From eScan Wiki
Revision as of 08:42, 18 December 2012
eScan Version 14 Online Help
File Anti-Virus
This section provides the description of eScan’s File Antivirus and various settings that can be configured for Real time Monitoring by File Antivirus for any malicious objects and actions to be taken on detection.
Contents |
Description
File Anti-Virus is the first module of the eScan for ISS. This module monitors and safeguards your computer on a real-time basis from all kinds of malicious software as files are accessed, copied, or executed. This module includes the Proactive Scanning feature, which helps you block applications that perform suspicious activities. File Anti-Virus also includes the Block Files feature, which allows you to block or quarantine files from being accessed from local or network drives. In addition, File Anti-Virus also allows you to enable Folder Protection, which prevents users from creating, deleting, or updating files or sub-folders within specified folder list.
This page provides you with options required to configure the module. You can configure the settings from the following 2 sections:
Configuration
This section displays the following information.
- File Anti Virus Status : It displays the status of whether File Anti-Virus module is started or stopped.
- Proactive Scan Status : It displays the status of the proactive scanning.
- Action : It displays the type of action taken by File Anti-Virus module.
Start/Stop:
Click an appropriate option to enable or disable File Anti-Virus module.
Settings:
When you click this button, the File Anti-Virus Settings window appears. On the File Anti-Virus Settings window, you have four tabs – Objects, Options, Block Files, and Folder Protection, which are as follows:
- Note: On below the screen of all the tabs contains four buttons — Default, OK, Cancel, and Apply, which you have to use after configuring the settings based on your requirement.
- - Default: Click this button to apply the default settings.
- - OK: Click this button after you click the Apply button to apply the configured settings.
- - Cancel: Click this button to cancel the configured settings or to close the window.
- - Apply: Click this button to apply the configured settings.
- Note: On below the screen of all the tabs contains four buttons — Default, OK, Cancel, and Apply, which you have to use after configuring the settings based on your requirement.
- Objects
This tab provides you with a number of settings for fine-tuning the File Anti Virus module as per your requirement. For example, you can configure module to scan specific storage devices or exclude files of a given file type.
- Actions in case of virus detection: This section lists the different actions that File Anti Virus can perform when it detects a virus infection. These actions are Report only, Disinfect, Quarantine, and Delete object. Out of these, the Disinfect option is selected by default. By default, the quarantined files are saved in C:\Program Files\eScan\Infected folder
- Scan local removable disk drives: [Default] Select this check box if you want the real time monitor to scan all the local removable drives attached to the computer.
- Scan local hard disk drives: [Default] Select this check box if you want the real time monitor to scan all the local hard drives installed on the computer.
- Scan network drives: [Default] Select this check box if you want the real time monitor to scan all the network drives including mapped folders and drives that are connected to the computer.
- Scan files of following types: It indicates the type of file that you want the real time monitor to scan. You have 3 options where you can select files for scanning, whether all infectable, all files, or by mask. The files listed in By mask option are the default file extensions that are defined by eScan. To add or delete files by mask, double-click Add/Delete option, and then add or delete files as required.
- Exclude by mask: [Default] Select this check box if you want the File Anti Virus monitor to exclude all the objects in the Exclude by mask list during real time monitoring or scanning. You can add or delete a file or a particular file extension by double-clicking the Add / Delete option.
- Not a Virus List: [Default] File Anti Virus is capable of detecting riskware. Riskware refers to a software that is originally not intended to be malicious, but somehow can pose as a security risk to critical operating system functions. You can add the names of riskware, such as remote admin software to the riskware list in the Not a virus list dialog box by double-clicking the Add / Delete option, if you are certain that they are not malicious. The riskware list is empty by default.
- Exclude Files/Folders: [Default] Select this check box if you want File Anti Virus to exclude all the listed files, folders, and sub folders, while it is monitoring or scanning folders. You can add or delete folders from the existing list of folders by double-clicking the Add / Delete option.
- Scan compound objects: [Default] Select this check box if you want eScan to scan archives and packed files during scan operations. Select Archive check box, if you want eScan to scan archive files. You can define the depth level of an archived file upto which you want to scan. By default, value is 16, but you can change it by double-clicking the icon, and then type value in the size box. By default, Packed is selected.
- Enable code analyser: Select this check box if you want the real time monitor to scan your computer for suspicious objects or unknown infections by using the heuristic analyzer. When this check box is selected, File Anti Virus not only scans and detects infected objects by using the definitions or updates, but it also checks for suspicious files stored on your computer.
