aannttiivviirruuss - kaseyahelp.kaseya.com/webhelp/en/kav/1020000/en_kavguide12.pdf · 1 antivirus...
TRANSCRIPT
February 13, 2012
Kaseya 2
AAnnttiivviirruuss
User Guide
Version 1.2
About Kaseya
Kaseya is a global provider of IT automation software for IT Solution Providers and Public and Private Sector IT organizations. Kaseya's IT Automation Framework allows IT Professionals to proactively monitor, manage and maintain distributed IT infrastructure remotely, easily and efficiently with one integrated Web based platform. Kaseya's technology is licensed on over three million machines worldwide.
Copyright © 2000-2011 Kaseya International Limited. All Rights Reserved.
i
Contents
Antivirus Overview ...................................................................................................................................... 1
Antivirus System Requirements ................................................................................................................ 1
Machines ...................................................................................................................................................... 2
Page Layout ......................................................................................................................................... 2
Explorer Grid ........................................................................................................................................ 3
Control Panel ....................................................................................................................................... 3
Antivirus Columns ............................................................................................................................... 6
Details Panel ........................................................................................................................................ 8
Antivirus Agent Menu .......................................................................................................................... 9
Dashboards ................................................................................................................................................ 10
Detections .................................................................................................................................................. 10
Profiles........................................................................................................................................................ 11
Alerts ........................................................................................................................................................... 13
Antivirus Statistics in the Executive Summary Report ......................................................................... 14
Antivirus - Antivirus Installation Statistics ............................................................................................. 15
Index ........................................................................................................................................................... 17
1
Antivirus Overview Antivirus (KAV) provides Kaspersky Antivirus endpoint security for managed machines. Antivirus can be installed independently of Endpoint Security or Anti-Malware.
Antivirus ensures protection of your computer against known and new threats. Each type of threat is processed by separate application components, each of which can be enabled or disabled by configuration profile. Configuration profiles enable you to quickly apply different types of Antivirus solutions to many machines at the same time.
Antivirus includes the following protection tools:
Memory-resident protection components for:
Servers and workstations, with separate licensing for each
Files and personal data
System
Network
Scheduled, recurring virus scans of individual files, folders, drives, areas or the entire computer.
Updates of the Antivirus clients and its components, as well as the Antivirus definition databases used to scan for malicious programs.
Status dashboard for all Antivirus managed machines.
A Detections page for all virus threats not automatically resolved by Antivirus.
Event managed alerts.
Windows Security Center checking.
Specialized agent procedures are installed with Antivirus that enable you to deploy the Antivirus installer package to endpoints (http://community.kaseya.com/kb/w/wiki/how-do-i-pre-deploy-the-kav-installer-package-to-endpoints.aspx). To reduce KServer download bandwidth, the installer package gets deployed to a local file share location then distributed to endpoints for installation.
Note: See Antivirus System Requirements (page 1).
Functions Description
Machines (page 2) Installs and uninstalls Antivirus software on selected
machines and provides a detailed view of the Antivirus
status of any selected machine.
Dashboards (page 10) Displays a dashboard view of the status of all machines
installed with Antivirus.
Detections (page 10) Displays virus threats you can take action on.
Profiles (page 11) Manages Antivirus profiles that are assigned to machine
IDs.
Antivirus System Requirements KServer
The Antivirus module installs on VSA 6.1 or later
2
Requirements for Each Managed Workstation
800 MHz CPU or greater
512 MB available RAM
About 480 MB free space on the hard drive
Microsoft Windows XP, Vista, 7 are supported. Microsoft Windows 98 and NT are not supported.
Microsoft Windows Installer 2.0
Requirements for Each Managed Server
Server 2003, 2003 R2, SBS 2003 R2, 2008, SBS 2008, 2008 R2 are supported.
Only the OS of SBS 2008 is supported. It does not include Exchange email servers hosted by SBS 2008.
