Server Console overview Avira AntiVir Server – Display of the created servers with connection status – Actions: Add server Note The local AntiVir server and all AntiVir severs added by the registered user are displayed on the AntiVir Server Console.
User interface and operation – General: Extended risk categories for on-demand and on-access scans, password protection for the server on the AntiVir Server Console, security alerts for outdated Avira AntiVir servers, directories used, restriction of reports and of event log – Update: Download via web server or file server, product updates, configuration of connection to the download server – Alerts: Configuration of network alerts of the Guard and Scanner – Email: Configuration of email alerts via SMTP fro
Avira AntiVir Server 2. Management on the AntiVir Server Console Add server Add all servers on the AntiVir Server Console that you want to manage on the AntiVir Server Console. See Chapter AntiVir Server Console. Carry out the following steps for every server added: Configuration Configure the Avira AntiVir Server service on the server to be protected. Assign a password for the server on the AntiVir Server Console. See Chapters Settings and Settings::General::Password.
6 Scanner 6.1 Scanner With the Scanner component, you can carry out targeted scans (on-demand scans) for viruses and unwanted programs. The following options are available for scanning for infected files: – Scan in Scheduler (remote and local) The Scheduler gives you the option to schedule the times at which scan jobs are to be executed on the protected server. – Scan via Profile (remote and local) Profiles enable you to initiate defined and configured scan profiles on the protected server.
7 Updates The effectiveness of anti-virus software depends entirely on the scanning engine and the virus definitions being up-to-date. For this reason, regularly download updates for the Avira AntiVir Server from our download servers. To enable regular updates to be performed, the Updater component is integrated in the Avira AntiVir Server.
8 Viruses and more 8.1 Viruses and other malware Adware Adware is software that presents banner ads or in pop-up windows through a bar that appears on a computer screen. These advertisements usually cannot be removed and are consequently always visible. The connection data allow many conclusions on the usage behavior and are problematic in terms of data security. Backdoors A backdoor can gain access to a computer by bypassing the computer access security mechanisms.
Avira AntiVir Server For several years, Internet and other network users have received alerts about viruses that are purportedly spread via email. These alerts are spread via email with the request that they should be sent to the highest possible number of colleagues and to other users, in order to warn everyone against the "danger". Honeypot A honeypot is a service (program or server) installed in a network. Its function is to monitor a network and log attacks.
Viruses and more A computer virus is a program that is capable of attaching itself to other programs after being executed and cause an infection. Viruses multiply themselves unlike logic bombs and Trojans. In contrast to a worm, a virus always requires a program as host, where the virus deposits its virulent code. The program execution of the host itself is not changed as a rule.
Avira AntiVir Server 8.2 Extended threat categories Dialer (DIALER) Certain services available in the Internet have to be paid for. They are invoiced in Germany via dialers with 0190/0900 numbers (or via 09x0 numbers in Austria and Switzerland; in Germany, the number is set to change to 09x0 in the medium term). Once installed on the computer, these programs guarantee a connection via a suitable premium rate number whose scale of charges can vary widely.
Viruses and more Jokes (JOKES) Jokes are merely intended to give someone a fright or provide general amusement without causing harm or reproducing. When a joke program is loaded, the computer will usually start at some point to play a tune or display something unusual on the screen. Examples of jokes are the washing machine in the disk drive (DRAIN.COM) or the screen eater (BUGSRES.COM). But beware! All symptoms of joke programs may also originate from a virus or Trojan.
Avira AntiVir Server Your AntiVir program recognizes "Unusual runtime packers". If the option Unusual runtime packers is enabled with a check mark in the configuration under Extended threat categories, you receive a corresponding alert if your AntiVir program detects such packers. Double Extension Files (HEUR-DBLEXT) Executable files that hide their real file extension in a suspicious way. This camouflage method is often used by malware. Your AntiVir program recognizes "Double Extension Files".
9 Info and Service This chapter contains information on how to contact us. see Chapter Contact address see Chapter Technical support see Chapter Suspicious files see Chapter Report false positives see Chapter Your feedback for more security 9.1 Technical support Avira support provides reliable assistance in answering your questions or solving a technical problem. All necessary information on our comprehensive support service can be obtained from our website: http://www.avira.