- Options
This tab helps you configure the basic settings for the File Anti Virus module, such as the maximum size of log files and path of the destination folder for storing log files, quarantined objects, and report files.
You can configure the following settings:
- Save report file: [Default] Select this check box if you want eScan to save the reports generated by the File Anti-Virus module. The report file logs information about the scanned files and the action taken by File Anti Virus when an infected file was found during the scan.
- Show pack info in the report (Monvir.log): [Default] Select this check box if you want File Anti-Virus to add information regarding scanned compressed files, such as .ZIP and .RAR files to the Monvir.log file.
- Show clean object info in the report (Monvir.log): Select this check box if you want File Anti-Virus to add information regarding uninfected files found during a scan operation to the Monvir.log file. You can select this option to find out which files are not infected.
- Limit size to (KB) (avpM.rpt): Select this check box if you want File Anti-Virus to limit the size of the avpM.rpt file. You can double-click the size box and specify the size of the log file. The default value is 50 KB
- For quarantining of infected objects: This option helps you specify the destination for storing quarantined objects. By default, the quarantined objects are stored in the C:\Program Files\eScan\Infected folder. You can change the location of the destination folder if required.
- Enable Auto backup / Restore: [Default] Select this check box if you want eScan to take automatic backup of critical files of the Windows® operating system installed on your computer and to restore the clean files when it finds an infection in any of the system files, which cannot be disinfected. You can do the following settings:
- For backup of clean objects: You can back up uninfected objects and store them in a given folder. By default, these objects are stored in the E:\FBackup folder. You can change the destination of the backed up objects if necessary.
- Do not backup files above size (KB): [Default] This option helps you prevent File Anti Virus from creating backup of files that are larger than the file size that you have specified. The default value is set to 32768 KB
- Minimum disk space (MB): [Default] It enables you to set the minimum free hard disk space upto which you want eScan to take backup of files. By default, value is 500 KB, but you can change it by double-clicking the icon, and then type value in the size box.
- Limit file size to (KB): [Default] This check box enables you to set a size limit for the objects or files to be scanned. The default value is set to 20480 KB.
- Use sound effects for the following events: This check box helps you configure eScan to play a sound file and show you the details regarding the infection within a message box when any malicious software is detected by File Anti Virus. However, you need to ensure that the computer speakers are switched on.
- Display attention messages: [Default] When this option is selected, eScan displays an alert, which displays the path and name of the infected object and the action taken by the File Anti Virus module.
- Enable Malware URL Filter: Select this check box, if you want to block access to malicious websites/URL’s.
- Proactive Behaviour Monitor: Select this check box, if you want eScan to monitor the executable files you are running on your system.
In case, if eScan finds any executable files suspicious or may cause any harm to your system, it pops-up with a message. If you want to access the suspicious file, you can white list them anytime.
- Block Files
This tab helps you configure settings for preventing executables and files, such as autorun.inf, on network drives, USB drives, and fixed drives from accessing your computer.
You can configure the following settings:
- Deny access of executable from Network: Select this check box if you want to prevent executables on your computer from being accessed from the network.
- Deny access of executables on USB Drives: Select this check box if you want to prevent executables stored on USB drives from being accessed.
- Deny access of AUTORUN.INF on USB and Fixed Drives: [Default] Select this check box if you want to prevent executables from USB and fixed drives from being accessed.
- Deny Access of following files: [Default] Select this check box if you want to prevent the files in the list from running on your computer.
- Quarantine Access-denied files: Select this check box if you want to quarantine files that have been denied access.
You can prevent specific files from running on your computer by adding them to the Block Files list. By default, this list contains the value %sysdir%\*.EXE@.
- Folder Protection
This tab helps you protect specific folders from being modified or deleted by adding them to the Folder Protection list.
It allows you to configure the following setting:
Protect files in following folders from modification and deletion: [Default] This option is selected by default. Select this check box if you want the File Anti-Virus module to protect files in specific folders from being modified or deleted.
Reports
This section displays the following information. Refer Figure 27.
Total Files Scanned: It shows the total number of files scanned by the real-time File Anti Virus monitor.
Dangerous Objects Detected: It shows the total number of viruses or malicious software detected by the File Anti Virus monitor on a real-time basis.