See Kaspersky Anti-Virus for Windows Servers version 6.0.4.x (http://support.kaspersky.com/win_server6mp4?level=3) for a complete list of server system requirements.
Note: See general System Requirements.
Machines
Antivirus > Machines
The Machines page installs and uninstalls Antivirus software on selected machines. This same page also provides a detailed view of the Antivirus status of any selected machine.
Page Layout (page 2)
Explorer Grid (page 3)
Control Panel (page 3)
Antivirus Columns (page 6)
Detail Panel (page 8)
Antivirus Agent Menu (page 9)
Page Layout
The layout of the Machines (page 2) page comprises the following main panels:
N a v ig a t io n
P a n e l
S e le c te d C o lu m n S e t
E x p lo r e r G r id
C o n t r o l P a n e l M a c h in e ID / G r o u p ID f i l te r
P a g e B r o w s e r R o w s P e r P a g e
M a c h in e
A n t i - V ir u s
D e ta i ls
M a c h in e
H e a d e r
Navigation Panel - Used to navigate to the Antivirus module. There are four functions: Machines (page 2), Dashboards (page 10), Detections (page 10), and Profiles (page 11).
Explorer Grid - Each managed machine in the VSA is listed in this panel.
3
Page Browser - If more than one page of devices displays, pages forwards and back.
Rows Per Page - Sets the number of devices displayed per page: 10, 30 or 100.
Machine ID / Group ID Filter - Filters the list of machines ID listed in the Explorer Grid.
Control Panel - Executes tasks, either for the entire Explorer Grid or for a single selected machine.
Details Panel - This panel displays the properties and status of a single machine.
Header - Identifies the selected machine in the Explorer Grid.
Antivirus - Displays a summary of the Antivirus status of a machine.
Explorer Grid
The Explorer Grid of the Machines (page 2) page lists each machine currently installed with a Antivirus client and included in the machine ID / group ID filter.
Note: The only exception is when the Installation column set is selected. In this case all machines included
the machine ID /group ID filter are displayed, whether or not the Antivirus client is installed.
The set of columns displayed is determined by the Column Set selection in the Control Panel. The currently selected column set displays in the bar just above the Explorer Grid.
Note: See Antivirus Columns (page 6) for a description of each column available to display in any
Explorer Grid column set.
Page forward displays multiple pages of machines.
Machines per page sets the number of rows on each page.
Control Panel
The Control Panel at the top of the Machines (page 2) page executes tasks, either for the entire Explorer Grid or for a single selected machine.
Actions
Cancel Pending Action - Cancel pending actions on selected machines.
4
Open new window - Display machine Antivirus information in a new window.
Reboot - Reboot selected machines.
Column Sets
Selecting a column set displays a predefined set of columns.
Modify Columns - Customize the set of columns displayed by any column set.
Note: See Antivirus Columns (page 6) for a description of each column available to display in any
Explorer Grid column set.
Installation - Displays installation columns in the Explorer Grid for all agent machines.
Status - Displays status columns in the Explorer Grid for all agent machines installed with a Antivirus client.
Licensing - Displays licensing columns in the Explorer Grid for all agent machines installed with a Antivirus client.
Detections - Displays threat detection columns in the Explorer Grid for all agent machines installed with a Antivirus client.
Version - Displays version columns in the Explorer Grid for all agent machines installed with a Antivirus client.
Scan - Displays scan columns in the Explorer Grid for all agent machines installed with a Antivirus client.
Windows Security Center - Displays installed third-party antivirus, anti-malware and firewall software detected by the Windows Security Center.
Assign
Assign an Antivirus configuration profile to selected machines. Workstations and servers can be selected and assigned at the same time. You do not have to select only workstations or only servers. Workstations are assigned the selected workstation profile. Servers are assigned the selected server profile.
Scan
Schedules an Antivirus scan on selected machines.
Start Date - The start date of the scan.
Time - The start time of the scan.