Avira AntiVir Server 9.3 Reporting false positives If you believe that your AntiVir program is reporting a detection in a file that is most likely "clean", send the relevant file packed (WinZIP, PKZip, Arj etc.) as an email attachment to the following address: – virus@avira.com As some email gateways work with anti-virus software, you should also provide the file(s) with a password (please remember to tell us the password). 9.
10 Reference: Configuration options The configuration reference documents all available configuration options. 10.1 Scanner Here you define the basic behavior of the scan routine for an on-demand scan. If you select certain directories to be scanned with an on-demand scan, depending on the configuration the Scanner scans: – with a certain scanning power (priority), – also boot sectors and main memory, – certain or all boot sectors and the main memory, – all or selected files in the directory.
Avira AntiVir Server With the aid of this button, a dialog box is opened in which all file extensions are displayed that are scanned in "Use file extension list" mode. Default entries are set for the extensions, but entries can be added or deleted. Note Please note that the default list may vary from version to version. Additional settings Scan boot sectors of selected drives If this option is enabled, the Scanner scans the boot sectors of the drives selected for the on-demand scan.
Reference: Configuration options Do not scan files and paths on network drives Scan process Scanner priority With the on-demand scan, the Scanner distinguishes between priority levels. This is only effective if several processes are running simultaneously on the workstation. The selection affects the scanning speed. Low The Scanner is only allocated processor time by the operating system if no other process requires computation time, i.e. as long as only the Scanner is running, the speed is maximum.
Avira AntiVir Server delete If this option is enabled, the file is deleted. This process is much faster than "overwrite and delete". overwrite and delete If this option is enabled, the Scanner overwrites the file with a default pattern and then deletes it. It cannot be restored. rename If this option is enabled, the Scanner renames the file. Direct access to these files (e.g. with double-click) is therefore no longer possible. Files can later be repaired and given their original names again.
Reference: Configuration options 10.1.2 Further actions Launch program following detection After the on-demand scan, the Scanner can open a file of your choice (for example a program) if at least one virus or unwanted program has been detected, for example an email program, so that you can inform other users or the administrator. Note For security reasons it is only possible to start a program after a detection when a user is logged on the computer.
Avira AntiVir Server If this option is enabled, the Scanner detects whether a file is a packed file format (archive), even if the file extension differs from the usual extensions, and scans the archive. However every file must be opened for this, which reduces the scanning speed. Example: If a *.zip archive has the file extension *.xyz, the Scanner also unpacks this archive and scans it. This option is enabled as the default setting. Note Only those archive types marked in the archive list are supported.
Reference: Configuration options Input box In this input box you can enter the name of the file object that is not included in the ondemand scan. No file object is entered as the default setting. The button opens a window in which you can select the required file or the required path. When you have entered a file name with its complete path, only this file is not scanned for infection.
Avira AntiVir Server Advanced Heuristic Analysis and Detection (AHeAD) enable AHeAD Your AntiVir program contains a very powerful heuristic in the form of AntiVir AHeAD technology, which can also detect unknown (new) malware. If this option is enabled, you can define how "aggressive" this heuristic should be. This option is enabled as the default setting. Low detection level If this option is enabled, slightly less unknown malware is detected, the risk of false alerts is low in this case.
Reference: Configuration options You will normally want to monitor your system constantly. To this end, use the Guard (= on-access Scanner). You can thus scan all files that are copied or opened on the computer "on the fly", for viruses and unwanted programs. Scan mode Here the time for scanning of a file is defined. Scan when reading If this option is enabled, the Guard scans the files before they are read or executed by the application or the operating system.
Avira AntiVir Server Note Please note that the file extension list may vary from version to version. Archives Scan archives If this option is enabled, then archives will be scanned. Compressed files are scanned, then decompressed and scanned again. This option is deactivated by default. The archive scan is restricted by the recursion depth, the number of files to be scanned and the archive size. You can set the maximum recursion depth, the number of files to be scanned and the maximum archive size.
Reference: Configuration options Note When files are executed on network drives, they are scanned by the Guard irrespective of the setting for the Network Drives option. In some cases files on network drives are scanned while being opened, even though the Network Drives option is disabled. Reason: These files are accessed with ‘Execute File’ rights.
