From eScan Wiki
Revision as of 12:54, 11 October 2010 WikiSysop (Talk | contribs) ← Previous diff |
Current revision WikiSysop (Talk | contribs) |
||
Line 1: | Line 1: | ||
+ | {| class="wikitable" border="0" | ||
+ | |- | ||
+ | {| id="mp-topbanner" style="width:100%; background:#fcfcfc; margin-top:1.2em; border:1px solid #ccc;" | ||
+ | | style="width:10%; color:#000;" | | ||
+ | {| style="width:100px; border:none; background:none;" | ||
+ | | [[Image:escan-g.jpg]] | ||
+ | |} | ||
+ | |style="text-align:left;"|'''·''' [[Escan/english/FAQ-eScan|<font size=1.5 color="blue" align="left">eScan</font>]] '''·''' [[Escan/english/MailScan-AFT|<font size=1.5 color="blue">MailScan</font>]] '''·''' [[Escan/english/Technologies|<font size=1.5 color="blue">Technologies</font>]] | ||
+ | |style="text-align:right;"| '''·''' [[Technical Info|<font size=1.5 color="blue">Technical Info</font>]] '''·''' [[Escan/english/Security_Awareness|<font size=1.5 color="blue">Security Awareness</font>]] '''·''' [[User_Guides|<font size=1.5 color="blue">User Guides</font>]] | ||
+ | |} | ||
+ | |||
==<B><font size=3>Index</font><span id="topindex"></span></B>== | ==<B><font size=3>Index</font><span id="topindex"></span></B>== | ||
+ | |||
+ | <span class="plainlinks neverexpand"><div style="text-align: right;">[[Escan/english/eScan-FAQ |<font color=“blue”>Back to FAQs Main Page</font>]]</div></span><br/> | ||
==eScan Configuration== | ==eScan Configuration== | ||
Line 27: | Line 40: | ||
# [[#anchor23|<font color="blue">When I upgrade my eScan, after running the setup file, the progress bar gets stuck at 0% and does not move at all.What should I do?</font>]] | # [[#anchor23|<font color="blue">When I upgrade my eScan, after running the setup file, the progress bar gets stuck at 0% and does not move at all.What should I do?</font>]] | ||
# [[#anchor24|<font color="blue">How do I retrieve emails that has been quarantined by eScan inside the Quarantine Folder?</font>]] | # [[#anchor24|<font color="blue">How do I retrieve emails that has been quarantined by eScan inside the Quarantine Folder?</font>]] | ||
- | # [[#anchor25|<font color="blue">When the auto-update runs there is activity running on the WWW proxy in WinGate. It appears that eScan is trying to go to http://www.microworldsystems.com/sendinfo. Any idea why does auto update go to that URL?</font>]] | + | # [[#anchor25|<font color="blue">When the auto-update runs there is activity running on the WWW proxy in WinGate. It appears that eScan is trying to go to <span class="plainlinks neverexpand"> http://www.microworldsystems.com/sendinfo </span>. Any idea why does auto update go to that URL?</font>]] |
# [[#anchor26|<font color="blue">How do I deploy customized warning messages I have created on my eScan Server to all my eScan clients?</font>]] | # [[#anchor26|<font color="blue">How do I deploy customized warning messages I have created on my eScan Server to all my eScan clients?</font>]] | ||
# [[#anchor27|<font color="blue">I have installed eScan on my Laptop. Now my Laptop never does a clean shutdown. It just seems to wait indefinitely. What should I do? </font>]] | # [[#anchor27|<font color="blue">I have installed eScan on my Laptop. Now my Laptop never does a clean shutdown. It just seems to wait indefinitely. What should I do? </font>]] | ||
Line 61: | Line 74: | ||
# [[#anchor56|<font color="blue">How can I install eScan silently ? And also it should reboot automatically after completion of the installation </font>]]<br/> | # [[#anchor56|<font color="blue">How can I install eScan silently ? And also it should reboot automatically after completion of the installation </font>]]<br/> | ||
# [[#anchor57|<font color="blue">How to White-list a file blocked during proactive scanning?</font>]]<br/> | # [[#anchor57|<font color="blue">How to White-list a file blocked during proactive scanning?</font>]]<br/> | ||
+ | # [[#anchor58|<font color="blue">How to disable eScan Notification pop-up message when a spam / virus infected email /attachment has been detected by eScan Anti-Spam/Mail Antivirus module ?</font>]]<br/> | ||
+ | # [[#anchor59|<font color="blue">How to manually whitelist a Malware URL ?</font>]]<br/> | ||
+ | # [[#anchor60|<font color="blue">How can I deny RDP access of a server from any ip address?</font>]]<br/> | ||
+ | # [[#anchor61|<font color="blue">How can I allow RDP access to only specific ip address?</font>]]<br/> | ||
Line 119: | Line 136: | ||
<br/><br/>Below are the settings that is required to be configured on the client system:<br/><br/> | <br/><br/>Below are the settings that is required to be configured on the client system:<br/><br/> | ||
- | '''I)''' '''''For Windows 95 & Windows 98'''''<br/> | + | '''I)''' '''''For Win 2000 system''''', Only to set Administrator Password at eServ. <br/><br/> |
- | :Need to enable the "Remote administration" from the Control Panel >> Passwords section.<br/> | + | |
- | '''II)''' '''''For Win 2000 system''''', Only to set Administrator Password at eServ. <br/><br/> | + | '''II)''' '''''For Win XP PRO systems''''' <br/> |
- | + | ||
- | '''III)''' '''''For Win XP PRO systems''''' <br/> | + | |
:a)On the Windows XP Go to Control Panel - Administrative Tools - LocalSecurity Policy <br/> | :a)On the Windows XP Go to Control Panel - Administrative Tools - LocalSecurity Policy <br/> | ||
Line 134: | Line 148: | ||
- | '''IV)''' '''''For Win Xp Home:'''''<br/> | + | '''III)''' '''''For Win Xp Home:'''''<br/> |
:Mwagent should be installed on the PC.<br/> | :Mwagent should be installed on the PC.<br/> | ||
- | :Click here to download the [http://update1.mwti.net/download/tools/mwinsagent.exe MWAGENT]<br/> | + | :Click here to download the <span class="plainlinks neverexpand"> [http://update1.mwti.net/download/tools/mwinsagent.exe MWAGENT] </span><br/> |
- | '''V)''' '''''For Windows Vista & Windows 7'''''<br/> | + | '''IV)''' '''''For Windows Vista & Windows 7'''''<br/> |
:a) Goto Start->Run, type secpol.msc <br/> | :a) Goto Start->Run, type secpol.msc <br/> | ||
Line 214: | Line 228: | ||
e. Start Outlook<br/> | e. Start Outlook<br/> | ||
f. Send yourself an email with the .EML file(s) as an attachment.<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | f. Send yourself an email with the .EML file(s) as an attachment.<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | ||
- | <li>'''Also when the auto-update runs there is activity showing in the WWW proxy in WinGate. It appears that eScan is trying to go to http://www.microworldsystems.com/sendinfo. Any ideas why the auto update would try to go to that URL?'''<span id="anchor25"></span><br/><br/>'''Answer:'''<br/> | + | <li>'''Also when the auto-update runs there is activity showing in the WWW proxy in WinGate. It appears that eScan is trying to go to <span class="plainlinks neverexpand"> http://www.microworldsystems.com/sendinfo </span>. Any ideas why the auto update would try to go to that URL?'''<span id="anchor25"></span><br/><br/>'''Answer:'''<br/> |
- | http://www.microworldsystems.com/sendinfo/index.htm is a page which has the date and time of the last updated file.<br> | + | <span class="plainlinks neverexpand"> http://www.microworldsystems.com/sendinfo/index.htm </span >is a page which has the date and time of the last updated file.<br> |
MailScan Auto-Updater downloads this information after a scheduled interval to check whether new updates have arrived. Once MailScan gets this info, it then contacts one of the many FTP servers to download the latest update.<br> | MailScan Auto-Updater downloads this information after a scheduled interval to check whether new updates have arrived. Once MailScan gets this info, it then contacts one of the many FTP servers to download the latest update.<br> | ||
Line 323: | Line 337: | ||
:a) Open the eScan Protection Center,<br> | :a) Open the eScan Protection Center,<br> | ||
- | :b) Click on <B>Endpoint Security</B> feature in the <B>Protection</B> section and then click on the <B>Settings</B> options,<br> | + | :b) Click on <B>Endpoint Security</B> feature in the <B>Protection</B> section and then click on the <B>Settings</B> options,<br><br> |
- | + | [[Image:escanpro1.jpg|frame|center|100px]]<br> | |
- | + | ||
- | [[Image:escanpro1.JPG|frame|center|100px]]<br> | + | |
- | + | ||
:c) In the Endpoint Security Settings window, go to the <B>USB Control</B> tab. Check the <B>Enable USB Control</B> and then check the <B>Block USB Ports</B> | :c) In the Endpoint Security Settings window, go to the <B>USB Control</B> tab. Check the <B>Enable USB Control</B> and then check the <B>Block USB Ports</B> | ||
Line 342: | Line 353: | ||
:c. In the command prompt, go to windows folder (i.e. %windir%) and type<br> | :c. In the command prompt, go to windows folder (i.e. %windir%) and type<br> | ||
- | inst_tsp 2 2 <br> | + | ::'''inst_tsp 2 2''' <br> |
- | (refer to image)<br> | ||
- | [[Image:cmd-inst-tsp.JPG|frame|center|100px]]<br> | ||
+ | [[Image:cmd-inst-tsp.JPG|frame|center|100px]]<br> | ||
then type <br> | then type <br> | ||
- | inst_tspx 2 2<br> | + | ::'''inst_tspx 2 2''' <br> |
- | (refer to image)<br> | ||
[[Image:cmd-inst-tspx.JPG|frame|center|100px]]<br> | [[Image:cmd-inst-tspx.JPG|frame|center|100px]]<br> | ||
:d. Then rename the inst_tsp.exe to inst_tsp.old<br> | :d. Then rename the inst_tsp.exe to inst_tsp.old<br> | ||
- | (refer to image)<br> | ||
[[Image:ren-inst-tsp.JPG|frame|center|100px]]<br> | [[Image:ren-inst-tsp.JPG|frame|center|100px]]<br> | ||
- | and <br> | + | and then rename inst_tspx.exe to inst_tspx.old<br> |
