Monday, February 18, 2008

McAfee VirusScan

McAfee VirusScan

VirusScan's advanced detection and protection services defend you and your computer from the latest security threats, including viruses, Trojans, tracking cookies, spyware, adware, and other potentially unwanted programs. Protection extends beyond the files and folders on your desktop, targeting threats from different points of entry�including e-mail, instant messages, and the Web.

With VirusScan, your computer's protection is immediate and constant (no tedious administration required). While you work, play, browse the Web, or check your e-mail, it runs in the background, monitoring, scanning, and detecting potential harm in real time. Comprehensive scans run on schedule, periodically checking your computer using a more sophisticated set of options. VirusScan offers you the flexibility to customize this behavior if you want to; but if you don't, your computer remains protected.

With normal computer use, viruses, worms, and other potential threats may infiltrate your computer. If this occurs, VirusScan notifies you about the threat, but usually handles it for you, cleaning or quarantining infected items before any damage occurs. Although rare, further action may sometimes be required. In these cases, VirusScan lets you decide what to do (rescan the next time you start your computer, keep the detected item, or remove the detected item).

Note: SecurityCenter reports critical and non-critical protection problems as soon as it detects them. If you need help diagnosing your protection problems, you can run McAfee Virtual Technician.

In this chapter

VirusScan features

VirusScan provides the following features.

Comprehensive virus protection

VirusScan's advanced detection and protection services defend you and your computer from the latest security threats, including viruses, Trojans, tracking cookies, spyware, adware, and other potentially unwanted programs. Protection extends beyond the files and folders and on your desktop, targeting threats from different points of entry�including e-mail, instant messages, and the Web. No tedious administration required.

Resource-aware scanning options

If you experience slow scan speeds, then you can disable the option to use minimal computer resources, but keep in mind that highter priority will be given to virus protection than to other tasks. VirusScan offers you the flexibility to customize real-time and manual scanning options if you want to; but if you don't, your computer remains protected.

Automatic repairs

If VirusScan detects a security threat while running a real-time or manual scan, it tries to handle the threat automatically according to the threat type. This way, most threats can be detected and neutralized without your interaction. Although rare, VirusScan may not be able to neutralize a threat on its own. In these cases, VirusScan lets you decide what to do (rescan the next time you start your computer, keep the detected item, or remove the detected item).

Pausing tasks in full-screen mode

When enjoying things like watching movies, playing games on your computer, or any activity that occupies your entire computer screen, VirusScan pauses a number of tasks, such as manual scans.

Starting real-time virus protection

VirusScan provides two types of virus protection: real-time and manual. Real-time virus protection constantly monitors your computer for virus activity, scanning files each time you or your computer access them. Manual virus protection lets you scan files on demand. To make sure that your computer stays protected against the latest security threats, leave real-time virus protection on and set up a schedule for regular, more comprehensive, manual scans. By default, VirusScan performs a scheduled scan once a week. For more information about real-time and manual scanning, see Scanning your computer.

Although rare, there may be times when you want to temporarily stop real-time scanning (for example, to change some scanning options or troubleshoot a performance issue). When real-time virus protection is disabled, your computer is not protected and your SecurityCenter protection status is red. For more information about protection status, see "Understanding protection status" in the SecurityCenter help.

In this section

Start real-time virus protection

By default, real-time virus protection is turned on and protecting your computer against viruses, Trojans, and other security threats. If you turn off real-time virus protection, you must turn it on again to stay protected.

  1. Open the Computer & Files Configuration pane.

    How?

  2. Under Virus protection, click On.

Stop real-time virus protection

You can turn off real-time virus protection temporarily, and then specify when it resumes. You can automatically resume protection after 15, 30, 45, or 60 minutes, when your computer restarts, or never.

  1. Open the Computer & Files Configuration pane.

    How?

  2. Under Virus protection, click Off.
  3. In the dialog box, select when to resume real-time scanning.
  4. Click OK.

Starting additional protection

In addition to real-time virus protection, VirusScan provides advanced protection against scripts, spyware, and potentially harmful e-mail and instant message attachments. By default, script scanning, spyware, e-mail, and instant messaging protection are turned on and protecting your computer.

Script scanning protection

Script scanning protection detects potentially harmful scripts and prevents them from running on your computer. It monitors your computer for suspect script activity, such as a script that creates, copies, or deletes files, or opens your Windows registry, and alerts you before any damage occurs.

Spyware protection

Spyware protection detects spyware, adware, and other potentially unwanted programs. Spyware is software that can be secretly installed on your computer to monitor your behavior, collect personal information, and even interfere with your control of the computer by installing additional software or redirecting browser activity.

