eScan BlogeScan Blog    eScan WebsiteeScan Website    eScan ForumeScan Forum    eScan FeedseScan Feeds     
    
Languages:     

From eScan Wiki

(Difference between revisions)
Jump to: navigation, search
Revision as of 07:21, 8 July 2008
WikiSysop (Talk | contribs)
(eScan Management Console)
← Previous diff
Revision as of 08:05, 14 July 2008
WikiSysop (Talk | contribs)
(eScan Management Console)
Next diff →
Line 1,478: Line 1,478:
The latest version of eScan that has this feature is 9.x and is available in these editions - Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit). The latest version of eScan that has this feature is 9.x and is available in these editions - Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit).
-This is the grey color icon (wheel) available on the right hand side added to the systray, it can be accessed by double clicking on it.+The eScan Management Console (EMC) gets added ONLY when the eScan software is installed in the Server Mode and NOT the client. It’s grey color icon (wheel) gets added to the systray (on the right hand side) and can be accessed by double clicking on it.
 + 
 +When double clicked, it prompts for a password, once supplied, it prompts to “Start the Server”, if this option is selected, only then, would the server and clients push and pull the latest updates and the different rule-sets (policies) that may be assigned to the different user/s or different network/s. Here, if the “Ignore” option is selected, the eScan Server would not start as a result the latest updates and the different rule-sets (policies) would NOT be deployed.
 + 
 +Before starting the eScan server, the below mentioned settings need to be done…There are two menus available on the eScan Management Console viz.- Services and Reports.
 + 
 +In the Services menu, select the option of EMC Settings, clicking on this brings up a window that enables you to customize how the eScan Server should work/function.
 + 
 +The first option available within is:-
 + 
 +A) Enable Advanced Settings in ‘Deploy Rule-Sets’ wizard -
 +This option after enabling helps in deploying the latest updates and the rule-sets (policies) to the eScan clients from this eScan Server. If this option is not enabled, the updates and rule-sets (policies) will not be deployed.
 + 
 +B) Start eScan RAD at Management Console Startup -
 +This option after enabling helps to get a remote access of this EMC
 + 
 +C) UDP Settings -
 +This option enables you to select the IP address of this eScan Server from where the annoucement (broadcast) of it’s availability would be made.
 + 
 +1. UDP Announcement IP -
 +This option helps you to select the local IP Address of this eScan Server from where the announcement (broadcast) would be made.
 + 
 +D) FTP Settings -
 +This option enables you to set the FTP server for client upload.
 + 
 +1. Allow Upload by clients -
 +This option once enabled allows the eScan clients to upload their respective status on to this eScan server.
 + 
 +a) Maximum FTP Clients Allowed –
 +by default, the value is set to Zero (0), i.e. ‘N’ eScan clients can upload their respective status on to this eScan Server, if required, you can set it as per your requirements.
 + 
 +E) Log Settings -
 +This option enables you to set the period (duration) of the logs that should be maintained on the eScan Server for future reference.
 + 
 +1. Number of days client logs should be kept -
 +by default, the value is set to Five (5) days, i.e. the logs of the eScan software would be maintained for five days in a separate folder. This separate folder would be named as per the eScan client’s name or IP Address and after this period (duration) is over, these logs would automatically be moved to a separate folder that is created as per the date.
 + 
 +The two menus of the EMC, viz – Services and Reports.
 + 
 +A) Services -
 +This menu has different options like Start Annoucement, Normal View, EMC Settings,Set Host Configuration,Deploy License, Deploy Rule-Sets,Update All Clients,Shutdown Management Console.
 + 
 +1. Start Announcement -
 +This option when clicked on starts the announcement of the eScan Server. This option basically starts the announcement (broadcast) of the eScan Server and it’s in-built HTTP Simulator works on port 3333, FTP Server works on port 2021, UDP Announcement works on port 2001.
 + 
 +Once the announcement of this eScan server is set on, it sends a UDP Broadcast announcing it’s availability along with it’s IP Address. The eScan server sends out this annoucement as it has an in-built announcement mechanism and this announcement (broadcast) is picked by the eScan client which has a listening mechanism, afterwhich, the eScan software updates itself throughout the network.
 + 
 +The basic functionality of this EMC is to update it’s clients spread throughout the network. It supports and works very well on a Lan, Man and Wan.
 + 
 +2. Normal View –
 +This mode enables you to view the network the way eScan views it, i.e. after eScan is setup (installed) and the clients have updated themselves from this eScan server, the network view that you get is called the “normal view”.
 + 
 +There is another mode called the “network view” of viewing the network, i.e the way the network is actually setup, it can be accessed by clicking on the Services menu and the Network View option.
 + 
 +Alternatively, using the CTRL+K keys of the keyboard you can toggle between the Normal and Network views. The mode in which the network is being viewed is also displayed on the “System” page that is on the right hand side of the EMC.
 + 
 + 
 +3. EMC Settings –
 +This option enables you to set the EMC Server Annoucement functionality.
 + 
 +The option available within is:-
 + 
 +A) Enable Advanced Settings in ‘Deploy Rule-Sets’ wizard -
 +This option after enabling helps in deploying the latest updates and the rule-sets (policies) to the eScan clients from this eScan Server. If this option is not enabled, the updates and rule-sets (policies) will not be deployed.
 + 
 +B) Start eScan RAD at Management Console Startup -
 +This option after enabling helps to get a remote access of this EMC
 + 
 +C) UDP Settings -
 +This option enables you to select the IP address of this eScan Server from where the annoucement (broadcast) of it’s availability would be made.
 + 
 +1. UDP Announcement IP -
 +This option helps you to select the local IP Address of this eScan Server from where the announcement (broadcast) would be made.
 + 
 +D) FTP Settings -
 +This option enables you to set the FTP server for client upload.
 + 
 +1. Allow Upload by clients -
 +This option once enabled allows the eScan clients to upload their respective status on to this eScan server.
 + 
 +a) Maximum FTP Clients Allowed –
 +by default, the value is set to Zero (0), i.e. ‘N’ eScan clients can upload their respective status on to this eScan Server, if required, you can set it as per your requirements.
 +
 +E) Log Settings -
 +This option enables you to set the period (duration) of the logs that should be maintained on the eScan Server for future reference.
 + 
 +1. Number of days client logs should be kept -
 +by default, the value is set to Five (5) days, i.e. the logs of the eScan software would be maintained for five days in a separate folder. This separate folder would be named as per the eScan client’s name or IP Address and after this period (duration) is over, these logs would automatically be moved to a separate folder that is created as per the date.
 + 
 +4) Set Host Configuration –
 +This option enables you install the eScan software on the workstations or servers throughout the network.
 +When you click on “Set Host Configuration”, a window opens up displaying the Add Host IP, Settings and Close optons.
 + 
 +A) Add Host IP -
 +This option when clicked on, opens a window displaying the HOST/IP , Remarks, Username, Password and the Enable Auto- Install option.
 + 
 +1. Host / IP -
 +this option enables you to manually define the Hostname and/or the IP address of the workstation that you wish to deploy the eScan software on.
 + 
 +2. Remarks –
 +this option enables you to manually define remarks for this Host / IP so that it is easily identified.
 + 
 +3. Username –
 +this option enables you to manually define the username for the above Host / IP.
 + 
 +4. Password –
 +this option enables you to manually define the password for the above Host / IP.
 + 
 +5. Enable Auto-Install –
 +this option enables you to automatically install eScan on the said Host /IP.
 +Note: if the Host / IP is a part of the NT Domain, it is recommended to mention the username as Domain_name\Username.
 + 
 +B) Settings –
 +This option when clicked on, opens a window displaying the Default Host configuration, eScan Auto-Install Settings, IP range for Auto-Install.
 + 
 +1. Default Host Configuration -
 +this option enables you to define the default username and password that would be used to install (deploy) eScan on the workstations and servers.
 + 
 +2. eScan Auto-Install Settings –
 +this option is useful to set when and how eScan should be installed on the workstations and servers.
 + 
 +a) Enable Auto-Install -
 +this option when enabled would check after a particular interval, if eScan is present on the system or not and if not, would automatically get installed as per the settings done, i.e in the server or the client mode. The default interval is set to 60 minutes and can be changed as per requirements.
 + 
 +Here itself, the eScan software, can be configured to be installed either in the Server or the Client mode. When clicked on “eScan Install Options”, a window opens up prompting for the eScan software to be installed either in the Client or the Server mode, once selected the other options available are-
 + 
 +i. Auto Reboot after Install -
 +This option should be selected very cautiously as the system would automatically reboot after eScan is installed. If done so, this could result in data being lost on the client if the user has not saved it before or at the time of reboot.
 + 
 +ii. Allow User to Disable Monitor –
 +This option should be selected very cautiously as it enables the end user to disable the eScan Monitor (real-time scanner). If done so, it may result in the system getting infected and the malware propagating itself throughout the network.
 + 
 +iii. Disable eMail and Web Scan –
 +This option should be selected very cautiously as it would disable the scanning of all email being sent and received as well as whatever you surf or browse. If done so, it may result in the system getting infected and the malware propagating iself throughout the network.
 + 
 +iv. Update Server –
 +This option enables you to set the IP Address of the eScan Server, i.e the IP Address from where the updates would be downloaded by the client or from where the clients would update themselves from.The default action is set to “Auto – Detect”.
 + 
 +v. Setup Folder –
 +This option enables you to set the path where the eScan software should be installed. It is recommended to apply the default path set within the software. If done so, the default path is set to \Progra~1\eScan.
 + 
 +3. IP range for Auto-Install –
 +this option enables you to define an IP or an IP range for eScan to be Auto-installed if the workstation or server does not have it and the same data when input (entered) would be saved for future reference.
 + 
 +C) Close -
 +This option enables you to close the “Set Host Configuration” window.
 + 
 + 
 +After configuring the eScan software as per the above, now, we shall talk of how to deploy the eScan software on the network (workstations and servers). For this, click on “Set Host Configuration” (Services – Set Host Configuration), in this window that opens up Select or “Add the HOST / IP” on which you want eScan to be installed and get it’s latest status (Get status of eScan installation). This option will display if the eScan software is installed or not, if installed, it would display the details like – Host Name / IP, Username, Connection, eScan Status,Version, Service Pack, Installed Directory, Monitor Status, Last Operation, Client OS, Last Update, Update Server, Server Status, Hostname.
 + 
 +In case, if eScan software is not installed and the connection is successful (established) then we can install the eScan software by selecting the desired workstation/s or server/s and thereby right clicking on the system and selecting the option of “Remote Install / Uninstall / Upgrade software.
 + 
 +This option when clicked on, opens up a window that displays options like –
 + 
 +A) Install/ Upgrade eScan –
 +This option enables you to install and/ or upgrade the eScan software by installing it either in the Client or the Server mode. The details of this procedure can be obtained from the section mentioned above B -2 & 3.
 + 
 +B) Install Other software –
 +This option enables you to install any other third party softwares (other then eScan), simply by defining the path to the repository (where the installable files are stored) along with the file to execute and parameters if any.
 + 
 +C) Uninstall other software –
 +This option enables you to uninstall the popular anti-virus softwares.
 + 
 + 
 + 
 + 
 + 
 + 
 + 
 +B) Reports -
 +Configure Mailing of Reports,Mail Reports Now,View Log,Delete Log, Delete User Logs,Clear Virus Incident Database,Clear All Virus Incident Databases,Refresh User Logs, Refresh All User Logs,About EMC.
 + 
 + 
 + 
 +It has different options like "Inactive", "Active", "Block Web Access", "Time Restrictions" and "Advanced".
 +A) Inactive:

Revision as of 08:05, 14 July 2008


Contents

eMail Attachment Control

The latest version of eScan that has this feature is 9.x and is available in these editions - Virus Control(VC), Professional(PRO), Internet Security Suite(ISS), Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit)

This is the first option page available in the eScan Content Administrator. It can be accessed after installing eScan, by right clicking on the green 'e icon added to the systray.