- | then rename inst_tspx.exe to inst_tspx.old<br> | + | |
- | (refer to image)<br> | ||
[[Image:ren-inst-tspx.JPG|frame|center|100px]]<br> | [[Image:ren-inst-tspx.JPG|frame|center|100px]]<br> | ||
- | |||
:e. Restart the machine.<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | :e. Restart the machine.<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | ||
+ | <li>'''How do I remove Firewall driver without uninstalling eScan?'''<span id="anchor43"></span><br/><br/>'''Answer:'''<br/> | ||
+ | :a. Click on Start<br> | ||
+ | [[Image:run1.JPG|frame|center|100px]]<br> | ||
+ | |||
+ | :b. Click on Run. In the Run box type <B>cmd</B> and click on <B>OK</B><br> | ||
+ | [[Image:run-cmd.JPG|frame|center|100px]]<br> | ||
+ | |||
+ | :c. Go to eScan installed directory and execute the command <br> | ||
+ | ::'''snetcfg.exe -v -u nt_econceal''' <br> | ||
+ | [in Windows XP (64bit), Windows Vista and above] | ||
+ | ::'''snetcfg.Vista32.exe -v -u nt_econceal''' <br> | ||
+ | [in Windows XP (32 bit) and Windows 2003]<br> | ||
+ | |||
+ | [[Image:cmd-snetcfg.JPG|frame|center|100px]]<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | ||
+ | <li>'''How do I install Firewall driver?'''<span id="anchor44"></span><br/><br/>'''Answer:'''<br/> | ||
+ | :a. Click on Start<br> | ||
+ | [[Image:run1.JPG|frame|center|100px]]<br> | ||
+ | |||
+ | |||
+ | :b. Click on Run. In the Run box type <B>cmd</B> and click on <B>OK</B><br> | ||
+ | [[Image:run-cmd.JPG|frame|center|100px]]<br> | ||
+ | |||
+ | |||
+ | :c. Go to eScan installed directory and execute the command <br> | ||
+ | ::'''snetcfg.exe -v -l econceal.inf -m econceal_m.inf -c s -i nt_econceal''' <br>[in Windows XP (64bit), Windows Vista and above]<br> | ||
+ | ::'''snetcfg.Vista32.exe -v -l econceal.inf -m econceal_m.inf -c s -i nt_econceal''' <br> [in Windows XP (32 bit) and Windows 2003]<br><br> | ||
+ | [[Image:Cmd-snetcfg2.jpg|frame|center|50px]] <br><br> | ||
+ | :d. Restart the computer <br> | ||
+ | <br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | ||
+ | <li>'''What does the entry "deleteFlags" under mailscan.ini stands for in Microworld products.?'''<span id="anchor45"></span><br/><br/>'''Answer:'''<br/> | ||
+ | <br><br>Under MailScan.ini<br><br> | ||
+ | :*If deleteflags = 2 then it will delete SURBL related emails<br> | ||
+ | :*If deleteflags = 1 If tagged by bayesian filter it will delete those emails ( 2 +1 =3 means delete both type of emails )<br> | ||
+ | :*If deleteflags = 0 then it will quarantine the emails | ||
+ | <br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | ||
+ | <li>'''Can eScan take the backup of infected file before disinfecting it?'''<span id="anchor46"></span><br/><br/>'''Answer:'''<br/>'''Yes''', eScan can take backup of infected file before disinfecting it during Real Time Monitoring. The backup is stored and available for "Restore". | ||
+ | |||
+ | <br><br>To configure eScan Real Time monitor to enable Backup of infected files before Disinfection, <br><br> | ||
+ | :a. Open the eScan Protection Center<br> | ||
+ | :b. Go to File Antivirus and Click on Settings.<br> | ||
+ | :c. In the Objects tab, under <B>Actions in case of Virus Disinfection</B> expand <B>Disinfect</B> and check the <B>Make Backup File Before Disinfection</B>. Then apply the setting.<br> | ||
+ | |||
+ | |||
+ | <br><br>To access the infected backup file, please do the following:<br><br> | ||
+ | :a. Open the eScan Protection center <br> | ||
+ | :b. Go to File Antivirus and click on View Quarantine objects and go to the "Backup" tab.<br> | ||
+ | |||
+ | (On your hard drive it will be located under C:\Program Files\eScan\Infected in an encrypted format).<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | ||
+ | <li>'''Is there any utility to add multiple email ids in Auto-Spam White list in eScan? '''<span id="anchor47"></span><br/><br/>'''Answer:'''<br/>'''Yes'''. We have a utility called "vereml" which will import all the email ids in auto-spam whitelist. It is a command line utility, to use it you have to go to command prompt and then go to the location of this file and type vereml and press enter.<br> | ||
+ | This will give you all the parameters to import the users in auto-spam whitelist. <span class="plainlinks neverexpand">[http://download1.mwti.net/download/temp/vereml.exe Click here to download the VEREML UTILITY] </span><br> | ||
+ | (<B>NOTE:</B> Copy the VEREML utility to the \program files\eScan folder)<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | ||
+ | <li>'''A lot of disk space is occupied by eScan “FBackUp” folder in my Local Drive. What is the use and how can we stop this ?'''<span id="anchor48"></span><br/><br/>'''Answer:'''<br/> | ||
+ | FBackUp is a folder created by eScan, which is used to take auto-backup of clean files having extensions *.EXE, *.DLL, *.OCX, *.SYS, *.DRV, and *.CPL after scanning, these files are stored in an encrypted format. | ||
+ | |||
+ | |||
+ | <br><br>'''Configuring / Checking pre-requisite disk space for Auto-backup to function'''<br><br> | ||
+ | |||
+ | The eScan Auto-backup will first check for the minimum available space limit defined for a hard disk drive. If the minimum define space is available then only the Auto-backup will function, if not it will stop without notifying.<br> | ||
+ | |||
+ | <br><br>Below is the step from which one can define the space limit required for Auto Backup to work:-<br><br> | ||
+ | |||
+ | <br><br>First, Install the latest eScan hotfix. <span class="plainlinks neverexpand"> [http://update6.mwti.net/download/tools/espatch1.exe <B>Click here to download the eScan Hotfix</B>]</span><br/><br> | ||
+ | |||
+ | :a. Then, click on Start >> Programs >> eScan for Windows >> eScan Protection Center.<br/> | ||
+ | :b. Click on File Anti-virus >> Settings >> Options. Expand the option "Enable backup" and click on "Minimum disk space(MB)"<br/> | ||
+ | :c. The Default Value is 500 MB. Change the Value from 500 to any desired value.<br/> | ||
+ | :d. Click on "Apply" then on "OK"<br/> | ||
+ | |||
+ | '''Note:''' In above case when the hard disk drive has less than 500MB of free space, the Auto-Backup will stop.<br> | ||
+ | |||
+ | |||
+ | <br><br>'''How to stop Auto-backup Feature (FBackUp)'''<br><br> | ||
+ | |||
+ | To stop the Auto-Backup feature:<br><br> | ||
+ | |||
+ | :a. Click on Start >> Programs >> eScan for Windows >> eScan Protection Center,<br> | ||
+ | :b. Click on File Anti-virus >> Settings >> Options and UNCHECK the option "Enable backup",<br> | ||
+ | :c. Click on "Apply" then on "OK". | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | <br><br>'''How to change the location of Auto-Backup folder (FBackUp)'''<br><br> | ||
+ | |||
+ | To change the Auto-Backup folder path:<br><br> | ||
+ | |||
+ | :a. Click on Start >> Programs >> eScan for Windows >> eScan Protection Center<br> | ||
+ | :b. Click on Protection >> File Anti-Virus >> Settings >> Options<br> | ||
+ | :c. Expand the link “For quarantining of infected objects”<br> | ||
+ | :d. Double click “Use Folder name”<br> | ||
+ | :e. By Default the path is C:\Program Files\eScan\Infected. eScan will automatically create folder namde "FBackUp" in C:\Program Files\eScan\ and start storing the clean files.<br> | ||
+ | :f. Change this path to a different location. For example: If you select D:\Infected, then the "FBackUp" folder will automatically be created in D:\FBackUp<br> | ||
+ | :g. Any path given it will create "FBackup" in the root directory of the path given.<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | ||
+ | <li>'''How can I display IP address of client computers under "Normal View" in eScan Management Console?'''<span id="anchor49"></span><br/><br/>'''Answer:'''<br/> | ||
+ | :a. Open eScan Management Console >> Go to Services, click on "Stop Announcement' and then shutdown the eScan management console.<br> | ||
+ | :b. Go to C:\Program Files\eScan, open eupdate.ini >> Enter the following entry under [config] >> IpOnly=1 >> Save the changes. | ||
+ | :c. Rename the file DmainLst.ini to DmainLst.iniold<br> | ||
+ | :d. Delete all the folders under C:\PUB\LOG <br> | ||
+ | :e. Go to Start >> Programs>>eScan for Windows >> eScan Server >> Start the server announcement<br> | ||
+ | Once the eScan clients take the updates from the eScan server, the computers will be displayed as per their IP address under "Normal View"<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | ||
+ | <li>'''How can I configure my system to block eScan Popups?'''<span id="anchor50"></span><br/><br/>'''Answer:'''<br/>When eScan intercept a virus or downloads updates, it gives a popup. This might be sometimes annoying, for this reason, we have given a facility to block all popups. | ||
+ | |||
+ | |||
+ | <br><br>'''Configuring Popup Block:'''<br><br> | ||
+ | |||
+ | a. Run '''regedit.exe''', Go to<br> | ||
+ | |||
+ | HKEY_LOCAL_MACHINE\SOFTWARE\MicroWorld <br> | ||
+ | <div style="text-align: left;">[[Escan/english/eScan-FAQ/Microsoft-Windows#anchor1|<font color=“blue”>Click here to refer "How to start the windows registry editor"</font>]])</div><br> | ||
+ | |||
+ | b. On the right hand side, select the DWORD<br> | ||
+ | |||
+ | MWErrorMode = DWORD<br> | ||
+ | |||
+ | You can specify the below DWORD value to block the related popups.<br> | ||
+ | |||
+ | ::'''Stop all popup block = 1 (decimal)''' | ||
+ | ::'''Start all Web Protection popup = 2 (decimal)''' <br> - all other pop up will be stopped<br> | ||