E-mail protection

E-mail protection detects suspect activity in the e-mail and attachments you send.

Instant messaging protection

Instant messaging protection detects potential security threats from instant message attachments that you receive. It also prevents instant messaging programs from sharing personal information.

In this chapter

Start script scanning protection

Turn on script scanning protection to detect potentially harmful scripts and prevent them from running on your computer. Script scanning protection alerts you when a script tries to create, copy, or delete files on your computer, or make changes to your Windows registry.

  1. Open the Computer & Files Configuration pane.

    How?

  2. Under Script scanning protection, click On.

Note: Although you can turn off script scanning protection at any time, doing so leaves your computer vulnerable to harmful scripts.

Start spyware protection

Turn on spyware protection to detect and remove spyware, adware, and other potentially unwanted programs that gather and transmit information without your knowledge or permission.

  1. Open the Computer & Files Configuration pane.

    How?

  2. Under Script scanning protection, click On.

Note: Although you can turn off spyware protection at any time, doing so leaves your computer vulnerable to potentially unwanted programs.

Start e-mail protection

Turn on e-mail protection to detect worms as well as potential threats in inbound (POP3) e-mail messages and attachments.

  1. Open the E-mail & IM Configuration pane.

    How?

  2. Under E-mail protection, click On.

Note: Although you can turn off e-mail protection at any time, doing so leaves your computer vulnerable to e-mail threats.

Start instant messaging protection

Turn on instant messaging protection to detect security threats that can be included in inbound instant message attachments.

  1. Open the E-mail & IM Configuration pane.

    How?

  2. Under Instant Messaging protection, click On.

Note: Although you can turn off instant messaging protection at any time, doing so leaves your computer vulnerable to harmful instant message attachments.

Setting up virus protection

VirusScan provides two types of virus protection: real-time and manual. Real-time virus protection scans files each time you or your computer access them. Manual virus protection lets you scan files on demand. You can set different options for each type of protection. For example, because real-time protection continuously monitors your computer, you might select a certain set of basic scanning options, reserving a more comprehensive set of scanning options for manual, on-demand protection.

In this chapter

Setting real-time scan options

When you start real-time virus protection, VirusScan uses a default set of options to scan files; however, you can change the default options to suit your needs.

To change real-time scanning options, you must make decisions about what VirusScan checks for during a scan, as well as the locations and file types it scans. For example, you can determine whether VirusScan checks for unknown viruses or cookies that Web sites can use to track your behavior, and whether it scans network drives that are mapped to your computer or just local drives. You can also determine what types of files are scanned (all files, or just program files and documents, since that is where most viruses are detected).

When changing real-time scanning options, you must also determine whether it's important for your computer to have buffer overflow protection. A buffer is a portion of memory used to temporarily hold computer information. Buffer overflows can occur when the amount of information suspect programs or processes store in a buffer exceeds the buffer's capacity. When this occurs, your computer becomes more vulnerable to security attacks.

In this section

Set real-time scan options

You set real-time scan options to customize what VirusScan looks for during a real-time scan, as well as the locations and file types it scans. Options include scanning for unknown viruses and tracking cookies as well as providing buffer overflow protection. You can also configure real-time scanning to check network drives that are mapped to your computer.

  1. Open the Real-Time Scanning pane.

    How?

  2. Specify your real-time scanning options, and then click OK.

To...

Do this...

Detect unknown viruses and new variants of known viruses

Select the Scan for unknown viruses using heuristics check box.

Detect cookies

Select the Scan and remove tracking cookies check box.

Detect viruses and other potential threats on drives that are connected to your network

Select the Scan network drives check box.

Protect your computer from buffer overflows

Select the Enable buffer overflow protection check box.

Specify which types of files to scan

Click either All files (recommended) or Program files and documents only.

Setting manual scan options

Manual virus protection lets you scan files on demand. When you start a manual scan, VirusScan checks your computer for viruses and other potentially harmful items using a more comprehensive set of scanning options. To change manual scanning options, you must make decisions about what VirusScan checks for during a scan. For example, you can determine whether VirusScan looks for unknown viruses, potentially unwanted programs, such as spyware or adware, stealth programs, such as rootkits which can grant unauthorized access to your computer, and cookies that Web sites can use to track your behavior. You must also make decisions about the types of files that are checked. For example, you can determine whether VirusScan checks all files or just program files and documents (since that is where most viruses are detected). You can also determine whether archive files (for example, .zip files) are included in the scan.