It has different options like "Block Attachment types", "Port Configuration", "Compression and Decompression of Attachments" and "Advanced".

A) Block Attachment types:

This option holds a list of different file types, for example - *.exe, *.pif,* .scr, etc... which when encountered during an email download would be deleted by default (automatically). This option is set to ensure that emails having these types of known attachments (used by worms, trojans, spyware, etc...) would not be downloaded as they cannot be disinfected/ cleaned but deleted at the MWL (MicroWorld Winsock Layer).

This option can be customized based on requirements, for example - if you wish to receive the file type (*.pif), there are two options available within to set it. Firstly, delete it from the list that holds this file type or secondly you can add the file type to the Exclude Attachments (Whitelist), point no.8 explained below.

The other available options are:-

1. Delete all attachments in email if disinfection is not possible - this option is enabled by default. It would delete all attachments listed in the Block Attachments types section as they are the files that cannot be disinfected/ cleaned.

2. Delete entire email if disinfection is not possible - this option is also enabled by default. It would delete the entire email if the files within the email cannot be disinfected/cleaned.

3. Delete entire email if any virus is found - this option when enabled would delete the entire email if any virus is found in it.

4. Quarantine blocked sttachmetns - this option when enabled would quarant the attachments blocked.

5. Delete entire email if any blocked attachment is found - this option when enabled would delete the entire email if any blocked attachment is found in it.

6. Quarantine email if attachments are not scanned - this option when enabled would quarant emails if the attachments within are not scanned.

7. Quarantine attachments if they are not scanned - this option when enabled would quarant attachments when not scanned.

8. Exclude attachments (White list) - this option is useful in case a file type listed in the block attachment types section needs to be delivered into the user's mailbox/ inbox and should not be deleted. This option holds precedence over the Block Attachment types.

The other section is called "Action", which is set on the right hand side of the Block Attachments types and just below the Port Configuration option, this section is useful in setting up the action to be taken when an infection is found, the default value set is to "Disinfect" while the other is "Delete".

The options that can be set up here are of quaranting infected files and emails, if eScan is installed in the said path - by default then the path would be C:\PROGRA~1\eScan\INFECTED for infected files and C:\PROGRA~1\eScan\Quarant for emails and can be easily changed as per requirements.


B) Port Configuration:

This option is useful for setting up an outbreak alert or notification or warning messages that are sent by eScan when it detects any violation or breach of security.

There are two sections to this port configuration -

1. Mail Server settings - the mail server ip address and port details needs to be defined along with credentials like valid username and password (though optional) in case the mail server requires it, so that eScan can automatically use these details and send the notification alerts.

2. Port settings for eMail/Web Scan - the ports that are used for sending (smtp,25 )and receiving (pop3 ,110) emails are defined and if these emails need to be scanned or not.


C) Compression and Decompression of Attachments:

this option helps in Internet Bandwidth Management.

There are two options available within:-

1. Compress outbound attachments - this option when enabled will decrease the size of all attachments that are sent in emails.

2. Create self extracing zip files - this option when enabled overrides the above point no.1 and creates a self extractable .zip file which when clicked on automatically uncompresses itself thereby eliminating the need at the receiver's end from using any unzipping tool.

3. Do not compress files with extensions (Exclude following attachments) - this option is helpful in excluding the file types {attachments} that need not be compressed when being sent out.

4. a)Uncompress inbound attachments - this option when enabled will automatically open/unpack the compressed file and be scanned. b)Uncompress inbound attachments (Local Domain) - this option when enabled will automatically open/unpack the compressed file and be scanned when sent within the local domain.

5. Compression options

a) Compress only if compression % greater than - the default value set is 25, this option will compress all attachments in emails to 25 % or more.

b) Compress if attachment size is above (KB) - the default value set is 50, this option will compress all attachments that are and above 50 KB in size and not below.

c) Select the compression ratio - the default value set is of Max. Speed, this option will utilize the system resources to the best and compress the attachments in emails quicker and send it out too.


D) Advanced:

Internet Explorer (IE) has vulnerabilities and using them as the base, malwares easily transmit themselves onto the system and email clients like Outlook and Outlook Express thus making it easier for malware authors to get their malicious code propagating.

To overcome them, MicroWorld with it's security range of solutions is committed to securing your data and system from such vulnerabilities.

1. IE Vulnerabilities 1

a) Delete attachments with CLSID extensions - this option is enabled by default. It deletes Class ID file extensions [CLSID - files that are hidden and do not show the actual file extension] to prevent dangerous files from exploiting the vulnerabilities of IE.

b) Delete HTML attachments with Scripts - this option is not enabled by default. In general, eMails are sent and received in different formats and one of them being HTML, this HTML can have Scripts {similar to a batch file - .bat) with Tags to perform a particular or a set of task/s (embedded), such emails when encountered are deleted to prevent exploiting the vulnerabilities.

c) Script & Content check disabled for mails From - this option is useful when you know and want to add a user who is genuine and sends legitimate html email with scripts. Once added, (for example - abc@xyz.net or *@xyz.net) all emails coming from this user or domain would automatically be delivered to the receiver's inbox/mailbox.

d) Script & Content check disabled for mails To - this option is useful when you know and want to add a user who is genuine and sends legitimate html email with scripts. Once added, (for example - suzanne@xyz.net or *@xyz.net) all emails being sent from this user or domain would automatically be delivered to the receiver's inbox/mailbox.


2. IE Vulnerabilities 2

a) Select action on mails with Multiple Extension Attachment - the default option set is to "No Action", the other is "Delete mail", this option is very useful to prevent malware like worms from propagating itself using multiple (double or triple) extensions via email attachments, for example -nimda, sircam, etc...

b) Allow Multiple Extension attachment for ZIP file - the default option set is to "Yes" or "Allowed", this option is very useful and helps in transmitting multiple extensions attachments in email, for example - compressed files like .zip, .pdf that have multiple extensions can be allowed.


3. Archival

a) Archive emails - this option is not enabled by default. This option is useful to archive or backup all emails that are sent and received via eScan. The folder or the path to this destination is customizable as per one's requirements.

b) Archive attachments - this option is not enabled by default. This option is useful to archive or backup all email attachments that are sent and received via eScan. The folder or the path to this destination is customizable as per one's requirements.

c) Do not archive attachments of type - With this option certain file types can be excluded from being archived, for example - *.vcf, *.htm, *.html, etc...

Other options -

Save - this option enables the user to Save the settings done.

Refresh - this option refreshes itself and displays the latest status.

eMail Content Scanning

The latest version of eScan that has this feature is 9.x and is available in these editions - Virus Control(VC), Professional(PRO), Internet Security Suite(ISS), Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit)

This is the second option page available in the eScan Content Administrator. It can be accessed by right clicking on the green 'e icon added to the systray after installing eScan.

It has different options like "Phrases to check" and "Advanced", "Disclaimer" and "Advanced" and lastly the "View Quarantined Mails" and View Ham Mails".

A) Phrases to check:

This feature has different options within -

1. Default white list of words/phrases - this is pre-defined white list of words/phrases that would be allowed to be sent and received.

2. User specified white list of words/phrases - this is a user specified white list of words/phrases that would be allowed to be sent and received.

3. Default black list of words/phrases - this is pre-defined black list of words/phrases that would not be allowed to be sent and received.

4. User specified black list of words/phrases - this is a user specified black list of words/phrases that would not be allowed to be sent and received.

  • To add a new word/phrase to the available list, select any word/phrase from the list, right click on it, then add the desired word/phrase to the existing list and Save the settings.
  • To modify any existing word/phrase from the available list, select the desired word/phrase from the list, right click on it, then change the desired word/phrase and / or the desired action to be taken, lastly Save the settings.
  • The default action set within eScan is to "Quarant". The above listed white and black lists when viewed on a color monitor would be visible in different colors like 1. Default white list of words/phrases in Yellow , 2. User specified white list of words/phrases in Blue , Default black list of words/phrases in Purple, User specified black list of words/phrases in Green.
  • Now, there may arise a point where genuine emails are also being blocked due to the occurence of a word/phrase in the available list, so, to overcome the same, one should always ensure and define , the desired word/phrase in Double Quotes so that it is blocked appropriately, for example - "test" , here, when an email arrives and if there is a defined word called test in the list, then, the content filter will scan the email BUT will not tag the email or take the necessary action defined on this email, because the word is defined in quotes, i.e unless and until the exact word/phrase is matched no action would be taken, this is how False Positives are taken care off.


B) Advanced:

This option page has different options like when to check emails, anti-spam configuration and mail tagging.

1. When to check emails - this option is very important and relevant and can help the user customize as to how the email content filter should work.

The options available within:-

a) Send Original mail to user - this option is not enabled by default, once enabled it helps to send the email (though tagged as spam) to the original receipient of the email.

b) Do not check content of Replied or Forwarded emails - this option is not enabled by default, once enabled it will not check contents in all emails that are either replied or forwarded. This eventually helps is releasing system resources on an email that is already scanned and come into the mailbox/ inbox.

c) Content check of Outgoing emails - this option is not enabled by default, once enabled it will start checking all outgoing emails for restricted contents.


2. Mail Tagging - this option is very important as it helps in identifying emails as Spam (bad) or Ham (good).

a) Only (Spam) tag is added in Subject, the Body is left unchanged - this is the default action set within the software so that all spam emails are identified.

There are many other options that can be set as per the user's requirements like,

b) Do not change at all - this option will not tag the email at all.

c) Both subject and body is changed, [Spam] tag is added in subject, Actual Spam content is embedded in the body - this option helps identify the email as spam based on the subject and body.

d) X-MailScan-Spam: 1" header line is added, Actual Spam content is embedded in the body - this option helps identify the email as spam based on the header.

e) X-MailScan-Spam: 1" header line is added - Body and Subject both remain unchanged - this option helps identify the email as spam based on the header.


3. Spam Filter (Anti-Spam) Configuration - this option is enabled by default, it helps to block/prevent spam emails from entering into the mailbox/inbox of the user/s.

The options available within:-

a) Check content of HTML mails - this option is enabled by default, it helps to scan emails in HTML format alongwith Text.

b) Treat mails with Chinese/Korean character set as Spam - this option is enabled by default, it is observed from the reports received from our world wide sample collection centres that emails with Chinese/Korean characters are used by spammers to send as spam and hence when received such emails are first analyzed based on a number of conditions afterwhich then tagged as Spam.

c) Treat Subject with more than 5 Whitespaces as Spam - this option is enabled by default, it is observed from the reports received from our world wide sample collection centres that spammers are applying a technique of "spacing" (leaving spaces) in the subject of the email to get their malicious emails inside the user's mailbox/inbox by fooling the spam filters.

d) Treat HTML mails with "SRC=" string as Spam - It is also observed from the reports received from our world wide sample collection centres that spammers are skillfully inserting SRC (source) within an email. SRC= Source is basically inserting of a source, for example - a weblink/s (url), image/s within a email that can run/ execute itself automatically in the background and download data from a remote server/ site even without being viewed or executed.

e) Quarantine Advertisement mails - this option is enabled by default. Advertisement emails are big in size, use a lot of the internet bandwidth and are known [from reports] to be carrying malicious and/or unwanted content/data within, hence, when such emails are encountered\, they are Quarantined.