+ | ::'''Start all Avpmtray popup = 4 (decimal)''' <br> - all other pop up will be stopped<br> | ||
+ | ::'''Start MailScan popup = 8 (decimal)''' <br> - all other pop up will be stopped<br> | ||
+ | ::'''Start License related popup = 16 (decimal)''' <br> - all other pop up will be stopped<br> | ||
+ | ::'''Start USB Popup = 32 (decimal)''' <br> - all other pop up will be stopped<br> | ||
+ | ::'''Start Firewall popup = 128 (decimal)''' <br> - all other pop up will be stopped<br> | ||
+ | ::'''Start trayicos popup = 256 (decimal)''' <br> - all other pop up will be stopped<br> | ||
+ | ::'''Start trayicoc popup = 512 (decimal)''' <br> - all other pop up will be stopped<br> | ||
+ | ::'''Start download.exe popup = 1024 (decimal)''' <br> - all other pop up will be stopped<br> | ||
+ | ::'''Start Application Control popup = 2048 (decimal)''' <br> - all other pop up will be stopped<br> | ||
+ | |||
+ | <br><br>'''Important Note:'''<br><br> | ||
+ | |||
+ | If you want to start two or more popups together, then you need to add all the values for it to work.<br> | ||
+ | |||
+ | For Example: Application Control popup value = '''2048''' & econceal firewall popup value = '''128''', then you have to add both of these values:<br/> '''2048 + 128 = 2176''' for Application Control popup and Firewall popup to work together.<br> | ||
+ | |||
+ | |||
+ | <br><br>'''Deploying from eScan Server to all clients:'''<br><br> | ||
+ | |||
+ | a. On the eScan server, export registry entry <br><br> | ||
+ | |||
+ | [HKEY_LOCAL_MACHINE\SOFTWARE\MicroWorld] <br> | ||
+ | |||
+ | as '''errormode.reg''' to the desktop.<br> | ||
+ | |||
+ | '''''(Ref: [[Escan/english/eScan-FAQ/Microsoft-Windows#anchor2 | FAQ - How to take the backup of windows registry?]])'''''<br><br> | ||
+ | |||
+ | b. Edit the '''errormode.reg''' with notepad. Only keep the following entries:<br> | ||
+ | |||
+ | Windows Registry Editor Version 5.00<br> | ||
+ | [HKEY_LOCAL_MACHINE\SOFTWARE\MicroWorld]<br> | ||
+ | "MWErrorMode"=DWORD:00000001<br> | ||
+ | |||
+ | '''Note:''' The data value of the MWErrorMode entry will depend upon the settings required<br/> | ||
+ | For Example: If you want to block all the pop-up except the USB pop-up, the value will be 20 (Hexadecimal) or 32 (Decimal).<br><br> | ||
+ | |||
+ | c. Copy this file in C:\pub\update folder of the eScan server.<br> | ||
+ | |||
+ | Now when the client computer takes the download from eScan server the '''errormode.reg''' will be downloaded and the changes will be applied to the eScan clients.<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | ||
+ | <li>'''How can I change the port settings for my eScan server and deploy it using the eScan management console (EMC)?'''<span id="anchor51"></span><br/><br/>'''Answer:'''<br/>The eScan Server mainly uses three ports: | ||
+ | |||
+ | :a. HTTP port - used to query for virus definition updates.<br> | ||
+ | :b. FTP port – used to deliver updates to client.<br> | ||
+ | :c. UDP port – used to broadcast announcement to its clients.<br> | ||
+ | |||
+ | '''Note:''' You can change the eScan Server HTTP and FTP port settings in EMC. <br> | ||
+ | |||
+ | |||
+ | |||
+ | <br><br>To change the port settings for eScan server<br><br> | ||
+ | |||
+ | :a. Open eScan Management Console >> Go to Services, click on "Stop Announcement' and then shutdown the eScan management console.<br> | ||
+ | :b. Open the file '''Eserv.ini''' from the location C:\Program Files\eScan<br> | ||
+ | :c. Find the entry for FTPPort=xxxx and HTTPPort=xxxx<br> | ||
+ | :d. Change the port entries to the new desired value and save the file.<br> | ||
+ | :e. Start the eScan Management console, by Clicking on Start >> Program files >> eScan for Windows >> eScan management console.<br> | ||
+ | |||
+ | |||
+ | |||
+ | One can deploy the port settings to the client.<br> | ||
+ | |||
+ | <br><br>To deploy the port settings use the below steps:<br><br> | ||
+ | |||
+ | :1. Open eScan Management Console >> Go to Services >> EMC settings >> check the box '''Enable Advanced Settings in ‘Deploy Rule – Sets’ wizard''', if it is unchecked, this will enable Advanced feature while deploying. Close the window once done.<br> | ||
+ | :2. Then click on Services >> Deploy Rule – Set >> Create New Policy >> click Advanced >> Check the box “eScan Auto-Updater Settings” >> click Edit >> Add <br> | ||
+ | :3. For HTTP host add the value <br> | ||
+ | <span class="plainlinks neverexpand"><font color="black">http://<eScan-Server-IP>:<New HTTP port number></font></span><br> | ||
+ | :Please note the Section & Keyname give in figure below must be selected.<br/> | ||
+ | |||
+ | | ||
+ | [[Image:HTTPHost.jpg|center]] | ||
+ | <br> | ||
+ | |||
+ | :4. For FTP host add the value <br> | ||
+ | <span class="plainlinks neverexpand"><font color="black">ftp://<eScan-Server-IP>:<New FTP port number></font></span><br> | ||
+ | :Please note the Section & Keyname give in figure below must be selected.<br/> | ||
+ | |||
+ | | ||
+ | [[Image:FTPHost.jpg|center]] | ||
+ | <br> | ||
+ | |||
+ | :5. Deploy these setting on all clients.<br> | ||
+ | |||
+ | :'''Note:''' If clients are not getting updates after changing the port on server, we need to deploy the setting as described above & force the clients to take updates with the features available in EMC.<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | ||
+ | <li>'''A vulnerability tool identifies MWAgent as a high security risk. It can be exploited to cause a stack-based buffer overflow via an overly long command sent to the service (default port 2222/tcp)?'''<span id="anchor52"></span><br/><br/>'''Answer:'''<br/>The vulnerability is caused due to a boundary error in the MicroWorld Agent service (MWAGENT.EXE) when decrypting received commands. This can be exploited to cause a stack-based buffer overflow via an overly long command sent to the service (default port 2222/tcp).<br> | ||
+ | This vulnerability has been resolved in the latest hotfix and version 9.0.178.1 and later. MWAGENT.EXE is a gateway between eScan client and server. To avoid this vulnerability, we are using encrypted data format.<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | ||
+ | <li>'''Can the tools menu be removed or disabled?'''<span id="anchor53"></span><br/><br/>'''Answer:'''<br/>'''Yes''', disable option under tools menu is available now. And can be enabled by doing following steps<br> | ||
+ | |||
+ | :a.Download the latest updates from the internet.<br> | ||
+ | |||
+ | :b.Then open my computer.<br> | ||
+ | |||
+ | :c.Go to c:\progra~1\escan\ folder<br> | ||
+ | |||
+ | :d.Then open eupdate.ini file using notepad or any editing tool.<br> | ||
+ | |||
+ | :e.Then under [Config] Section add following value.<br> | ||
+ | |||
+ | Disabletools=<br> | ||
+ | |||
+ | :f.Following are the values for each tool option to disable.<br> | ||
+ | |||
+ | 1 = To disable “System Information”<br> | ||
+ | 2 = To disable “Send Debug Information”<br> | ||
+ | 4 = To disable “Download Latest Hotfix (eScan).”<br> | ||
+ | 8 = To disable “Restore Windows Default Settings”<br> | ||
+ | 16= To disable “Download Latest Hotfix (Microsoft Windows OS)”<br> | ||
+ | 32= To disable “eScan Remote Support”<br> | ||
+ | |||
+ | You can add the values to disable multiple tools option e.g. if you want to disable “Send Debug Information” and “eScan Remote Support” then you will have to add 2 + 32 = 34.<br> | ||
+ | |||
+ | <br><br>You can deploy this option using eScan Management console, to do this follow the below steps:<br><br> | ||
+ | |||
+ | :a. Open eScan Management Console.<br> | ||
+ | |||
+ | :b. Click on “Services” Menu <br> | ||
+ | |||
+ | :c. Then click on “EMC Settings”<br> | ||
+ | |||
+ | :d. Tick mark on “Enable Advance settings in “Deploy Rule-sets” Wizard” and click on “OK”<br> | ||
+ | |||
+ | :e. Then again click on “Services” Menu.<br> | ||
+ | |||
+ | :f. Then click on “Deploy Rule-sets ”<br> | ||
+ | |||
+ | :g. Then click on “Create new policy”<br> | ||
+ | |||
+ | :h. Then click on “Advance” button and then<br> | ||
+ | |||
+ | :i. Then tick mark on “eScan Auto-Updater Settings” and then click on “Edit” button.<br> | ||
+ | |||
+ | |||
+ | [[Image:eupdate21.jpg|center]]<br> | ||
+ | |||
+ | |||
+ | [[Image:eupdate11.jpg|center]]<br> | ||
+ | |||
+ | |||
+ | :j. Select “Config” under Section tab and type “Disabletools” under keyname tab and under Value insert 34, Then click on “Add” button. And then click on Close and again click on close button. And then click on “OK” button.<br> | ||
+ | |||
+ | :k. Type the Policy name, once you type in the policy name “Next” button will get enable click on Next button to deploy the policy.<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | ||
+ | <li>'''After Installing eScan, users/recepients receive a notification emails with :'''<B>Subject: eScan found an email having Virus or objectionable content!<br/> | ||
+ | Email removed at the SMTP/POP3 Gateway for one of the following reasons.<br> | ||
+ | 1. It had a virus.<br> | ||
+ | 2. It had objectionable content.<br> | ||
+ | 3. The sender email-id was banned.<br> | ||
+ | 4. The email itself was corrupted.<br/> | ||
+ | |||
+ | We apologise for any inconvenience.</B> | ||
+ | <span id="anchor54"></span><br/><br/>'''Answer:'''<br/>This notification message received is by design in eScan. <br> | ||