Distribution Window - Reschedules the task to a randomly selected time no later than the number of periods specified, to spread network traffic and server loading.
There are two types of scan:
Full Scan - A thorough scan of the entire system. The following objects are scanned by default: system memory, programs loaded on startup, system backup, email databases, hard drives, removable storage media and network drives.
Quick Scan - Virus scan of operating system startup objects.
Update
Schedules an update on selected machines with the latest Antivirus definitions.
Start Date - The start date of the update.
Time - The start time of the update.
Distribution Window - Reschedules the task to a randomly selected time no later than the number of periods specified, to spread network traffic and server loading.
5
Install
Install - Installs the Antivirus client on selected machines. Workstations and servers can be selected and installed at the same time. Workstations are assigned the selected workstation profile. Servers are assigned the selected server profile.
Note: Specialized agent procedures are installed with Antivirus that enable you to deploy the
Antivirus installer package to endpoints
(http://community.kaseya.com/kb/w/wiki/how-do-i-pre-deploy-the-kav-installer-package-to-endpoints.aspx). To
reduce KServer download bandwidth, the installer package gets deployed to a local file share
location then distributed to endpoints for installation.
Uninstall - Uninstalls the Antivirus client on selected machines.
Note: If you uninstall the Antivirus client manually from the managed machine, you are prompted for
a password. The password is KaseyaUninstall.
Verify - Installs a Antivirus client when the Kaseya Antivirus version of Kaspersky is already present on a managed machine.
Verify can also be used to associate the Antivirus client to a new VSA server. This eliminates the need to uninstall and redeploy Antivirus on the workstation. For example, use Verify when migrating from one VSA server to another or when deploying Antivirus manually due to low bandwidth constraints.
Note: Antivirus uses a custom build of Kaspersky Antivirus. Verify cannot be used to convert a retail
version of Kaspersky Antivirus to the Kaseya custom build of Kaspersky Antivirus. Additionally,
every manual installation must use the Kaspersky installer and setup file located in
\VSAHiddenFiles\kav\, and must set the API and uninstall passwords. Failure to do so renders
Antivirus updates and configuration changes inoperable. Contact support (https://portal.kaseya.net) for
more information on how to perform a manual installation.
Licensing
AutoExtend - Enables and disables Auto-Extend for machines installed with Antivirus. Displays the total number of licenses purchased and expired, and the number of full and partial licenses available.
When Auto-Extend is enabled and a Antivirus license expires, a new, full license is pulled from your license pool automatically. This ensures the endpoint does not go without antimalware protection at any point, as long as you have available licenses. Auto-Extend always uses a full license.
In the event you uninstall Antivirus from an endpoint, that license goes into a partial license pool. When Antivirus is deployed to a new endpoint, Kaseya License Manager always checks the partial license pool first. If a partial license is available, the partial license is used on the endpoint with the new install. If no partial licenses are available, Kaseya uses a full Antivirus license.
Licenses begin their clock ticking on the first day they are installed. If uninstalled, the clock continues to tick on that license. By deploying these partial licenses for new installations of Antivirus, you can get the most out of each 1-year license.
License Counts - Lists license counts for servers and workstations. Licenses for servers and workstations are purchased and tracked separately. Antivirus license counts also display on the System > License Manager page.
Total Purchased to date
Full Available (Purchased not allocated, applied, partial or expired)
6
Allocated (Scheduled for install, but install not yet complete)
Applied (Active license applied to a machine)
Partial Available (Formerly assigned to a machine but returned to pool before expiration)
Partial Allocated (Partial Available that has been scheduled for install, but install not yet complete)
Total (purchase licenses minus expired)
Expired Licenses
Protection
Get Status - Returns the enable/disabled status of Antivirus components on a machine and, if necessary, corrects the display of the component status icons in the Explorer Grid.
Temporarily Enable - Re-enables Antivirus protection on selected machines.
