Power & Water Solutions 200 Beta Drive Pittsburgh, PA 15238 USA E-Mail: [email protected] Web site: https://www.ovationusers.com
Summary of Changes Using Kaspersky Antivirus Software with Ovation CON_038 March 2013
This version of Using Kaspersky Antivirus Software with Ovation includes the following new information:
Updated the procedures for installing the Kaspersky software (see page 10).
Made miscellaneous corrections and clarifications.
Contents 1
Introduction to Kaspersky antivirus software
1.1 1.2
What is antivirus software? ................................................................................................. 1 1.1.1 Why is antivirus software important? ..................................................................... 2 What are the components of Kaspersky antivirus software? .............................................. 2
1
1.3 1.4
1.2.1 Management Station? ......................................................................... 3 1.2.2 What What is is the a Client station? ........................................................................................ 3 Performing signature wave deployment .............................................................................. 4 What are ports and services? ............................................................................................. 4
2
Installing and configuring the Administration Kit on the Management Station 7
2.1
Hardware and software requirements for the Management Station ................................... 7 2.1.1 Hardware requirements for the Management Station ............................................ 7 2.1.2 Software requirements for the Management Station ............................................. 8 Before installing the Administration Kit ............................................................................... 8 Migrating from a Symantec Management Station to a Kaspersky Management Station ... 9 Installing the Administration Kit ......................................................................................... 10 2.4.1 To install the Kaspersky software ........................................................................ 10 Configuring the Administration Kit ..................................................................................... 13 2.5.1 To access the Kaspersky Administration Kit window ........................................... 13
2.2 2.3 2.4 2.5
2.6
2.5.2 To To import import Update Kaspersky protection policies .............................................................. 17 15 2.5.3 Groups (Waves) ...................................................................... 2.5.4 To import Group Tasks ........................................................................................ 23 2.5.5 To configure workstation protection ..................................................................... 25 2.5.6 To update definitions in the Administration Repository ........................................ 27 2.5.7 To install protection on the Management Station ................................................ 32 Configuring Management Station scan exceptions .......................................................... 34
3
Installing and configuring the Client antivirus software
3.1 3.2 3.3 3.4
Selecting the correct software for Ovation client drops .................................................... 41 Hardware requirements for clients .................................................................................... 41 Migrating from Symantec clients to Kaspersky clients ...................................................... 42 Installing client software .................................................................................................... 42 3.4.1 To push the install to the clients from the Management Station .......................... 42 3.4.2 To manually install the client ................................................................................ 51 Assigning and installing clients to waves .......................................................................... 54 3.5.1 To assign clients to waves ................................................................................... 54 Importing a new license key .............................................................................................. 55 3.6.1 To import a new license key................................................................................. 55
3.5 3.6
CON_038
41
i
Table of Contents
4
Getting signature updates
4.1 4.2 4.3 4.4
What is signature distribution? .......................................................................................... 59 To obtain signature updates.............................................................................................. 60 To transfer signature updates to the Management Station ............................................... 60 Rolling back to previous signatures .................................................................................. 61 4.4.1 To roll back signatures on Ovation workstation and server clients ...................... 61
5
Generating reports
5.1
What reports are available with the Kaspersky antivirus software?.................................. 65 5.1.1 To generate antivirus reports ............................................................................... 66 5.1.2 To save a generated report .................................................................................. 68 5.1.3 To schedule reports to run automatically ............................................................. 70
6
Kaspersky Troubleshooting tools
6.1 6.2
What are the Kaspersky troubleshooting tools? ............................................................... 75 What is the GetSystemInfo utility? .................................................................................... 76 6.2.1 To generate a GetSystemInfo file ........................................................................ 76 6.2.2 To send a GetSystemInfo file to the Kaspersky Help Desk ................................. 78 6.2.3 To use the online parser to view the GetSystemInfo file ..................................... 79 What is the Kaspersky Lab Remote Diagnostic utility?..................................................... 80 6.3.1 Remote Diagnostic utility usability limitations ...................................................... 81 6.3.2 To use the Remote Diagnostic utility to connect to a remote client computer ..... 81 6.3.3 To use the Remote Diagnostic utility to perform tracing ...................................... 86 6.3.4 To use the Remote Diagnostic utility to download application settings and upload a utility .................................................................................................................. 88
6.3
59
65
75
6.3.5 6.3.6 6.3.7
6.4
6.5
6.6 6.7
6.8
To use the Remote Diagnostic utility to load system information ........................ 89 To use the Remote Diagnostic utility to download event logs ............................. 90 To use the Remote Diagnostic utility to run diagnostics on the Kaspersky Network Agent ...................................................................................................... 91 6.3.8 To use the Remote Diagnostic utility to stop and restart applications ................. 93 Generating trace files ........................................................................................................ 94 6.4.1 To generate trace files ......................................................................................... 94 6.4.2 To access trace files ............................................................................................ 96 6.4.3 To delete trace files .............................................................................................. 97 Using a Rescue CD ........................................................................................................... 98 6.5.1 Before downloading the Rescue CD .................................................................... 98 6.5.2 To download a Rescue CD .................................................................................. 99 What is the Kaspersky Virus Removal Tool? .................................................................. 103 6.6.1 To install the Kaspersky Virus Removal Tool .................................................... 103 What is the RipRep System Preparation Utility?............................................................. 104 6.7.1 To use the RipRep utility from a graphical user interface .................................. 105 6.7.2 To use the RipRep Utility from a command line................................................. 106 What is the Kaspersky Backup and Restore Utility? ....................................................... 107 6.8.1 6.8.2
ii
To use the Backup and Restore Utility from a command prompt ...................... 107 To use the Backup and Restore Utility from a graphical user interface ............. 109
CON_038
Table of Contents
7
Additional Kaspersky protection components
7.1
What other protection components does Kaspersky offer? ............................................ 113
Index
CON_038
113
115
iii
S
ECTION
1
Introduction to Kaspersky antivirus software
IN THIS SECTION What is antivirus software? ................................................................................................ . 1 What are the components Kaspersky............................................................................. antivirus software? ............................................. .. 2 Performing signature waveofdeployment 4 What are ports and services? ............................................................................................ . 4
1.1
What is antivirus
software?
Using antivirus software to protect your Distributed Control System (DCS) is an important step towards meeting the NERC CIP cyber security requirements, and protecting your plant's safety and profitability. Emerson is confident that Kaspersky Lab's antivirus software provides the best protection possible for your DCS. However, the Kaspersky software must be deployed on your Ovation DCS correctly in order to maintain performance and reliability and not introduce any operational risks to your plant. Though Emerson designed the Ovation control system to be fully compliant with openarchitecture standards, running, installing, or configuring untested third-party applications on Ovation drops can introduce security risks that have the potential to impact the robustness of your plant's control system and ultimately the operation of your plant. Even adding standard Microsoft/Solaris tools that have not been fully tested and certified with the Ovation system can pose undue risk.system. Unvalidated freeware and computer games are especially dangerous to the security of your Emerson strongly recommends that only Ovation-validated applications that are absolutely necessary for the operation of your plant or control system be installed on Ovation workstations. If you are interested in installing an application that has not been validated with Ovation, contact your Emerson representative before you install or execute software. Emerson has rigorous design and testing standards in place to ensure system stability with many third-party packages, and the open architecture of the Ovation network makes it easy to interface to a multitude of business systems using standard communications protocols, without installing software on critical components of your control system.
CON_038
1
1.2 What are the components of Kaspersky antivirus software?
1.1.1
Why is antivirus software important? The types of attacks aimed at power generation plants are diverse and increasingly coming from outside sources. External attacks, in the forms of viruses, worms, and other products of malicious hackers are an increasing concern. Viruses or other external elements can cause damage to your system in the form of:
A disruption in the balance of your operating parameters, which can lead to a plant shutdown.
A disruption to operation in a way that causes temporary plant shutdown and permanent equipment damage.
A trip that interferes with proper shutdown procedures, potentially causing catastrophic damage and endangering plant personnel.
A denial-of-service attack that locks up your DCS server, preventing your server from performing legitimate operations for legitimate users.
An infection in your DCS servers by viruses or worms that can cause malicious activity such as emailing critical information to unauthorized users.
Improving the security of your DCS is an important consideration for your plant safety and profitability. In addition, improving your DCS security is now a necessary requirement to comply with the NERC CIP standards, which detail the actions your plant must take to ensure its cyber security. Emerson also provides an Ovation Security Center (OCS). The OCS is a suite of hardware and software tools (appliances) that provide electronic security management functions. The OSC appliances are designed to enhance and manage the cyber security of Ovation Distributed Control Systems (DCS) without disrupting the controlled process (see Ovation Security Center User Guide for additional information about OCS).
1.2
What are the component s of Kaspersky
antivirus
software?
In order to protect your system from known viruses, you must properly install an antivirus software program and its components on your system. The following Kaspersky software components are needed to ensure antivirus protection for your Ovation system:
Kaspersky Administration Kit 8.0.2090 -- The Administration Kit is loaded on the
Management Station (see page 3). The Kit includes the software for the management station, clients (workstations and servers), and Network Agent 8.0.2090 which handles the communication between the management station and the clients.
Kaspersky 6.0 Anti-Virus for Workstations MP4 (6.0.4.1424) -- This software is loaded on
Ovation client workstation drops (see page 3).
Kaspersky 6.0 Anti-Virus for Servers MP4 (6.0.4.1424) -- This software is loaded on
Ovation client server drops (see page 3). Note: The procedures discussed in this manual document how Kaspersky antivirus software is
installed and configured with the Ovation software. Additional information on Kaspersky applications is provided in the Kaspersky Lab documentation which is provided on the installation CD.
2
CON_038
1.2 What are the components of Kaspersky antivirus software?
1.2.1
What is the Management Station? An antivirus (AV) Management Station is a non-Ovation PC that enables you to distribute updates to antivirus signatures. Antivirus signatures represent the most current list of known viruses that can harm your system. Antivirus software is only as good as its signatures are current (refer to What is signature distribution? (see page 59)). All of the client machines (see page 3) communicate with the Management Station in order to receive updates to their set of antivirus signatures. An antivirus management station is used to:
Install the client software.