The Advanced option within -

a) Enable Non Intrusive Learning Pattern (NILP) check - this option is enabled by default. Non Intrusive Learning Pattern (NILP) is an advanced Bayesian Filtering method with the intelligence to analyze each mail according to the Behavioral Patterns of the user and comes with a self learning capability. It is one of the component of the Anti-Spam Module that helps prevent spam emails from reaching the user's mailbox/inbox.

b) Enable eMail Header check - this option is enabled by default. The generic fields of an email like the email From, To, CC are checked for it's validity before accepting the email. This is another component of the Anti-Spam Module that helps prevent spam emails from reaching the user's mailbox/inbox.

c) Enable X-Spam Rules check - this option is enabled by default. A database of words /phrases used by spammers is in-built within the software and each word / phrase is assigned a particular score or threshold level. If any of these words /phrases appear in an email, using this database, different validations along with a score or threshold level check is also done [match] and here if the score or threshold value is found to be True [matching], the mail is tagged as spam or otherwise. This is one more component of the Anti-Spam Module that helps prevent spam emails from reaching the user's mailbox/inbox.

d) Enable Sender Policy Framework {SPF) check - this option is not enabled by default. When enabled, it will check the SPF record of a particular domain from where the email is being downloaded from. This is an additional component of the Anti-Spam Module that helps prevent spam emails from reaching the user's mailbox/inbox.

e) Enable Spam URI Real Time Blacklist (SURBL) check - this option is not enabled by default. When enabled, it checks for spammers IP addresses using SURBL technology (Spam URI Realtime Black List), which help identify spam URLs in the message body. This is an additional component of the Anti-Spam Module that helps prevent spam emails from reaching the user's mailbox/inbox.

f) Enable Real Time BlackHole list (RBL) check - this option is not enabled by default.When enabled, it check for the spammers IP addresses in RBL's (databases of known spammer IP Addresses), which help identify and block an email from being downloaded from a spammer IP. This is an additional component of the Anti-Spam Module that helps prevent spam emails from reaching the user's mailbox/inbox.

and...

RBL servers -

These are the different servers which hold databases of spammers IP Addreses and can be changed as per one's requirement/s (add/delete).

Auto Spam Whitelist -

This is a whitelist generated of email addresses (valid email addresses) from the mail clients. This is a list of addresses to whom emails have been sent to earlier.


C) Disclaimer and Advanced:

this option is not enabled by default. Disclaimer is a footer or signature that gets added/appended to all outbound (outgoing) emails when enabled. It can be customized to be added to all incoming emails using the Add Disclaimer to Incoming emails option within the Advanced option and further can be restricted too from being added/appended to certain or specific email addresses or domains using the option of Outgoing mails excluded from adding disclaimer.


D) View Quarantined Mails:

this option is set right at the bottom end of the eMail Content Scanning page. When clicked on, one can view all the emails that have been quarantined (marked as spam) by eScan for any of the above mentioned rules/policies.

This has different options set within -

1. View - this option helps in viewing the emails that have been quarantined.

2. Delete - this option is for permantely deleting/purging the email quarantined (if it is not required)

3. Message Source - this option helps in finding out more details of the email that has been quarantined (email from, email to,cc, ip address,etc...)

4. Add Sender's eMail-ID to White List - this option helps in releasing the email that has been quarantined (will not be quarantined in future).

As a result, the email that had been quarantined will now be received by the user(receipient).


E) View Ham Mails:

this option is set right at the bottom end of the eMail Content Scanning page. When clicked on, one can view all the emails that are not spam (not marked as spam).

This has different options set within -

1. View - this option helps in viewing the emails that are not quarantined (spam).

2. Delete - this option is for permantely deleting/purging the email that is not marked as spam (if it is not required)

3. Message Source - this option helps in finding out more details of the email that has been quarantined (email from, email to,cc, ip address,etc...)

4. Train as spam - this option helps the eScan software in training (analysis) such emails as spam.

As a result, such an email that was not quarantined earlier, after training will be quarantined and will not be received by the user(receipient).

Other options -

Save - this option enables the user to Save the settings done.

Refresh - this option refreshes itself and displays the latest status.

Webpage Scanning

The latest version of eScan that has this feature is 9.x and is available in these editions - Professional(PRO), Internet Security Suite(ISS), Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit)

This is the third option page available in the eScan Content Administrator. It can be accessed by right clicking on the green 'e icon added to the systray after installing eScan.

It has different options like "Inactive", "Active", "Block Web Access", "Time Restrictions" and "Advanced".

A) Inactive:

this is the default option set.

B) Active:

this option is not set as the default. When enabled, this option helps in controlling and blocking access to the Web.

To control and block the access to the web, it has different pre-defined categories in the "Filter categories" section, like:-

1. Pornography - this helps to control and block access to the web based on pornographic content. On selection of this category, it displays the words/phrases defined for it along with the site names that when accessed would result in Blocking of Access or "Access Denied" to the site desired.

The words and phrases and/or sites defined can be added or deleted based on requirements.

2. Gambling - this helps to control and block access to the web based on gambling content. On selection of this category, it displays the words/phrases defined for it that when accessed would result in Blocking of Access or "Access Denied" to the site desired.

The words and phrases defined can be added or deleted based on requirements.

3. Ratings_block_category - this helps to control and block access to the web and is kept open for any words/phrases to be added to the words/phrases and to the site names list.

  • Categories can be added or deleted using the field provided just above the "Filter Options".
  • The sites that are denied access to would automatically be added to the Block category to be filtered.

C) Block Web Access:

this option is not set as default. When enabled, it blocks / denies access to the web completely. If the need arises, access to the web can be given on a conditional basis, for example - access to the web, given only to certain websites like www.hotmail.com, yahoo.*, gmail.com, etc... and all the others would be blocked / denied access.

This conditional access can be applied through the "Filter Categories", for which the words/phrases and site names can be added to the list accordingly.

D) Time Restrictions:

this option is set as per requirement. This option helps to customize the access to the web based on time or as per the day of the week or daily, for example - access to the web should be allowed everyday only during lunch hours and blocked otherwise.

E) Advanced:

this option is available at the bottom end of Webpage Scanning. When clicked on, it has many sub- features and functionalities that help to control and block access to the web.

There are different options available like "Content Matching Options", "Content Type", "ActiveX Blocking", "Port Setting", "Rating Systems" and "Actions"

1. Content Matching Options - this option is helpful in controlling and blocking access to the web based on matching content and which works on different criterias:-

a. Search in Site Name - the site name or url typed would be checked if it is listed in the restricted or blocked categories.

b. Search in HTML Tags - the HTML tags would be checked if they contains any restricted or blocked words/phrases or site names.

c. Search in Title - the title would be checked if it contains any restricted or blcoked words/phrases or site names.

d. Search in Page Text - the web page text would be checked if it contains any restricted or blocked words/phrases.

e. Search in Description and Keywords - the restricted or blocked words/phrases would be checked in the website's description and keywords.

f. Reserved Word Threshold Level - This is a threshold level/limit set within the software that keeps a count of how many times a restricted or blocked word/s appears, if the set word/s have appeared as per the default value or more the access to the web is blocked or restricted and vice versa.

2. Content Type - this option is helpful in controlling and blocking access to the web based on the type of content and which works on different criterias:-

a. Block Images - Images on websites will be blocked from being viewed

i) Saving on Internet Bandwidth - for example - to view an image that we like, we would click on it and enlarge it as a result eating up internet bandwidth. ii) Secure the system and data from malwares like spywares, adwares, trojans, etc... that creep onto the system when surfing and exploit vulnerabilities of the operating system and the applications installed on them. iii) Degradation of the system (performance).

b. Block Applications - Applications on websites will be blocked from being run / executed

i) Saving on Internet Bandwidth - for example - to view an image that we like, we would click on it and enlarge it as a result eating up internet bandwidth. ii) Secure the system and data from malwares like spywares, adwares, trojans, etc... that creep onto the system when surfing and exploit vulnerabilities of the operating system and the applications installed on them. iii) Degradation of the system (performance).

c. Block eMails (RFC 822) - Messages of RFC 822 would be blocked by default.

d. Block Audio files - Audio files on websites will be blocked from being run / executed.

i) Saving on Internet Bandwidth - for example - listening to a audio available on the website, we would click on it and start listening as a result eating up internet bandwidth. ii) Secure the system and data from malwares like spywares, adwares, trojans, etc... that creep onto the system when surfing and exploit vulnerabilities of the operating system and the applications installed on them. iii) Degradation of the system (performance).

e. Block Video files - Video files on websites will be blocked from being run / executed.

i) Saving on Internet Bandwidth - for example - to view and listen to a video available on the website, we would click on it and start viewing and listening as a result eating up internet bandwidth. ii) Secure the system and data from malwares like spywares, adwares, trojans, etc... that creep onto the system when surfing and exploit vulnerabilities of the operating system and the applications installed on them. iii) Degradation of the system (performance).


3. ActiveX Blocking - ActiveX is a technology developed by Microsoft. With an ActiveX-enabled browser, ActiveX controls can be downloaded as part of a Web document to add functionality to the browser (similar to Java applets).

a. Java Applets - Java is a programming language from Sun Microsystems and in which an applet is written, it can be included in an HTML page, much in the same way an image is included in a page. When you use a Java technology-enabled browser to view a page that contains an applet, the applet's code is transferred to your system and executed by the browser.

For example - to enhance interactive control, primarily in Web browsers and other network-oriented interactive software applications.

b. Scripts (Java and VB) - is a list of commands that can be executed without user interaction, to automate certain application tasks or to work in a particular computing environment/scenario. So, when any script be it Java or VB (Visual Basic) is found to contain any malicious code, it is blocked.

This option is very useful in blocking programs that trigger or execute themselves when a website is being viewed.

c. Check for virus - this is the default action set. This option scans and blocks all activities carried out while browsing (reading of data on the website, downloading the files, etc...) if found to contain any malicious code.


4. Port Setting - Internet Access (HTTP Port)- 80,8080,3128,658. These are the different ports defined within the software that are monitored for any data transfer that happens through them and if it contains any malicious data, it is blocked. You can add or delete the ports as per your requirements.


5. Rating Systems - this option is not enabled by default. When enabled, this option allows each user or the administrator to set for each user, of how he/ she should access content on the web. These suggestions (advice) are laid down by World Renowned Organisations that cater to Content Filtering on the Internet, viz. RSACi, ICRA, SafeSurf.

a. RSACi - Based on the study and work of Dr.Donal F. Roberts of Stanford University on the effects of media on children for nearly 20 years certain guidelines were laid, based on which "Recreational Software Advisory Council" (RSAC) was formed. Is a rating service of websites for content on the Internet.

b. ICRA - "Internet Content Rating Association" (ICRA) came into existence to protect children from harmful content on the internet. Is a global, cross-cultural filtering and rating service of websites for content on the Internet.

c. SAFESURF - Designed with inputs from millions of users (parents) and Net Citizens to empower each family to make informed decisions concerning accessibility of content on the Internet.