+ | When a mail is downloaded by an application (a mail-client like outlook express), it is scanned by eScan at the Transport Layer of the OSI and then delivered to the mail-client. During the scanning process, if the mail has any Restricted Attachments / Viruses, it is either deleted or forwarded to the Administrator by eScan. Since the mail-client has initiated and established the connection to download the mails from the Mail server, it has to receive a mail to complete the connection session. Hence, eScan has to generate this notification to avoid the application from being crashed.<br> | ||
+ | A workaround to stop this message from being delivered to your INBOX, you can define a RULE-SET in the mail-clients that mails with the above subject should be deleted or moved to a predefines folder.<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | ||
+ | <li>'''Can we automate the installation of eScan Internet Security Suite?'''<span id="anchor55"></span><br/><br/>'''Answer:'''<br/>'''Yes'''. You can use usetup.exe to customize the installation option so that you can run unattended installations of eScan.<br> | ||
+ | For more information on the customization utility, please visit the <span class="plainlinks neverexpand">[http://www.escanav.com/english/content/partners/business_partners/escan_customization_kit.asp eScan Customization Kit] </span> page.<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | ||
+ | <li>'''How can I install eScan silently ? And also it should reboot automatically after completion of the installation.'''<span id="anchor56"></span><br/><br/>'''Answer:'''<br/>'''Yes'''. You can install eScan silently with the help of below mentioned parameters, which need to execute from the command prompt. <br> | ||
+ | |||
+ | |||
+ | <B><U>NOTE:</U></B> But this can '''ONLY''' be used with eScan Version 11 Setup file. <br> | ||
+ | |||
+ | |||
+ | * <B>/s</B> : <I>Silent installation</I><br> | ||
+ | |||
+ | [ For Silent installation of eScan setup, we can use parameter '''/s''' . ( eg:- '''iwn2k3ek.exe /s''' )]<br> | ||
+ | |||
+ | |||
+ | * <B>/Autoreboot=1</B> : <I>Auto reboot after installation without dialog box</I><br> | ||
+ | |||
+ | [ For Reboot without dialog box, parameter '''/Autoreboot=1''' can be used ( eg:- '''iwn2k3ek.exe /Autoreboot=1''' )]<br> | ||
+ | |||
+ | |||
+ | * <B>/dialog=0</B> : <I>Not to reboot automatically and not to display dialog box</I><br> | ||
+ | |||
+ | [ For not to reboot automatically and not to display dialog box too, parameter '''/dialog=0''' can be used <br> | ||
+ | ( eg:- '''iwn2k3ek.exe /dialog=0''' )]<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | ||
+ | <li>'''How to White-list a file blocked during proactive scanning?'''<span id="anchor57"></span><br/><br/>'''Answer:'''<br/>Proactive scanning is scanning of suspicious files that are in the process of execution, using an algorithm which checks for certain parameters and other details in the file. In the event when a file fails to pass the check, the file is assumed to be suspicious and is consequently blocked.<br> | ||
+ | |||
+ | <br><br>'''In order to white-list such a file, the following steps are to be followed:'''<br><br> | ||
+ | |||
+ | # Open the '''eScan Protection Center'''<br> | ||
+ | # Select the '''Endpoint Security''' module<br> | ||
+ | # Under '''Reports''' select '''View Report'''<br> | ||
+ | # In the '''Report for Endpoint Security''' window, look for entries with a '''red cross''' and the required filename under '''Application Name'''<br> | ||
+ | # Select the entry, '''right click''' and select '''Add to Whitelist'''<br> | ||
+ | |||
+ | |||
+ | The file has now been whitelisted and will not be blocked in future when attempt is made to run it.<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | ||
+ | <li>'''How to disable eScan Notification pop-up message when a spam / virus infected email /attachment has been detected by eScan Anti-Spam/Mail Antivirus module ?'''<span id="anchor58"></span><br/><br/>'''Answer:'''<br/>In order to disable the eScan Notification pop-up message for spam/infected emails, uncheck the “Show Alert Dialog Box” option in Virus Alerts section of Notification settings of Anti-Spam/Mail Antivirus modules respectively.<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | ||
+ | <li>'''How to manually whitelist a Malware URL ?'''<span id="anchor59"></span><br/><br/>'''Answer:'''<br/> | ||
+ | <br>There are two methods to whitelist Malware URL.<br> | ||
+ | <br>'''Method 1:'''<br> | ||
+ | |||
+ | '''1.''' Apply the latest hotfix.<br> | ||
+ | '''2.''' Reboot the machine<br> | ||
+ | '''3.''' Try to access the URL.<br> | ||
+ | '''4.''' You will get a pop-up, as '''Malware URL Blocked''' and below you will have a check box '''Add to Whitelist.'''<br> | ||
+ | '''5.''' Check the box '''Add to Whitelist''' to whitelist the specific URL.<br><br> | ||
+ | |||
+ | [[Image:urlblock.png|center]]<br> | ||
+ | |||
+ | <br>'''Method 2:'''<br> | ||
+ | |||
+ | '''1.''' Apply the latest hotfix.<br> | ||
+ | '''2.''' Reboot the machine<br> | ||
+ | '''3.''' Try to access the URL<br> | ||
+ | '''4.''' Then you can Whitelist the URL manually from the '''Protection center''' > '''File AV''' > '''View reports'''<br> | ||
+ | '''5.''' Right click and the click on '''Add to Whitelist.'''<br><br> | ||
+ | |||
+ | '''Please Note:''' This Feature is avialable with hotfix '''1.0.0.927''' and above.<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | ||
+ | <li>'''How can I deny RDP access of a server from any ip address?'''<span id="anchor60"></span><br/><br/>'''Answer:'''<br/> | ||
+ | <br>Follow the below mentioned steps:<br><br> | ||
+ | |||
+ | 1. Open the “eScan Protection center”.<br><br> | ||
+ | |||
+ | 2. Goto to Firewall, click on “Settings”.<br><br> | ||
+ | |||
+ | [[Image:fw2.jpg|center]]<br> | ||
+ | |||
+ | 3. Click on “Zone Rule”, Select the zone rule “Allow Local Network….” And click on the “Remove” button to remove the selected rule.<br> | ||
+ | |||
+ | [[Image:fw1.jpg|center]]<br> | ||
+ | |||
+ | 4. Click on the “Expert Rule” tab, select the “Remote Desktop (RDP)”, right click on the rule and click on “Enable Rule. Click on “Apply”.<br> | ||
+ | |||
+ | [[Image:fw3.jpg|center]]<br> | ||
+ | |||
+ | 5. Click on the “Expert Rule” tab, select the “Remote Desktop (RDP)”, right click on the rule and click on “Modify”.<br> | ||
+ | |||
+ | [[Image:fw4.jpg|center]]<br> | ||
+ | |||
+ | 6. Click on the “General” tab, select “Deny Packet”. Click “Ok. Then click on “Apply”<br> | ||
+ | |||
+ | [[Image:fw5.jpg|center]]<br> | ||
+ | |||
+ | 7. Click on the “Interactive Filter” mode, to put the firewall in the Interactive mode.<br> | ||
+ | |||
+ | [[Image:fw13.jpg|center]]<br> | ||
+ | |||
+ | These steps will deny RDP access of a server from all ip-addresses.<div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | ||
+ | <li>'''How can I allow RDP access to only specific ip address?'''<span id="anchor61"></span><br/><br/>'''Answer:'''<br/> | ||
+ | |||
+ | <br/>Follow the below mentioned steps:<br/><br> | ||
+ | |||
+ | 1. Open the “eScan Protection center”.<br><br> | ||
+ | |||
+ | 2. Goto to Firewall, click on “Settings”.<br><br> | ||
+ | |||
+ | [[Image:fw2.jpg|center]]<br> | ||
+ | |||
+ | 3. Click on “Zone Rule”, Select the zone rule “Allow Local Network….” And click on the “Remove” button to remove the selected rule.<br> | ||
+ | |||
+ | [[Image:fw1.jpg|center]]<br> | ||
+ | |||
+ | 4. Click on the “Expert Rule” tab, select the “Remote Desktop (RDP)”, right click on the rule and click on “Enable Rule. Click on “Apply”.<br> | ||
+ | |||
+ | [[Image:fw3.jpg|center]]<br> | ||
+ | |||
+ | 5. Click on the “Expert Rule” tab, select the “Remote Desktop (RDP)”, right click on the rule and click on “Modify”.<br> | ||
+ | |||
+ | [[Image:fw4.jpg|center]]<br> | ||
+ | |||
+ | 6. Click on the “General” tab, select “Deny Packet”. Click “Ok. Then click on “Apply”<br> | ||
+ | |||
+ | [[Image:fw5.jpg|center]]<br> | ||
+ | |||
+ | 7. Click on Settings, click on “Expert Rule”, click on the “Add” button.<br/> | ||
+ | |||
+ | [[Image:fw6.jpg|center]]<br> | ||
+ | |||
+ | 8. In the New window, click the “General” tab, add a name for the rule, select “Permit Packet”, select the protocol to be “TCP”.<br/> | ||
+ | |||
+ | [[Image:fw7.jpg|center]]<br> | ||
+ | |||
+ | 9. Select the “Source” tab, select the “Single IP address” and enter the ip address which needs to be allowed the RDP connection. In the “Source Port” select “Any”.<br/> | ||
+ | |||
+ | [[Image:fw8.jpg|center]]<br> | ||
+ | |||
+ | 10. Click the “Destination” tab, select “My computer” under “Destination IP address”. In the “Destination Port” select “Single Port” and add the port number as 3389. Click on ”OK”<br/> | ||
+ | |||
+ | [[Image:fw9.jpg|center]]<br> | ||
+ | |||
+ | 11. A new rule will be added as seen, click on the rule and click on the move up arrow. And move the new rule above the “Remote Desktop(RDP)” rule and click on “Apply” and then “OK”.<br/> | ||
+ | |||
+ | [[Image:fw11.jpg|center]]<br> | ||
+ | |||
+ | [[Image:fw12.jpg|center]]<br> | ||
+ | |||
+ | 12. Click on the “Interactive Filter” mode, to put the firewall in the Interactive mode.<br/> | ||
+ | |||
+ | [[Image:fw13.jpg|center]]<br> | ||
+ | |||
+ | These steps allow RDP access to only said ip address.<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ------------- | ||
+ | |||
+ | <span class="plainlinks neverexpand"><div style="text-align: right;">[[Escan/english/eScan-FAQ |<font color=“blue”>Back to FAQs Main Page</font>]]</div></span><br/> |
Current revision
| · eScan · MailScan · Technologies | · Technical Info · Security Awareness · User Guides |
Index
eScan Configuration
- What is Rule-Set?