Configure and manage the Ovation clients. Distribute AV signatures.
Generate AV status reports.
The AV Management Station enables you to run reports on your system's health and perform status checks, which help you meet the NERC CIP security standards. Antivirus management software also helps you meet NERC and Sarbanes-Oxley reporting requirements without impacting your DCS operation or nullifying the Ovation validation process. You must install the Kaspersky Administration Kit 8.0.2090 on your dedicated AV Management Station. Emerson recommends isolating this software from Ovation by installing it on one dedicated PC connected to your DCS network with an IP-only port on one of the DCS switches. This dedicated PC is not loaded with any Ovation software. Dedicating a PC on each DCS ensures that the client's antivirus signatures can be updated even if there is no connection to any outside or corporate LAN (local area network). Note: To preserve the integrity of the Management Station, it should n o t have internet access.
Signature updates (see page 59) are obtained from a website that is accessed from another non-Ovation PC.
1.2.2
What is a Client station? A Client station is an Ovation drop that has antivirus software loaded on it. Clients are Ovation workstations (Operator Station, Engineering Station, and so forth) and Ovation servers (Database Server, Software Server, and so forth). A Controller is not a client since AV software is not loaded on it. The client antivirus software continually monitors the client machine's own hard drive for known viruses. The client antivirus software must be installed and configured so that it does not adversely impact the operation of your control system, inhibit or delay operator actions, or require extensive modifications to the standard, validated, Ovation software. The type of client software that you install differs based on the type of the client station, its performance requirements, and its operating system, as well as the station's ability to display AV information. To correctly install client drops, you will need the following software:
Kaspersky 6.0 Anti-Virus for Workstations MP4 (6.0.4.1424) -- to load on Ovation client
workstation drops that are running the Windows XP or Windows 7 operating systems.
CON_038
Kaspersky 6.0running Anti-Virus for Servers MP42003 (6.0.4.1424) -- ToServer load on Ovation clientsystems. server drops that are the Windows Server or Windows 2008 operating
3
1.3 Performing signature wave deployment
1.3
Performing
signature
wave deployment
Per the CIP guidelines, it is your responsibility to ensure that the installation of new antivirus signatures (see page 59) does not disrupt your DCS operation. To accomplish this, Emerson recommends a staged process that consists of three waves of deployment:
New signatures should be installed on a first wave of non- critical “early adopter” clients. These clients should be strategically selected so that they can be easily observed by the operators and the operators can use other clients to continue controlling the process in the event of a problem. If a problem is detected, you can immediately stop deploying the new signatures and roll back to the previous version.
If the first wave of drops continues to operate normally for a pre-determined period of time, the newtosignatures can bebut deployed of that clients. drops are more critical plant operations should to notthe besecond the onlywave drops can These be used to control the process. Again, if a problem occurs, immediately stop deploying the new signatures.
Finally, if the second wave of clients operates normally, you can proceed to the final (third) wave of clients. This group consists of critical drops as well as any drops that do not have local displays (monitors) or keyboards.
Note: For super critical applications, a fourth wave of deployment (Wave3-OPH) is used.
1.4
What are ports and services? In security terminology, an open port is used to mean a TCP/IP port number that is configured to accept data packets. In contrast, a port which ignores all packets directed at it is commonly referred to as a closed port. Ports are the channels through which applications (or services as they are known in security terminology) on the client computer can reach the software on the management station. Services require their respective ports to be "open" on the management station in order to be reachable. However, a port being open is not enough for a communication channel to be established. There needs to be a service "listening" on that port, accepting the incoming packets and processing them. If there is no service listening on a port, incoming packets to that port will simply be rejected by the computer's operating system. Ports can be closed through the use of a firewall. The firewall will filter incoming packets, only letting through those packets for which it has been configured. Packets directed at a port which the firewall is configured to "close" will simply be dropped in transit, as though they never existed. The following tables identify and describe the ports and services that must be open for communication to take place between the management station and the clients. Note: These ports and services are automatically opened during installation.
4
CON_038
1.4 What are ports and services?
Ports
PORT
D ESCRIPTION
U SED BY
13000/TCP
SSL connection to clients (encryption protocol)
Management Station Only
14000/TCP
Non-SSL connection to clients
Management Station Only
13000/UDP
SSL connection to client for system shutdown information
Management Station Only
15000/UDP
Network Agent communication
Clients
Services
S ERVICE N AM E
F ILE N A M E
S ERVICE D ESCRIPTION
R UNS O N
CSAdminServer
Klserver.exe
Kaspersky Management Station
Management Station
MSSQL$KAV_CS_ADMIN_KIT
Sqlservr.exe
SQL Server (KAV_CS_ADMIN_KIT)
Management Station
MSSQL$SQLEXPRESS
Sqlservr.exe
SQL Server (SQLEXPRESS)
Management Station
SQLWriter
Sqlwriter.exe
SQL Server VSS Writer
Management Station
AVP
Avp.exe
Kaspersky Anti-Virus 6.0
Client
Klnagent
Klnagent.exe
Kaspersky Network Agent
Client
CON_038
5
S
2
ECTION
Installing and configuring the Administration Kit on the Management Station
IN THIS SECTION Hardware and software requirements for the Management Station .................................. . 7 Before installing the Administration Kit .............................................................................. . 8 Migrating from a Symantec Management Station to a Kaspersky Management Station ... 8 Installing the Administration Kit .......................................................................................... . 9 Configuring the Administration Kit ..................................................................................... 12 Configuring Management Station scan exceptions........................................................... 34
2.1
Hardware Station
and software
requirements
for the Management
In order to effectively use the Kaspersky antivirus software, you must have a PC designated as a Management Station. The Management Station must be a non-Ovation PC and have the following hardware and software requirements:
2.1.1
Hardware requirements for the Management Station
1 GB of hard drive space.
Intel Pentium III 800MHz or higher. 256MB of RAM.
One of the following operating systems:
CON_038
Windows XP Professional (32-bit or 64-bit) SP2 or higher. (Not for use with Ovation 3.5 systems.)
Windows Server 2003 SP2 (32-bit or 64-bit). (Not for use with Ovation 3.5 systems.)
Windows Server 2008 SP2 (32-bit).
Windows Server 2008 R2 SP1 (64-bit).
Windows 7 Professional SP1 (32-bit or 64-bit).
7
2.2 Before installing the Administration Kit
2.1.2
Software requirements for the Management Station
Kaspersky Administration Kit Installation CD (version 8.0.2090).
kasp8.0.2090_adminkiten.exe (Admin Server install).
Kaspersky License Key file (xxxxxxxx.key).
Sqlexpr.exe (SP4 for SQL Express 2005).
Copy of latest virus definitions (see Getting signature updates (see page 59) for more information).
Note: Ovation software should n o t be loaded on the Management Station.
2.2
Before installing
the Administration
Kit
Before you begin creating your management station, you will be required to have an account with administration privileges on the management station and on the Ovation domain controller. For illustration purposes, this document displays "admin" as a user ID and "ovation" as a password. These terms are for example only; for security purposes, create a user ID and password unique to your system. You are responsible for changing all your user IDs and passwords prior to the system being put into service. If your Management Station has two or more Network Interfaces (NICs) connecting the workstation to multiple networks (for instance, to the Ovation DCS LAN and to a DMZ network), you should temporarily disable all network interfaces except those that connect to the Ovation DCS: 1. Access the Windows Control Panel on your Ovation AV Management Station. 2. Select Network Connections. 3. Right-click on the non-Ovation connections to select Disable. Note: The procedures discussed in this manual document how Kaspersky antivirus software is
installed and configured with the Ovation software. Additional information on Kaspersky applications is provided in the Kaspersky Lab documentation which is provided on the installation CD.
8
CON_038
2.3 Migrating from a Symantec Management Station to a Kaspersky Management Station
2.3
Migrating from a Symantec Managem ent Station
Management
Station to a Kaspersky
There are two recommended ways to migrate from Symantec antivirus software to Kaspersky antivirus software:
Add a new machine to your network and make it the Kaspersky Management Station.
Follow the procedures in Installing the Administration Kit (see page 9) and Configuring the Administration Kit (see page 12) to create the Kaspersky Management Station .
Once the Kaspersky Management Station is installed and configured, remove the Symantec software. . antivirus software from the machines and install the Kaspersky antivirus client
Remove the old Symantec Management Station.
Re-use the old Symantec Management Station by rebuilding the machine:
Note: During the migration period, you will not be able to update Symantec AV signatures on
clients.
Remove the machine from the domain, reload the operating system, OS patches, and so forth. Refer to Hardware and software requirements for the Management Station (see page 7) for system requirements.
Once the machine has been rebuilt, make it the Kaspersky Management Station by following the procedures in Installing the Administration Kit (see page 9) and Configuring the Administration Kit (see page 12).
CON_038
Once the Kaspersky Management Station is installed and configured, remove the Symantec antivirus software from the client machines and install the Kaspersky antivirus client software.
9
2.4 Installing the Administration Kit
2.4
Installing
the Administration
Kit
The Administration Kit is loaded on the Management Station (see page 3). The Kit includes the software for the management station, clients (workstations and servers), and Network Agent 8.0.2090 which handles the communication between the management station and the clients. The following sections discuss installing and configuring the management station with the Administration Kit.
2.4.1
To install the Kaspersky software 1. Join the computer to the domain (if not already done). a) From the desktop, right-click on the computer and select Properties. b) In the computer name, domain, and workgroup settings, select Change Settings. c) In System Properties, click the CHANGE button d) Change the radio button to domain and type in the full domain address (that is, BigDC.ovation.local) and click Ok. e) A login prompt appears. Enter the domain administrator username and password and click Ok. f)
When you receive the success dialog, click Ok and allow the machine to reboot.
Note: The Management Station must be joined to the domain.
2. Log in to the machine with local admin rights (if not already done). Note: Kaspersky Administration Kit requires Microsoft .NET Framework 2.0 SP1. If you have not
already installed .NET Framework, you will not be able to launch the installation wizard. Install Microsoft .NET Framework 2.0 SP1 before proceeding.