6. Actions - All of the above criteria are checked when enabled and if any violation is found appropriate action is taken.

a. Log Violations - All violations are logged for easy administration and for future reference.

b. Shutdown program in 30 seconds - If any of the rules/policies that are defined are found to be violated, then the software has a in-built functionality to automatically shutdown the program (browser) in 30 seconds.

Other options -

Save - this option enables the user to Save the settings done.

Refresh - this option refreshes itself and displays the latest status.

PopUp Filter

The latest version of eScan that has this feature is 9.x and is available in these editions - Internet Security Suite(ISS), Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit)

This is the fourth option page available in the eScan Content Administrator. It can be accessed by right clicking on the green 'e icon added to the systray after installing eScan.

It has different options like "Block Popup", "Beep via PC Speaker", "Play Sound", "White List" and "History Logs".

A) Block Popup:

This option is not enabled by default. This option is very useful in many ways i) Saving on Internet Bandwidth - for example - for a popup to appear on the desktop screen, it would utilize the internet bandwidth, thus eating up the internet bandwidth. ii) Secure the system and data from malwares like spywares, adwares, trojans, etc... that creep onto the system when popups are viewed /opened, exploiting the vulnerabilities of the operating system and the applications installed on them. iii) Degradation of the system (performance).

B) Beep via PC Speaker:

This option is not enabled by default. This option would beep (makes a sound)when a popup is encountered and filtered/blocked.

C) Play Sound:

This option is not enabled by default. This option will play a sound when a popup is encountered and filtered/blocked.

D) White List:

This is a white list that holds the website addresses where the popup's appear (are not filtered/blocked).

There are different options within:-

1. Add - this option enables the user or administrator to add a website to the White List so that the next time when this website is accessed, popup's appear, are visible.

2. Delete - this option enables the user or administrator to delete a website from the White List so that the next time when the same website is accessed, it gets filtered/blocked.

3. Remove All - this option enables the user or administrator to remove all listed websites from the White List so that when any of these websites are being accessed and a popup tries to appear, they are filtered/blocked.

4. Browse - this option enables the user to browse any of the listed websites in the White List.

E) History Logs:

All activity related to popup's (allowed/blocked) is logged for future reference.

1. Log Violations - All violations that occured are logged for future reference like for which user the popup was blocked along with date & time, website(url) address, reason for blocking and offensive word.

2. Add to White List - This is a option that enables the user or administrator to add the violated (blocked) popup website to the White (allowed)list.

3 Clear Log - This option will clear the log file completely (empty).

4. Browse - this option enables the user to browse the listed websites.

5. Refresh Log - this option refreshes the logs and displays the latest status.


At the bottom end of the same page, there are other options available like -

1. Hot Key - allows you to assign a key that when kept pressed temporarily allows popup's on the website being accessed.

2. Test Popup - this option opens up a page on our website where you can test the efficacy and userfulnees of this popup filter (there are five different types of popup's displayed).

3. Default - this option resets all the settings to the original (all latest changes made will be lost).

4. Save - this option enables the user to Save the settings done.

5. Refresh - this option refreshes itself and displays the latest status.

Browser Cleanup

The latest version of eScan that has this feature is 9.x and is available in these editions - Internet Security Suite(ISS), Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit)

This is the fifth option page available in the eScan Content Administrator. It can be accessed by right clicking on the green 'e icon added to the systray after installing eScan.

It has different options like "Scheduler Options" and "Auto Erase Options".

A) Scheduler options:

this option is not enabled by default. This option helps in scheduling the auto-eraser of the below mentioned point no. B functions.

1. Run at System Startup:- this option is not enabled by default. When enabled, it auto-executes itself at system startup (boot-up)and performs the desired auto-erase functionalities.

2. Run Everyday at:- this option is not enabled by default. When enabled, it auto-executes itself at the time specified within the software.


B) Auto Erase Options:

this option is not enabled by default. This option helps in automatically -

i) Cleaning up the hard-disk (free space) ii) Effective optimization and maintainence of system resources (cpu,ram,etc...) iii) Private(Confidential) data is secured iv) Keeping the hackers at bay v) Keeping the crackers at bay vi) Keeping the intruders at bay vii) Securing from Online Thefts viii)Securing from Online Frauds ix) Securing from worms,spywares,password stealing trojans,etc... x) Troubleshooting and problem solving ease with comprehensive report (log)


1. Clear Auto-Complete Memory - When you browse, the browser on your system stores "N" records of the data you enter on a website (form), keywords typed into a search engine, your personal information-name and address, etc... , this information can be used to track the way you browse (surfing habits).

2. Clear Last Run Menu Command - Windows stores executed programs (run) in the start menu run command text box, so everytime you don't have to re-type the same, this information if known to other users will enable them to know what you did on the system and also allow them to execute/run it.

3. Clear Temporary Folder/s - Every time you install a software, open a document or a web page, a temporary file gets created in the temporary folder/s. If this temporary folder is not cleared on a regular basis, it will cause problems with accessing data, slowing down of the system, etc..., this results in ineffeciency of the system resources being used.

4. Clear Last Find Computer - Windows stores searched queries in a temporary file (log), so everytime you don't have to re-type the same for searching, this information if known to other users will enable them to know what you did on the system and also allow them to execute/run it.

5. Clear Browser Address Bar History - The website address you typed and visited are stored in the browser's address bar history and the operating system on it's own does not delete (clear) them automatically, this information if known to other users will enable them to know what you did on the system and also misuse it.

6. Clear Last Search Menu - Windows stores searched queries in a temporary file (log), so everytime you don't have to re-type the same for searching, this information if known to other users will enable them to know what you did on the system and also allow them to misuse it.

7. Clear Recent Documents - Windows stores the recent documents made and accessed in a temporary file (log), this information if known to other users will enable them to know what were the documents you worked on the system and also allow them to misuse it.

8. Clear Files and Folders - this option has to be used with caution as it helps to permanently clear, delete unwanted files and folders from the system thus efficiently making free space on the system.

9. Clear Open/Save Dialog Box History - Windows stores links of all files opened and saved, in the registry,so next when you open or save a file, it displays a list of the files accessed and this information if known to other users will enable them to know what you did on the system and also allow them to misuse it.

10. Empty Recycle Bin - this option has to be used with caution as it helps to permanently clear the recycle bin of all the deleted files and folders from the system thus efficiently making free space on the system.

11. Clear Cache - (Temporary Internet Files ) & History : Every time you open a Web page, your browser creates a cache file (a temporary copy) of the page's text and graphics. When you open the page again, your browser checks the Web site server for changes to the page. If the page has changed, your browser retrieves a new version. If the page hasn't changed, your browser uses the cache files from your RAM or hard drive to display the page. For example, Internet Explorer caches Web pages to both memory (RAM) and disk (hard drive) until the respective cache is full; Internet Explorer then rotates out pages based on age. Internet Explorer designed this system to help load Web pages quicker. However, if you've viewed lots of Web pages, you may have an overloaded hard disk cache, which Internet Explorer will have to check before it loads a new page. Unfortunately, over time, your browser's cache grows. A cache full of outdated information is worse than no cache at all. It causes problems with Java applets, causes you to see out of date text or images, and slows your browser. This also gives an easy means to others to find out your surfing habits.

12. Clear Cookies - Cookies are basically files that store information generated by a web server and stored on your computer (from a website) and acts as a shortcut when you access the same website in the near future. Cookies make a part of the HTML information that flows to and fro between the user's computer and the web servers, as a result web servers automatically gain access to relevant cookies whenever the user re-visits the website (it is usually in the form of web requests). Most of the time, not only does the storage of such personal information into a cookie go unseen/ unobserved but also the access to it because it is not visible to the naked eye (it all happens in the background). This information can be used to track the way you browse (surfing habits) and this information if known to other users will enable them to know what you did on the system and also allow them to misuse it.

13. Clear PlugIns - PlugIn is a add-on (hardware or software) module that adds a specific feature, functionality or service to an existing system. For example - Netscape navigator uses PlugIns to display different types of audio or video messages. This information if known to other users can be used to trace the URL's or web pages you visited and misuse it.

14. Clear ActiveX - ActiveX is a technology developed by Microsoft. ActiveX is a set of rules that specify how applications should share information. With an ActiveX-enabled browser, ActiveX controls can be downloaded as part of a Web document to add functionality to the browser (similar to Java applets). This information if known to other users can be used to track the sites and pages you visited and misuse it.

15. Clear History - When you visit a site, the site name along with the pages opened, images or files downloaded, etc.... are stored in your system in a folder called the history folder, the next time you visit the same site, the browser checks this history folder and quickly opens the website with the information it already has about the website.As a result, the history folder offers a very easy way to find out about the sites you have accessed and this information if known to other users can be used to track the sites and pages you visited and misuse it.

16. Unselect All - this option de-selects all the options you had selected from this list.

17. Select All - this option selects all the options available in the list

18. Run Checked - this option runs/executes the auto-eraser to clear all the selected options from the list, thus aiding in fine tuning and improving the system's performance.


At the bottom end of the same page, there are other options available like -

1. Browsers - these are the list of browsers that are supported by this module.

2. General - this displays all of the above mentioned options to be selected for use

3. Cache - displays the list of cached items.

4. Cookies - displays the list of cookies.

5. ActiveX - displays the list of ActiveX components.

6. PlugIns - displays the list of plugin components.

7. History - displays the history of the websites surfed.

8. Files & Folders - displays the list of files & folders that would be cleared/deleted when this auto-eraser is run/executed, it displays all system, read only and hidden files.

9. Advanced - this is an option to further customize which files need to be cleared/deleted from the system.

a) MS Office - it includes files from the MS-Office suite like Word,Excel,Powerpoint,FrontPage and Access.

b) Windows - it includes files from tasks performed within the windows environment like temp files created by the Scan Disk, ClipBoard Data, Start Menu Order History, Registry Streams MRU & Applicatioon Log.

c) Others - it includes files created by other softwares like Windows Media Player play list, Windows Media Player History.

d) Select All - All the options listed above would be checked.

e) Unselect All - All the options listed above would be unchecked.

f) Internet Explorer - the files held within the browser (IE) like cookies are treated differently and for which these options are available -

Options -

a) List of cookies - lists the cookies detected on the system.

i) Add to Exclude list - you can add any cookie listed to the exclude list.

ii) Remove from the Exclude list - you can delete any cookie from the list

b) Exclude list of cookies - the cookies that are excluded from the list are displayed here, i.e. the cookies that are added to the exclude list (just above).


Other options -

Save - this option enables the user to Save the settings done.

Refresh - this option refreshes itself and displays the latest status.

File Rights

The latest version of eScan that has this feature is 9.x and is available in these editions - Antivirus(AV), Virus Control(VC), Professional(PRO), Internet Security Suite(ISS), Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit)

This is the sixth option page available in the eScan Content Administrator. It can be accessed by right clicking on the green 'e icon added to the systray after installing eScan.

It has different options like "Do not allow remote users to modify the following local files", "Allow modification for following files", "Do not allow remote users to create and modify following local files" and "Allow creation and modification for following files".

A) Do not allow remote users to modify the following local files:

this option is not enabled by default. When enabled, this option does not allow any remote user to modify any of the local files.

B) Allow modification for following files:

this option is not enabled by default. When enabled, this option allows a remote user to modify any of the local files.