Temporarily Disable - Disables Antivirus protection on selected machines. Some software installations require Antivirus software be disabled to complete the install.
Antivirus Columns
The following columns are available to select when modifying any column set in the Explorer Grid (page 3). Select Column Set in the Control Panel (page 3) to modify a column set.
Antivirus
Agent Guid Str - The unique GUID of the Kaseya agent, in string format.
Auto Extend - If checked, Auto Extend is enabled. Auto Extend automatically extends licensed security protection for the managed machine. If Antivirus is uninstalled from the machine and its licensed time period partially used, its partially-used license is automatically assigned to the next machine installed with Antivirus instead of a unused license.
Id - The unique GUID of the Kaseya agent, in numerical format.
Install Phase Icon - If checked, Antivirus is installed on the machine.
Install Status - Not Installed, Script Scheduled, Installed
License Date - The date Antivirus security is scheduled to expire.
Login Name - The currently logged on user.
Name - The machine ID.group ID.organization ID of the machine.
Online Status - These icons indicate the agent check-in status of each managed machine. Hovering the cursor over a check-in icon displays the agent quick view window.
Online but waiting for first audit to complete
Agent online
Agent online and user currently logged on.
Agent online and user currently logged on, but user not active for 10 minutes
Agent is currently offline
Agent has never checked in
Agent is online but remote control has been disabled
The agent has been suspended
Show Tool Tip - If 1, then Show Tool Tips is enabled. If 0, Show Tool Tips is not enabled. See Agent > Edit Profile.
Time Zone Offset - Displays the number of minutes. See System > Preferences.
Tool Tip Notes - Displays the notes assigned to an agent. See Agent > Edit Profile.
Transition Time - (obsolete - this column is being removed)
7
Detections
Deleted - Number of detections automatically deleted.
Detected - Number of detections.
Disinfected - Number of detections automatically disinfected.
Has Active Threats - Number of detections that could not be automatically disinfected or deleted and require user attention.
Infected - Number of detections infected.
Other - Number of detections that cannot be classified under any other category. Applies when Kaspersky introduces a new detection category that Antivirus does not yet recognize.
Suspicious - Number of suspicious detections not deleted or disinfected that a user might want to review.
Scan
Last Full Scan - The last date and time a thorough scan the entire system was performed. Includes: system memory, programs loaded on startup, system backup, email databases, hard drives, removable storage media and network drives.
Last Quick Scan - The last date and time a quick scan of operating system startup objects was performed.
Status - The status of the scan.
Security
Installed On - The date Antivirus was installed.
Profile - The Antivirus profile assigned to this machine.
Status
Components - Identifies the status of Antivirus components installed on this machine.
Flags - Possible flags include: Definitions out of date
Pending - Install, Assign, Update and Scan
Reboot Needed - If Yes, a reboot is required.
Version
Database Date - The date and time of the Antivirus definition database currently being used by this machine.
Program Version - The Kaspersky version number of the Antivirus client installed on this machine.
Service Version - The version of the Antivirus client.
Update - The status of the update.
Windows Security Center
Active - If checked, the antivirus product is being used.
Manufacturer - The manufacturer of the antivirus product.
Up To Date - If checked, the antivirus product is up to date.
Version - The version of the antivirus product.
WSC Reported Product Name - The name of the antivirus product registered with Windows Security Center. Antivirus itself does not register with Windows Security Center.
Note: Windows 7 and later calls the Windows Security Center the Action Center.
8
Details Panel
Header
Name - The machine ID.group ID.organization ID of the machine.
OS - The operating system of the machine.
Network - The subnetwork the machine is on.
Antivirus tab
Antivirus Summary
Install Status - If checked, Antivirus security is installed.
Last Updated - The date and time the Antivirus client was last updated.
Last Full Scan - The last date and time a thorough scan the entire system was performed. Includes: system memory, programs loaded on startup, system backup, email databases, hard drives, removable storage media and network drives.