3. Insert the Kaspersky Administration Kit installation CD and launch kasp8.0.2090_adminkiten.exe . 4. On the Welcome screen, click Next. 5. On the Location to save files screen, click Next. Note: This folder location is only used for unpacking and installing. You do not need to keep this
folder after the installation.
A progress bar appears while the installation files are expanded. 6. On the Welcome to Installshield Wizard screen, click Next. 7. On the License agreement screen, click Yes. 8. On the Select Installation Type screen, select Standard and click Next. 9. On the Network Size screen, select From 1 to 100 computers in the network . Note: This selection only sets some timing values for clients to check in and get updates. The
number of clients is not limited by this selection.
10. On the Start Copying Files screen, click Next.
10
CON_038
2.4 Installing the Administration Kit Installation continues while components are installed. 11. On the Installation Wizard Completed screen, click Finish. After the initial installation of the Administration Kit, it is necessary to configure the following basic settings on the Management Station: 12. After you select the Finish button, the Quick Start Wizard appears. On the Welcome to Quick Start Wizard screen, click Next. 13. On the License screen, select Load from Key File and click Next. 14. On the Choose Key File screen, click Select and browse to your key file (xxxxxxxx.key). Once selected, click Next. 15. On the Network Discovery screen, click Next. 16. On the Notifications screen, click Next. 17. On the Update screen, click Next. Note: The Management Station attempts to contact outside servers to pull down updates. Do
not wait for it to finish. It will fail eventually.
18. On the Initial Setup is complete screen, remove the checkmark from Start Deployment and click Finish. The Kaspersky Administration Kit window appears.
Figure 1 : Kaspersky Adm
CON_038
inistra tion Kit main windo
w
11
2.4 Installing the Administration Kit
19. Open a command prompt. 20. Go to the Kaspersky CD and type: sqlexpr.exe /qb UPGRADESQL_Engine,SQL_Data_Files,Client_Components,Conectivity INSTANCENAME=KAV_CS_ADMIN_KIT
Fi gure 2 : Command window
showing comm
and
21. A series of messages appear detailing the installation process. When complete, Service Pack 4 for SQL2005 Express is installed. Note: Emerson recommends that you wait until all pop-up screens close and the command
prompt is visible before proceeding.
12
CON_038
2.5 Configuring the Administration Kit
2.5
Configuring
the Administration
Kit
The following items are needed to properly configure the Administration Kit and setup the Management Station:
2.5.1
Install the Administration Kit software (see page 9).
Import protection policies (see page 15).
Import the group (wave) structure (see page 17).
Import group tasks (see page 22).
Run the setup.ini program that ensures that only Kaspersky antivirus is installed (see page
25). Update antivirus definitions (see page 27).
To access the Ka spersky A dministration Kit window Once the Kaspersky Administration Kit is installed, use the following procedures to access the Administration Kit window which allows you to perform various functions: 1. Go to Windows Start ->All Programs -> Kaspersky Administration Kit -> Kaspersky Administration Kit. The Kaspersky Administration Kit window appears. Note: If you have created a shortcut on your desktop, you can also access the Kaspersky
Administration Kit window from an icon on your screen.
Figure 3 : Kaspersky Adm
CON_038
inistra tion Kit main windo
w
13
2.5 Configuring the Administration Kit Understanding the Kaspersky Administration Kit window
The Kaspersky Administration Kit main window is divided into two parts. The left side of the window displays the hierarchy tree. When you click on an item in the tree, the right side of the window updates with information that pertains to the selected item in the tree. Activating wizards, selecting tasks, and defining groups are some of the functions that are performed from the right side of the window.
Figure 4 : Kaspersky Ad
ministration Kit window
panel e xample
Note: It is beyond the scope of this manual to discuss all of the Kaspersky Administration Kit
window features. Additional information on Kaspersky windows and applications is provided in the Kaspersky Lab documentation which is provided on the installation CD.
14
CON_038
2.5 Configuring the Administration Kit Many procedures in this manual require you to browse to a directory. Unlike the standard Browse windows that are part of Microsoft Windows, the Kaspersky browse feature is accessed from an Open window (see the following figure).
Figure 5 : Kaspersky Ad
2.5.2
ministration Kit - Open window
To import Kaspersky protection policies Protection policies define how the clients operate (for example, what processes to use, what processes to ignore, and so forth). 1. Access the Kaspersky Administration Kit window (see page 13). 2. On the left side of the window, expand the Managed computers items in the tree. 3. Under Managed computers, expand the Policies item in the tree. a) If default policies exists, right-click on them, and select Delete. 4. Right-click on Policies and select Import.
5. The Open window appears (see page 14). Browse to where ServerPolicyv3.klp exists. 6. Select ServerPolicy and select the Open button. The Open window selects the file and exits. 7. Right-click on Policies and select Import again to access the Open window. 8. On the Open window, browse to where WorkstationPolicyv3.klp exists.
CON_038
15
2.5 Configuring the Administration Kit 9. Select WorkstationPolicy and click Open. The Policies tree structure should look like the following figure:
Figure 6 : Kaspersky A
16
dministration Kit tree -- showing com
plete d Policies structure
CON_038
2.5 Configuring the Administration Kit 10. Click on Emerson Server Protection Policy and select Active Policy on the right side of the window.
Figure 7 : Kaspersky A
dministration Kit - Emerson
Se rver Protection Policy
11. Return to the tree and select on Emerson Workstation Protection Policy . Select Active Policy from the window's right pane..
2.5.3
To import Update Groups (Waves) The following procedures discuss importing the group (wave) structure (for example, Wave1, Wave2, and so forth). 1. Access the Kaspersky Administration Kit window (see page 13). 2. On the left side of the window, expand the Managed computers items in the tree. 3. Expand the Group tasks item in the tree.
CON_038
17
2.5 Configuring the Administration Kit 4. Right-click on each task located under Group tasks and select Delete.
5. Click on the Managed Computers item in the tree. On the right side of the window, select Import group structure.
Figure 8 : Kaspersky Ad
18
ministration Kit - Import Group Structure
CON_038
2.5 Configuring the Administration Kit
6. The Welcome to New Administration Group Structure Wizard appears. Click Next. 7. On the first Creating administration group structure screen, select a method for creating the group structure. Select the Text File radio button and click Next.
Figure 9: Cre
CON_038
ati ng administrati
on g roup structure screen
19
2.5 Configuring the Administration Kit 8. The Creating administration group structure screen updates. Go to the Target group field and click Browse button.
9. The Select group window appears. Select Managed computers and click OK.
Figure 1 0: Se lect group w
20
indow
CON_038
2.5 Configuring the Administration Kit 10. Go to the Text file with group names field and click the Browse button.
CON_038
21
2.5 Configuring the Administration Kit 11. The Open window appears (see page 14). Browse to the CD in the directory called groups. Select the file groups then click Open.
12. You will be returned to the Group structure management window. Click Next, and then click Finish. Your groups should look similar to this:
22
CON_038
2.5 Configuring the Administration Kit
2.5.4
To import Group Tasks Each group (wave) in the Administration Kit tree has its own set of update tasks. These tasks define when to update the virus definitions (for example, every Wednesday at 3:00 PM). 1. Access the Kaspersky Administration Kit window (see page 13). 2. On the left side of the window, expand the Managed computers items in the tree. 3. Select Group tasks under Managed computers. 4. On the right side of the window, select Import Task from File .
Figure 1 1: Kaspersky Adm
inistra tion Kit wind
ow - I mpo rt task from file
5. The Open window appears (see page 14). Browse to the \Groups directory on the CD. 6. Select VirusScanServers.klt, and click Open. The Open window makes the selection and exits. 7. Select Import task from file again to access the Open window. 8. Browse to the \Groups directory on the CD. 9. Select VirusScanWorkstations.klt , and click Open. The Open window makes the selection and exits. 10. Return to the Kaspersky Administration Kit hierarchy tree. Expand the Managed computers item and expand Wave 1.
CON_038
23
2.5 Configuring the Administration Kit 11. Right-click on Group Tasks for Wave 1. Pull-right and select All Tasks and Import.
Figure 1 2: Kaspersky Adm
inistra tion Kit wind
ow -- Import All Group Tasks
12. The Open window appears. Browse to the \Groups directory on the CD. 13. Select Wave1ServersUpdate , and click Open. The Open window selects the file and exits. 14. Right-click on Group Tasks for Wave 1-> All Tasks -> Import to access the Open window again. 15. Browse to the \Groups directory again on the CD. 16. Select Wave1WorkstationsUpdate , and click Open. 17. Under the Managed computers item in the tree, expand Wave 2. 18. Right-click on Group Tasks for Wave 2. Pull-right and select All Tasks and Import. 19. The Open window appears. Browse to the \Groups directory on the CD. 20. Select Wave2ServersUpdate , and click Open. The Open window selects the file and exits. 21. Right-click on Group Tasks for Wave 2-> All Tasks -> Import to access the Open window again. 22. Browse to the \Groups directory again on the CD. 23. Select Wave2WorkstationsUpdate , and click Open. 24. Repeat Steps 17 through 23 for Wave 3 and Wave 3 OPH.
24
CON_038
2.5 Configuring the Administration Kit
2.5.5
To configure workstation protection Kaspersky Lab provides many types of security applications. However, the Ovation system only requires the antivirus application. The setup.ini allows the install of the antivirus software while restricting the install of all other Kaspersky security software applications. 1. Open the Kaspersky Administration Kit (see page 13). 2. Expand Repositories and select Installation Packages.
Figure 13 : Kaspersky
Adm inistra tion K it -- showing
Insta lla tion packages highlighted
3. Select Kaspersky Anti-Virus 6.0 for Windows Workstations and click Configuring the installation package settings . 4. Click the Properties tab.
CON_038
25
2.5 Configuring the Administration Kit 5. Remove the check marks from everything but File Anti-Virus. Place a check mark in the Add program location to environment variable %PATH% box. Click the Compatibility button.