By default, VirusScan checks all the drives and folders on your computer each time it runs a manual scan; however, you can change the default locations to suit your needs. For example, you can scan only critical system files, items on your desktop, or items in your Program Files folder. Unless you want to be responsible for initiating each manual scan yourself, you can set up a regular schedule for scans. Scheduled scans always check your entire computer using the default scan options. By default, VirusScan performs a scheduled scan once a week.

If you find that you are experiencing slow scan speeds, consider disabling the option to use minimal computer resources, but keep in mind that higher priority will be given to virus protection than to other tasks.

Note: When enjoying things like watching movies, playing games on your computer, or any activity that occupies your entire computer screen, VirusScan pauses a number of tasks, including automatic updates and manual scans.

In this section

Set manual scan options

You set manual scan options to customize what VirusScan looks for during a manual scan as well as the locations and file types it scans. Options include scanning for unknown viruses, file archives, spyware and potentially unwanted programs, tracking cookies, rootkits, and stealth programs.

  1. Open the Manual Scan pane.

    How?

  2. Specify your manual scanning options, and then click OK.

To...

Do this...

Detect unknown viruses and new variants of known viruses

Select the Scan for unknown viruses using heuristics check box.

Detect and remove viruses in .zip and other archive files

Select the Scan .zip and other archive files check box.

Detect spyware, adware, and other potentially unwanted programs

Select the Scan for spyware and potentially unwanted programs check box.

Detect cookies

Select the Scan and remove tracking cookies check box.

Detect rootkits and stealth programs that can alter and exploit existing Windows system files

Select the Scan for rootkits and other stealth programs check box.

Use less processor power for scans while giving higher priority to other tasks (such as Web browsing or opening documents)

Select the Scan using minimal computer resources check box.

Specify which types of files to scan

Click either All files (recommended) or Program files and documents only.

Set manual scan location

You set the manual scan location to determine where VirusScan looks for viruses and other harmful items during a manual scan. You can scan all files, folders, and drives on your computer or you can restrict scanning to specific folders and drives.

  1. Open the Manual Scan pane.

    How?

  2. Click Default Location to Scan.
  3. Specify your manual scanning location, and then click OK.

To...

Do this...

Scan all the files and folders on your computer

Select the (My) Computer check box.

Scan specific files, folders, and drives on your computer

Clear the (My) Computer check box, and select one or more folders or drives.

Scan critical system files

Clear the (My) Computer check box, and then select the Critical System Files check box.

Schedule a scan

Schedule scans to thoroughly check your computer for viruses and other threats any day and time of the week. Scheduled scans always check your entire computer using the default scan options. By default, VirusScan performs a scheduled scan once a week. If you find that you are experiencing slow scan speeds, consider disabling the option to use minimal computer resources, but keep in mind that higher priority will be given to virus protection than to other tasks.

  1. Open the Scheduled Scan pane.

    How?

  2. Select Enable scheduled scanning.
  3. To reduce the amount of processor power normally used for scanning, select Scan using minimal computer resources.
  4. Select one or more days.
  5. Specify a start time.
  6. Click OK.

Tip: You can restore the default schedule by clicking Reset.

Using SystemGuards options

SystemGuards monitor, log, report, and manage potentially unauthorized changes made to the Windows registry or critical system files on your computer. Unauthorized registry and file changes can harm your computer, compromise its security, and damage valuable system files.

Registry and files changes are common and occur regularly on your computer. Because many are harmless, SystemGuards' default settings are configured to provide reliable, intelligent, and real-world protection against unauthorized changes that pose significant potential for harm. For example, when SystemGuards detect changes that are uncommon and present a potentially significant threat, the activity is immediately reported and logged. Changes that are more common, but still pose some potential for damage, are logged only. However, monitoring for standard and low-risk changes is, by default, disabled. SystemGuards technology can be configured to extend its protection to any environment you like.

There are three types of SystemGuards: Program SystemGuards, Windows SystemGuards, and Browser SystemGuards.

Program SystemGuards

Program SystemGuards detect potentially unauthorized changes to your computer's registry and other critical files that are essential to Windows. These important registry items and files include ActiveX installations, startup items, Windows shell execute hooks, and shell service object delay loads. By monitoring these, Program SystemGuards technology stops suspect ActiveX programs (downloaded from the Internet) in addition to spyware and potentially unwanted programs that can automatically launch when Windows starts.