C) Do not allow remote users to create and modify following local files:

this option is not enabled by default. When enabled, this option does not allow any remote user to create and modify any of the following local files, for example - autoexec.bat, config.sys,win.ini,*.com,exe,bat,dll,eml,nws,ocx,pif,rar,scr.

For example - when a worm gets onto a system, it never remains dormant, but propagates itself throughout the network (using network shares). When the above option is enabled, it prevents/blocks the worm from spreading itself on the network (other systems) i.e. from creating and modifying the system's local files among others like the one's mentioned above. These file types can be customized as per one's requirements.

D) Allow creation and modification for following files:

this option is not enabled by default. When enabled, this option allows any remote user to create and modify any of the following local files, for example - spool\*,sys\es_setup\*,tmp\*,win\*.idx,win\*.swp,win\sysvol\*,win\temp\*

For example - if a network administrator wants to deploy a software on the network (all systems)and as is evident, for this task to be successful requires a temporary storage space on the target/ destination. As per the above option (C), incase on the target/destination the temporary storage space [where the software is being deployed needs to be copied and extracted (\windows\temp)] is not available, then the software that is being deployed by the administrator would never get installed on the target/destination systems,so,to overcome this, the option to allow creation and modification for certain files and folders is made available. These file and folder types can be customized as per one's requirements.

Other options -

Default - this option helps to revert back on the original settings of the software.

Save - this option enables the user to Save the settings done.

Refresh - this option refreshes itself and displays the latest status

Notifications

The latest version of eScan that has this feature is 9.x and is available in these editions - Virus Control(VC), Professional(PRO), Internet Security Suite(ISS), Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit)

This is the seventh option page available in the eScan Content Administrator. It can be accessed by right clicking on the green 'e icon added to the systray after installing eScan.

It has different options like "Warning Notification Settings", "Warning Mails" and "Delete Mails from User".

A) Warning Notification Settings:

this section describes the different notifications(warning messages) that are sent by eScan.

1. Virus Alerts:-

These are the different types of email alerts that are generated by eScan in different conditions.

a) Show Alert Dialog Box - this option is enabled by default. This option displays a screen notifying that a virus,worm,trojan, etc... has been detected and the action taken.

b) Attachment Removed Warning to Sender - this option is enabled by default. This option sends out a notification to the sender of the email when an offending attachment is removed by eScan.

c) Attachment Removed Warning to Recipient - this option is enabled by default. This option sends out a notification to the recipient of the email when an offending attachment is removed by eScan.

d) Virus Warning to Sender - this option is enabled by default. This option sends out a notification to the sender of the email when a virus is removed by eScan.

e) Virus Warning to Recipient - this option is enabled by default. This option sends out a notification to the recipient of the email when a virus is removed by eScan.

f) Content Warning to Sender - this option is not enabled by default. This option sends out a notification to the sender of the email when offending content is removed by eScan.

g) Content Warning to Recipient - this option is enabled by default. This option sends out a notification to the recipient of the email when offending content is removed by eScan.

h) Browse - this option helps you to select the appropriate warning message and customize it as per your requirement. MicroWorld recommends not to change the default warning message.

Note - as per point (f), this option is not enabled by default for a simple reason, for example - when a spam email arrives and eScan takes necessary action on it, it is illogical for eScan to send out a notification email warning alerting or updating the sender that because of offensive content the email was blocked. Basically, the email that is blocked is from a spammer and/or from a malware [worm infected system]that sends out bulk emails, hence is illogical to send out notification email warning back to a spammer or a worm generated email.

B) Warning Mails:

in this section the email address/es are specified as to who all would be notified (sender and receiver).

1. From:- this is the sender email address that would be used for the notification email.

2. To:- this is the recipient's email address of the notification email.


C) Delete Mails from User:

here, the email address/es are defined of the people from whom you don't wish to receive email/s from. To add, just type the email address in the field provided, for example - abc@xyz.com, once added, henceforth, all emails coming from this email address would automatically get deleted before being downloaded onto the system. This option can be further customized by adding a domain to the list from where you don't wish to get emails from, for example - *@xyz.com. In other words, not only email address/es can be defined like abc@xyz.com but domains too like *@xyz.com (wildcard is supported).

Other options -

Save - this option enables the user to Save the settings done.

Refresh - this option refreshes itself and displays the latest status.

General Overview

The latest version of eScan that has this feature is 9.x and is available in these editions - Virus Control(VC), Professional(PRO), Internet Security Suite(ISS), Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit)

This is the eighth option page available in the eScan Content Administrator. It can be accessed by right clicking on the green 'e icon added to the systray after installing eScan.

It has different options like "Enable Splash Screen", "Import/Export" & "View Log".

A) Enable Splash Screen:

this option displays a screen when an object or objectionable content is found in an email along with the action taken.

B) Import/Export:

this option is useful in maintaining the configuration settings of the software for future reference.

1. eMail Content Scanning - with this, all the words/phrases defined in the option of eMail Content Scanning can be exported or imported.

2. Webpage Scanning - with this, all the categories like Pornography, Gambling, Websites_Allowed defined in the option of Webpage Scanning can be exported or imported.

3. Popup Filter - with this, the sites on which popup's are allowed (white list) in the option of Popup Filter can be exported or imported.

4. eMail Attachment Control - with this, all the file types (attachments) that are defined in the section of Block Attachments types of the eMail Attachment Control option page can be exported or imported.

C) View Log:

this option is helpful in viewing different logs of the eScan software. These are logs that are created and maintained by eScan of the different tasks it performs.

1. eMail Scan - this is the log that holds all the email scan activity done by eScan.

2. Auto Update - this is the log that holds all the polling interval details (query) done to the update servers to download the latest AV Updates/Definitions.

3. Download - this is the log that holds details of the download activity done (AV Updates/Definitions).

4. Report - this is the log that holds details of the system whether infected or clean.

5. Quick Scan - this is the log that holds complete scanning details done by the software.

6. eScan Management Console - this is the log that holds details of activities done by the Management Console (also called eServ).

7. eScan Remote Administration - this is the log that holds the details of activities done by the Remote Administration of eScan

8. Webpage Scan - this is the log that holds the details of activities of the Http Filter/Parental Control (webpage scanning module).

9. Popup Filter - this is the log that holds the details of activities of the Popup Filter.


Other options -

Save - this option enables the user to Save the settings done.

Refresh - this option refreshes itself and displays the latest status.

USB Control

The latest version of eScan that has this feature is 9.x and is available in these editions - Internet Security Suite(ISS), Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit)

This is the ninth option page available in the eScan Content Administrator. It can be accessed by right clicking on the green 'e icon added to the systray after installing eScan.

It has different options like "Enable USB Control" and "Whitelist".

A) Enable USB Control:

this option is useful in controlling the execution of unwanted and harmful programs in an organization's network from a USB.

1. Settings:- this option helps to customize the access to a USB Device and thereby control it.

a) Ask for password - this is the default option set, it authorizes (valid credentials) the usage of the USB Device on a system without which access to the USB Device is not granted.

i. Use eScan Administrator - the password applied/given for the eScan Administrator would be used to access the USB Device.

ii. Use Other password - any other password (other than the eScan Administrator) needs to be applied/given, once supplied, access to the USB Device would be granted.


2. Do Virus Scan - this is the default option set, it scans the USB Device for any virus infection.

3. Read Only- USB - this scans for any virus infection when the USB Device is read/accessed.

4. Disable AutoPlay - this option is very important as it helps in controlling the auto-execution of any program when the USB Device is inserted/pluged on a system.

B) Whitelist:

This is a whitelist of USB Devices (authorized usb devices) that can be accessed on a particular system. The details of these authorized USB Devices include it's Serial Number and the Device Name.

The USB Control is an Anti-Data Theft prevention system. It helps to stop all unwanted and harmful programs from being run/executed on a system as well as the network, thus preventing the system and network from being de-graded, securing the systems and networks from malware attacks that spread themselves using this mode and above all keeping a check and control on the movement/leakage of classified confidential private data.

Other options -

Save - this option enables the user to Save the settings done.

Refresh - this option refreshes itself and displays the latest status.

Application Control

The latest version of eScan that has this feature is 9.x and is available in these editions - Internet Security Suite(ISS), Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit)

This is the ninth option page available in the eScan Content Administrator. It can be accessed by right clicking on the green 'e icon added to the systray after installing eScan.

It has different options like "Enable Application Control" and "List of Blocked Applications".

A) Enable Application Control:

this option is useful in controlling the execution of unwanted and harmful programs in an organization's network.

1. Enter Application to Block - this option helps to select (by browsing/searching) the programs (unwanted and harmful) that you want to block from running/executing in a network, thus preventing the systems and networks from being chocked/clogged and also securing the systems and networks from malwares.

B) List of Blocked Applications:

this option lists all the programs that are blocked from being run/executed. It also has the option to allow these same programs to be run/executed and to do so, simply select the program that you want to allow from the available list and choose the allow option or right click on the desired program/s that you want to allow from the available list and select the allow option.


Other options -

Save - this option enables the user to Save the settings done.

Refresh - this option refreshes itself and displays the latest status.

Other Options

The latest version of eScan that have these features is 9.x and is available in these editions - Virus Control(VC),Professional(PRO), Internet Security Suite(ISS),Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit)

The options available in the eScan Content Administrator (on the right hand side above corner) can be accessed by right clicking on the green 'e icon added to the systray after installing eScan.

The different options available are "Change Password", "License Information", "About Content Administrator" and "Help".

A) Change Password:

this option is helpful in restricting unauthorised user/s from accessing and changing the configuration settings of eScan. Once the password is applied, the administrator of the eScan software (no user including the local user of the system) is the only person who can configure/reconfigure the settings of eScan.

B) License Information:

this option helps in knowing the license details of the eScan software. It displays the license version, the period of the license key (when the software contract ends - needs to be renewed) along with the license key.

C) About Content Administrator:

this option displays more details of the Content Administrator like it's version and build, the developers details like website, contact email address and a copyright warning.

D) Help:

this option when clicked on displays the help manual of the software.

eScan - On Demand Scan (ODS)

The latest version of eScan that has this feature is 9.x and is available in these editions - AntiVirus(AV), Virus Control(VC), Professional(PRO), Internet Security Suite(ISS), Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit)

After installing eScan, this is the first option available and accessible, by right clicking on the green 'e icon added to the systray (Start eScan for Windows).

It has different options like "Virus Check", "Status", "Scheduler", "Options" and "Logs".

A) Virus Check:

this option enables you to check -

1. Check memory, registry and services - this option checks the system memory, registry and services that load at system startup/bootup for any infection from malwares.

2. Check computer - this option checks the system local disks for any infection from malwares.

3. Check floppy disks - this option checks the system floppy disk drive for any infection from malwares.

4. Check directories/files - this option checks for the system's specific directories and files.

At the bottom end of this Virus Check page, an additional option is available, viz- start.

1. Start - runs/executes the desired process like "check computer", "check directories/files", etc...


B) Status:

this option displays the latest status of the AntiVirus part of eScan, it gives details on...

1. Virus Monitor - this option displays the status of the virus (file) monitor if active (enabled) or inactive (disabled). By default, the virus monitor is always set to active (enabled).

2. Automatic Update - this option displays the status of the updater if active (enabled) or inactive (disabled). By default, the updater is always set to active (enabled).

3. Date of virus signature - this option displays the date and time of when the software was last updated.

4. Last computer scan - this option displays the date of the last (full) scan done of your system/computer. The information displayed here, is only when the scan has been completed successfully.