- How does Rule-Set gets updated?
- Can I manually configure Rule-Set to meet my requirement?
- Can I install eScan on a Standalone PC?
- Is there more than one type of eScan?
- Can I install eScan on any version of Windows?
- Can any PC be configured as eScan Server?
- What are the requirements for eScan Server?
- Do I need a dedicated system for eScan Server?
- What is the Pre-requisite before deploying eScan installation / Rule-Set on client system from eScan Management Console?
- Do I need to define the Server's IP Address on the eScan Client?
- If I change the IP Address of my eScan Server or in case I change my eScan Server, do I need to re-configure all the eScan clients with the eScan Server's new IP Address?
- Can I have multiple eScan Server? If Yes, How?
- Can I configure two eScan Servers as Master, for redundancy?
- Can I restrict the user from disabling eScan? If Yes, how?
- While installing eScan do I have to change any settings in my email client?
- Are there any compatibility issues with MS-MWL?
- Can eScan be deployed over the network using the Microsoft Management Console (MMC)?
- I have installed eScan and due to some problem, I had to uninstall it. But now I am unable to browse the Internet and do other Internet activities. How can I restore my computer back to normal?
- After installing eScan, I am unable to browse the Network Neighbourhood.What could be wrong?
- When I have more than 250-300 eScan clients connected to my eScan Server, the CPU utilization goes upto 100%?
- On eScan Clients, I want to change the Mail-Server IP number to which warning messages should be sent. How can I do it from eScan Server?
- When I upgrade my eScan, after running the setup file, the progress bar gets stuck at 0% and does not move at all.What should I do?
- How do I retrieve emails that has been quarantined by eScan inside the Quarantine Folder?
- When the auto-update runs there is activity running on the WWW proxy in WinGate. It appears that eScan is trying to go to . Any idea why does auto update go to that URL?
- How do I deploy customized warning messages I have created on my eScan Server to all my eScan clients?
- I have installed eScan on my Laptop. Now my Laptop never does a clean shutdown. It just seems to wait indefinitely. What should I do?
- Client is using Novell Netware 4.11. All email comes in through Wingate Proxy Server located on Windows 2000 Professional system. If the workstations are protected with eScan and the email server is also protected, does the Netware Server needs a scanner for viruses?
- I had a customer reporting that with eScan installed, his XP machine was constantly crashing (BSOD) with an error referencing avkfilt.sys.All other XP machines on the network, running the same version of eScan, were experiencing no problems! What could be the possible remedy?
- I have installed eScan on my machine. But it does not scan emails sent using Outlook Express. What could be the problem? I use Microsoft Proxy Client to access my Mail Server.?
- I have installed ZoneAlarm Firewall. After installing eScan,I keep getting messages from ZoneAlarm about download.exe, trayicos.exe, etc. trying to connect to Internet. What should I do?
- Can I have multiple Anti-Virus softwares / programs running on my PC simultaneously?
- During installation of eScan,it asks me for a reboot. After rebooting, the installation continues, again asking me for a reboot.What should I do?
- I have installed eScan on my Windows 2000 computer. When I login as an Administrator, everything works fine. But if I login as an ordinary user, my mails and web stop working. What should I do?
- I have installed eScan on my Windows XP Pro. When I log in as an administrator, all functions work fine. But if I login as a normal user, Outlook and other Net related functions stop working! What should be done?
- Are there any incompatibility issues between Zone Alarm Basic and eScan/MailScan?
- My eScan clients are unable to recognize the eScan Server. The Server does make proper announcements and no errors are logged too. What should be done?
- Can I scan my network drives from one PC?
- Can I manually install eScan Corporate as a client using the setup file cwn2k3ek.exe without being prompted for the default mode message "Do you want to make this System as eScan Server?
- While deploying Rule-Set on the client system with the Merge Option selected from eScan Management Console, the Rule-Set does not merge with the existing rules on the client. How does the Merge Option work?
- How can I block an USB drive access in eScan version 10?
- After installing eScan on Windows 2008 64 Bit Edition, DNS, ADS does not work and are not able to connect to internet or LAN?
- How do I remove Firewall driver without uninstalling eScan?
- How do I install Firewall driver?
- What does the entry deleteflags does under MailScan.ini?
- Can eScan take backup of infected files before disinfecting it?
- Is there any utility to add multiple email IDs in eScan Auto-Spam Whitelist?
- A lot of disk space is occupied by eScan FBackUp folder in my Local Drive. What is the use and how can we configure it?
- How can I display IP Address of client computers under "Normal View" in eScan Management Console?
- How can I configure my system to block eScan Popups?
- How can I change the port settings for my eScan server and deploy it using the eScan management console (EMC)?
- A vulnerability tool identifies MWAgent as a high security risk. It can be exploited to cause a stack-based buffer overflow via an overly long
command sent to the service (default port 2222/tcp)?
- Can the tools menu be removed or disabled?
- After Installing eScan, users/recepients start receiving the notification emails with "Subject: eScan found an email having Virus or objectionable content!?"
- Can we automate the installation of eScan Internet Security Suite?
- How can I install eScan silently ? And also it should reboot automatically after completion of the installation
- How to White-list a file blocked during proactive scanning?
- How to disable eScan Notification pop-up message when a spam / virus infected email /attachment has been detected by eScan Anti-Spam/Mail Antivirus module ?
- How to manually whitelist a Malware URL ?
- How can I deny RDP access of a server from any ip address?
- How can I allow RDP access to only specific ip address?
- What is Rule-Set?
Answer:
Rule-Set are set of rules defined within eScan.
For Example:
If you define a rule that any file with the name KAK.HTA should be deleted.
eScan will detect this file and if found will delete it.
- How does Rule-Set gets updated?
Answer:
Whenever we confirm the existence of a new Virus (or a Worm, etc) in the form of a standard filename, we update the Rule-Set on the Internet Server. So, when eScan connects to Internet to download the latest updates, it even updates the Rule-Set. - Can I manually configure Rule-Set to meet my requirement?
Answer:
Yes, you can configure the Rule-Set to meet your requirement. - Can I install eScan on a Standalone PC?
Answer:
Yes. For this, you need to install Professional Edition of eScan (version 9) or eScan SOHO/Home Edition rather than the Corporate Edition / Enterprise (version 9 or 10) or SMB/SME edition (version 10). - Is there more than one type of eScan?
Answer:
Below are the editions of eScan:
Version 10
- eScan SOHO/Home edition
- This edition is designed for standalone platforms (eg at home)
- eScan SMB/SME edition
- This edition is designed for Small and Medium Business organizations.
- eScan Corporate/Enterprise edition
- This edition is designed for Large organizations.</I>
- eScan Pro
- This edition is designed for standalone platforms (eg at home)
- eScan Corporate
- This edition is designed for networked platforms, and includes the `eServ' Central Management Console.
- eScan Enterprise
- This edition is designed to protect entire Networks and incorporates both the 'eServ' Central Management Console and various editions of 'MailScan'.
- eScan VC (Virus Control)
- eScan VC has only the Virus Control features. It does not have Content-Analyzing features.
- eScan SOHO/Home edition
- Can I install eScan on any version of Windows?
Answer:
Yes. In fact, eScan version 9 is available for the DOS and Win3.1 platforms, as well as Win95, Win98, Win98SE, WinME, WinNt 4.0 Workstation / Server, Win2000 Pro / Server / Datacenter Server and Windows XP Platforms.
While eScan version 10 is available for Windows 2000 (SP4), Windows XP Home/Professional, Windows XP 64-bit, Windows Vista Ultimate/Home Premium, Windows Vista Home, Basic/Business/Enterprise. Support for 98/ME/NT, will be provided soon.</I>
- Can any PC be configured as the eScan Server?
Answer:
Yes. You can configure any PC as the eScan Server provided that PC has access to the Internet. - What are the requirements for eScan Server?
Answer:
For eScan to be installed in Server mode, you will need a PC which has Internet connectivity. - If I make one PC as eScan Server, can I work on that PC? Does it need to be a dedicated PC?
Answer:
The eScan Server does not require a dedicated PC. You can use the eScan Server for other duties and run other applications without any problems. - What is the pre-requisite before deploying eScan installation / rule-sets on client systems from the eScan Management Console?
Answer:
Below are the settings that is required to be configured on the client system:
I) For Win 2000 system, Only to set Administrator Password at eServ.
II) For Win XP PRO systems
- a)On the Windows XP Go to Control Panel - Administrative Tools - LocalSecurity Policy
- b)Click on Local Policies - Security Options
- c)On the Right hand Side Double click the option "Network Access: Sharing and Security Model for Local accounts"
- d)Change the default mode to "Classic - Local user authenticate as themselves.
- e)Change the value of the entry, "Accounts: Limit local account use of blank passwords to console logon only" to "Disabled".
- f)And if fireWall is enabled we need to Allow "File and Printer Sharing" option in "Exceptions" Section of Firewall.
- Mwagent should be installed on the PC.
- Click here to download the
- a) Goto Start->Run, type secpol.msc
- b) Click on Local Policies - Security Options
- c) On the Right hand Side Double click the option "Network Access: Sharing and Security Model for Local accounts"
- d) Change the default mode to "Classic - Local user authenticate as themselves.
- e) Change the value of the entry, "Accounts: Limit local account use of blank passwords to console logon only" to "Disabled".
- f) And if fireWall is enabled we need to Allow "File and Printer Sharing" option in "Exceptions" Section of Firewall.
- g) Right click on My Computer -> Manage -> Local Users and Groups -> Users
- h) On the right hand side double click the account "Administrator"
- i) Uncheck Password never expires and Account is disabled -> ok
- j) Right click on the account "Administrator" -> set password -> proceed -> new password -> confirm password -> ok
- a)On the Windows XP Go to Control Panel - Administrative Tools - LocalSecurity Policy
- Do I need to define the Server's IP address on the eScan Client?
Answer:
No. The eScan server has an announcement mechanism wherein it broadcasts its availability over the network. All the eScan clients will listen to this broadcast & update themselves with the eScan Server's IP address. - If I change the IP address of my eScan Server or in case I change my eScan Server, do I need to re-configure all the Clients with the eScan Server's new IP address?
Answer:
No. Since the eScan Server will now broadcast its new IP address, all eScan clients will automatically sense this change & will accordingly update their configuration files. - Can I have multiple eScan Servers? If Yes, Why?