Windows SystemGuards

Windows SystemGuards also detect potentially unauthorized changes to your computer's registry and other critical files that are essential to Windows. These important registry items and files include context menu handlers, appInit DLLs, and the Windows hosts file. By monitoring these, Windows SystemGuards technology helps prevent your computer from sending and receiving unauthorized or personal information over the Internet. It also helps stop suspect programs that can bring unwanted changes to the appearance and behavior of the programs that are important to you and your family.

Browser SystemGuards

Like Program and Windows SystemGuards, Browser SystemGuards detect potentially unauthorized changes to your computer's registry and other critical files that are essential to Windows. Browser SystemGuards, however, monitor changes to important registry items and files like Internet Explorer add-ons, Internet Explorer URLs, and Internet Explorer security zones. By monitoring these, Browser SystemGuards technology helps prevent unauthorized browser activity such as redirection to suspect Web sites, changes to browser settings and options without your knowledge, and unwanted trusting of suspect Web sites.

In this section

Enable SystemGuards protection

Enable SystemGuards protection to detect and alert you to potentially unauthorized Windows registry and file changes on your computer. Unauthorized registry and file changes can harm your computer, compromise its security, and damage valuable system files.

  1. Open the Computer & Files Configuration pane.

    How?

  2. Under SystemGuard protection, click On.

Note: You can disable SystemGuard protection, by clicking Off.

Configure SystemGuards options

Use the SystemGuards pane to configure protection, logging, and alerting options against unauthorized registry and file changes associated with Windows files, programs, and Internet Explorer. Unauthorized registry and file changes can harm your computer, compromise its security, and damage valuable system files.

  1. Open the SystemGuards pane.

    How?

  2. Select a SystemGuard type from the list.

    Program SystemGuards

    Windows SystemGuards

    Browser SystemGuards

  3. Under I want to, do one of the following:
    • To detect, log, and report unauthorized registry and file changes associated with Program, Windows, and Browsers SystemGuards, click Show alerts.
    • To detect and log unauthorized registry and file changes associated with Program, Windows, and Browsers Systemguards, click Only log changes.
    • To disable detection of unauthorized registry and file changes associated with Program, Windows, and Browser Systemguards, click Disable the SystemGuard.

Using trusted lists

If VirusScan detects a file or registry change (SystemGuard), program, or buffer overflow, it prompts you to trust or remove it. If you trust the item and indicate that you do not want to receive future notification about its activity, the item is added to a trusted list and VirusScan no longer detects it or notifies you about its activity. If an item has been added to a trusted list, but you decide you want to block its activity, you can do so. Blocking prevents the item from running or making any changes to your computer without notifying you each time an attempt is made. You can also remove an item from a trusted list. Removing allows VirusScan to detect the item's activity again.

In this section

Manage trusted lists

Use the Trusted Lists pane to trust or block items that have been previously detected and trusted. You can also remove an item from a trusted list so that VirusScan detects it again.

  1. Open the Trusted Lists pane.

    How?

  2. Select a trusted list type.

    Trusted Lists

  3. Under I want to, do one of the following:
    • To allow the detected item to make changes to the Windows registry or critical system files on your computer without notifying you, click Trust.
    • To block the detected item from making changes to the Windows registry or critical system files on your computer without notifying you, click Block.
    • To remove the detected item from the trusted lists, click Remove.
  4. Click OK.

Scanning your computer

When you start SecurityCenter for the first time, VirusScan's real-time virus protection starts protecting your computer from potentially harmful viruses, Trojans, and other security threats. Unless you disable real-time virus protection, VirusScan constantly monitors your computer for virus activity, scanning files each time you or your computer access them, using the real-time scanning options that you set. To make sure that your computer stays protected against the latest security threats, leave real-time virus protection on and set up a schedule for regular, more comprehensive manual scans. For more information about setting real-time and manual scan options, see Setting up virus protection.

VirusScan provides a more detailed set of scanning options for manual virus protection, allowing you to periodically run more extensive scans. You can run manual scans from SecurityCenter, targeting specific locations according to a set schedule. However, you can also run manual scans directly in Windows Explorer while you work. Scanning in SecurityCenter offers the advantage of changing scanning options on-the-fly. However, scanning from Windows Explorer offers a convenient approach to computer security.

Whether you run a manual scan from SecurityCenter or Windows Explorer, you can view the scan results when it finishes. You view the results of a scan to determine whether VirusScan has detected, repaired, or quarantined viruses, trojans, spyware, adware, cookies, and other potentially unwanted programs. The results of a scan can be displayed in different ways. For example, you can view a basic summary of scan results or detailed information, such as the infection status and type. You can also view general scan and detection statistics.