Last File Scanned: It shows the name of last file scanned by File Anti Virus monitor on real-time basis. In addition, you can view the following reports:
View Statistics: When you click this button, the Statistics dialog box is displayed, which displays the latest activity report of the real-time monitor. The report contains information under two sections — Scanned and Found, under Scanned, the number of scanned objects, compound objects, packed objects, clean objects, and so on are displayed, and under Found, the number of known virus, virus bodies, deleted, quarantined, and so on are displayed.
In addition, it displays the following information:
- - The current details of the system date, time, and whether the eScan Anti Virus monitor is running or not.
- - The number of viruses detected.
- - The results of most recent scan, such as the last object scanned and name of the virus detected.
View Quarantined Objects: When you click this button, the Quarantine dialog box is displayed, which displays the quarantined files and backup files. This dialog box has the following tabs:
- Quarantine: This tab displays the files that have been quarantined. You can restore or delete the quarantined objects by right-clicking the object, and then clicking an appropriate option.
- Backup: This tab displays the files that were backed up by File Anti Virus before it tried to disinfect them. You can restore or delete the objects that were backed up by right-clicking the object, and then clicking an appropriate option. Before clicking any of these buttons, you should ensure that you have selected an appropriate row in the table for which you need to perform the action.
View Report: When you click this button, the Report for File Anti Virus window is displayed. This window displays the report for the File Anti Virus module for a given range of dates in a tabular format when you click the Generate Report button.
The tabbed page shows two sections: Configuration and Reports. These two sections are described as follows:
Configuration
This section provides you with information regarding the status of File Anti Virus and proactive scan. It also shows you the default action that File Anti Virus will perform when it detects a malicious object.
This section displays the following information.
- File Anti Virus Status : It shows whether File Anti Virus is running or not.
- Proactive Scan Status : It displays whether proactive scanning is enabled or not.
- Action : It shows the action that ‘e Scan will perform when a malicious object is detected by File Anti Virus.
In addition, you can configure the following settings.
- Start/Stop - This link enables or disables the File Anti Virus module. You can easily switch File Anti Virus from the start state to the stop state and vice versa by using this link.
- Settings - This link opens the File Anti Virus Settings dialog box, which helps you configure the File Anti Virus module for real time monitoring.
The File Anti Virus Settings dialog box
This dialog box has two tabs: Objects and Options . These tabs are described as follows:
I. Objects
This tab displays the available drives on the computer. It allows you to configure the actions that File Anti Virus should perform when it encounters a security threat during the scan operation.
This tab is divided into two panes, they are described as follows.
- The left pane :- This pane displays all the removable and non removable drives, network drives, installed drives, and mapped drives that File Anti Virus can monitor or scan. All the drives displayed on the left pane are selected by default.
- The right pane :- This pane provides you with a number of settings for fine-tuning the File Anti Virus module as per your requirements. For example, you can configure module to scan specific storage devices or exclude files of a given file type.
- A. Action in case of virus detection - This section lists the different actions that File Anti Virus can perform when it detects a virus infection. These actions are described as follows:
- Report Only – If you select this option, File Anti Virus only displays a message informing you about the virus infection; it does not take any action on the infected object.
- Disinfect – [Default] This option is selected by default. For best results, you should keep this option selected. If you select this option, File Anti Virus cleans the infected object.
- Make backup before disinfection option – At times, File Anti Virus may find that a system file is infected and deleting the file may cause the operating system to become unstable. By selecting this check box, you can ensure that ‘e Scan creates a back up of the infected file in a non executable format before it cleans or deletes the file.
- Note: It may not always be possible to clean an infected file. In such cases, antivirus software often quarantine or delete the infected file. With ‘e Scan, you can configure File Anti Virus to quarantine, delete, or only alert you regarding the status of the infected files after ‘e Scan has found that they cannot be cleaned.
- If disinfection is impossible - You can configure File Anti Virus to perform any one of the following operations if it is unable to clean an infected file.
- Report Only - When you select this option, File Anti Virus only reports that the infected object cannot be cleaned; it does not take any action on the object.
- Quarantine Object - [Default] When you select this option, File Anti Virus quarantines the infected object.
- Delete Object - When you select this option, File Anti Virus deletes the infected object.
- Quarantine Object - When an infected file is quarantined, it is moved to an area of the memory from where it cannot cause any harm to the existing files or programs. You should select this option when you need to prevent other files or objects from accessing the infected object without actually deleting it.