Avira AntiVir Server If this option is enabled, no dialog box in case of a virus detection appears. Guard reacts according to the settings you predefine in this section as primary and secondary action. Backup to quarantine If this option is enabled, the Guard creates a backup copy before carrying out the requested primary or secondary action. The backup copy is saved in quarantine. It can be restored via the quarantine manager if it is of informative value.
Reference: Configuration options Secondary action The option "Secondary action" can only be selected if the "Repair" option was selected under "Primary action". With this option it can now be decided what is to be done with the affected file if it cannot be repaired. delete If this option is enabled, the file is deleted. This process is much faster than "overwrite and delete". overwrite and delete If this option is enabled, the Guard overwrites the file with a default pattern and then deletes it.
Avira AntiVir Server 10.2.3 Exceptions With these options you can configure exception objects for the Guard (on-access scan). The relevant objects are then not included in the on-access scan. The Guard can ignore file accesses to these objects during the on-access scan via the list of processes to be omitted. This is useful, for example, with databases or backup solutions. Please note the following when specifying processes and file objects to be omitted: The list is processed from top to bottom.
Reference: Configuration options Warning Please note that all file accesses by processes recorded in the list are excluded from the scan for viruses and unwanted programs! The Windows Explorer and the operating system itself cannot be excluded. A corresponding entry in the list is ignored. The button opens a window in which you can select an executable file. Add With this button, you can add the process entered in the input box to the display window.
Avira AntiVir Server The button opens a window in which you can select the file object to be excluded. Add With this button, you can add the file object entered in the input box to the display window. Delete With this button you can delete a selected file object from the display window. Please note the further information when specifying exceptions: Note In order to also exclude objects when they are accessed with short DOS file names (DOS name convention 8.
Reference: Configuration options All processes for executable files located under the path C:\Program Files1 are excluded from the Guard scan. Examples for files to be excluded: – *.mdb All files with the extension 'mdb’ are excluded from the Guard scan – *.xls* All files with a file extension beginning 'xls’ are excluded from the Guard scan, e.g. files with the extensions .xls and .xlsx. – C:\Directory\*.
Avira AntiVir Server Macrovirus heuristics Macrovirus heuristics Your AntiVir product contains a highly powerful macrovirus heuristic. If this option is enabled, all macros in the relevant document are deleted in the event of a repair, alternatively suspect documents are only reported, i.e. you receive an alert. This option is enabled as the default setting and is recommended.
Reference: Configuration options Limit size to n MB If this option is enabled, the report file can be limited to a certain size; possible values: Permitted values are between 1 and 100 MB. Around 50 kilobytes of extra space are allowed when limiting the size of the report file to minimize the use of system resources. If the size of the log file exceeds the indicated size by more than 50 kilobytes, then old entries are deleted until the indicated size minus 50 kilobytes is reached.
Avira AntiVir Server Note If a type is disabled, files recognized as being of the relevant program type are no longer indicated. No entry is made in the report file. 10.3.2 Password You can protect access to servers you wish to protect in the AntiVir Server Console with a password. The password of the server must always be entered when a connection is made to the server. Connection to servers protected by a password is ended as soon as you close the AntiVir Server Console.
Reference: Configuration options Windows Management Instrumentation is a basic Windows management technique that uses script and programming languages to allow read and write access, both local and remote, to settings on Windows systems. Your AntiVir program supports WMI and provides data (status information, statistical data, reports, planned requests, etc.) as well as events and methods (stopping and starting processes) via an interface.
Avira AntiVir Server If this option is enabled, the number of reports is not restricted. 10.3.7 Directories Temporary path In this input box, enter the path where the program will store its temporary files. Use default system settings If this option is enabled, the settings of the system are used for handling temporary files. Use following directory If this option is enabled, the path displayed in the input box is used. The button opens a window in which you can select the required temporary path.
Reference: Configuration options The update is performed via a web server using an HTTP connection. You can use a proprietary web server on the Internet or a web server on an intranet, which obtains the update files from a proprietary download server on the Internet. Note If this option is enabled, you can configure the Web server and, where necessary, the proxy server.