At the bottom end of this Status option page, two additional options are available, viz- refresh and start.

1. Refresh - displays the latest status 2. Start - runs/executes the desired process like "automatic update", "last computer scan", etc...displaying the latest status and/or change from active to inactive.


C) Scheduler:

this option is used to set or assign a task of scanning. The option of "Add new task" available at the below end of the "Scheduler" page enables the administrator/user to configure/set a scheduled task (scan), the requirements of which are as below -

1. Job a. If the program should start in the background or foreground

b. If the program should quit if a virus infection is detected

2. Analysis extent a. Check local hard drives

b. Check for specific directories and files

3. Schedule a. When the program should run/execute

i) Once, Hourly, Daily, Weekly, Monthly, With System Startup ii)Time

4. Virus Check a. In the case of an infection - the default action set is to "Automatic", but can be set as per requirements.

b. Priority of Scanner - the default action set is on "Normal", but can be set as per requirements.

c. File types - the default action set is on "Automatic", but can be set as per requirements.

d. Settings - these are the different ways of detecting an infection on the system's different objects and areas and they are as mentioned below:-

i) Heuristic: The system is checked for any suspicious activity/unusual sequence, pattern or behavior and when detected, the software takes the necessary action.

ii) Packed Files: Files that are zipped are scanned.

iii) Prepare Log: A log of all the scanning activity is generated and maintained.This includes details of when the scan was run, infected file names along with the path and action taken.

iv) Full Log: A full (detailed) log is maintained of the activities done by the scanner.

v) Archived Files: Files that are archived are scanned.

vi) System Area: The system areas like the boot or partition sectors are scanned.

At the bottom end of this Scheduler option page, four additional options are available, viz- refresh, clear all, add new task, start now and edit.

1. Refresh - displays the latest status 2. Clear All - clears/deletes all the scheduled scans. 3. Add new task - this enables to define a new task (scan). 4. Start - this enables you to start the scan process manually. 5. Edit - this enables you to edit settings of the scan task defined.


D) Options:

this option helps in customizing the On Demand Scanner (ODS) using the below -

1) Virus Check -

a. In the case of an infection - the default action set is to "Automatic", but can be set as per requirements.

b. Priority of Scanner - the default action set is to "Normal", but can be set as per requirements.

c. File types - the default action set is on "Automatic", but can be set as per requirements.

d. Settings - these are the different ways of detecting an infection on the system's different objects and areas and they are as mentioned below:-

i) Heuristic: The system is checked for any suspicious activity or behavior/unusual sequence, pattern and when detected the software takes the necessary action.

ii) Packed Files: Files that are zipped are scanned.

iii) Prepare Log: A log of all the scanning activity is generated and maintained.This includes details of when the scan was run, infected file names along with the path and action taken.The path can be customized as per requirements.

iv) Only infection to be logged: The log would only have details of the infection and none other details.

v) Full Log: A full (detailed) log is maintained of the activities done by the scanner.

vi) Check Memory: this option when enabled, would check the system's memory (ram).

vii) Archived Objects: Files that are archived are scanned.

viii) System Area: The system areas like the boot or partition sectors are scanned.

ix) File size limit for scanning: this option helps to set the limit for scanning based on the size of the file (beyond which the scanner would not scan). By default, the limit is set to 5 MB.

x) Calculate Analysis: this option calculates and displays the details of the analysis done and/or it displays after calculation the remainder(percentage) of the scan to be done.

xi) Send mail to admin if infection is found: this option helps in notifying the administrator of eScan or the network (designated) that an infection was detected on the system.

Other option:

1) Set to default: this option will revert back to the original/default settings i.e. all the latest changes made to the eScan "Virus Check" option page would be lost.


2) Alert -

this option helps in alerting/notifying the user in the below said conditions -

a) Warn, if virus signature is more than - this option is set as default. It notifies/alerts the user if the virus signature is more than 3 days old.

b) Warn, if the last computer analysis was more than - this option is not set as default. It notifies/alerts the user if the last computer analysis done is more than 14 days old.

3) Restrictions -

this option helps in speeding up the scan process and also in best utilizing the system's resources.

a. Delete infected files having these extentions - this is a list of file types that would be deleted if found infected by default. It can be customized as per requirement and also set to default.

b. Size Restrictions for files having these extentions - this is a list of file types that would not be scanned if the size exceeds the defined limit. It can be customized as per requirement and also set to default.

c. Scan Restrictions for files having these extentions - this is a list of file types that would not be scanned. It can be customized as per requirement and also set to default.

Other option:

1. Set to default: this option will revert back to the original/default settings i.e. all the latest changes made to the eScan "Virus Check" option page would be lost.

At the bottom end of this Options option page, two additional options are available, viz- refresh and save.

1. Refresh - displays the latest status 2. Save - saves all the settings done.


E) Logs:

this option enables you to check the logs created and maintained within the software. It displays, the complete details like the "File Name", "Start Time" and "Directory" where the logs are stored.

At the bottom end of this Log option page, two additional options are available, viz- refresh and clear all.

1. Refresh - displays the latest status 2. Clear All - clears/deletes all the logs.

Scan Floppy Disk

The latest version of eScan that has this feature is 9.x and is available in these editions - AntiVirus(AV), Virus Control(VC), Professional(PRO), Internet Security Suite(ISS), Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit)

After installing eScan, this is the third option available and accessible by right clicking on the green 'e icon added to the systray.

This option enables you to scan the floppy disk/s for any infection from malwares like viruses, trojans,etc...

eScan Updater Settings

The latest version of eScan that has this feature is 9.x and is available in these editions - AntiVirus(AV), Virus Control(VC), Professional(PRO), Internet Security Suite(ISS), Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit)

After installing eScan, this is the fourth option available and accessible by right clicking on the green 'e icon added to the systray.

This option helps in correctly configuring the update module or updater of eScan so that the AntiVirus Definitions are downloaded and applied to the software.

When the eScan Updater is run/executed, there are four option pages available within like "General Config", "FTP Config", "HTTP Config" and "UNC Config".

A) General Config -

This is the configuration page through which you can configure the modes of download, how the system is connected to the internet, notification message, scheduler, after update, update now, change server among many other things.

1. Mode of download - this helps in selecting the mode of how the updates would be downloaded among the other options available.

i) FTP - this is the File Transfer Protocol (FTP) method of downloading the updates. When selected, the same has to be configured on the FTP Config page, as explained below.

ii) HTTP - this is the Hyper Text Transfer Protocol (HTTP) method of downloading the updates. When selected, the same has to be configured on the HTTP Config page, as explained below.

iii) Network - this is the Network method of downloading the updates (Universal Naming Convention). When selected, the same has to be configured on the UNC Config page, as explained below.

iv) HTTP site for checking updates - this is the default link that is queried when the software checks for an update (http://www.microworldsystems.com/sendinfo) on port 80.

v) HTTP Proxy Server IP and Port - the Http Proxy Server IP Address and Port have to be defined, using which the download of the updates would happen.

a) Login name - if the HTTP Proxy Server requires authentication then the valid credentials need to be provided, like the login name.

b) Password - if the HTTP Proxy Server requires authentication then the valid credentials need to be provided, like the password.

vi) Update Notification - this option when enabled helps to send an email notification/alert to the email address specified in the "TO" field of the "Update Notification" option.

vii) Download via Proxy - this option field need to be enabled when the eScan (server) system is not directly connected to the internet and is behind a proxy server.

viii) Scheduling - this is the scheduler which automatically polls/queries to the internet and downloads the latest updates. The time interval can be set as per requirement (the time is set in minutes) afterwhich it would automatically download the latest updates.

ix) After Updating - this is an option provided among many others that helps incase there is a need to run/execute a particular application/program after a successful download of the updates is done.

x) Update Now - this option will manually download the latest antivirus updates, for which one needs to click on the "Update Now" option.

xi) Change Server - this option is very useful when you wish to update one eScan server from the other.

If you have an IT infrastructure that is geographically located in different parts of the country, then too MicroWorld's eScan solution can update and distribute it's updates/definitions to these or any other eScan servers.

For example -

If you have a company's Head Office [H.O.] in New York and other branch offices in California, Texas and Tennessee, then in this case, the H.O. eScan Server can be designated as the Primary eScan Server while the other branch offices viz - California,Texas & Tennessee to have the Secondary eScan Servers.

Now, these secondary eScan servers can be configured to update themselves from the primary eScan server by defining the Primary eScan Server's IP Address in the "Change Server" option provided, thus saving your valuable internet bandwidth and updating the antivirus definitions locally (lan). It support and works very well on a LAN,MAN,WAN.

B) FTP Config -

this option is used when the FTP method of downloading is selected in the General Config page. The below details need to be provided in the respective fields:-

1. Select Download site - this is the default site from where the updates would be downloaded (ftp.microworldsystems.com) and this is the directory from where the updates would be downloaded (/pub/update).

2. FTP Proxy Server details - the Ftp Proxy Server IP Address and Port have to be defined, using which the download of the updates would happen.

i) Login name - if the FTP Proxy Server requires authentication then the necessary valid credentials need to be provided, like the login name.

ii) Password - if the FTP Proxy Server requires authentication then the necessary valid credentials need to be provided, like the password.

c. Logon Type - the FTP server that is going to be used for downloading the updates may require additional configuration settings by which it authenticates the login. There are different logon types as explained below:-

i) User@siteaddress - This is the format the proxy server requires the logon to be in.

ii) OPEN siteaddress: This is the format the proxy server requires the logon to be in.

iii) PASV Mode: This is the format the proxy server requires the logon to be in.

When a system connects to a proxy server, the proxy server may filter unwanted data and access may not be granted. By using the passive or PASV mode, the server opens a random port, not secured by the proxy and allows it to connect.

iv) Socks: This is the format the proxy server requires the logon to be in. The version specific numbers like 4, 4A, 5 can be selected from the list box provided only when the Socks option is selected.

C) HTTP Config - this option is used when the HTTP method of downloading is selected in the General Config page.

a. Select Download site - this is the default site from where the updates would be downloaded (http://www.microworldsystems.com) and this is the directory from where the updates would be downloaded (/pub/update).

D) UNC Config - this option is used when the "Network" method of updating is selected in the General Config page. For example - when there are multiple eScan servers in a network and they need to be updated locally (without connecting to the internet), the UNC method of downloading is used.

a. Source UNC Path - the name and path to the shared drive and directory of the main (primary)server needs to be provided in this field, i.e. the server system where all the antivirus updates reside, are downloaded first. For example - \\abc\c\pub\update.

E) Other options - 1. Hide All Icons - this option hides all icons of the software that are added to the systray after installation, as a result, there is no trace of the software being installed.

2. Save - this option saves the settings done.

3. Hide - this option hides the eScan Updater Settings configuration window page.

Download eScan Update

The latest version of eScan that has this feature is 9.x and is available in these editions - AntiVirus(AV), Virus Control(VC), Professional(PRO), Internet Security Suite(ISS), Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit).

After installing eScan, this is the fifth option available and accessible by right clicking on the green 'e icon added to the systray.

This option helps in manually downloading the latest antivirus definitions/updates of the software.

View Log Files

The latest version of eScan that has this feature is 9.x and is available in these editions - Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit).

After installing eScan, this is the sixth option available and accessible by right clicking on the green 'e icon added to the systray.