In this chapter

Scan your computer

You can run a manual scan from either the Advanced or Basic menu in SecurityCenter. If you run a scan from the Advanced menu, you can confirm your manual scan options before scanning. If you run a scan from the Basic menu, VirusScan starts scanning immediately, using the existing scanning options. You can also run a scan in Windows Explorer using the existing scanning options.

  • Do one of the following:

    Scan in SecurityCenter

    Scan in Windows Explorer

Note: The scan results appear in the Scan completed alert. Results include the number of items scanned, detected, repaired, quarantined, and removed. Click View scan details to learn more about the scan results or work with infected items.

View scan results

When a manual scan finishes, you view the results to determine what the scan found and to analyze the current protection status of your computer. Scan results tell you whether VirusScan detected, repaired, or quarantined viruses, trojans, spyware, adware, cookies, and other potentially unwanted programs.

  • On the Basic or Advanced menu, click Scan and then do one of the following:

To...

Do this...

View scan results in the alert

View scan results in the Scan completed alert.

View more information about scan results

Click View scan details in the Scan completed alert.

View a quick summary of the scan results

Point to the Scan completed icon in the notification area on your taskbar.

View scan and detection statistics

Double-click the Scan completed icon in the notification area on your taskbar.

View details about detected items, infection status, and type.

Double-click the Scan completed icon in the notification area on your taskbar, and then click View Results on the Scan Progress: Manual Scan pane.

Working with scan results

If VirusScan detects a security threat while running a real-time or manual scan, it tries to handle the threat automatically according to the threat type. For example, If VirusScan detects a virus, Trojan, or tracking cookie on your computer, it tries to clean the infected file. If it cannot clean the file, VirusScan quarantines it.

With some security threats, VirusScan may not be able to clean or quarantine a file successfully. In this case, VirusScan prompts you to handle the threat. You can take different actions depending on the threat type. For example, if a virus is detected in a file, but VirusScan cannot successfully clean or quarantine the file, it denies further access to it. If tracking cookies are detected, but VirusScan cannot successfully clean or quarantine the cookies, you can decide whether to remove or trust the them. If potentially unwanted programs are detected, VirusScan does not take any automatic action; instead, it lets you decide whether to quarantine or trust the program.

When VirusScan quarantines items, it encrypts and then isolates them in a folder to prevent the files, programs, or cookies from harming your computer. You can restore or remove the quarantined items. In most cases, you can delete a quarantined cookie without impacting your system; however, if VirusScan has quarantined a program that you recognize and use, consider restoring it.

In this chapter

Work with viruses and Trojans

If VirusScan detects a virus or Trojan in a file on your computer during a real-time scan or manual scan, it tries to clean the file. If it cannot clean the file, VirusScan tries to quarantine it. If this too fails, access to the file is denied (in real-time scans only).

  1. Open the Scan Results pane.

    How?

  2. In the scan results list, click Viruses and Trojans.

Note: To work with the files that VirusScan has quarantined, see Work with quarantined files.

Work with potentially unwanted programs

If VirusScan detects a potentially unwanted program on your computer during a real-time or manual scan, you can either remove or trust the program. Removing the potentially unwanted program does not actually delete it from your system. Instead, removing quarantines the program to prevent it from causing damage to your computer or files.

  1. Open the Scan Results pane.

    How?

  2. In the scan results list, click Potentially Unwanted Programs.
  3. Select a potentially unwanted program.
  4. Under I want to, click either Remove or Trust.
  5. Confirm your selected option.

Work with quarantined files

When VirusScan quarantines infected files, it encrypts and then moves them to a folder to prevent the files from harming your computer. You can then restore or remove the quarantined files.

  1. Open the Quarantined Files pane.

    How?

  2. Select a quarantined file.
  3. Do one of the following:
    • To repair the infected file and return it to its original location on your computer, click Restore.
    • To remove the infected file from your computer, click Remove.
  4. Click Yes to confirm your selected option.

Tip: You can restore or remove multiple files at the same time.

Work with quarantined programs and cookies

When VirusScan quarantines potentially unwanted programs or tracking cookies, it encrypts and then moves them to a protected folder to prevent the programs or cookies from harming your computer. You can then restore or remove the quarantined items. In most cases, you can delete a quarantined without impacting your system.

  1. Open the Quarantined Programs and Tracking Cookies pane.

    How?

  2. Select a quarantined program or cookie.
  3. Do one of the following:
    • To repair the infected file and return it to its original location on your computer, click Restore.
    • To remove the infected file from your computer, click Remove.
  4. Click Yes to confirm the operation.

Tip: You can restore or remove multiple programs and cookies at the same time.

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)