Avira AntiVir Server If this option is enabled, no automatic product updates or notifications of available product updates by the Updater are performed. Updates to the virus definition file and search engine are performed independently of this setting. Important An update of the virus definition file and of the search engine is performed during every update process independent of the settings for the product update (see Chapter Updates).
Reference: Configuration options Server login Login name Enter a user name to log in on the server. Use a user account with access rights to the used shared folders on the server. Login password Enter the password for the user account. The characters entered are masked with *. Note If you do not specify any data in the Server login section, no authentication will be performed when accessing the file server. In this case the user must have sufficient rights for the file server. 10.4.
Avira AntiVir Server 10.5 Warnings You can send individually configurable alerts from the Scanner or from the Guard to any workstations in your network. Note An alert is always sent to computers, NOT to a certain user. Warning This functionality is no longer supported by the following operating systems: Windows Server 2008 and higher Windows Vista and higher Send message to The list in this window shows names of computers that receive a message when a virus or unwanted program is found.
Reference: Configuration options inserts a line break. The message can include wildcards for information found during the search. These wildcards are replaced by the actual text when sent.
Avira AntiVir Server Default The button restores the predefined default text for an alert. 10.5.3 Acoustic alerts Acoustic alert You can deactivate or activate an acoustic alert to signal that a virus has been found during a scan by the Guard. The acoustic alert is only emitted in "Extended terminal server support" action mode. An alternative Wave file can be selected as an acoustic alert.
Reference: Configuration options – Scanner: Sending notifications – Updater: Sending notifications – Quarantine manager: Sending suspicious files to the Avira Malware Research Center Note Please note that ESMTP is not supported. In addition, an encrypted transfer via TLS (Transport Layer Security) or SSL (Secure Sockets Layer) is currently not possible. Email messages SMTP server Enter the name of the host to be used here - either its IP address or the direct host name.
Avira AntiVir Server If this option is enabled, you always receive an email with the name of the virus or unwanted program and the affected file when the on-access scan detects a virus or an unwanted program. Edit The "Edit" button opens the "Email template" window in which you can configure the notification for an "On-access detection" event. You have the option of inserting text for the subject line and body of the email.
Reference: Configuration options When the option is activated, an email is sent when a scan job has been performed. The email contains data on the point and duration of the scan job, on the folders and files scanned as well as on the viruses found and warnings. Edit The "Edit" button opens the "Email template" window in which you can configure the notification for the "End of scan" event. You have the option of inserting text for the subject line and body of the email.
Avira AntiVir Server If this option is enabled, an email is only sent if an update of the scanning engine or virus definition file was performed without a product update, but a product update is available. Edit The "Edit" button opens the "Email template" window in which you can configure the notification for an "Update successful – product update available" event. You have the option of inserting text for the subject line and body of the email.
Reference: Configuration options %FQDN% Fully qualified domain name %TIMESTAMP% Event time stamp: Time and date format as per the language settings of the operating system %COMPUTERNAME% NetBIOS computer name %USERNAME% Name of user accessing the component %PRODUCTVER% Product version %PRODUCTNAME% Product name %MODULENAME% Name of the component sending the email %MODULEVER% Version of the component sending the email Specific component variables Variable Value Component emails %ENGINEVER
Avira AntiVir Server 60 %RENAMEDCOUNT% Number of infected files renamed Scanner %DELETEDCOUNT% Number of infected files deleted Scanner %WIPECOUNT% Number of infected files overwritten and deleted Scanner %MOVEDCOUNT% Number of infected files moved to quarantine Scanner %WARNINGCOUNT% Number of warnings Scanner %ENDTYPE% Status of scan: Terminated/Successfully completed Scanner %START_TIME% Start time of the scan: Start time of the update Scanner Updater %END_TIME% End of the scan En
This manual was created with great care. However, errors in design and contents cannot be excluded. The reproduction of this publication or parts thereof in any form is prohibited without previous written consent from Avira Operations GmbH & Co. KG. Issued Q2-2011 Brand and product names are trademarks or registered trademarks of their respective owners. Protected trademarks are not marked as such in this manual. However, this does not mean that they may be used freely. © 2011 Avira Operations GmbH & Co.