Last Quick Scan - The last date and time a quick scan of operating system startup objects was performed.
Next Full Scan - The next date and time an Antivirus scan is scheduled to be performed.
License Expiration - The date Antivirus security is scheduled to expire.
Agent Id - The GUID of the agent on the managed machine.
Installed On - The date the Kaseya agent was installed.
Version - The version number of the Antivirus package installed on the managed machine.
Auto Extend - If checked, Auto Extend is enabled. Auto Extend automatically extends licensed security protection for the managed machine. If Antivirus is uninstalled from the machine and its licensed time period partially used, its partially-used license is automatically assigned to the next machine installed with Antivirus instead of a unused license.
Profile - The Antivirus configuration profile (page 11) assigned to this machine.
Install Error - If an install error occurs, displays a View Log link to the Kaspersky install log.
Antivirus Program Status
Component Status - Identifies the status of Antivirus components installed on this machine. Component protection is specified using the Profiles (page 11) > Component Protection tab.
- Enable File Antivirus - If checked, scans all files that are opened, saved, or executed.
- Enable Mail Antivirus - If checked, scans incoming and outgoing messages for the presence of malicious objects. It is launched when the operating system loads, is located in computer RAM and scans all email messages received via the POP3, SMTP, IMAP, MAPI and NNTP protocols.
- Enable Web Antivirus - If checked, ensures security while using the Internet. It protects your computer against data coming into your computer via the HTTP protocol, and also prevents dangerous scripts from being executed on the computer.
- Enable IM Antivirus - If checked, ensures safe operation of IM clients. It protects the information that comes to your computer via IM protocols. The product ensures safe operation of various applications for instant messaging, including ICQ, MSN, AIM, Yahoo! Messenger, Jabber, Google Talk, Mail.Ru Agent and IRC.
- Enable Proactive Antivirus - If checked, recognizes a new threat on your computer by the sequence of actions executed by a program. If, as a result of activity analysis, the sequence of application's actions arouses any suspicion, Antivirus blocks the activity of this application.
9
Database Date - The date and time of the Antivirus definition database currently being used by this machine.
Flags - Possible flags include: Definitions out of date
Program Version - The Kaspersky version number of the Antivirus client installed on this machine.
Antivirus Agent Menu
Once installed on a machine, the Antivirus agent displays a icon in the computer's system tray. This icon provides access to the Antivirus agent user interface.
Right clicking the agent icon pops up a menu of options.
Update - Updates Antivirus databases and application modules on the machine.
Full Scan - Starts or resumes a full scan of the machine.
Virus Scan... - Displays the Scan My Computer tab of the Antivirus agent user interface. You can choose to:
Start Full Scan - Performs a thorough scan of the entire system. The following objects are scanned by default: system memory, programs loaded on startup, system backup, email databases, hard drives, removable storage media and network drives.
Start Quick Scan - Scans operating system startup objects.
Start Objects Scan - Scans objects selected by the user. Any object of the computer's file system can be scanned.
Open Vulnerability Scan Window - Scans installed applications by default. To add additional objects to this option, click the Settings option and select Vulnerability Scan > Scan Scope > Settings...
Virtual keyboard - Use this tool to prevent the interception of data by keylogging spyware, such as passwords entered in logon pages. Use the mouse to click each letter you would normally type into the keyboard.
Kaseya Antivirus - Displays the Antivirus agent user interface.
Settings - Sets all Antivirus general protection settings.
About - Displays the About box for Antivirus agent.
Pause protection... - Pauses protection on the machine for a specified time period.
Exit - Terminates the Antivirus agent service on the managed machine. The machine is no longer protected by Antivirus.
10
Dashboards
Antivirus > Dashboards
The Dashboards page provides a dashboard view of the status of machines installed with Antivirus.
Actions
Actions
New - Creates a new dashboard.
Save - Saves changes to the currently displayed dashboard.
Save As - Saves the currently displayed dashboard with a new name.