Figure 14 : All properties unc
hecked except for File Anti-Virus
6. Place a check mark in the Do not install the NDIS5 driver box and click OK.
Figure 1 5: Compatibili
26
ty settings w
indow
CON_038
2.5 Configuring the Administration Kit 7. Click the OK button to close out the properties.
Note: Currently, Ovation only supports the FileMonitoring component due to the acceptable
Ovation configuration. Refer to Additional Kaspersky protection components (see page ) for a general description of each of these components.
2.5.6
To update de finitions in the A dministration Repos itory The Administration Repository is the place where the antivirus definitions are stored on the Management Station. For information on updating antivirus definitions, see Getting signature updates (see page 59). 1. Go to the Emerson subscription website, updates.ovationusers.com/KAV/ , and copy the latest antivirus definitions to a CD or flash drive. They will be in a zip file. Note: The Management Station should not have internet access. To copy the latest antivirus
definitions from the Emerson user site, use a non-Ovation PC that has internet access.
2. On your Management Station, create a local folder for virus definitions (for example, C:\Definitions). 3. Unzip the definitions that you obtained from the Emerson website to the folder you created on the Management Station.
CON_038
27
2.5 Configuring the Administration Kit 4. Access the Kaspersky Administration Kit window (see page 13). 5. On the left side of the window, expand the Repositories item in the tree, and select Updates.
6. Click on Configure update settings on the right side of the window.
7. The Download updates to repository Properties window appears. Select the Settings tab on the window.
28
CON_038
2.5 Configuring the Administration Kit 8. Click the Configure link under Update Sources.
Figure 1 6: Download updates to repository Properties window
9. The Update sources window appears. Click on the Add button.
Figure 1 7: Update sources window
CON_038
29
2.5 Configuring the Administration Kit 10. The Update source properties window appears. Select the Local or network update folder radio button. Then click the Browse button.
Figure 18 : Update source prop
erti es windo w
11. The Open window appears (see page 14). Browse to folder where you unzipped the virus definitions and click OK. The Open window accepts the file and exits. 12. Click OK on the Update source properties window. 13. You will be returned to the Update sources window. Select Kaspersky Lab update servers and select the red X to delete it.
14. Only the local folder (C:\Definitions\) should remain on the Update sources window. Click OK. 15. You will be returned to the Download updates to repository Properties window. Select the Schedule tab
30
CON_038
2.5 Configuring the Administration Kit 16. Go to the Scheduled start: drop-down menu, and select Daily. Select a start time of 7:00:00 AM from the Start time menu.
Figure 19 : Downlo ad updates to repository Pro
perties wind
ow -- S elect start time
17. Click the OK button on the Download updates to repository Properties window.
CON_038
31
2.5 Configuring the Administration Kit 18. The update task will run on the schedule you defined or it can be forced immediately by clicking Download Updates.
2.5.7
To install protection on the Manage ment Station 1. Access the Kaspersky Administration Kit window (see page 13). 2. On the left side of the window, navigate to Event and computer selections -> Computer selections -> No Kaspersky Anti-Virus installed . The Management Station name should appear on the right side of the window.
Figure 2 0: Kaspersky Ad antivirus installed
32
ministration Kit windo
w -- f inding Management Sta
tion w ith no
CON_038
2.5 Configuring the Administration Kit 3. Click on the name of the Management Station, and the menu on the left changes. See the following figure.
Figure 21 : Start deploym ent of antivirus to Management Station
4. Click on the Deployment Wizard link. The Deployment Wizard starts. Click Next on the initial screen. 5. On the Installation Package screen, the Deployment Wizard should auto-select the appropriate Kaspersky antivirus to install. Click Next. 6. On the License screen, the only license installed should already be selected. Click Next. 7. On the Account screen, there is no account needed for a local install. Click Next. 8. On the Restart screen, select whether or not you want to reboot (note that a reboot is not necessary). Click Next. 9. On the Incompatible Applications screen, click Next. 10. On the Computer Relocation screen, the default location is Managed Computers. Click Next. 11. On the Install Application screen, click Next. The installation task starts. Wait for the install to finish, and click Next. 12. Click Finish to end the wizard. The name of the Management Station will appear in the Managed computers folder. At this point, it must be assigned to a Wave (Wave 1 is and installing clients to waves (see suggested) order to receive updates. to Assigning page 53) forininformation in assigning thisRefer station to a wave.
CON_038
33
2.6 Configuring Management Station scan exceptions
2.6
Configuring
Management
Station scan exceptions
The following exception configurations are needed to optimize the interactions between Emerson applications with the Kaspersky AntiVirus software, as well as eliminate potential sources of application irregularities. Use the following procedure to configure Management Station scan exceptions: 1. Access the Kaspersky Administration Kit window (see page 13) on a Management Station. 2. On the left side of the window, expand the Managed computers items in the tree. 3. Under Managed computers, expand the Policies item in the tree.
Figure 22 : Kaspersky
34
Adm inistra tion K it tree - - showing
comp lete d Policies structure
CON_038
2.6 Configuring Management Station scan exceptions 4. For each of the policies configured in the location (Emerson Server Protection Policy and Emerson Workstation Protection Policy ), right-click on the policy and select Properties. 5. The Emerson Protection Policy Properties window appears. From the Protection tab, make sure Protection is selected in the top drop-down menu. Then click on the Trusted Zone button in the Exclusions section.
Figure 23 : Emerson
CON_038
Ser ver Protection Policy Propertie
s w indow
35
2.6 Configuring Management Station scan exceptions 6. The Trusted Zone window appears. Click the Add button. The Exclusion mask window appears.
Figure 2 4: Exclusion Mask window
7. Accept the default Object selection in the Properties section, then click on the Select Object link (see the figure above). The Object Name window appears.
Figure 2 5: Object name window
36
CON_038
2.6 Configuring Management Station scan exceptions
8. Add a single entry from the list below in the entry field. Make sure that the "Include subfolders" checkbox is not checked. Select the OK button. Repeat for each additional entry. The disk letters in the list below reflect the Ovation installation defaults, and may need to be adjusted on certain systems:
C:\Ovation\shc\config\mmidbrma\*.dbd
C:\Ovation\shc\config\mmidbrma\*.ddl
C:\Ovation\shc\config\mmidbrma\*.df1
C:\Ovation\shc\config\mmidbrma\*.df2
C:\Ovation\shc\config\mmidbrma\*.df3
C:\Ovation\shc\config\mmidbrma\*.df5
C:\Ovation\shc\config\mmidbrma\*.df6
C:\Ovation\shc\config\mmidbrma\*.df7
C:\Ovation\shc\config\mmidbrma\*.kf1
C:\Ovation\shc\config\mmidbrma\*.kf2
C:\Ovation\shc\config\mmidbrma\*.kf3
C:\Ovation\shc\config\mmidbrma\*.kf5
C:\Ovation\shc\config\mmidbrma\*.kf6
C:\Ovation\shc\config\mmidbrma\*.kf7
C:\Oracle\OraData\ptdb\*.DBF
C:\Oracle\OraData\ptdb\*.DBS
D:\Oracle\OraIndex\ptdb\*.DBF
D:\Oracle\OraIndex\ptdb\*.DBS
*.ohif
9. Return to the Trusted Zone window, and delete the following default entries from the Exclusion Rules list:
D:\oracle\oraindex\ptdb\
D:\oracle\oradata\ptdb\
C:\oracle\oraindex\ptdb\
C:\oracle\oradata\ptdb\
C:\ovation\shc\config\mmidbrma\
10. Select OK on the Trusted Zone window and then click OK on the Protection Policy Properties window to return to the main Kaspersky Administration Kit window. 11. Repeat the Steps 8 and 9 for any remaining policies. Note: Make sure that you perform these procedures for both Emerson Policy and Emerson Work station Protecti on Policy .
CON_038
Serve r Protection
37
2.6 Configuring Management Station scan exceptions
12. Review the setting results on the applicable client machines by performing the following steps: a) Navigate to Kaspersky Administration Kit -> Managed Computers -> Wave X -> Client Computers. b) Right-click on the applicable machine and select Properties.
Figure 26:
Review setting results
c) The Drop Properties window appears. Select the Applications tab and click on the Kaspersky AntiVirus for Windows entry. Then, select the Properties button.
38
CON_038
2.6 Configuring Management Station scan exceptions d) The Kaspersky AntiVirus for Windows Properties window appears.
Figure 27:
Review setting pro
perties
e) Select the Properties tab. Make sure that Protections is selected from the drop-down menu, then click the Trusted Zone button in the Exclusions section. f)
CON_038
Verify that the settings above have taken affect in the Exclusion Rules list.
39
S
3
ECTION
Installing and configuring the Client antivirus software
IN THIS SECTION Selecting the correct software for Ovation client drops..................................................... 41 Hardware requirements for clients .................................................................................... 41 Migrating from Symantec clients to Kaspersky clients ...................................................... 42 Installing client software ................................................................................................... . 42 Assigning and installing clients to waves .......................................................................... 53 Importing a new license key .............................................................................................. 55
3.1
Selecti ng the correct software
for Ovation client drops
Ovation drops can be either one of two types of clients:
Workstation (Operator Station, Engineering Station, and so forth).
Server (Database Server).
The type of Kaspersky client software that you install depends on the type of client drop and the operating system that it is running. Make sure you are installing the correct software that goes with each client type. For Ovation client workstations, install Kaspersky Anti-Virus for Workstations MP4 (6.0.4.1424) (for XP or Windows 7 operating systems). For Ovation client servers, install Kaspersky Anti-Virus for Servers MP4 (6.0.4.1424) (for Server 2003 or Server 2008 operating system).
3.2
Hardware
requireme nts for clients
The following hardware is required to load client workstations :
300 MB of free hard drive space.
Intel Pentium 800MHz or higher.
512MB of RAM.
One of the following operating systems:
CON_038
Windows XP SP2 or higher. (Not for use with Ovation 3.5 systems.)
Windows 7 Business/Enterprise/Ultimate. (Not for use with Ovation 3.5 systems.)
Windows 7 Professional SP1 (32-bit or 64-bit versions).