- Delete Object - If you select this option, File Anti Virus will delete the infected object.
- B. Scan local removable disk drives - [Default] You should select this check box if you need to scan all the local removable drives attached to the computer.
- C. Scan local hard disk drives - [Default] You should select this check box if you need to scan all the local drives attached to the computer.
- D. Scan network drives - [Default] You should select this check box if you need to scan all the network drives, including mapped folders and drives, attached to the computer.
- E. Scan files of following types - You should select this option if you need to scan files of the types listed under the following categories.
- All Infectable - [Default] If you select this option, File Anti Virus scans only the predefined objects in the list of files or objects that are prone to infection as per the ‘e Scan’s virus signature database.
- All - If you select this option, File Anti Virus scans all the files and objects in the computer.
- By Mask - If you select this option, File Anti Virus scans all the file types listed in the Scan file types by mask dialog box. ‘e Scan provides you with a list of default files and file types. You can add more items to this list or remove items as per your requirements.
- Add / Delete - The Scan file types by mask dialog box is displayed when you double-click this option. You can use this dialog box to add or remove an item from the list of files and file types that File Anti-Virus will check during a scan operation.
- F. Exclude by mask – [Default] You should select this check box if you need the File Anti Virus monitor to exclude all the objects in the Exclude by mask list during real time monitoring or scanning. You can add or delete a file or a particular file extension by double-clicking the Add / Delete option.
- Add / Delete – The Exclude by mask dialog box is displayed when you double-click this option. You can use this dialog box to add or remove an item from the list of files and file types that File Anti-Virus will exclude during a scan operation.
- G. Not a virus list – [Default] File Anti Virus is capable of detecting riskware. Riskware refers to software that are originally not intended to be malicious but somehow can pose as a security risk to critical operating system functions. The Not a virus option helps you list riskware and prevents File Anti Virus from taking any type of action on those objects. You can add the names of riskware, such as remote admin software, to the riskware list in the Not a virus list dialog box by double-clicking the Add / Delete option if you are certain that they are not malicious. However, this list is empty by default. You can add programs to this list if you are certain that they are not malicious.
- H. Exclude folders - [Default] You should select this option if you need File Anti Virus to exclude all the listed folders and sub folders while it is monitoring or scanning folders. You can add or delete folders from the existing list of folders from the Exclude Folders dialog box. This dialog box opens when you click the Add / Delete option.
- I. Scan compound objects - [Default] You should select this check box if you need ‘e Scan to scan archives and packed files during scan operations.
- J. Enable code analyzer - You should select this check box if you need ‘e Scan to scan your computer for suspicious objects or unknown activity by using the heuristic analyzer. When this check box is selected, File Anti Virus not only scans and detects infected objects by using the definitions or updates, but it also checks for suspicious activity happening within your computer.
II. Options – This tab helps you configure the basic settings for the File Anti Virus module, such as the maximum size of log files and the path of the destination folder for storing log files, quarantined objects, and report files.
This tab allows you to configure the following settings.
- i. Save report file - You should select this check box if you need ‘e Scan to save the reports generated by the File Anti-Virus module. The report file logs information about the scanned files and the action taken by File Anti Virus when an infected file was found during the scan.
- Show pack info in the report – You should select this check box if you need File Anti-Virus to add information regarding scanned compressed files, such as .ZIP and .RAR files to the Monvir.log file.
- Show clean object info in the report - You should select this check box if you need File Anti-Virus to add information regarding uninfected files found during a scan operation to the Monvir.log file.
- Note: You can select this option to find out which files are not infected. This information is useful during debugging.
- Limit size to (kb) – You should select this check box if you need File Anti-Virus to limit the size of the Monvir.log file. You can double-click the size box and specify the size of the log file.
- ii. For quarantine of infected objects – This option helps you specify the destination for storing quarantined objects. By default, the quarantined objects are stored in the C:\Progra~1\eScan\Infected folder. You can change the location of the destination folder if required.
- iii. Enable Auto backup / Restore - This option helps you back up files and objects before File Anti Virus scans them and restore them if required. The following are some of the settings that you can use with this option.
- For backup of clean objects - You can back up uninfected objects and store them in a given folder. By default, these objects are stored in the \FBackup folder. You can change the destination of the backed up objects if necessary.
- Do not backup files above size(KB) - This option helps you prevent File Anti Virus from creating backups of files that are larger than the file size that you have specified.