Delete - Deletes the currently displayed dashboard.
Select Dashboard - Selects a dashboard to display.
Add Parts - Add sections to currently displayed dashboard.
Automatic License Extension - A bar charts displays the number of machine that have Auto-Extend enabled and will have expired licensed in 30, 60, 90 or 91+ days.
License Expiration - A bar chart displays the number of machines that have expired licenses or will have expired licenses in 30, 60, 90 or 91+ days.
Machines Needing Attention - A bar chart displays the number of Antivirus managed machines
needing attention, by category. Categories include No AV Installed, Uncured Threats,
Out of Date, Reboot Needed, Component.
Number of Machines with Detections - A bar chart displays the number of detections.
Protection Status - A pie chart displays percentage categories of machines with Antivirus
protection. Percentage categories include Not Installed, Out of Date, Not Enabled,
and Up to Date.
Top Threats - Lists the machines with the greatest number of threats. Clicking a hyperlinked machine ID displays the threats belonging to that machine ID in the Detections (page 10) page.
Unfiltered License Summary - A chart displays the number of machines that are Available,
Expired, In Use, Partials and Pending Install.
Open in Separate Window - Displays the Dashboard page in a separate browser window or tab.
Detections
Antivirus > Detections
The Detections page displays virus threats not automatically resolved by Antivirus. Use the information listed on this page to investigate threats further and manually remove them. You can double-click a row to learn more about the detection from Kasperky’s Securelist web site.
ID - A unique ID assigned to the threat.
Machine Name - The machine ID.
Name - The name of the threat.
Path - The location of the threat on the managed machine.
Time - The date and time the threat was detected.
Status - The status of the threat.
Type - The category of threat.
11
Profiles
Antivirus > Profiles
The Profiles page manages Antivirus profiles. Each profile represents a different set of enabled or disabled Antivirus options. Changes to a profile affect all machine IDs assigned that profile. A profile is assigned to machine IDs using Antivirus > Machines (page 2). Typically different types of machines or networks require different profiles.
Profile Types - Servers and Workstations
Antivirus licenses are purchased and tracked separately for servers and workstations. Each are assigned separate types of profiles. A server profile can only be assigned to servers. A workstation profile can only be assigned to workstations. Sample profiles of each profile type are provided for you. Workstations and servers can be selected and assigned at the same time.
Actions
New - Creates a new profile.
Open - Opens an existing profile for editing and review.
Delete - Deletes an existing profile.
Save - Saves changes to the currently selected profile.
Copy - Saves a selected profile with new name.
Adding / Editing Profiles
Click New to display the New Profile window, or click an existing profile, then click Open to display the Edit Profile window.
Summary
Name - The name of the profile.
Description - A description of the profile.
Profile Type - File server or workstation.
Protection
Enable Protection - If checked, all protection components selected for this profile are enabled.
Launch Antivirus at computer startup - If checked, all protection components selected for this profile are enabled at startup.
Enable Self-Defense - Prevents unauthorized access to Antivirus files, including protection against auto-clickers.
Select action automatically - If checked, automatically applies actions recommended by Kaspersky Lab in response to dangerous events.
Do not delete suspicious objects - if checked and actions are automatically applied, suspicious objects are not deleted.
Component Protection
The corresponding icons display in the Component Status field of the Details (page 8) panel of the Machines page.
- Enable File Antivirus - If checked, scans all files that are opened, saved, or executed.
- Enable Mail Antivirus - If checked, scans incoming and outgoing messages for the presence of malicious objects. It is launched when the operating system loads, is located in computer RAM
12
and scans all email messages received via the POP3, SMTP, IMAP, MAPI and NNTP protocols. Does not apply to server profiles.
- Enable Web Antivirus - If checked, ensures security while using the Internet. It protects your computer against data coming into your computer via the HTTP protocol, and also prevents dangerous scripts from being executed on the computer. Does not apply to server profiles.