41
3.3 Migrating from Symantec clients to Kaspersky clients The following hardware is required to load client servers:
3.3
300 MB of free hard drive space.
Intel Pentium 1 GHz or higher.
1GB of RAM.
One of the following operating systems:
Windows Server 2003 SP2. (Not for use with Ovation 3.5 systems.)
Windows Server 2008 SP2 (32-bit version).
Windows Server 2008 R2 SP1 (64-bit version).
Migrating
from Symantec
clients to Kaspersky
clients
If you are installing Kaspersky antivirus software on a machine that previously had Symantec antivirus software installed, contact an Emerson representative to discuss the best means for cleanly uninstalling the Symantec antivirus software with minimal impact to Ovation.
3.4
Installing
client software
The following sections describe the installation of Ovation clients. The installation can be performed from either a "push" from the management station or it can be done manually. Note: The procedures discussed in this manual document how Kaspersky antivirus software is
installed and configured with the Ovation software. Additional information on Kaspersky applications is provided in the Kaspersky Lab documentation which is provided on the installation CD.
3.4.1
To push the install to the clients from the Management Station Use the following procedure to download or "push" the application antivirus software from the management station to the Ovation clients. 1. Access the Kaspersky Administration Kit window (see page 13) on the Management Station.
42
CON_038
3.4 Installing client software 2. On the left side of the window, select Tasks for specific computers from the tree.
Figure 2 8: Kaspersky Ad
CON_038
ministration Kit windo
w h iera rchy tree
43
3.4 Installing client software
3. Depending on the type of client you are pushing the install to, select one of the following items on the right side of the Administration Kit window:
Deploy Kaspersky Anti-Virus for Windows Workstations (for XP or Windows 7 operating systems)
Deploy Kaspersky Anti-Virus for Windows Servers (for Windows Server 2003 or Windows Server 2008 operating systems).
Figure 2 9: Ta sks fo r specific com
puters
Note: The following steps are the same regardless of whether you chose to deploy the
workstation or server antivirus software.
4. On the Welcome to the Deployment Task Creation Wizard, click Next. 5. On the New Deployment Task name screen, define your task name (the default is fine). Click Next. 6. On the Installation Method screen, the Push install radio button should be selected (if not, select it). Click Next. 7. On the Settings screen, keep the items that are checked. Click Next.
44
CON_038
3.4 Installing client software 8. On the Advanced screen, select the Install Network Agent along with this application check the Network Agent checkbox. Click Next.
Figure 30:
Adv anced screen - I
nstall Network A
gent
9. will On require the Restart screen, select how are: you want to handle the restart after the install (the machine a restart). The choices
Do not restart.
Restart the computer (will force a restart without notification).
Prompt User for action (will prompt the user about the restart and can be cancelled, if desired).
10. After you make your restart selection, click Next. 11. On the Computer Relocation screen, click Next. Note: Clicking Next on the Computer Relocation screen places any installed machines into a
single location. Then they can be moved to the various "waves."
CON_038
45
3.4 Installing client software
12. On the Select target computers screen, select how you will define which machine(s) to install to. The choices are:
I want to select computers using Windows Networking (if you would like to select machines auto-discovered via Active Directory). See Step 13.
I want to define computer addresses (IP, DNS or NETBIOS) manually (if you know the target IP(s)). See Step 14.
13. If you clicked "Windows Networking," the Client computers screen appears. Expand Unassigned computers in the tree and place a checkmark beside the individual machine(s) you are installing to, and then click Next.
Figure 31 : Clie nt co mpu ters screen - Unassigned com
46
puters
CON_038
3.4 Installing client software 14. If you selected "define computer addresses," the Client computers screen appears with a space to enter an IP address. Click the Add button and an entry field appears. Type in the IP addresses of the individual machine(s).
Figure 32:
Client comp
uters sc reen - Add IP addresses
15. Once you have added all the IP addresses, click Next.
CON_038
47
3.4 Installing client software 16. The Account screen appears. Click the Add button.
Figure 3 3: Account
screen
17. The Account pop-up window appears. Enter the account information that has install rights to the target machine (can be a domain account) and click OK.
Figure 34 : Account po
48
p-up window
CON_038
3.4 Installing client software 18. Repeat Steps 16 and 17 if more than one account is needed. Then click Next on the Account screen when finished.
CON_038
49
3.4 Installing client software 19. On the Task scheduling settings screen, select when you would like this install to occur. Pull down the Scheduled start menu to select the desired time. Select Immediately if you want to force the install now. Click Next.
Figure 35 : Task sch
eduling settings screen
20. On the Completing the Deployment Task Creation Wizard, click Finish. Note: The task will remain and can be edited to be reused for different targets, schedules, and
so forth.
21. Reboot the client.
50
CON_038
3.4 Installing client software
3.4.2
To manually install the client Use the following procedure to manually install the Ovation client software. Note: This procedure cannot be performed if the Management Station is not connected to the
domain.
1. Access the Kaspersky Administration Kit window (see page 13) on the management station. 2. On the left side of the window, expand the Repositories item in the tree, and select Installation packages.
CON_038
51
3.4 Installing client software 3. On the right side of the window, select the product you want to install (in this example, it shows Kaspersky Anti-Virus 6.0 for Windows Workstations). Then select Create Standalone installation package.
Figure 36: I nstallation pack
ages screen
4. The Welcome to the Wizard for Standalone Installation Package Creation screen appears. Click Next. 5. On the License screen, click Next. 6. On the Network Agent installation package screen, click Next. 7. On the Computer Relocation screen, click Next.
52
CON_038
3.4 Installing client software 8. A progress bar appears and a single setup file is created. The Administration Kit tells you where this setup.exe file is located. You can also click the Open folder link to go directly to the setup.exe file. See the following figure.
9. Copy this setup.exe file to the applicable Ovation client machine and install. The installation will be silent, meaning that no progress bar or window will appear. 10. Reboot the client.
CON_038
53
3.5 Assigning and installing clients to waves
3.5
Assigning
and installing
clients to waves
Once you have installed the client software, you must assign the correct Ovation drops to the applicable waves.
3.5.1
To assign clients to waves 1. Access the Kaspersky Administration Kit (see page 13) on the management station. 2. On the left side of the window, expand the Managed computers item in the tree. 3. Click on Client computers. (Note that this is the default location that machines go to after the install.)
54
CON_038
3.6 Importing a new license key 4. The right side of the window updates with the Client computers screen. Find the machine that you want to move and select it.
5. Return to the hierarchy tree on the left side of the window, and expand the Wave folder you are going to move the selected machine to. 6. Drag the machine that you have highlighted from the right side of the window to the Client computers item under the desired Wave folder on the left side of the window.
7. Repeat Steps 4 through 6 for all client computers and all waves.
3.6
Importing
a new license key
The Kaspersky license key is available on the installation CD. When you perform the install, you determine how many "seats" you need from the license key. If additional licenses are required after the installation, you must import a new license key.
3.6.1
To import a new license key 1. Access the Kaspersky Administration Kit (see page 13) on the management station. 2. On the left side of the window, expand the Repositories item in the tree. 3. Click on Licenses.
CON_038
55
3.6 Importing a new license key 4. On the right side of the window, select Add License.
Figure 3 7: Kaspersky Adm
inistra tion Kit wind
ow -- Add L icense
5. The Welcome to Install License Wizard appears. Click Next on the window. 6. On the License screen, select the Load from key file radio button and click Next. 7. In the Choose Key File field, click the Select button and the Open window appears. Browse to where the key is kept. Find the .key file (example: 1234ABCD.key), and click Open.
56
CON_038
3.6 Importing a new license key 8. Select the Automatically deploy license to managed computers checkbox, and click Next.
Figure 38:
License sc reen
9. On the Completing the Install License screen, click Finish.
CON_038
57
S
ECTION
4
Getting signature updates
IN THIS SECTION What is signature distribution? .......................................................................................... 59 To .............................................................................................. To obtain transfersignature signatureupdates updates to the Management Station ............................................... 59 60 Rolling back to previous signatures .................................................................................. 61
4.1
What is signature
distribution?
Antivirus signatures represent the most current list of known viruses that can harm your system.
Antivirus software is only as good as its signatures are current. Since viruses and worms are constantly being developed by malicious hackers, weekly signature updates are extremely important. Every week, a new set of antivirus signatures that are designed to combat the latest viruses are posted on the Emerson website. There are several steps in the safe distribution of new antivirus signatures:
Emerson obtains the newly released signatures from the antivirus vendor and validates that the signatures do not report any false positives on files included in the supported Ovation releases. Emerson further verifies that the new signature does not adversely impact system performance. Emerson posts the tested signature files on their subscription website. Access to this website requires a paid SureService subscription agreement for the Software Updates with Antivirus module that entitles you to signature updates. Contact your Emerson representative for more information.
Using a non-Ovation PC with internet access, you are able to download the latest signature updates from the website and save them to some type of removable media (CD, USB flash drive, and so forth). The signature updates will be contained in a .zip file.
Insert the USB flash drive or CD into the Management Station. Install the signatures updates on your Management Station by extracting the files from the zip file.
"Push" the updated signatures to the Ovation client drops from the Management Station.
CON_038
59
4.2 To obtain signature updates
4.2
To obtain signature
updates
To obtain signature updates, you must have a PC with internet access that is not connected to the Ovation system. Also, this PC should not be the same machine that is being used as the Management Station. CAUTION: In order to preserve the integrity of the Ovation system, internet access should be
prohibited from any machine running Ovation software. 1. In your web browser, enter the URL: updates.ovationusers.com/KAV/ . Note: In order to access this link, you must have a paid SureService subscription agreement for
the Software Updates with Antivirus module that entitles you to signature updates.
You are prompted for your Subscription Information. 2. Enter the login name and password assigned in your SureService agreement. Your browser displays the Updates page. Note that the login name and password are case sensitive. The top section of the page lists the available AV definition zip archives starting with the most recent at the top. The display includes the File size (bytes), the date it was posted, the MD5 Hash of the file, and a description. Note: Other important information regarding Kaspersky AV updates might be displayed on this
page. Emerson recommends that you check this page for other announcements when you visit this site.