Answer:
Yes, you can have multiple eScan Servers. We recommend you to have at least two (2) eScan Servers since, in case one goes down, the other will take care of the eScan clients.
This provides redundancy and additional protection for your network. - Can I configure two eScan Servers as Masters, for redundancy?
Answer:
Yes. You can do that. In this case, both eScan Master Servers will announce on different ports & eScan clients will attach themselves to the Server whose announcement they get first. - Can I restrict the user from disabling eScan? If Yes, how?
Answer:
Yes, you can.
At the time of installation eScan prompts for "Should user be given the option to disable background monitoring". If you select NO, it won't allow the user to make any changes or disable eScan. - While installing eScan do I have to change any settings in my email clients?
Answer:
No. - Are there any compatibility issues with MS-MWL?
Answer:
- a) We are currently in the process of resolving certain issues with Lotus notes R4.6 & SendMail NT. This work is expected to be completed shortly and an appropriate product update will be issued ASAP.
- b) We have also identified an issue for platforms running Novell Client/32 with WinSock 2 - they do not seem to interoperate. We are still seeking to resolve this issue.
- a) We are currently in the process of resolving certain issues with Lotus notes R4.6 & SendMail NT. This work is expected to be completed shortly and an appropriate product update will be issued ASAP.
- Can eScan be deployed over the network using the Microsoft Management Console (MMC)?
Answer:
This is not been tested so far. The FAQ will be updated as soon as the testing is complete. - I have installed eScan & because of some problem, I had to uninstall it. But I am unable to browse the Internet & do other Internet activities! How should I bring my computer back to normal?
Answer:
Click on Start >> run
and type INST_TSP 2 & press OK. Restart the machine & you should be able to browse the Internet. - After installing eScan, I am unable to browse the Network Neighbourhood! What could be wrong?
Answer:
Run regedit.exe, Goto
HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LanmanServer\\Parameters
Set the value of
IRPStackSize (DWORD) to 12 (hexadecimal 0x0C).
After the setting is done, reboot your machine. This should solve your problem. - When I have more than 250-300 eScan clients connected to my eScan Server, the CPU utilization goes upto 100%!
Answer:
We recommend eScan Server PC to have atleast 512MB RAM for heavy loads (upwards of 500 clients) and pagefile size should be double your RAM. Please make necessary modifications and then check.
Alternate:
- If the 100% problem still persists, do the follow
- A. Close eServ Application
- A. Close eServ Application
- B. Edit the ESERV.INI file and set FTPMaxClients=2
- B. Edit the ESERV.INI file and set FTPMaxClients=2
- C. Start eServ.
- C. Start eServ.
- D. When the eServ reaches 100%, kill the eServ application (Using Task Manager).
- D. When the eServ reaches 100%, kill the eServ application (Using Task Manager).
- E. Check your eServ.LOG file
- E. Check your eServ.LOG file
- F. See which machine last connected to the eServ application (Every machine that connects to eServ for FTP download of updates, will have two entries in eServ.LOG. First entry will be "FTP Connection initiated from x.x.x.x" and a corresponding "FTP Connection terminated from x.x.x.x". The last machine whose connection was initiated BUT NOT terminated, might be causing the problem). Note down this IP number.
- F. See which machine last connected to the eServ application (Every machine that connects to eServ for FTP download of updates, will have two entries in eServ.LOG. First entry will be "FTP Connection initiated from x.x.x.x" and a corresponding "FTP Connection terminated from x.x.x.x". The last machine whose connection was initiated BUT NOT terminated, might be causing the problem). Note down this IP number.
- G. Edit eServ.INI file & set FTPConnectionsDisallowedFromIP = <this IP number> (this is comma separated list).
- G. Edit eServ.INI file & set FTPConnectionsDisallowedFromIP = <this IP number> (this is comma separated list).
- H. Restart eServ.exe
- H. Restart eServ.exe
- If the 100% problem still persists, do the follow
- On eScan Clients, I want to change the Mail-Server IP number to which warning messages should be sent. How do I do it from the eScan Server?
Answer:
Run eScan Content Administrator- Click on Scanner Administration - Port Configuration (...)
- Put the desired SMTP address in the field
"Warnings to SMTP Server"
- Save and exit out of eScan Content Administrator.
- Double-click on eScan Management Console (eServ)
- Click on Services - Deploy Rule-Sets.
- Click on MailScan Settings - Click on Deploy.
- Click on Scanner Administration - Port Configuration (...)
- When I upgrade my eScan, after running the setup file, the progress bar gets stuck at 0% & doesn't move at all!What could be done?
Answer:
In the eScan directory, you will find a file LOADED.SEM. Try deleting this file & then running the setup file. - How do I retrieve any of the emails that has been quarantined by eScan inside the Quarantine Folder?
Answer:
Go to the eScan Quarantine Folder.
a. Identify the eMail you want by checking the MSG files.
b. Rename the required .MSG file(s) to .EML
c. Disable eScan eMail Scanning facility (right-click on eScan icon in task-tray and click on disable email scan).
e. Start Outlook
f. Send yourself an email with the .EML file(s) as an attachment. - Also when the auto-update runs there is activity showing in the WWW proxy in WinGate. It appears that eScan is trying to go to
Answer:
is a page which has the date and time of the last updated file.
MailScan Auto-Updater downloads this information after a scheduled interval to check whether new updates have arrived. Once MailScan gets this info, it then contacts one of the many FTP servers to download the latest update.
Microworld's FTP server is the first FTP-server to get updated.Updates are mirrored to all other FTP servers from our server.
If you disable Automatic Updates, the access to sendinfo will stop.
NOTE: This will happen only in eScan version 9. . Any ideas why the auto update would try to go to that URL? - How do I deploy the customised warning messages I have created on my eScan Server to all my eScan clients?
Answer:
From the DOS prompt go to MailScan Folder.
Copy *.SND to C:\PUB\UPDATE
When eScan clients update, they will also take the Warning Message Template from the eScan Server. - I have installed eScan on my Laptops. Now my Laptop never does a clean shutdown! It just seems to wait indefinitely.What could be done?
Answer:
When you shutdown your machine, eScan checks your floppy drive to see if a floppy has been accidently left & if so, checks the floppy's boot-sector for viruses. This check could be causing the problem.
To disable the check, go to eScan folder, edit the eupdate.ini file, set CheckFloppyOnReboot=0 and reset the PC after saving the file. This should solve your problem. - Client is using Novell Netware 4.11. All email comes in through Wingate proxy server located on Windows 2000 PRO system. If the workstations are protected with escan and the email server is protected does the netware server need a scanner for viruses?
Answer:
Netware Server does not need a scanner for Viruses. Install MailScan for Mail Servers on your Wingate Server and install eScan on the Workstations. This will ensure that all your Mails are scanned for Viruses and Virus does not enter your network.
You do not require a Scanner on the Netware Server. You can always scan the Netware volumes from the Workstations having eScan.Just map netware volume on the Workstation and scan these drives thru eScan. - I had a customer reporting that with eScan installed, his XP machine was constantly crashing (BSOD) with an error referencing avkfilt.sys. All other XP machines on the network, running the same version of eScan, were experiencing no problems! What could be the possible remedy?
Answer:
Turn off the Alerter service within the Window's services. This should solve your problem. - I have installed eScan on my machine. But it does not scan emails sent using my Outlook Express! What could be the problem? I use Microsoft Proxy Client to access my Mail Server.
Answer:
If you are using the Microsoft Proxy Client on your PC, do the following:
- a. Uninstall Microsoft Proxy Client.
- b. Uninstall eScan.
- c. Reboot the PC
- d. Install Microsoft Proxy Client
- e. Install eScan.
- a. Uninstall Microsoft Proxy Client.
- I have the ZoneAlarm Firewall installed. After installing eScan, I keep gettings messages from ZoneAlarm about download.exe,trayicos.exe, etc. trying to connect to the Internet! What should I do?
Answer:
Please exclude the following executables from inside ZoneAlarm:
- a. SPOOLER.EXE
- b. TRAYICOS.EXE
- c. TRAYICOC.EXE
- d. DOWNLOAD.EXE
- e. TRAYICO.EXE
- f. SMTPSEND.EXE
- a. SPOOLER.EXE
- Can I have multiple anti-virus softwares / programs running on my PC simultaneously?
Answer:
No. Two simultaneous antivirus softwares on the same PC can cause System Crashes, data loss and/or freezing. So please uninstall any anti-virus you already have installed, before installing eScan. - After installation of eScan, it asks me for a reboot. After reboot,the installation continues, but it yet again asks me for a reboot!!!How should I get over this problem?
Answer:
This happens because of incomplete eScan installation or improper uninstallation of an earlier version of eScan.
To overcome this problem, do the following:
- When eScan asks for reboot, *do not* click on Yes or No.
- Come to the MSDOS prompt, change directory to the eScan\TEMP folder and
- run the command "AVKWCTL /unregserver". Exit out of command prompt & then click on Yes (for the question "reboot to continue installation?").
- When eScan asks for reboot, *do not* click on Yes or No.
- I have installed eScan on my Windows 2000 computer. When I login as an Administrator, everything works fine. But if I login as an ordinary user, my mails & web stop working! What could be the problem?
Answer:
Please give full rights to everyone for the eScan folder and read access to the WINNT\System32 folder. This should resolve the issue. - I have installed eScan on my Windows XP Pro. When I log in as an administrator, all functions work fine. But if I login as a normal user, Outlook and other Net related functions stop working! What should be done?
Answer:
For eScan to function properly when normal users are logged on, you need to give proper access rights for the eScan folder.
Please follow the following step-by-step approach & the problem should be solved.
- a. Go to Start--> Control panel--> Folder Options
- b. Go to View tab UNCHECK the "Use Simple File Sharing" Option & Close.
- c. Go to Windows Explorer
- d. Right Click on the eScan Folder & select Properties &/OR Share & Security Option.
- e. Select Security Tab on top
- f. You need to add the user or the group in "Group Or User Names:" Window.
- g. To do so select Add --> Advanced --> Find Now.
- h. Select the user from the list given below & Click on "OK" button.
- i. Now Highlight the User Just added & Check the Full Control Option in the permission list window.
- a. Go to Start--> Control panel--> Folder Options
- Are there any incompatibility issues between Zone Alarm Basic and eScan/MailScan?