- Enable IM Antivirus - If checked, ensures safe operation of IM clients. It protects the information that comes to your computer via IM protocols. The product ensures safe operation of various applications for instant messaging, including ICQ, MSN, AIM, Yahoo! Messenger, Jabber, Google Talk, Mail.Ru Agent and IRC. Does not apply to server profiles.
- Enable Proactive Antivirus - If checked, recognizes a new threat on your computer by the sequence of actions executed by a program. If, as a result of activity analysis, the sequence of application's actions arouses any suspicion, Antivirus blocks the activity of this application. Does not apply to server profiles.
Scan Options
Security Level - Three security levels are provided:
High - Set this level if you suspect a computer has a high chance of being infected.
Recommended - This level provides an optimum balance between the efficiency and security and is suitable for most cases.
Low - If machine operates in a protected environment low security level may be suitable. A low security level can also be set if the machine operates with resource-consuming applications.
Schedule
Manually - Scans of machines using this profile are only scheduled manually.
By schedule / Run time - Schedules scans of machines using this profile for the specified days of the week and time of day.
Update Options
Schedule
Automatic - Checks for updates at specified intervals. When a new update is discovered, downloads and installs them on Antivirus managed machines using this profile.
Manually - Updates of machines using this profile are only scheduled manually.
By schedule / Run time - Schedules updates of the Antivirus client and its definitions database on all Antivirus managed machines using this profile for the specified days of the week and time of day.
Exclusion Rules
Add Exclusion - Adds the path of a directory to be excluded from scanning and protection.
Delete - Deletes a selected exclusion rule.
Supported exclusions include:
Masks without file paths
*.exe - all files with the exe extension
*.ex? - all files with the ex? extension, where ? can represent any single character
test - all files with the name test
Masks with absolute file paths
C:\dir\*.* or C:\dir\* or C:\dir\ - all files in the C:\dir\ folder
13
C:\dir\*.exe - all files with the exe extension in the C:\dir\ folder
C:\dir\*.ex? - all files with the ex? extension in folder C:\dir\, where ? can represent
any single character
C:\dir\test - only the C:\dir\test file
File path masks
dir\*.*, or dir\*, or dir\ - all files in all dir\ folders
dir\test - all test files in dir\ folders
dir\*.exe - all files with the exe extension in all dir\ folders
dir\*.ex? - all files with the ex? extension in all dir\ folders, where ? can represent any
single character
Alerts The Antivirus module does not have its own alerts page. Instead Antivirus alerts are enabled on managed machines using the Monitor > Event Log Alerts page.
Antivirus Event Log Settings
Event log alerts have a prerequisite. The collection of the appropriate event log data from a managed machine must be enabled. Using the Agent > Event Log Settings page, select the following settings for each Antivirus managed machine you wish to configure alerts for:
The Application Event Log Type
The Error, Warning, and Information Event Categories
Antivirus Event Log Alerts
On the Monitor > Event Log Alerts page select the Application event log type. When Antivirus is
installed, the following predefined event sets can be assigned to a Antivirus managed machine.
ZC-KAV-CL1-W Client Install Reboot Required
ZC-KAV-DF0-EWI Definitions
ZC-KAV-DF1-W Definitions Not Updated in 2 Days
ZC-KAV-DF2-E Definition Update Failed
ZC-KAV-FS0-EWI Full Scans
ZC-KAV-FS1-I Full Scan Started
ZC-KAV-FS2-I Full Scan Completed
ZC-KAV-FS3-E Full Scan Failed to Complete
ZC-KAV-QS0-EWI Quick Scans
ZC-KAV-QS1-I Quick Scan Started
ZC-KAV-QS2-I Quick Scan Completed
ZC-KAV-QS3-E Quick Scan Failed to Complete
ZC-KAV-TH0-EWI Threats
ZC-KAV-TH1-W Threat Detected
ZC-KAV-TH2-I Threat Remediated
The ZC-KAV prefix indicates that these event sets are sample Antivirus event sets. Sample event sets
can be used directly or they can be used as examples for building your own Antivirus alert event sets.
