Advanced VirusScan Configuration

Introduction

VirusScan 8.7i is the latest campus site-licensed version of antivirus software available to campus Windows users. VirusScan 8.7i will work with the following operating systems:

• Windows 7
• Windows Vista
• Windows XP
• Windows 2000 (SP 4)
• Windows Server 2008
• Windows Server 2003

(Note: If you are using an older Windows operating system, email securitysupport@illinois.edu for assistance with finding antivirus software for your system.)

This page explains the VirusScan 8.7i customization options in more detail for those who wish to understand more about the software. For basic information on installation and day-to-day use, see VirusScan Basics.

Advanced configuration: Understanding your options

For most campus users, the defaults that come with the campus-configured VirusScan 8.7i package(s) should mean that they can install their antivirus software and leave it to take care of itself.

However, if you installed a generic VirusScan 8.7i package and wish to configure it for more efficient use, or if you wish to change some of the defaults, the software's configuration options are described in more detail below.

The VirusScan Console

The VirusScan Console is the most versatile interface available for interacting with the VirusScan software.

Several of the most frequently used tasks can be found by simply right-clicking on the shield icon in the task bar, but the Console window provides you with complete access to the options available. Click on the red dots to jump to an explanation of that item.

Start button

The Start button (the green arrow) is the easiest way to begin any of the items in the Console. If you want to update your virus definitions, select the AutoUpdate item and click Start. If you want to scan your hard drive(s) for viruses, select the Full Scan item (as shown) and click Start.

1: Access Protection

Access Protection acts like a limited firewall, permitting you to block specific selected networking ports. In the default campus configuration, IRC ports are blocked but FTP ports are not.

You can also add or remove your own port blocking definitions by right-clicking on the Access Protection item and choosing Properties, and then adjusting the settings in the window that appears. For more information on this feature, see "Access Protection" in the VirusScan 8.7i Enterprise Product Guide, linked in the McAfee documentation section below.

2: Unwanted Programs Policy (anti-spyware protection)

The University of Illinois' license for VirusScan 8.7i includes the full version of McAfee's anti-spyware module, which protects your computer from malicious software that isn't categorized as a virus. The anti-spyware module blocks spyware, adware, cookies, jokes, and Trojans.

Note that remote administration tools are included in this list of potentially malicious software. By default, remote administration software is blocked by this program. In most cases, this is a good idea, because remote administration tools can allow an attacker complete access to your system. However, if you have intentionally turned on third-party remote administration tools on your computer, make sure that you turn off the remote administration blocker by right-clicking on the item and selecting Properties, and then removing the remote administration check box.

For more information on what spyware is and how to control it, see Detailed Information about Spyware.

3: On-Access Scanner and Full Scan

These two items constitute the core of traditional virus scanning. The On-Access Scanner scans a file when it is used; it usually takes little memory and happens quickly. The Full Scan item scans every file on your computer and can be memory-intensive, although the campus configuration reduces the percentage of memory that it uses at once. This kind of scan can take several hours to complete.

Since On-Access scanning is ongoing, it doesn't need to be scheduled at a particular time. It runs automatically whenever a file is accessed. However, if you'd like to reschedule the time for the Full Scan so that it happens when your computer is likely to be turned on but idle, right-click on its icon in the VirusScan console (it's highlighted in the graphic above). Choose Properties from the right-click menu. The time of day for the scan is set under the Schedule button, and the percentage of memory to be used is selected under the Performance tab.

If you need to exclude a directory from a scan (such as excluding Eudora's spool folder to prevent email access errors), see the description of directory exclusions in the FAQ.

4: Virus definition updates

Since new viruses are being written all the time, your antivirus software needs to check regularly for virus definition updates so that it can catch the new viruses.

The campus-customized version of VirusScan will check an on-campus antivirus update site for any new updates. It checks for updates every two hours. If it can't reach the campus site, it will try the McAfee site next.

5: Status bar

The status bar tells you what the highlighted item in the console is currently doing. For example, if the fixed-disk scan is running and you select that item in the console, the status bar will say "Running," the stop button below the Edit menu will be available, and the start button below the Edit menu will be grayed out. (You can use the stop button to stop a running item, and the start button to start a nonrunning item.)

Other

Antivirus update sites

Two on-campus UIUC Antivirus update sites are located at http://antivirus.cites.illinois.edu/ and ftp://antivirus.cites.illinois.edu/ (illustrated here). NAI's update sites are also predefined in the antivirus software; CITES recommends that you leave all four locations defined so that your antivirus software can update from any of the recommended sites.

If you wish to examine or rearrange the sites available, open the Tools menu and click Edit AutoUpdate Repository List to see the virus definition update sites that your software will use and the order it will check them in. CITES recommends that you leave the update sites in the default order.

McAfee documentation

This page has introduced you to the changes made by CITES Security for UIUC-specific customization of the McAfee VirusScan 8.7i product, including adding on-campus virus update sites, scheduling update checks and weekly drive scans, and defining access permissions that block IRC, adware, spyware, and other potentially malicious programs.

For additional information about using and configuring the program itself, consult McAfee's own documentation: the VirusScan 8.7i product guide, installation guide, and http://service.mcafee.com/