- Minimum disk space(MB) - This option helps you allot the disk space to be allotted for storing log files.
- iv. Limit file size to (KB) - This option enables you to set a limit size for the objects or files to be scanned. The default value is set to 1024 Kb.
- v. Enable Proactive Scan – When you select this option, File Anti Virus checks your computer for suspicious applications and prompts you to block such applications.
- vi. Use sound effects for the following events – This option helps you configure ‘e Scan to play a sound file and show you the details regarding the infection within a message box when any malicious software is detected by File Anti Virus.
- Note: To use this feature, the computer’s speakers need to be switched ON.
- vii. Display attention messages - When this option is enabled, ‘e Scan displays an alert, which displays the path and name of the infected object and the action taken by the File Anti Virus module.
III. Block Files
This tab helps you configure settings for preventing executables and files, such as autorun.inf, on network drives, USB drives, and fixed drives from accessing your computer.
This tab allows you to configure the following settings.
- i. Deny access of executables from Network - You should select this check box if you need to prevent executables on network drives from accessing your computer.
- ii. Deny access of executables on USB Drives - You should select this check box if you need to prevent executables on USB drives from accessing your computer.
- iii. Deny access of AUTORUN.INF on USB and Fixed Drives - You should select this check box if you need to prevent executables from USB and fixed drives from accessing your computer.
- Deny Access of following files - You should select this check box if you need to prevent the files in the list from running on your computer.
- Quarantine Access-denied files - You should select this check box if you need to quarantine files that have the Access-denied protection on them.
You can prevent specific files from running on your computer by adding them to the Block Files list. By default, this list contains the value %sysdir%\*.EXE@.
- Add : You can click this button to add a file to the Block Files list.
- Delete : You can click this button to remove a file to the Block Files list.
- Remove All : You can click this button to remove all files from the Block Files list.
IV. Folder Protection
This tab helps you protect specific folders from being modified or deleted.
It allows you to configure the following settings.
- Protect files in following folders from modification and deletion. [Default] This option is selected by default. You should select this check box if you need the File Anti-Virus module to protect files in specific folders from being modified or deleted.
You can protect your folders from being modified or deleted by adding them to the list.
- Add. You can click this button to add the name of folder that you need to protect from modification or deletion.
- Delete. You can click this button to remove the name of a folder from the list.
- Remove All. You can click this button to remove all files from the list.
Reports section
This section displays the following information.
- Total Files Scanned – It shows the total number of files scanned by the real-time File Anti Virus monitor.
- Dangerous Objects Detected – It shows the total number of viruses or malicious software detected by the File Anti Virus monitor on a real-time basis.
- Last File Scanned – It shows the name of the last file scanned by the File Anti Virus monitor on real-time basis.
In addition, you can view the following reports.
- a. View Statistics – This link displays the latest activity report of the real-time monitor.
In addition, it displays the following information.
- The current details of the system date, time, and whether the ‘e Scan Anti Virus monitor is running or not.
- The number of viruses detected.
- The results of the most recent scan, such as the last object scanned and the name of the virus detected.
- b. View Quarantined Objects – This link opens the Quarantine dialog box.
The Quarantine dialog box
This dialog box displays the quarantined files and backup files. This dialog box has two tabs: Quarantine and Backup.
1. Quarantine - This tab displays the files that have quarantined. You can restore or delete the quarantined objects by right clicking the object and then click the appropriate option.
2. Backup - This tab displays the files that were backed up by File Anti Virus before it tried to disinfect them. You can restore or delete the objects that were backed up by right clicking the object and then clicking the appropriate option.
Additional buttons in the dialog box This dialog box also has following buttons These buttons help you restore or delete backup files depending on the tab that you have selected. The functionality of these buttons is discussed as follows:
- Restore. You can click this button to restore the selected quarantined or backup file.
- Delete. You can click this button to delete the selected quarantined or backup file.
- Delete All. You can click this button to delete all quarantined files or backup files.
Caution: Before clicking any of these buttons, you should ensure that you have selected the appropriate the row in the table for which you need to perform the action.
- C. View Report – This link opens the Report for File Anti Virus window.
The Report for File Anti Virus window
This window displays the report for the File Anti Virus module for a given range of dates in a tabular format when you click the Generate Report button.
- D. Generate Report – You should select a range of dates and then click this button to generate a report for the File Anti Virus module for that range of dates.