The next segment following ZC-KAV indicates the type of alert. The following are the Antivirus alert
types:
CLx - Client related alerts
14
DFx - Anti-Virus Definition related alerts
FSx - Anti-Virus Full Scan related alerts
QSx - Anti-Virus Quick Scan related alerts
THx - Anti-Virus Threat related alerts
If the number following the alert type designator is zero (0), the event set is a rollup of related alerts.
Any number other than zero (0) indicates the event set is a single individual alert. The letters following
the alert type segment indicate the event categories covered by the alert:
E = Error
W = Warning
I = Information
When configuring Antivirus alerts, ensure all three of the Error, Warning, and Information event
categories are selected.
Also, for rollup event sets (ZC-KAV-DF0, ZC-KAV-FS0, ZC-KAV-QS0, or ZC-KAV-TH0), be sure to
set the Ignore additional alarms for option to a low threshold, 1 minute, for example. This ensures that the multiple alerts possible in a rollup event set are not ignored if they should occur.
Antivirus Statistics in the Executive
Summary Report
Info Center > Reports > Executive Summary
The Executive Summary report includes a section called Antivirus for the following statistics. If no filtering is selected, statistics are for all machines in all groups in all organizations. The number of days is specified in the report definition.
Summary Statistics
Machine Installation Ratio - The number of machines installed with Antivirus compared to the total number of machines.
Machines with full scans last <N> Days - The number of machines with Antivirus installed that have performed a full scan within <N> number of days.
Machines with unhandled detections - The number of machines that have at least one unhandled threat displayed in the Detections (page 10) page.
Bases Date - The latest date of Antivirus definitions uploaded to the set of machines specified by this report.
Performance Statistics Last <N> Days
Total Objects Scanned - The number of files and system objects scanned.
Total Detections - The number of handled and unhandled threats.
Total New Installations - The number of new Antivirus installations.
Total Quick Scans Completed - A quick scan includes operating system startup objects.
Total Full Scans Completed - A full scan includes system memory, programs loaded on startup, system backup, email databases, hard drives, removable storage media and network drives.
Total Updates Completed - An update updates the Antivirus definitions on a machine.
The Network Health Score of the Executive Summary includes an Antivirus category. The Antivirus rating is a composite score weighted as follows for each individual machine:
Anti-virus install percentage - 40% - Is Antivirus installed on the machine?
Full scans run during the period - 40% - Has at least one Antivirus scan run during the period?
Active threats - 20% - Has zero threats been detected during the period?
15
After each machine's Antivirus rating is determined, they are grouped into the following percentage buckets, which can be customized: 100%, 75%, 50%, 25%.
You can adjust how heavily each category effects the total Network Health Score by adjusting the weight value for each category. Weights range from 0 to 100. Set the weight to zero to turn off that category.
Antivirus - Antivirus Installation
Statistics
Info Center > Reports > Antivirus Displays only if the Antivirus add-on module is installed.
The Antivirus Installation Statistics report definition generates reports for the following types of Antivirus data maintained by the VSA.
Show Summary Table - Displays the number of machines installed with Antivirus per machine group. Installation details include the install date and version installed, per machine in each machine group.
Show Installation Month Bar Chart - Displays a count of the number of machines installed with Antivirus, per month.
Index
17
Index
A
Alerts • 13 Antivirus - Antivirus Installation Statistics • 15 Antivirus Agent Menu • 9 Antivirus Columns • 6 Antivirus Overview • 1 Antivirus Statistics in the Executive Summary Report •
14 Antivirus System Requirements • 1
C
Control Panel • 3
D
Dashboards • 10 Details Panel • 8 Detections • 10
E
Explorer Grid • 3
M
Machines • 2
P
Page Layout • 2 Profiles • 11