3. Click the desired file to download. You will be prompted to use the Ovation Download Manager. Note: TheBrow file download will start automatically. If it does not start automatically, you should press the se D ownload button.
4. You will be prompted to save the file. Emerson recommends that you save the zip file to a USB memory stick or CD. 5. Finish the task by transferring your AV definition files to your Management Station (see page 60).
4.3
To transfer
signature
updates to the M anagement
Station
1. On your Management Station, create a local folder for virus definitions (for example, C:\Definitions ). 2. Insert the USB flash drive or CD that contains the updated signature zip file into the Management Station. 3. Transfer the AV signatures from the flash drive or CD to your Management Station. Unzip the file to the folder you created (for example, C:\Definitions ). 4. Update the definitions in the Administration Repository (see page 27). 5. Push the updated virus definitions from the Management Station to the client machines (see page 42).
60
CON_038
4.4 Rolling back to previous signatures
4.4
Rolling back to previous
signatures
If an updated set of antivirus signatures causes a false report of an infected file or any DCS operational problems, you may have to roll the signature files back to the previous signatures that were functioning correctly. You can perform a roll back on your client machines.
4.4.1
To roll back signatures on Ovation workstation and server c lients 1. From a client computer, click the Kaspersky icon in the system tray. The main Kaspersky (client) window appears. Note: The procedures and figures discussed below depict a rollback for workstation clients. The
procedures for server clients are the same except that the windows say "Windows Servers."
2. Select Update.
Figure 39 : Kaspersky
CON_038
Anti-Vi rus 6.0 for Window
s Wo rkstations
61
4.4 Rolling back to previous signatures 3. The Update screen appears. Click on Roll back to the previous databases.
Figure 40: Update screen --
62
Rollback to p
revious d atabases
CON_038
4.4 Rolling back to previous signatures The rollback process begins.
Figure 41 : Rollback runn
ing
4. When the rollback completes, select the Close button.
CON_038
63
4.4 Rolling back to previous signatures 5. On the Update screen, verify that the roll back was a success by checking the Databases release date.
Figure 42: Verify Databases release date
64
CON_038
S
ECTION
5
Generating reports
IN THIS SECTION What reports are available with the Kaspersky antivirus software? ................................. . 65
5.1
What reports are available software?
with the Kaspersky
an tivirus
The Kaspersky antivirus software provides a standard set of reports. These reports are listed and described below:
Antivirus database usage report -- contains information about the database versions used
by the applications.
Errors report -- contains information about errors (functional failures), registered in the
operation of applications installed on client computers.
Incompatible applications report -- contains information about the antivirus applications of
other vendors installed on client computers or Kaspersky Lab's applications that do not support management via Kaspersky Administration Kit.
Kaspersky Lab software version report -- contains information about the versions of
Kaspersky Lab's antivirus applications installed on client computers.
License usage report -- contains information about the status of licenses used by Kaspersky
Lab's applications and observance of the restrictions provided for in those licenses. Most infected users report -- includes information about client computers, the scanning of which has revealed the largest number of suspicious objects.
Protection coverage report -- contains a list of network computers and information about the
antivirus applications installed on those hosts.
Protection status report -- contains information about client computers that have insufficient
level of antivirus security.
Users of infected computers report -- contains information about the most dangerous
network users.
Viruses report -- provides information about the results of antivirus scanning of client
computers. Note: You can also create custom reports. Information on creating custom reports is provided in
the Kaspersky Lab documentation which is provided on the installation CD.
CON_038
65
5.1 What reports are available with the Kaspersky antivirus software?
5.1.1
To generate antivirus reports When you select a report to run, the information for that report displays on the right side of the Administration Kit window. The information provided can be a general summary or be detailed to the drop level. Once the report is saved to a selected file format (see page 67), it can be printed. In addition, reports can be scheduled to run automatically at a specific time interval (see page 70). Use the following procedure to run a report: 1. On the Management Station, access the Kaspersky Administration Kit window (see page 13). 2. Expand the Reports and notifications item in the tree. A list of reports displays.
Figure 43 : Re ports and no
66
tifications
CON_038
5.1 What reports are available with the Kaspersky antivirus software? 3. Click on the report that you want to run. The report processes and the results are shown in the right pane of the Administration Kit window. An example report is shown in the following figure.
Figure 44:
CON_038
Example report -- Antivirus d
atabase us age re port
67
5.1 What reports are available with the Kaspersky antivirus software?
5.1.2
To save a generated report Once you have generated a report, it can be saved to a specified file format, where it can be printed or archived. 1. Generate the desired report (see page 66). 2. Right-click on the name of the report in the hierarchy tree that you just generated. Select Save from the menu that displays. 3. The Report saving wizard appears. Click Next.
Figure 45:
Report saving w
izard
4. The Folder screen appears. Specify the folder where the report should be saved to. Click the Select button to browse for a folder.
68
CON_038
5.1 What reports are available with the Kaspersky antivirus software? 5. Select a file format for the report. The report can be saved as html, pdf, or xml.
Figure 46: Re port s aving w izard -- Folder screen
6. Click the Next button.
CON_038
69
5.1 What reports are available with the Kaspersky antivirus software? The save processes. When it is finished, the Report saving wizard Complete screen appears.
Figure 47 : Report saving wizard com
plete screen
7. By default the Open the report folder checkbox will be checked. When you click the Finish button, the report will open format you the software package that itinisthe displayed in. selected. The report can then be printed using
5.1.3
To schedule reports to run automatically You can schedule reports to run automatically at a specific time interval. To do this, use the following steps: 1. Generate the desired report (see page 66). 2. Right-click on the name of the report in the hierarchy tree that you just generated. Select Send reports from the menu that displays.
70
CON_038
5.1 What reports are available with the Kaspersky antivirus software? 3. The Report autosend task creation wizard appears. Click Next.
Figure 48:
Report autosen
d task creation wizard
4. The Report autosend task name screen appears. Enter the name of the task that is going to be run. A default name is provided for you. Click Next.
Figure 49 : Report autosend task nam
CON_038
e screen
71
5.1 What reports are available with the Kaspersky antivirus software? 5. The Settings screen appears. a) Select the reports that will be part of the task you defined. A checkmark appears in the box beside the name. Note that more than one report can be run in a defined task. b) If you want to save the report(s) to a folder after the task runs, place a checkmark in the Save report to folder box. Then define the name of the folder in the entry field where the report(s) should be saved. You can also select the Browse button to search for a folder. c) Click Next.
Figure 50:
72
Settings scr
een
CON_038
5.1 What reports are available with the Kaspersky antivirus software? 6. The Task scheduling settings screen appears. Pull down the Scheduled start menu and select how often you want to run the task. Note that if you select Manually, it means that you will run the task on demand.
Figure 51 : Task sch
eduling settings sc
ree n
7. Once you select a time interval from the Scheduled start menu, the Task scheduling settings screen updates with menus and entry fields that allow you to define start times. The following figure shows an example of how the screen will look if the Scheduled start is set to Weekly.
Figure 5 2: Example of scheduling task to
CON_038
run w ee kly
73
5.1 What reports are available with the Kaspersky antivirus software? 8. Make the desired time selections on the Task scheduling settings screen and press the Next button. Note: Select the Run missed tasks checkbox if you want to automatically run any task(s) that
are skipped. For example, a task could be missed if the machine was down during the scheduled start time.
9. The task completion screen appears. Select the Finish button. 10. Notice in the tree on the left side of the Administration Kit window, that a new task appears under the Kaspersky Administration Kit tasks heading. If you select the task, on the right side of the window, you can choose the option to run the task now.
74
CON_038
S
ECTION
6
Kaspersky Troubleshooting tools
IN THIS SECTION What are the Kaspersky troubleshooting tools? ............................................................... 75 What .................................................................................... What is is the the GetSystemInfo Kaspersky Lab utility? Remote Diagnostic utility?..................................................... 76 80 Generating trace files ........................................................................................................ 94 Using a Rescue CD ........................................................................................................... 98 What is the Kaspersky Virus Removal Tool? ................................................................. . 103 What is the RipRep System Preparation Utility? ............................................................ . 104 What is the Kaspersky Backup and Restore Utility? ...................................................... . 107
6.1
What are the Kaspersky
troubleshootin
g tools?
Undiagnosed problems with antivirus software can leave your system vulnerable to virus attacks. Having the proper tools to diagnose and fix problems early will save time and money. With the Kaspersky antivirus software and technical support site, several utilities can be accessed to help with maintenance and troubleshooting.
GetSystemInfo (see page 76).
Kaspersky Lab Remote Diagnostic Utility (see page 80).
Trace file generation (see page 94).
Kaspersky Rescue CD (see page 98).
Kaspersky Virus Removal Tool (see page 103).
RipRep System Preparation Utility (see page 104).
Kaspersky Backup and Restore Utility (see page 107).
Note: This manual provides an overview of these troubleshooting tools. More detailed
information can be found in the Kaspersky Lab articles that pertain to the tool. Contact Kaspersky Lab Technical Support for questions that are not addressed in the articles.
CON_038
75
6.2 What is the GetSystemInfo utility?
6.2
What is the GetSystemInfo
utility?
The GetSystemInfo utility is an online parser that can be used to diagnose problems on a computer running Kaspersky software. After the installation of a Kaspersky Lab product, Windows may "blue screen" or freeze. This could happen while the computer is being started or if some task is being executed. The problem might be a conflict with either your computer software or with some drivers and a Kaspersky Lab product. If such a problem arises, Kaspersky Lab Technical Support should receive a report file from the GetSystemInfo utility. The directions to submit a GetSystemInfo report file are found in the Kaspersky Lab Technical Support article: http://support.kaspersky.com/kis6mp2/error?qid=193238548 . Once the report is generated, the file can be uploaded in the GetSystemInfo online parser by accessing http://www.getsysteminfo.com/ .
