Advanced VirusScan Configuration

Introduction

VirusScan 8.5i is the latest UIUC site-licensed version of antivirus software available to campus Windows users. VirusScan 8.5i will work with the following operating systems:

• Windows NT 4.0
• Windows 2000
• Windows XP
• Windows Vista
• Windows Server 2003

(If you are using an older Windows operating system, email securitysupport@uiuc.edu for assistance with finding antivirus software for your system. Note that the campus antivirus software vendor, McAfee, stopped providing support for older versions of VirusScan in June 2005. Archival documentation for VirusScan 8.0i, VirusScan 7 or VirusScan 4.5.1 is available.)

This page explains the VirusScan 8.5i customization options in more detail for those who wish to understand more about the software. For basic information on installation and day-to-day use, see VirusScan Basics.

Advanced configuration: Understanding your options

For most campus users, the defaults that come with the UIUC-configured VirusScan 8.5i package should mean that they can install their antivirus software and leave it to take care of itself. However, if you installed a generic VirusScan 8.5i package and wish to configure it for more efficient use on the UIUC network, or if you wish to change some of the defaults, the software's configuration options are described in more detail below.

The VirusScan Console

The VirusScan Console is the most versatile interface available for interacting with the VirusScan software.

Several of the most frequently used tasks can be found by simply right-clicking on the shield icon in the task bar, but the Console window provides you with complete access to the options available. Click on the red dots to jump to an explanation of that item.

Start button

The Start button (the green arrow) is the easiest way to begin any of the items in the Console. If you want to update your virus definitions, select the AutoUpdate item and click Start. If you want to scan your hard drive(s) for viruses, select the Full Scan item (as shown) and click Start.

1: Access Protection

One of several new features is the concept of Access Protection. It acts like a limited firewall, permitting you to block specific selected networking ports. In the default campus configuration, IRC ports are blocked but FTP ports are not.

You can also add or remove your own port blocking definitions by right-clicking on the Access Protection item and choosing Properties, and then adjusting the settings in the window that appears. For more information on this feature, see "Access Protection" in the VirusScan 8.5i Enterprise Product Guide, linked in the McAfee documentation section below.

2: Unwanted Programs Policy (anti-spyware protection)

The University of Illinois' license for VirusScan 8.5i includes the full version of McAfee's anti-spyware module, which provides enterprise class protection from potential threats such as spyware, adware, cookies, jokes, and Trojans. It uses on-access and on-demand scanning in conjunction with spyware-specific access protection rules and detection definitions to protect you from these potential threats. You also have the flexibility to customize what is detected by specifying additions and/or exclusions.

Note that remote administration tools are included in this list of potentially malicious software. By default, remote administration software is blocked by this program. In most cases, this is a good idea, because remote administration tools can allow an attacker complete access to your system. However, if you have intentionally turned on remote administration tools on your computer, make sure that you turn off the remote administration blocker by right-clicking on the item and selecting Properties, and then removing the remote administration check box.

For information on adding additional spyware protection, see Spyware.

3: On-Access Scanner and Full Scan

These two items constitute the core of traditional virus scanning. The On-Access Scanner scans a file when it is used; it usually takes little memory and happens quickly. The Full Scan item scans every file on your computer and can be memory-intensive, although the campus configuration reduces the percentage of memory that it uses at once. This kind of scan can take several hours to complete.

Since On-Access scanning is ongoing, it doesn't need to be scheduled at a particular time. It runs automatically whenever a file is accessed. However, if you'd like to reschedule the time for the Full Scan so that it happens when your computer is likely to be turned on but idle, right-click on its icon in the VirusScan console (it's highlighted in the graphic above). Choose Properties from the right-click menu. The time of day for the scan is set under the Schedule button, and the percentage of memory to be used is selected under the Advanced tab.

If you need to exclude a directory from a scan (such as excluding Eudora's spool folder to prevent email access errors), see the description of directory exclusions in the FAQ.

4: Virus definition updates (Dialup, Startup, and automatic)

Since new viruses are being written all the time, your antivirus software needs to check regularly for virus definition updates so that it can catch the new viruses. The campus-customized version of VirusScan will check an on-campus antivirus repository at ftp://antivirus.cites.uiuc.edu/ for any new updates once a day, as well as whenever the computer first boots (if it's constantly connected to the network) or whenever the computer makes a dialup connection (if it's not constantly connected).

If your computer is off campus, it won't be able to reach the on-campus repository; if the antivirus software doesn't reach the on-campus repository within a few minutes, it will check the main McAfee repository instead. (More information on virus definition repositories.)

5: Status bar

The status bar tells you what the highlighted item in the console is currently doing. For example, if the fixed-disk scan is running and you select that item in the console, the status bar will say "Running," the stop button below the Edit menu will be available, and the start button below the Edit menu will be grayed out. (You can use the stop button to stop a running item, and the start button to start a nonrunning item.)

Other

Virus definition repositories

The on-campus UIUC Antivirus repository is located at ftp://antivirus.cites.uiuc.edu/ (illustrated here).

If you are a student, staff, or faculty member installing VirusScan on a computer that's not constantly connected to the UIUCnet network, such as a laptop or a dorm computer that travels home with you over the summer, you may wish to change the order that the updates use when searching for new virus definitions. Under the Tools menu, click Edit AutoUpdate Repository List to see the virus definition repositories that your software will use and the order it will check them in.

When the UIUC Antivirus repository is at the top of this list, it will be the first site searched for virus updates. For campus computers, this is usually faster than searching the off-campus NAI website. However, when your computer is off campus, it won't be able to reach the on-campus location unless you've created a VPN connection in order to join the campus network.

When an attempted connection to the campus repository fails, the software will proceed to check the next repository on the list, and NAI's site is accessible from anywhere in the world; however, it may take some time for the attempts at accessing the on-campus server from off-campus to time out. Therefore, you can move the UIUC Antivirus item down the list if your computer spends a significant amount of time on a network other than UIUCnet.

McAfee documentation

This page has introduced you to the changes made by CITES Security for UIUC-specific customization of the McAfee VirusScan 8.5i product, including adding an on-campus virus definition repository, scheduling daily update checks and drive scans, and defining access permissions that block IRC, adware, spyware, and other potentially malicious programs.

For additional information about using and configuring the program itself, McAfee's own documentation is provided below in PDF form.

• Quick Reference Card - Provides an overview of the most commonly used features and how to access them.
  
  
• Product Guide - Provides detailed information about how to use and configure VirusScan 8.5i on your computer.
  
  
• Installation Guide - Provides information about the installation process. (If you've already installed VirusScan 8.5i, you probably won't need this file.)