Answer:
Yes. Few have been reported. To remove any incompatibilities,please install eScan/MailScan first & then install Zone Alarm. - My eScan clients are unable to recognize the eScan Server! The Server does make proper announcements & no errors are logged too. What should be done?
Answer:
Please check if you have some Software package like Norton Internet Security/ or Zone Alarm or similar softwares / products installed. These softwares stop UDP broadcast on ports being used by eScan Server and also stop eScan Server from acting like an FTP/HTTP server.
Add eServ.exe to the exclude list of NIS/ZA or if this is not possible, instruct these softwares / products to allow communication on default eScan ports of 2001, 3333 and 2021. - Can I scan my network drives from one PC?
Answer:
Yes. But, for this, you need to map the network drives. - Can I manually install eScan Corporate as a client using the setup file cwn2k3ek.exe without being prompted for the default mode message i.e. "Do you want to make this System as the eScan Server?"
Answer:
Yes. You can install eScan Corporate as a client using the setup file cwn2k3ek.exe without the default message being displayed during the installation.
To directly install eScan Corporate as an eScan client without being prompted for the default mode "Do you want to make this System as the eScan Server?" message, rename the setup file cwn2k3ek.exe as client.exe. When you execute the client.exe, the setup will be installed as eScan client directly.
Similarly, if you want to install eScan Corporate as an eScan Server without being prompted for the default mode "Do you want to make this System as the eScan Server?" message, rename the file cwn2k3ek.exe as server.exe. When you execute the server.exe, the setup will be installed as eScan server directly. - While deploying rule set on the client system with the Merge Option selected from the eScan Management Console, the rule sets does not merge with the existing rules on the clients. How does the Merge Option work?
Answer:
While deploying rule set using EMC if Merge option is selected, then only following files will be merged, apart from these files no other feature gets merged.
Anti-Spam
- a. Phrases.txt
MWL Exclusion List
- b. Exclude.dat
MWL Inclusion List
- c. Include.dat
Web Protection
- d. Groups.TXT
- e. KidsGro.txt
- f. TeenagerGro.TXT
- g. AdolescentGro.TXT
- h. AdultGro.TXT
- i. Popup_WhiteList.txt
All files in Groups folder
- alcohol.txt/alcohol.def
- chat.txt/chat.def
- content_allowed.txt/content_allowed.def
- drugs.txt/drugs.def
- gambling.txt/gambling.def
- keywords_allowed.txt/keywords_allowed.def
- popup_whitelist.txt/popup_whitelist.def
- Pornography.txt/Pornography.def
- ratings_block_category.txt/ratings_block_category.def
- srchengn.txt/srchengn.def
- violence.txt/violence.def
- websites_allowed.txt/websites_allowed.def
- How can I block an USB drive access completely in eScan version 10?
Answer:
To block an USB drive access completely follow the below steps:
- a) Open the eScan Protection Center,
- b) Click on Endpoint Security feature in the Protection section and then click on the Settings options,
- c) In the Endpoint Security Settings window, go to the USB Control tab. Check the Enable USB Control and then check the Block USB Ports
- d) To save the settings, click on the Apply and then the OK button.
- a) Open the eScan Protection Center,
- After installing eScan on Windows 2008 64 bit edition, DNS, ADS doesn't work and also not able to connect to internet or LAN?
Answer:
- a. Click on Start
- b. Click on Run. In the Run box type cmd and click on OK
- c. In the command prompt, go to windows folder (i.e. %windir%) and type
- inst_tsp 2 2
- inst_tsp 2 2
then type
- inst_tspx 2 2
- inst_tspx 2 2
- d. Then rename the inst_tsp.exe to inst_tsp.old
and then rename inst_tspx.exe to inst_tspx.old
- e. Restart the machine.
- a. Click on Start
- How do I remove Firewall driver without uninstalling eScan?
Answer:
- a. Click on Start
- b. Click on Run. In the Run box type cmd and click on OK
- c. Go to eScan installed directory and execute the command
- snetcfg.exe -v -u nt_econceal
- snetcfg.exe -v -u nt_econceal
[in Windows XP (64bit), Windows Vista and above]
- snetcfg.Vista32.exe -v -u nt_econceal
- snetcfg.Vista32.exe -v -u nt_econceal
[in Windows XP (32 bit) and Windows 2003]
- a. Click on Start
- How do I install Firewall driver?
Answer:
- a. Click on Start
- b. Click on Run. In the Run box type cmd and click on OK
- c. Go to eScan installed directory and execute the command
- snetcfg.exe -v -l econceal.inf -m econceal_m.inf -c s -i nt_econceal
[in Windows XP (64bit), Windows Vista and above]
- snetcfg.Vista32.exe -v -l econceal.inf -m econceal_m.inf -c s -i nt_econceal
[in Windows XP (32 bit) and Windows 2003]
- snetcfg.exe -v -l econceal.inf -m econceal_m.inf -c s -i nt_econceal
- d. Restart the computer
- a. Click on Start
- What does the entry "deleteFlags" under mailscan.ini stands for in Microworld products.?
Answer:
Under MailScan.ini
- If deleteflags = 2 then it will delete SURBL related emails
- If deleteflags = 1 If tagged by bayesian filter it will delete those emails ( 2 +1 =3 means delete both type of emails )
- If deleteflags = 0 then it will quarantine the emails
- If deleteflags = 2 then it will delete SURBL related emails
- Can eScan take the backup of infected file before disinfecting it?
Answer:
Yes, eScan can take backup of infected file before disinfecting it during Real Time Monitoring. The backup is stored and available for "Restore".
To configure eScan Real Time monitor to enable Backup of infected files before Disinfection,
- a. Open the eScan Protection Center
- b. Go to File Antivirus and Click on Settings.
- c. In the Objects tab, under Actions in case of Virus Disinfection expand Disinfect and check the Make Backup File Before Disinfection. Then apply the setting.
To access the infected backup file, please do the following:
- a. Open the eScan Protection center
- b. Go to File Antivirus and click on View Quarantine objects and go to the "Backup" tab.
- a. Open the eScan Protection Center
- Is there any utility to add multiple email ids in Auto-Spam White list in eScan?
Answer:
Yes. We have a utility called "vereml" which will import all the email ids in auto-spam whitelist. It is a command line utility, to use it you have to go to command prompt and then go to the location of this file and type vereml and press enter.
This will give you all the parameters to import the users in auto-spam whitelist.
(NOTE: Copy the VEREML utility to the \program files\eScan folder) - A lot of disk space is occupied by eScan “FBackUp” folder in my Local Drive. What is the use and how can we stop this ?
Answer:
FBackUp is a folder created by eScan, which is used to take auto-backup of clean files having extensions *.EXE, *.DLL, *.OCX, *.SYS, *.DRV, and *.CPL after scanning, these files are stored in an encrypted format.
Configuring / Checking pre-requisite disk space for Auto-backup to function
The eScan Auto-backup will first check for the minimum available space limit defined for a hard disk drive. If the minimum define space is available then only the Auto-backup will function, if not it will stop without notifying.
Below is the step from which one can define the space limit required for Auto Backup to work:-
First, Install the latest eScan hotfix.
- a. Then, click on Start >> Programs >> eScan for Windows >> eScan Protection Center.
- b. Click on File Anti-virus >> Settings >> Options. Expand the option "Enable backup" and click on "Minimum disk space(MB)"
- c. The Default Value is 500 MB. Change the Value from 500 to any desired value.
- d. Click on "Apply" then on "OK"
How to stop Auto-backup Feature (FBackUp)
To stop the Auto-Backup feature:
- a. Click on Start >> Programs >> eScan for Windows >> eScan Protection Center,
- b. Click on File Anti-virus >> Settings >> Options and UNCHECK the option "Enable backup",
- c. Click on "Apply" then on "OK".
How to change the location of Auto-Backup folder (FBackUp)
To change the Auto-Backup folder path:
- a. Click on Start >> Programs >> eScan for Windows >> eScan Protection Center
- b. Click on Protection >> File Anti-Virus >> Settings >> Options
- c. Expand the link “For quarantining of infected objects”
- d. Double click “Use Folder name”
- e. By Default the path is C:\Program Files\eScan\Infected. eScan will automatically create folder namde "FBackUp" in C:\Program Files\eScan\ and start storing the clean files.
- f. Change this path to a different location. For example: If you select D:\Infected, then the "FBackUp" folder will automatically be created in D:\FBackUp
- g. Any path given it will create "FBackup" in the root directory of the path given.
- a. Then, click on Start >> Programs >> eScan for Windows >> eScan Protection Center.
- How can I display IP address of client computers under "Normal View" in eScan Management Console?
Answer:
- a. Open eScan Management Console >> Go to Services, click on "Stop Announcement' and then shutdown the eScan management console.
- b. Go to C:\Program Files\eScan, open eupdate.ini >> Enter the following entry under [config] >> IpOnly=1 >> Save the changes.
- c. Rename the file DmainLst.ini to DmainLst.iniold
- d. Delete all the folders under C:\PUB\LOG
- e. Go to Start >> Programs>>eScan for Windows >> eScan Server >> Start the server announcement
- a. Open eScan Management Console >> Go to Services, click on "Stop Announcement' and then shutdown the eScan management console.
- How can I configure my system to block eScan Popups?
Answer:
When eScan intercept a virus or downloads updates, it gives a popup. This might be sometimes annoying, for this reason, we have given a facility to block all popups.
Configuring Popup Block:
a. Run regedit.exe, Go to
HKEY_LOCAL_MACHINE\SOFTWARE\MicroWorld
b. On the right hand side, select the DWORD
MWErrorMode = DWORD
You can specify the below DWORD value to block the related popups.
- Stop all popup block = 1 (decimal)
- Start all Web Protection popup = 2 (decimal)
- all other pop up will be stopped
- Start all Avpmtray popup = 4 (decimal)
- all other pop up will be stopped
- Start MailScan popup = 8 (decimal)
- all other pop up will be stopped
- Start License related popup = 16 (decimal)
- all other pop up will be stopped
- Start USB Popup = 32 (decimal)
- all other pop up will be stopped
- Start Firewall popup = 128 (decimal)
- all other pop up will be stopped
- Start trayicos popup = 256 (decimal)
- all other pop up will be stopped
- Start trayicoc popup = 512 (decimal)
- all other pop up will be stopped
- Start download.exe popup = 1024 (decimal)
- all other pop up will be stopped
- Start Application Control popup = 2048 (decimal)
- all other pop up will be stopped
Important Note:
If you want to start two or more popups together, then you need to add all the values for it to work.