6.2.1
To generate a GetSystemInfo file The following procedures describe how to create a GetSystemInfo utility log for the Windows XP, Windows Vista, Windows 7, Windows 2003 Server, and Windows 2008 Server operating systems. 1. Download the archive GetSystemInfo4.zip [ZIP, 202KB] from the Kaspersky Lab server. 2. Unpack the archive GetSystemInfo4.zip file using an archiver such as WinZip. A file named GetSystemInfo4.exe will be unpacked. 3. Run GetSystemInfo.exe on the computer that is having the problem. 4. In the End User License Agreement screen, click I agree.
Figure 53:
76
GetSystemInfo
-- End User License Ag
reement screen
CON_038
6.2 What is the GetSystemInfo utility? 5. On the next screen that appears, click the Create report button on the right side of the window.
Figure 54: Ge tSystem Info -- C reate R eport bu tton
6. Wait until the utility processing completes. Note that you can run the GetSystemInfo utility from the command line using the following arguments:
/quiet - run without dialogue boxes; the utility will automatically create a default log.
/qr - utility system tray icon only; the utility will automatically create a default log.
/qn - no GUI and utility system tray icon; the utility will automatically create a default log.
/path - utility log folder (created on the desktop, by default).
/l - log detail level:
1 - Minimum
2 - Recommended (default)
3 - Maximum
Example: gsi4.1.0.243.exe /qn /path="C:/reports" /l=3 7. See To send a GetSystemInfo file to the Kaspersky Help Desk (see page 77) to send the report to the Kaspersky help desk.
CON_038
77
6.2 What is the GetSystemInfo utility?
6.2.2
To se nd a GetSystemInfo file to the Kaspersky Help Desk 1. If you have direct access to the Internet, the GetSystemInfo application will close automatically and a web page with your GetSystemInfo report will open in your default Internet browser. The page address will be copied to clipboard. You can add the report address to the Help Desk request by pressing the combination of keys . Note: If you connect to the Internet via a proxy-server, the report will be uploaded onto the
server and the message will be displayed informing you that an error occurred when uploading to the GSI server. Click Cancel . Close the window with the message suggesting to manually upload the file from your browser and click O K .
2. In the Help Desk form, give the detailed description of your problem and the actions to perform in order to reproduce the problem. 3. Attach the created file (with the default name GetSystemInfo__YYYY_MM_DD.zip) to the Help Desk form. You can choose one of the following ways to attach a file to the form:
Upload of your files via web-form. You can attach the necessary files to the message using this web form.
Upload your files on Kaspersky Lab's FTP server manually. You can attach the necessary files to your message by uploading them on the Kaspersky Lab's FTP server in the folder with your request number.
Figure 55:
78
HelpDesk form
CON_038
6.2 What is the GetSystemInfo utility?
6.2.3
To use the online parser to view the GetSystemInfo file You can read the GetSystemInfo file by using the online parser. 1. Type the following URL into your web browser: http://www.getsysteminfo.com . The GetSystemInfo parser displays.
Figure 56:
GetSystemInfo p
arser
2. Click the Browse button to locate the GetSystemInfo file that you generated. 3. Select the file. It appears in the entry field. 4. Pull down the menu to select a description of the problem you are having (this information is optional). 5. Select the Submit button.
CON_038
79
6.3 What is the Kaspersky Lab Remote Diagnostic utility?
6.3
What is the Kaspersky
Lab Remote Diagnostic
utility?
The Kaspersky Lab Remote Diagnostic utility (klactgui) performs diagnostic tests on remote client computers. The klactgui utility performs the following actions:
Enables/disables tracing, changes tracing level, and downloads the tracing file.
Downloads application settings.
Downloads system information.
Downloads event logs.
Starts/stops applications. Performs Network Agent diagnostics (executes klnagchk utility and downloads its results).
Generates and downloads application dumps.
Uploads and executes any utilities and downloads their results (the utility can write the results into the folder %KLACDT_SAVE_SETTINGS% and/or to stdout).
The klactgui utility can perform these actions on the following software:
Network Agent 5.0 / 6.0 / 8.0.
Administration server 5.0 / 6.0 / 8.0.
Kaspersky Ant-Virus 5.0 for Windows Workstations (builds 5.0.225 - 5.0.712).
Kaspersky Ant-Virus 6.0 for Windows Workstations (builds 6.0.2.* - 6.0.4.*).
Kaspersky Ant-Virus 5.0 for Windows File Servers.
Kaspersky Ant-Virus 6.0 for Windows Servers (builds 6.0.2.* - 6.0.4.*).
The klactgui utility can work in two modes:
Access using the Management Station. This mode is recommended to access computers with installed Network Agent yet inaccessible by Microsoft Windows network means. The utility connects via the Management Station to which the problematic computer connects. If the problematic client computer belongs to a slave Station, and this Station cannot be accessed directly, it is possible to connect to it via the master Station.
Access using Microsoft Windows network. This mode requires certain conditions to be met: 1. The remote target computer must have an operating system other than Windows 98 and Windows ME. 2. The following ports must be open on the remote target computer: TCP 139, TCP 445, UDP 137, UDP 138. 3. You must connect to the remote target computer under its local administrator account (accessible Admin$ and permission to create services).
The data will be downloaded into a folder on the desktop of the computer used to start the klactgui utility. To open this folder, click the Download folder link in the interface of the utility. The directions to use the Lab Remote Diagnostic utility are found in the Kaspersky Lab Technical Support article: http://support.kaspersky.com/ak8/utilities?qid=208280778 .
80
CON_038
6.3 What is the Kaspersky Lab Remote Diagnostic utility?
6.3.1
Remote Diagnostic utility usability limitations The following limitations should be noted when using the Remote Diagnostic utility.
6.3.2
The Remote Diagnostic utility application cannot be stopped if the corresponding service does not support the stop command. Stopping Kaspersky Ant-Virus for Windows Workstations/Servers service is supported for version 6.0.3.837 (and above) only and if there is Network Agent version 6.0.1572 (and above) installed on the client computer.
In order to be able to enable/disable tracing of applications with self-protection there must be Network Agent (even inoperable) installed on the remote computer.
To use the Remote Diagnostic utility to connect to a remote client computer 1. From the Management Station, go to Start > All Programs > Kaspersky Administration Kit > Kaspersky Lab Remote Diagnostic Utility . The main troubleshooting window displays.
Figure 57 : Kaspersky
Adm inistra tion K it remote trou
bleshooting utility (klactgui)
2. From the top drop-down menu, select one of the following working modes:
CON_038
Access using Microsoft Windows network.
Access using Administration Server (the term Administration Server refers to the Management Station).
81
6.3 What is the Kaspersky Lab Remote Diagnostic utility?
3. Refer to one of the following topics depending on the working mode that you selected:
To connect using the Management Station (see page 82).
To connect using the Microsoft Windows network (see page 84).
To connect using the Management Station
1. If you selected Access using the Administration Server (Management Station), the main utility window appears as shown in the following figure:
Figure 58 : Kaspersky Adm inistra tion K it remote troub using th e M anagement Station
leshooting utility -- acce
ss clients
2. Enter the name of the Management Station that the client computer connects to in the Administration Server entry field. You can use localhost if the Management Station is installed on the same computer which you used to start the remote troubleshooting utility. Note: If the client computer belongs to a slave Management Station which cannot be accessed
directly, enter the master Management Station name in the Administration Server field. Check Computer belongs to slave Administration Server the boxname Server in the Slave Server field.
, and enter the slave Management
3. Enter a client computer name in the Computer entry field or click the Browse button to browse for a name.
82
CON_038
6.3 What is the Kaspersky Lab Remote Diagnostic utility? 4. In the drop-down menu under the Computer field, select an account having permissions for connecting:
Use provided user name and password to connect. A User name and Password entry
fields will appear on the screen.
Connect as current user. Select this option if you want to use the account used to start the remote troubleshooting utility.
5. Select the Enter button. The utility downloads files from client computers to the Management Station from which the utility was started. 6. Once a connection is established, the following window appears. From this window, you can enable/disable tracing, load system information, start/stop applications, and so forth.
Figure 5 9: Kaspersky Ad functions
CON_038
ministration Kit remote troub
leshooting utility -- a
ccess various
83
6.3 What is the Kaspersky Lab Remote Diagnostic utility? To connect using the Microsoft Windows network
1. If you selected Access using Microsoft Windows network , the main utility window appears as shown in the following figure:
Figure 60 : Kaspersky
Adm inistra tion K it remote troub
leshooting utility (kla
ctgui)
2. Enter a client computer name in the Computer entry field. 3. In the drop-down menu under the Computer field, select an account having permissions for connecting:
Use provided user name and password to connect. A User name and Password entry
fields will appear on the screen.
Connect as current user. Select this option if you want to use the account used to start the remote troubleshooting utility.
4. Select the Enter button. The connection is established. The utility downloads files from client computers to the Management Station from which the utility was started.
84
CON_038
6.3 What is the Kaspersky Lab Remote Diagnostic utility? 5. Once a connection is established, the following window appears. From this window, you can enable/disable tracing, load system information, start/stop applications, and so forth.
Figure 6 1: Kaspersky Ad functions
CON_038
ministration Kit remote troub
leshooting utility -- a
ccess various
85
6.3 What is the Kaspersky Lab Remote Diagnostic utility?
6.3.3
To use the Remote Diagnostic utility to perform tracing The Remote Diagnostic utility can be used to enable/disable tracing, change the trace level, and download trace files. 1. Connect to a client computer (see page 81). 2. Select the application you want to trace and click Enable trace on the left side of the window.
Figure 62 : Kaspersky
Adm inistra tion K it remote trou
bleshooting utility -- Enabl
e trace
Note: In order to be able to enable/disable tracing of applications with self-protection, Network
Agent must be installed on the remote computer.
86
CON_038
6.3 What is the Kaspersky Lab Remote Diagnostic utility? 3. When the tracing is enabled, trace files become available as items in the directory tree. To download an entire file, select it and click the Download file link. Large files provide an option to download only parts of traces.
Figure 63 : Kaspersky
Adm inistra tion K it remote troub
leshooting utility -- Download file
4. You can also delete a selected file; however, you can only delete it when tracing is disabled. To disable tracing, select a desired application (Step #2 above) and click Disable trace on the left side of the window.