View Log Files -

This option helps to view the latest reports/logs of the eScan software. It has different logs maintained like the Management Console, Auto Update, Download, Virus List, Monitor,etc...

A) Management Console - this functionality is ONLY part of the above mentioned eScan editions. This log has all the enteries related to the eScan Management Console (EMC) like the time when the EMC was started, the EMC announcement mechanism if disabled or enabled, HTTP Server if disabled or enabled, FTP Server if disabled or enabled, eScan Auto-Install mode if disabled or enabled, the connection status of the system (IP Address) that are downloading the updates, the View mode, the License Status, etc...

B) Auto Update - this log has all the enteries related to the polling(query) that actually happens or is done by eScan before downloading the latest updates/definitions (cure) to the latest threats out in the wild.It has details like the eScan Server Updater build number, the path where these definitions would be copied to, if the system could connect to the remote server site for updates,if the task was successful, if the update version (remote) matches the version available on your local machine.

C) Download - this log has all the enteries related to the download of the updates like the date and time when the downloader was started, the connection type, the update (definition) files being downloaded along with it's size, the status of the update files downloaded, i.e. if the size of local files matches with that of remote files.

D) Virus list - this log has all the enteries related to all malwares being dectected and taken care off by eScan.

E) Monitor - this log has all the enteries related to the latest status of the system like if the system is infected or not, when the infection was found and in which path, the name of the virus and the action taken, total viruses detected, the date of when the last virus was detected,etc...

Send Debug Information

The latest version of eScan that has this feature is 9.x and is available in these editions - AntiVirus(AV), Virus Control(VC), Professional(PRO), Internet Security Suite(ISS), Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit)

After installing eScan, this is the seventh option available and accessible by right clicking on the green 'e icon added to the systray.

This option helps in generating a debug file which equips the techical department of MicroWorld in analyzing the problem being faced at the user end and accordingly then give a solution.

Enable eMail/Webpage Scanning

The latest version of eScan that has this feature is 9.x and is available in these editions - Virus Control(VC), Professional(PRO), Internet Security Suite(ISS), Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit)

After installing eScan, this is the eighth option available and accessible by right clicking on the green 'e icon added to the systray.

This option helps in manually enabling the email and webpage scanning within the software.

Enable File Rights

The latest version of eScan that has this feature is 9.x and is available in these editions - AntiVirus (AV), Virus Control(VC), Professional(PRO), Internet Security Suite(ISS), Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit)

After installing eScan, this is the ninth option available and accessible by right clicking on the green 'e icon added to the systray.

This option helps in manually enabling/disabling the File Rights within the software, this option is also called as the "NetBIOS Firewall".

Monitor Settings

The latest version of eScan that has this feature is 9.x and is available in these editions - AntiVirus (AV), Virus Control(VC), Professional(PRO), Internet Security Suite(ISS), Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit).

After installing eScan, this is the eleventh option available and accessible by right clicking on the green 'e icon added to the systray.

It has different options like "eScan Monitor Settings", "Disable eScan Monitor" and "Unload eScan Monitor".

A) eScan Monitor Settings:

this option helps is customizing the eScan Monitor (real-time scanner) module and other associated functions as per requirements.

There are different options available within like -

1. Status -

this option displays the latest status of the eScan Monitor (real-time scanner).

a. Anti-Virus Software - this displays if the anti-virus software is runnning (on) or not (off).

b. Action - this displays the default action that is taken if an infection is found, the action set is to first Disinfect and then Delete.

c. No. of known viruses - this displays the current number of viruses being detected.

d. Total Objects Scanned - this displays the total number of objects scanned.

e. Total Objects Deleted - this displays the total number of objects deleted.

f. Last Scanned Object - this displays the last object scanned along with it's path.

g. Automatic Updating - this displays if the eScan Updator is Active or Inactive.

h. Date of Virus Signature - this displays the date and time of when the last update/definition was downloaded and applied.


2. Objects -

this option helps in customizing the different objects that need to be scanned, actions to be taken along with the exclusions which can be set as per requirements.

  • On the left hand side:-

a. Objects to tbe scanned - this lists the drives removable and non-removable including the network drives that would be scanned.

  • On the right hand side:-

a. Action in case of virus detection -

the default action set is to first disinfect (clean) and then delete. It is recommended, that you do not change the default settings.

b. Scan local removable disk drives -

this option scans for all local removable disk drives attached onto the system like the floppy, cd, usb, etc...

c. Scan local hard disk drives -

this option scans for all the local hard disk drives.

d. Scan network drives -

this option scans for the network drives (mapped) onto this system.

e. Scan files of following types -

this option enables you to choose the file types (objects) that need to be scanned in case found infected.

i. All Infectable -

this option scans for all objects that are infectable.

ii. All -

this option scans for all objects.

iii. By Mask -

this option scans for all file types (objects) that are listed in this section.

f. Exclude by mask -

this option excludes or does not scan file types (objects) that are listed in this section and the same can be customized as per requirements.

g. Not a virus list -

this option excludes or does not scan file types (objects) that are listed in this section and the same can be customized as per requirements. For example - remote admin software like Vnc, RaAmin, etc...

h. Exclude folders -

this option excludes or does not scan folders that are listed in this section and the same can be customized as per requirements.

i. Scan compound objects -

this option enables to scan files that are archived and packed.

j. Enable code analyser -

this option scans for suspicious objects or unknown activity happening on the infected object using the heuristic analyser i.e. it scans using the traditional method of detecting an object as infected based on the definitions/updates (cure) available within the software but in addition, also checks for the behavioral activity happening on the system.


3. Options -

this option is helpful in defining the path of the report file (log), folder to be used in case of an infection, size limit of the compound object.

a. Save report file -

this option enables you to select the path of the report file (log), this would log information on the packed files scanned.

b. For renaming or copying of infected objects -

this option enables you to select the action to be taken when a file has to be renamed or copied to another folder, the default action set is to rename the infected object to .VIR extension.

c. Limit compound object size to (KB) -

this option enables you to set the size of the compound object for scanning, the default value set is 800.


4. Customize -

this option helps to further customize the sound and attention warnings (alerts) when an infection is found.

a. Use sound effects for the following events -

when an infected object is detected, the infected.wav file would be used to generate a sound to notify the user of the detection and the action taken on the infection.

b. Display attention messages -

this option when enabled would display a attention warning (alert) displaying the path and name of the infected object.


5. Statistics -

this option displays the latest statistics of the real-time monitor like -

a. The current details of the system date and time -

this displays details of the current system date and time along with the details if the eScan Anti-Virus monitor is loaded (running) or not.

b. The number of viruses being detected -

this displays the current total number of known viruses being detected.

c. The scanning details -

this displays the scan details like the total objects, compound objects,packed object, last object, virus name and clean objects.

d. The found details -

this displays the found details like the known virus,virus bodies,disinfected,deleted,renamed,suspicious,corrupted, I/O errors.


6. Quarantine -

this option displays the files that are quarantined and taken as backup

a. Quarantine -

this option displays the files that are quarantined.

b. Backup -

this option displays the files that are backed up before taking any action.


Other Options -

1. Set to Default -

this option when clicked on reverts (sets) to the original settings of the eScan Monitor.

2. View Monitoring Options -

this option when clicked on displays the settings based on which the real-time monitor works on.


B) Disable eScan Monitor:

this option disables the eScan Monitor. It is not recommended to disable the eScan Monitor, if done, the real-time monitoring activity would not be performed and the malwares would not be checked.


C) Unload eScan Monitor:

this option unloads the eScan Monitor. It is not recommended to unload the eScan Monitor, if done, the real-time monitoring activity would not be performed and the malwares would not be checked.

TCP Connections

The latest version of eScan that has this feature is 9.x and is available in these editions - AntiVirus (AV), Virus Control(VC), Professional(PRO), Internet Security Suite(ISS), Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit).

After installing eScan, this is the twelveth option available and accessible by right clicking on the green 'e icon added to the systray.

It has different options like "Active Connections" and "Established Connections".

A) Active Connections:

1. Process -

this tab on the active connections page displays the total number of process/es that are active in the background and working

2. Protocol -

this tab on the active connections page displays the protocol being used by these process/es,

3. Local Address -

this tab on the active connections page displays the local address from where these processes have started/originated from.

4. Remote Address -

this tab on the active connections page displays the remote address to where these processes are connecting to.

5. Status -

this tab on the active connections page displays the status of the connection of a particular process or all


B) Established Connections:

1. Process -

this tab on the established connections page displays the total number of process/es that are active in the background and presently on.

2. Protocol -

this tab on the established connections page displays the protocol being used by these process/es,

3. Local Address -

this tab on the established connections page displays the local address from where these process/es have started/originated from.

4. Remote Address -

this tab on the established connections page displays the remote address to where these process/es are connecting to.

Note:-

This TCP Connections module is helpful in precisely knowing which process/es are running in the background, using which protocols, the local address from where it is originating from and the remote address to where it is connected to along with it's status. So, in case you suspect your system to be infected with any malware/s, this module basically helps in identifying the process/es along with it's other characteristics (mentioned above) and then take an informed decision (by right clicking on the process/es) to either check the process/es properties, find information/detail if available on the said process/es, kill/end the process/es, etc... thus resulting in restricting/blocking any and all malware/s activity.

System Information

The latest version of eScan that has this feature is 9.x and is available in these editions - AntiVirus (AV), Virus Control(VC), Professional(PRO), Internet Security Suite(ISS), Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit). After installing eScan, this is the thirtienth option available and accessible by right clicking on the green 'e icon added to the systray.

It has different options like "Details" and "Sharepoints".

A) Details:

this option enables you to check and retrieve the details pertaining to the system like -

1. Machine Identification –

this displays the machine identification details like the host name (machine name), user name, boot information, the last boot and for how long the system has been up and runnning, etc...

2. Operating System -

this displays the operating system details like the operating system being used, it's version, product identity, installed suites, environment, etc...

3. CPU -

this displays the CPU identification details along with it's features.

4. Memory -

this displays the physical total memory installed on the system along with it's properties.

5. Display -

this displays the display adapter properties and capabilities.

6. APM (Advanced Power Management) -

this displays the APM status along with the Battery.

7. Media -

this displays the available devices along with the sound devices.

8. Software -

this displays the details of the softwares installed/

9. Startup -

this displays the items that make the startup like the startup group (common), startup (user),win.ini, registry startup - run once,HKCU\Run,HKLM\Run.

10. Processes -

this displays the total number of processes that are currently loaded in the background. These are displayed along with the PID, Image Name and the Location.

11. Time Zone -

this displays the current time zone set for the system.

12. Network -

this displays the network adapters, IP address, MAC address, WinSock details.

13. Devices -

this displays the devices attached on the system.

14. Printers -

this displays the printers attached on the system, it's properties too can be checked.

15. Engines -

this displays the engines found if any on the system like Microsoft Data Access Objects, Borland Database, etc... along with DirectX drivers and devices.

16. Drives -

this displays the drives attached on the system, the file system type (fat32,ntfs), the serial number, it's capacity and free space available, bytes/sector,sector/cluster, total clusters,free clusters.

B) Sharepoints:

this option enables you to check and retrieve the details pertaining to the share points (shares) and other details available of the system like -

1. Shares -

this displays the shares that are available with other details like it's name,path,type,descriptor,maximum users, current users,permissions and comments along with the connections.

2. Sessions -

this displays the sessions that are open with other details like machine, user, type, open files,connected time, idle time, guest.