For Example: Application Control popup value = 2048 & econceal firewall popup value = 128, then you have to add both of these values:
2048 + 128 = 2176 for Application Control popup and Firewall popup to work together.
Deploying from eScan Server to all clients:
a. On the eScan server, export registry entry
[HKEY_LOCAL_MACHINE\SOFTWARE\MicroWorld]
as errormode.reg to the desktop.
(Ref: FAQ - How to take the backup of windows registry?)
b. Edit the errormode.reg with notepad. Only keep the following entries:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\MicroWorld]
"MWErrorMode"=DWORD:00000001
Note: The data value of the MWErrorMode entry will depend upon the settings required
For Example: If you want to block all the pop-up except the USB pop-up, the value will be 20 (Hexadecimal) or 32 (Decimal).
c. Copy this file in C:\pub\update folder of the eScan server.
Now when the client computer takes the download from eScan server the errormode.reg will be downloaded and the changes will be applied to the eScan clients.
- How can I change the port settings for my eScan server and deploy it using the eScan management console (EMC)?
Answer:
The eScan Server mainly uses three ports:- a. HTTP port - used to query for virus definition updates.
- b. FTP port – used to deliver updates to client.
- c. UDP port – used to broadcast announcement to its clients.
To change the port settings for eScan server
- a. Open eScan Management Console >> Go to Services, click on "Stop Announcement' and then shutdown the eScan management console.
- b. Open the file Eserv.ini from the location C:\Program Files\eScan
- c. Find the entry for FTPPort=xxxx and HTTPPort=xxxx
- d. Change the port entries to the new desired value and save the file.
- e. Start the eScan Management console, by Clicking on Start >> Program files >> eScan for Windows >> eScan management console.
To deploy the port settings use the below steps:
- 1. Open eScan Management Console >> Go to Services >> EMC settings >> check the box Enable Advanced Settings in ‘Deploy Rule – Sets’ wizard, if it is unchecked, this will enable Advanced feature while deploying. Close the window once done.
- 2. Then click on Services >> Deploy Rule – Set >> Create New Policy >> click Advanced >> Check the box “eScan Auto-Updater Settings” >> click Edit >> Add
- 3. For HTTP host add the value
- Please note the Section & Keyname give in figure below must be selected.
- 4. For FTP host add the value
- Please note the Section & Keyname give in figure below must be selected.
- 5. Deploy these setting on all clients.
- Note: If clients are not getting updates after changing the port on server, we need to deploy the setting as described above & force the clients to take updates with the features available in EMC.
- a. HTTP port - used to query for virus definition updates.
- A vulnerability tool identifies MWAgent as a high security risk. It can be exploited to cause a stack-based buffer overflow via an overly long command sent to the service (default port 2222/tcp)?
Answer:
The vulnerability is caused due to a boundary error in the MicroWorld Agent service (MWAGENT.EXE) when decrypting received commands. This can be exploited to cause a stack-based buffer overflow via an overly long command sent to the service (default port 2222/tcp).
This vulnerability has been resolved in the latest hotfix and version 9.0.178.1 and later. MWAGENT.EXE is a gateway between eScan client and server. To avoid this vulnerability, we are using encrypted data format. - Can the tools menu be removed or disabled?
Answer:
Yes, disable option under tools menu is available now. And can be enabled by doing following steps
- a.Download the latest updates from the internet.
- b.Then open my computer.
- c.Go to c:\progra~1\escan\ folder
- d.Then open eupdate.ini file using notepad or any editing tool.
- e.Then under [Config] Section add following value.
- f.Following are the values for each tool option to disable.
2 = To disable “Send Debug Information”
4 = To disable “Download Latest Hotfix (eScan).”
8 = To disable “Restore Windows Default Settings”
16= To disable “Download Latest Hotfix (Microsoft Windows OS)”
32= To disable “eScan Remote Support”
You can add the values to disable multiple tools option e.g. if you want to disable “Send Debug Information” and “eScan Remote Support” then you will have to add 2 + 32 = 34.
You can deploy this option using eScan Management console, to do this follow the below steps:
- a. Open eScan Management Console.
- b. Click on “Services” Menu
- c. Then click on “EMC Settings”
- d. Tick mark on “Enable Advance settings in “Deploy Rule-sets” Wizard” and click on “OK”
- e. Then again click on “Services” Menu.
- f. Then click on “Deploy Rule-sets ”
- g. Then click on “Create new policy”
- h. Then click on “Advance” button and then
- i. Then tick mark on “eScan Auto-Updater Settings” and then click on “Edit” button.
- j. Select “Config” under Section tab and type “Disabletools” under keyname tab and under Value insert 34, Then click on “Add” button. And then click on Close and again click on close button. And then click on “OK” button.
- k. Type the Policy name, once you type in the policy name “Next” button will get enable click on Next button to deploy the policy.
- a.Download the latest updates from the internet.
- After Installing eScan, users/recepients receive a notification emails with :Subject: eScan found an email having Virus or objectionable content!
Email removed at the SMTP/POP3 Gateway for one of the following reasons.
1. It had a virus.
2. It had objectionable content.
3. The sender email-id was banned.
4. The email itself was corrupted.
We apologise for any inconvenience.
Answer:
This notification message received is by design in eScan.
When a mail is downloaded by an application (a mail-client like outlook express), it is scanned by eScan at the Transport Layer of the OSI and then delivered to the mail-client. During the scanning process, if the mail has any Restricted Attachments / Viruses, it is either deleted or forwarded to the Administrator by eScan. Since the mail-client has initiated and established the connection to download the mails from the Mail server, it has to receive a mail to complete the connection session. Hence, eScan has to generate this notification to avoid the application from being crashed.
A workaround to stop this message from being delivered to your INBOX, you can define a RULE-SET in the mail-clients that mails with the above subject should be deleted or moved to a predefines folder. - Can we automate the installation of eScan Internet Security Suite?
Answer:
Yes. You can use usetup.exe to customize the installation option so that you can run unattended installations of eScan.
For more information on the customization utility, please visit the page. - How can I install eScan silently ? And also it should reboot automatically after completion of the installation.
Answer:
Yes. You can install eScan silently with the help of below mentioned parameters, which need to execute from the command prompt.
NOTE: But this can ONLY be used with eScan Version 11 Setup file.
- /s : Silent installation
- /Autoreboot=1 : Auto reboot after installation without dialog box
- /dialog=0 : Not to reboot automatically and not to display dialog box
( eg:- iwn2k3ek.exe /dialog=0 )] - /s : Silent installation
- How to White-list a file blocked during proactive scanning?
Answer:
Proactive scanning is scanning of suspicious files that are in the process of execution, using an algorithm which checks for certain parameters and other details in the file. In the event when a file fails to pass the check, the file is assumed to be suspicious and is consequently blocked.
In order to white-list such a file, the following steps are to be followed:
- Open the eScan Protection Center
- Select the Endpoint Security module
- Under Reports select View Report
- In the Report for Endpoint Security window, look for entries with a red cross and the required filename under Application Name
- Select the entry, right click and select Add to Whitelist
- Open the eScan Protection Center
- How to disable eScan Notification pop-up message when a spam / virus infected email /attachment has been detected by eScan Anti-Spam/Mail Antivirus module ?
Answer:
In order to disable the eScan Notification pop-up message for spam/infected emails, uncheck the “Show Alert Dialog Box” option in Virus Alerts section of Notification settings of Anti-Spam/Mail Antivirus modules respectively. - How to manually whitelist a Malware URL ?
Answer:
There are two methods to whitelist Malware URL.
Method 1:
1. Apply the latest hotfix.
2. Reboot the machine
3. Try to access the URL.
4. You will get a pop-up, as Malware URL Blocked and below you will have a check box Add to Whitelist.
5. Check the box Add to Whitelist to whitelist the specific URL.
Method 2:
1. Apply the latest hotfix.
Please Note: This Feature is avialable with hotfix 1.0.0.927 and above.
2. Reboot the machine
3. Try to access the URL
4. Then you can Whitelist the URL manually from the Protection center > File AV > View reports
5. Right click and the click on Add to Whitelist.
- How can I deny RDP access of a server from any ip address?
Answer:
Follow the below mentioned steps:
1. Open the “eScan Protection center”.
2. Goto to Firewall, click on “Settings”.
3. Click on “Zone Rule”, Select the zone rule “Allow Local Network….” And click on the “Remove” button to remove the selected rule.
4. Click on the “Expert Rule” tab, select the “Remote Desktop (RDP)”, right click on the rule and click on “Enable Rule. Click on “Apply”.
5. Click on the “Expert Rule” tab, select the “Remote Desktop (RDP)”, right click on the rule and click on “Modify”.
6. Click on the “General” tab, select “Deny Packet”. Click “Ok. Then click on “Apply”
7. Click on the “Interactive Filter” mode, to put the firewall in the Interactive mode.
These steps will deny RDP access of a server from all ip-addresses. - How can I allow RDP access to only specific ip address?
Answer:
Follow the below mentioned steps:
1. Open the “eScan Protection center”.
2. Goto to Firewall, click on “Settings”.
3. Click on “Zone Rule”, Select the zone rule “Allow Local Network….” And click on the “Remove” button to remove the selected rule.
4. Click on the “Expert Rule” tab, select the “Remote Desktop (RDP)”, right click on the rule and click on “Enable Rule. Click on “Apply”.
5. Click on the “Expert Rule” tab, select the “Remote Desktop (RDP)”, right click on the rule and click on “Modify”.
6. Click on the “General” tab, select “Deny Packet”. Click “Ok. Then click on “Apply”
7. Click on Settings, click on “Expert Rule”, click on the “Add” button.
8. In the New window, click the “General” tab, add a name for the rule, select “Permit Packet”, select the protocol to be “TCP”.
9. Select the “Source” tab, select the “Single IP address” and enter the ip address which needs to be allowed the RDP connection. In the “Source Port” select “Any”.
10. Click the “Destination” tab, select “My computer” under “Destination IP address”. In the “Destination Port” select “Single Port” and add the port number as 3389. Click on ”OK”
11. A new rule will be added as seen, click on the rule and click on the move up arrow. And move the new rule above the “Remote Desktop(RDP)” rule and click on “Apply” and then “OK”.
12. Click on the “Interactive Filter” mode, to put the firewall in the Interactive mode.
These steps allow RDP access to only said ip address.