CON_038
87
6.3 What is the Kaspersky Lab Remote Diagnostic utility?
6.3.4
To use the Remote Diagnostic utility to download application upload a utility
settings and
The Remote Diagnostic utility can be used to download application settings, generate and download application dumps, upload and execute a utility, and download its results. 1. Connect to a client computer (see page 81). 2. Select the computer name in the tree, and click the corresponding link on the left side of the window:
Load application settings -- to download the settings of Kaspersky Lab software
installed on this computer.
88
Start utility -- to upload a given utility to the client computer, start it, and download the results of its execution.
Generate process memory dump -- to generate and download a memory dump of an application. If you select this link, another window will appear so you can enter the application name.
CON_038
6.3 What is the Kaspersky Lab Remote Diagnostic utility?
6.3.5
To use the Remote Diagnostic utility to load sy stem information 1. Connect to a client computer (see page 81). 2. Select the computer name in the tree and click the Load system information link on the left side of the window.
Figure 6 4: Kaspersky Adm information
CON_038
inistra tion Kit remote troub
leshooting utility - Load system
89
6.3 What is the Kaspersky Lab Remote Diagnostic utility?
6.3.6
To use the Remote Diagnostic utility to download ev ent logs 1. Connect to a client computer (see page 81). 2. Select the desired even log and click the Download event log link on the left side of the window.
Figure 6 5: Kaspersky Ad logs
90
ministration Kit remote troub
leshooting utility - Download event
CON_038
6.3 What is the Kaspersky Lab Remote Diagnostic utility?
6.3.7
To use the Remote Diagnostic utility to run diagnostics on the Kaspersky Network Agent 1. Connect to a client computer (see page 81). 2. Select the Kaspersky Network Agent application, and click the Run diagnostics link on the left side of the window.
Figure 6 6: Kaspersky Adm
CON_038
inistra tion Kit remote troub
leshooting utility - Run diagnostics
91
6.3 What is the Kaspersky Lab Remote Diagnostic utility? 3. After you run the report, it appears in the tree under the Kaspersky Network Agent item. To download this generated report, click on the Download file link on the left side of the window.
Figure 6 7: Kaspersky Ad
92
ministration Kit remote troub
leshooting utility - Download file
CON_038
6.3 What is the Kaspersky Lab Remote Diagnostic utility?
6.3.8
To use the Remote Diagnostic utility to stop and restart applications 1. Connect to a client computer (see page 81). 2. Select the desired application in the tree, and click one of the following links on the left side of the window:
Stop application.
Restart application.
Figure 68 : Kaspersky application
CON_038
Adm inistra tion K it remote troub
leshooting utility - Stop/Re
start
93
6.4 Generating trace files
6.4
Generating
trace files
Trace files allow you to track (or trace) a problem that may be occurring as a result of the Kaspersky Lab software and your operating system. If you receive messages about operating system errors displayed at system startup or when you start a task, it could be that the Kaspersky application is conflicting with some other software installed on your PC or with hardware drivers. The Kaspersky Lab Technical support service may ask you to generate a trace file. With version 6.0 MP4 of the Kaspersky Antivirus software, it is possible to enable/disable trace files from a Kaspersky graphical user interface displayed on a client computer. The directions for generating trace files are found in the Kaspersky Lab Technical Support article: http://support.kaspersky.com/wks6mp4/error?qid=208280606 .
6.4.1
To generate trace files Perform the following steps to generate trace files: 1. From a client computer, click the Kaspersky icon in the system tray. The main Kaspersky (client) window appears. For this example, the Kaspersky Anti-Virus for Windows Workstations screen appears. Note: The procedures and figures discussed below depict generating a trace file for Workstation
clients. The procedures for Server clients are the same except that the windows say "Windows Servers."
2. Click on the Support link in the lower left corner of the window.
Figure 69 : Main Kaspersky
94
Cli ent window
CON_038
6.4 Generating trace files 3. Click on the Traces link in the lower left corner of the Support window.
Figure 7 0: Kaspersky window
CON_038
for clients --
Support w
indow
95
6.4 Generating trace files 4. Use the Level drop-down menu to choose the desired tracing level. Unless advised otherwise by a Technical support specialist, set the tracing level to Normal (500) .
Figure 71 : Information for
Technica l Support
Ser vice window
5. Click the Enable button to start gathering traces, and then press the OK button. 6. Reproduce the problem. 7. Click the Disable button to stop the tracing process, and then press the OK button. Note: Do not forget to disable tracing after you have gotten the necessary report. If you leave
tracing enabled, the reports folder size may become extremely large.
6.4.2
To access trace files The folders for trace files are hidden in the operating system. The location of the trace files vary depending on the operating system you are running. The trace files are found in the following folders by operating system:
For Windows 7: C:\ProgramData\Kaspersky Lab\
For Windows XP/2003: C:\Documents and Settings\All Users\Application Data\Kaspersky
Lab\ Use the following procedure to access trace files: 1. Go to Start -> Control Panel -> Folder Options -> View tab.
96
CON_038
6.4 Generating trace files 2. Find and check the Show hidden files and folders option in the Advanced settings list.
Figure 7 2: Folde r Options
window
3. Select the OK button and close the Control Panel window.
6.4.3
To delete trace files 1. Exit the Kaspersky client window. 2. Right-click on the Kaspersky Antivirus icon in the system tray and click Exit. 3. Delete the trace files from the folder (see page 96). 4. Restart the Kaspersky client window: Start -> All Programs -> Kaspersky Antivirus for Windows Workstations/Kaspersky Antivirus for Windows Workstations MP4 .
CON_038
97
6.5 Using a Rescue CD
6.5
Using a Rescue CD A Rescue CD is a disk for scanning and disinfecting a PC that contain viruses, worms, or other malware. A Rescue CD can be used if your operating system cannot be started as the result of a virus attack. You need a bootable disk image file (.iso) to start the operating system. You can download this file from the Kaspersky Lab server or update an existing one. The directions to obtain a Rescue CD can be found in the Kaspersky Lab Technical Support article: http://support.kaspersky.com/wks6mp4/rescue?qid=208280571 . The .iso file can be downloaded from the following website: http://devbuilds.kasperskylabs.com/devbuilds/RescueDisk10/kav_rescue_10.iso .
6.5.1
Before downloading the Rescue CD Downloading a Rescue CD must be performed on a non-infected system. Therefore, before creating a rescue disk, make sure you have updated the antivirus databases for Kaspersky Antivirus 6.0. To do this: 1. Go to a client machine running one of the following applications:
Kaspersky Anti-Virus 6.0 for Windows Workstations MP4.
Kaspersky Anti-Virus 6.0 for Windows Servers MP4.
2. On the lower left corner of the screen in the system tray, click the Kaspersky icon. The main Kaspersky (client) window appears. 3. Click on the Update link, and then view the Databases release date to make sure you are running the most up-to-date version of Kaspersky software.
Figure 73: Vie
98
wing Database status
CON_038
6.5 Using a Rescue CD
6.5.2
To download a Rescue CD Use the following procedure to download a Rescue CD. 1. Go to a client machine running one of the following applications:
Kaspersky Anti-Virus 6.0 for Windows Workstations MP4.
Kaspersky Anti-Virus 6.0 for Windows Servers MP4.
2. On the lower left corner of the screen in the system tray, click the Kaspersky icon. The main Kaspersky (client) window appears. 3. In the lower right corner of the window, click the Rescue Disk icon.
Figure 74:
CON_038
Kaspers ky (client) main windo
w -- Rescue Disk icon
99
6.5 Using a Rescue CD
4. The Rescue Disk Creation Wizard appears. Click Next. 5. The Step 1 Select Rescue Disk image source screen appears. Select one of the following radio buttons:
Copy ISO image from CD/DVD disk or local network -- choose this option if you have already downloaded an ISO image from the Kaspersky Lab server and saved it on the PC or on a CD/DVD disk. Download ISO image from Kaspersky Lab server -- select this option if you will
download the ISO image via an internet connection.
Figure 75: Rescue Disk
Creation Wizard -- Step 1 screen
6. Click the Next button.
100
CON_038
6.5 Using a Rescue CD 7. The Step 2 ISO image downloading screen appears. Wait for a rescue disk image to be downloaded on the PC from the source chosen in the previous screen (Step 1). When complete, click Next.
Figure 76: Rescue Disk
Creation Wizard -- Step 2 screen
8. The Step 3 ISO image update screen appears. Select a method of how the PC with the damaged operating system will be started:
Remote startup -- this startup is performed from an administrator's workstation or from another PC within the network. This method requires you to enter the IP address of the PC, as well as the user name and password of an account with administrator access rights on the remote PC. Startup from CD/DVD disk -- for this startup method, the PC must have a CD/DVD-ROM
drive.
CON_038
101
6.5 Using a Rescue CD
Note: After downloading an ISO image from the internet or folder, Kaspersky Antivirus 6.0 for
Windows Workstations (or Servers) MP4 will automatically update the antivirus databases within the rescue disk.
Figure 77: Rescue Disk
Creation Wizard -- Step 3 screen
9. Make your selection on the Step 3 screen and click Next. 10. Once the Rescue Disk Creation Wizard has created an image, a folder with the rescuecd.iso file will open. This file is a writable ISO disk image. The following list gives the rescue disk folder locations by operating system:
For Windows XP:
For Windows 7:
%SystemDrive%:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP60MP4\Data\Rdisk
The Kaspersky Virus Removal Tool is a stand-alone virus scan and removal application. It can be downloaded onto a USB flash drive or CD and used on any machine that does not have antivirus software loaded on it, or that has old, outdated antivirus software. The directions to use the Virus Removal Tool can be found in the Kaspersky Lab Technical Support article: http://support.kaspersky.com/avptool2010/main?qid=208280888 . The Virus Removal Tool can be downloaded from the following website: http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/ .
6.6.1
To install the Kaspersky Virus Removal Tool Use the following procedure to install Kaspersky Virus Removal Tool 2010 : 1. Go to the following website: http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/ and download the application. 2. Run the downloaded file using the following syntax: setup___