Note: Please print this page before starting the installation. These instructions assume the installation is for an unmanaged desktop client - e.g. a home machine, you have Winzip installed and you have the rights to install software. VirusScan must be installed under the local administrator account.
Advanced Features of VirusScan 8.5
- Download VirusScan 8.5 (VS 8.5) and the latest superdat from the antivirus site: Http://antivirus.nih.gov/software/client_na_vscan.asp. Note: These instructions assume the files are downloaded to c:\temp. Where c:\temp is used, replace the c:\temp with the directory you are using. These instructions are guidelines and may vary in your environment.
- Select the VirusScan Enterprise v8.5i (Repost w/ Patch 7) link. Save the file to your hard drive.
- Select the SuperDat (PC) 5xxx link (The number 5xxx will vary daily, with xxx equaling a number value). Save the file to your hard drive.
- Extract the VSE850lml.zip files into the C:\temp directory by double clicking VSE850lml.zip, select Extract, and select the c:\temp directory.
- Run SetupVSE.exe, select next.
- Set the License to a Perpetual License, agree to the license and select OK.
- Select typical and next.
- Select Standard Protection and Next
- Select install.
- Uncheck Update now and Run On-demand scan, select finish.
- Launch the VirusScan Console.
- Right Click on AutoUpdate and select properties.
- Select Schedule.
- Set a schedule to update VirusScan as desired. As DATS are released daily it is recommended to update daily.
- Select OK and close the console.
- Run the SuperDat (SDAT5xxx.exe, with xxx equaling a number value. The file will change daily). Accept the defaults.
- Select Finish. VirusScan 8.5 is now installed, scheduled for updates and using the current DAT file and Scan Engine.
Summary of New features
- Buffer overflow checking – It is recommended to enable this feature for workstations
- Script blocking – It is recommended that this feature be disabled
- File blocking – It is recommended that this feature be disabled
- Potentially unwanted programs (PUPs) – PUPs removal/blocking – It is recommended that this feature be enabled to detect Adware, Spyware and Dialers
- Firewall like capabilities – It is recommended that this feature be disabled
- Prevent McAfee services from being stopped – It is recommended that this feature be disabled in the Enterprise as it may interfere with management tools. At home you may wish to keep this enabled.
- Buffer overflow checking What is a buffer overflow? A simple definition of buffer overflow is writing data outside designated memory blocks when the memory block is full. VirusScan 8.5 uses pattern files to detect the buffer overflows. To configure buffer overflow checking launch the VirusScan console, right click Buffer Overflow Protection and select properties: A window appears that allows you to enable buffer overflow protection in either Warning or Protection mode. Warning mode will record the activity in the log but not block the process that is detected as causing a buffer overflow. Protection mode will stop a process that is detected as causing a buffer overflow. Exclusions can also be added (to exclude certain processes) as well as enabling an onscreen pop notification of detections. It is recommended that this feature be enabled in protection mode (default).
- Script blocking Script blocking is Behavioral blocking of potentially malicious Java and VB scripts. This is designed to prevent malicious Java and VB scripts from running. To enable or disable script blocking, open up the VirusScan console, right click On-Access Scanner and select properties. Select the ScriptScan tab and either check or uncheck the checkbox to enable or disable ScriptScan. ScriptScan is enabled by default. It is recommended that this feature be disabled by unchecking the Enable ScriptScan box and selecting apply.
- File blocking Using VirusScan to lock down or block access to shares, directories and files. To enable, disable or create rules, launch the VirusScan console, right click Access Protection and select properties. Select the File, Share, and Folder Protection tab. The window that appears shows the rules that are entered into VirusScan. The ones that are checked are enabled. You can create your own rules by selecting add or modify a current rule by selecting edit. The rules will allow you to block write and create access to directories on the machine. Be very cautious about creating rules so that you do not block patches or useful programs and services. Additionally you can block all shares or make all shares read only regardless of the permissions set on the share itself. It is recommended that this feature be disabled by unchecking Enable Access Protection and selecting apply.
- Potentially unwanted programs What are they? – Programs you may consider unwanted such as Adware, Spyware, Jokes or other programs you do not wish to have running on your machine. To enable, disable or create rules launch the VirusScan console, right click on Unwanted Programs Policy and select properties. By default the Unwanted Programs Policies are not enabled. From this window you can choose what policies you wish to enable by checking the checkbox next to each category of programs you want VirusScan to look for. You can also set exclusions to tell VirusScan what not to look for. It is recommended that this feature be enabled to detect Adware, Spyware and Dialers. To enable the features check the Spyware, Adware and dialers boxes and select apply. Selecting the User-Defined Detection tab brings up the window below. This allows you to set specific programs/files that you do not want on your system. Be very cautious about creating rules so that you do not block patches or useful programs and services. This could also be used in the event of a new virus that is not detected by the current DAT file to be blocked or deleted. To set such a rule you would need to know the name of the virus file and directory that the virus file is created in. To create a new rule select add and to modify an existing rule select edit and the rule you wish to edit.
- Firewall like capabilities VirusScan 8.5 includes the ability to block both TCP and UDP port inbound and outbound. The default ports that are blocked are 25 outbound and 6667-6669 inbound and outbound. The blocking rules may be modified to allow exception by program (e.g. Outlook.exe). Additionally the remote creation of Autorun files is blocked. To enable, disable or create rules, launch the VirusScan console, right click Access Protection and select properties. The window that appears shows you the rules that are entered into VirusScan. The ones that are checked are enabled. You can create your own rules by selecting add or modify a current rule by selecting edit. It is recommended that this feature be disabled. To disable this feature make sure all the Rule check boxes are unchecked then select apply.
Note: To update automatically from the NIH Antivirus site rather than McAfee or in addition to McAfee you will need to edit your autoupdate repository list:
- Launch the VirusScan console
- Select Tools then "Edit autoupdate repository list..."
- Select Add
- Create a name for the repository. This is a name of your choice to identify the repository on the repository list.
- Leave the defaults except change the URL to antivirus.nih.gov/4.x
- Select Ok twice.