3. Open Files -

this displays the files that are open with other details like file name, accessed by, locks if any and the mode (open or close).

About eScan

The latest version of eScan that has this feature is 9.x and is available in these editions – AntiVirus (AV), Virus Control(VC), Professional(PRO), Internet Security Suite(ISS), Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit).

This is the fourthienth (second last) option page available in the eScan Content Administrator. It can be accessed after installing eScan, by right clicking on the green 'e icon added to the systray.

When clicked on "About eScan", it displays details of this particular software program like the edition and version of eScan, the developer of the software, the developer’s website address and other details like the copyright,portions if any and a legal warning.

A) Edition and Version of the eScan software -

the first line of the "About eScan" page displays the edition alongwith the version of the software.

For example - eScan Corporate for Windows is the edition being used and (9.0.779.170) is the version (this is the latest released version of eScan on MicroWorld's website).

B) The developer of the software -

the second line of the "About eScan" page displays the details of the developer of the software.

C) The developer's website address -

the third and subsequent lines of the "About eScan" page displays the details of the website address of the software developer, contact email address, copyright and portions.

D) Legal Warning -

this portion below on the "About eScan" page displays the warning as below:-

This program is protected by copyright laws and international treaties. Unauthorized reproduction, or distribution of this program, or any part of this program, may result in severe criminal and civil penalties, and will be prosecuted to the maximum possible extent under law.

and if anyone is found violating the same strict action is taken.

eScan Management Console

The latest version of eScan that has this feature is 9.x and is available in these editions - Corporate and Enterprise. It is compatible with Microsoft Windows operating systems like W'95,98,ME,NT 4(srv & wks),2000,2003,XP,Vista (32 & 64 bit).

The eScan Management Console (EMC) gets added ONLY when the eScan software is installed in the Server Mode and NOT the client. It’s grey color icon (wheel) gets added to the systray (on the right hand side) and can be accessed by double clicking on it.

When double clicked, it prompts for a password, once supplied, it prompts to “Start the Server”, if this option is selected, only then, would the server and clients push and pull the latest updates and the different rule-sets (policies) that may be assigned to the different user/s or different network/s. Here, if the “Ignore” option is selected, the eScan Server would not start as a result the latest updates and the different rule-sets (policies) would NOT be deployed.

Before starting the eScan server, the below mentioned settings need to be done…There are two menus available on the eScan Management Console viz.- Services and Reports.

In the Services menu, select the option of EMC Settings, clicking on this brings up a window that enables you to customize how the eScan Server should work/function.

The first option available within is:-

A) Enable Advanced Settings in ‘Deploy Rule-Sets’ wizard - This option after enabling helps in deploying the latest updates and the rule-sets (policies) to the eScan clients from this eScan Server. If this option is not enabled, the updates and rule-sets (policies) will not be deployed.

B) Start eScan RAD at Management Console Startup - This option after enabling helps to get a remote access of this EMC

C) UDP Settings - This option enables you to select the IP address of this eScan Server from where the annoucement (broadcast) of it’s availability would be made.

1. UDP Announcement IP - This option helps you to select the local IP Address of this eScan Server from where the announcement (broadcast) would be made.

D) FTP Settings - This option enables you to set the FTP server for client upload.

1. Allow Upload by clients - This option once enabled allows the eScan clients to upload their respective status on to this eScan server.

a) Maximum FTP Clients Allowed – by default, the value is set to Zero (0), i.e. ‘N’ eScan clients can upload their respective status on to this eScan Server, if required, you can set it as per your requirements.

E) Log Settings - This option enables you to set the period (duration) of the logs that should be maintained on the eScan Server for future reference.

1. Number of days client logs should be kept - by default, the value is set to Five (5) days, i.e. the logs of the eScan software would be maintained for five days in a separate folder. This separate folder would be named as per the eScan client’s name or IP Address and after this period (duration) is over, these logs would automatically be moved to a separate folder that is created as per the date.

The two menus of the EMC, viz – Services and Reports.

A) Services - This menu has different options like Start Annoucement, Normal View, EMC Settings,Set Host Configuration,Deploy License, Deploy Rule-Sets,Update All Clients,Shutdown Management Console.

1. Start Announcement - This option when clicked on starts the announcement of the eScan Server. This option basically starts the announcement (broadcast) of the eScan Server and it’s in-built HTTP Simulator works on port 3333, FTP Server works on port 2021, UDP Announcement works on port 2001.

Once the announcement of this eScan server is set on, it sends a UDP Broadcast announcing it’s availability along with it’s IP Address. The eScan server sends out this annoucement as it has an in-built announcement mechanism and this announcement (broadcast) is picked by the eScan client which has a listening mechanism, afterwhich, the eScan software updates itself throughout the network.

The basic functionality of this EMC is to update it’s clients spread throughout the network. It supports and works very well on a Lan, Man and Wan.

2. Normal View – This mode enables you to view the network the way eScan views it, i.e. after eScan is setup (installed) and the clients have updated themselves from this eScan server, the network view that you get is called the “normal view”.

There is another mode called the “network view” of viewing the network, i.e the way the network is actually setup, it can be accessed by clicking on the Services menu and the Network View option.

Alternatively, using the CTRL+K keys of the keyboard you can toggle between the Normal and Network views. The mode in which the network is being viewed is also displayed on the “System” page that is on the right hand side of the EMC.


3. EMC Settings – This option enables you to set the EMC Server Annoucement functionality.

The option available within is:-

A) Enable Advanced Settings in ‘Deploy Rule-Sets’ wizard - This option after enabling helps in deploying the latest updates and the rule-sets (policies) to the eScan clients from this eScan Server. If this option is not enabled, the updates and rule-sets (policies) will not be deployed.

B) Start eScan RAD at Management Console Startup - This option after enabling helps to get a remote access of this EMC

C) UDP Settings - This option enables you to select the IP address of this eScan Server from where the annoucement (broadcast) of it’s availability would be made.

1. UDP Announcement IP - This option helps you to select the local IP Address of this eScan Server from where the announcement (broadcast) would be made.

D) FTP Settings - This option enables you to set the FTP server for client upload.

1. Allow Upload by clients - This option once enabled allows the eScan clients to upload their respective status on to this eScan server.

a) Maximum FTP Clients Allowed – by default, the value is set to Zero (0), i.e. ‘N’ eScan clients can upload their respective status on to this eScan Server, if required, you can set it as per your requirements.

E) Log Settings - This option enables you to set the period (duration) of the logs that should be maintained on the eScan Server for future reference.

1. Number of days client logs should be kept - by default, the value is set to Five (5) days, i.e. the logs of the eScan software would be maintained for five days in a separate folder. This separate folder would be named as per the eScan client’s name or IP Address and after this period (duration) is over, these logs would automatically be moved to a separate folder that is created as per the date.

4) Set Host Configuration – This option enables you install the eScan software on the workstations or servers throughout the network. When you click on “Set Host Configuration”, a window opens up displaying the Add Host IP, Settings and Close optons.

A) Add Host IP - This option when clicked on, opens a window displaying the HOST/IP , Remarks, Username, Password and the Enable Auto- Install option.

1. Host / IP - this option enables you to manually define the Hostname and/or the IP address of the workstation that you wish to deploy the eScan software on.

2. Remarks – this option enables you to manually define remarks for this Host / IP so that it is easily identified.

3. Username – this option enables you to manually define the username for the above Host / IP.

4. Password – this option enables you to manually define the password for the above Host / IP.

5. Enable Auto-Install – this option enables you to automatically install eScan on the said Host /IP. Note: if the Host / IP is a part of the NT Domain, it is recommended to mention the username as Domain_name\Username.

B) Settings – This option when clicked on, opens a window displaying the Default Host configuration, eScan Auto-Install Settings, IP range for Auto-Install.

1. Default Host Configuration - this option enables you to define the default username and password that would be used to install (deploy) eScan on the workstations and servers.

2. eScan Auto-Install Settings – this option is useful to set when and how eScan should be installed on the workstations and servers.

a) Enable Auto-Install - this option when enabled would check after a particular interval, if eScan is present on the system or not and if not, would automatically get installed as per the settings done, i.e in the server or the client mode. The default interval is set to 60 minutes and can be changed as per requirements.

Here itself, the eScan software, can be configured to be installed either in the Server or the Client mode. When clicked on “eScan Install Options”, a window opens up prompting for the eScan software to be installed either in the Client or the Server mode, once selected the other options available are-

i. Auto Reboot after Install - This option should be selected very cautiously as the system would automatically reboot after eScan is installed. If done so, this could result in data being lost on the client if the user has not saved it before or at the time of reboot.

ii. Allow User to Disable Monitor – This option should be selected very cautiously as it enables the end user to disable the eScan Monitor (real-time scanner). If done so, it may result in the system getting infected and the malware propagating itself throughout the network.

iii. Disable eMail and Web Scan – This option should be selected very cautiously as it would disable the scanning of all email being sent and received as well as whatever you surf or browse. If done so, it may result in the system getting infected and the malware propagating iself throughout the network.

iv. Update Server – This option enables you to set the IP Address of the eScan Server, i.e the IP Address from where the updates would be downloaded by the client or from where the clients would update themselves from.The default action is set to “Auto – Detect”.

v. Setup Folder – This option enables you to set the path where the eScan software should be installed. It is recommended to apply the default path set within the software. If done so, the default path is set to \Progra~1\eScan.

3. IP range for Auto-Install – this option enables you to define an IP or an IP range for eScan to be Auto-installed if the workstation or server does not have it and the same data when input (entered) would be saved for future reference.

C) Close - This option enables you to close the “Set Host Configuration” window.


After configuring the eScan software as per the above, now, we shall talk of how to deploy the eScan software on the network (workstations and servers). For this, click on “Set Host Configuration” (Services – Set Host Configuration), in this window that opens up Select or “Add the HOST / IP” on which you want eScan to be installed and get it’s latest status (Get status of eScan installation). This option will display if the eScan software is installed or not, if installed, it would display the details like – Host Name / IP, Username, Connection, eScan Status,Version, Service Pack, Installed Directory, Monitor Status, Last Operation, Client OS, Last Update, Update Server, Server Status, Hostname.

In case, if eScan software is not installed and the connection is successful (established) then we can install the eScan software by selecting the desired workstation/s or server/s and thereby right clicking on the system and selecting the option of “Remote Install / Uninstall / Upgrade software.

This option when clicked on, opens up a window that displays options like –

A) Install/ Upgrade eScan – This option enables you to install and/ or upgrade the eScan software by installing it either in the Client or the Server mode. The details of this procedure can be obtained from the section mentioned above B -2 & 3.

B) Install Other software – This option enables you to install any other third party softwares (other then eScan), simply by defining the path to the repository (where the installable files are stored) along with the file to execute and parameters if any.

C) Uninstall other software – This option enables you to uninstall the popular anti-virus softwares.




B) Reports - Configure Mailing of Reports,Mail Reports Now,View Log,Delete Log, Delete User Logs,Clear Virus Incident Database,Clear All Virus Incident Databases,Refresh User Logs, Refresh All User Logs,About EMC.


It has different options like "Inactive", "Active", "Block Web Access", "Time Restrictions" and "Advanced". A) Inactive:


eScan Copyright © 2015 MicroWorld Technologies Inc.- AntiVirus & Content Security.       Send your feedback to solutions@escanav.com eScan Wiki

    Privacy policy  About eScan Wiki  Disclaimers