User Manual
Contents
1. Automatic In automatic action mode when a virus or unwanted program is detected the action you selected in this area is executed automatically If you enable the option Display detection alerts you will receive a desktop notification whenever a virus is detected Action options for Mail Protection Web Protection Interactive In interactive action mode if a virus or unwanted program is detected a dialog box appears in which you can select what to do with the infected object This option is enabled as the default setting Automatic In automatic action mode when a virus or unwanted program is detected the action you selected in this area is executed automatically If you enable the Show progress bar option you will receive an alert when a virus is detected The alert will allow you to confirm the action to be performed In interactive action mode you can react to detected viruses and unwanted programs by selecting an action for the infected object in the alert and executing the selected action by clicking Confirm The following actions for handling infected objects are available for selection Note Which actions are available for selection depends on the operating system the protection components Avira Realtime Protection Avira System Scanner Avira Mail Protection Avira Web Protection reporting the detection and the type of malware detected Actions of the System Scanner and the Realtime Protection not ProActiv det2. Give the job a name and where appropriate a description gt Click Next The dialog box Type of job appears gt Select Scan job gt Click Next The dialog box Selection of the profile appears gt Select the profile to be scanned gt Click Next The dialog box Time of the job appears gt Select a time for the scan Immediately Avira Professional Security User Manual Status 23 Sep 2011 42 Ro AV l RA Overview of Avira Professional Security gt gt Daily Weekly Interval Single Login Where appropriate specify a date according to the selection Where appropriate select the following additional options availability depends on job type Repeat job if the time has already expired Past jobs are performed that could not be performed at the required time for example because the computer was switched off Click Next The dialog box Selection of the display mode appears Select the display mode of the job window Invisible No job window Minimized progress bar only Maximized Entire job window Select the Shut down computer if job is done option if you want the computer to shut down automatically when the scan is finished This option is only available if the display mode is set to minimized or maximized Click Finish Your newly created job appears on the start page of the Administration gt Scheduler section with the status enabled check mark Where app
3. If this option is enabled Web Protection records important information concerning detections alerts and errors in the report file with less important information ignored for improved clarity This option is enabled as the default setting Advanced If this option is enabled Web Protection logs less important information to the report file as well Complete If this option is enabled Web Protection logs all available information in the report file including file size file type date etc Limit report file Limit size to n MB If this option is enabled the report file can be limited to a certain size possible values Permitted values are between 1 and 100 MB Around 50 kilobytes of extra space are allowed when limiting the size of the report file to minimize the use of system resources If the size of the log file exceeds the indicated size by more than 50 kilobytes old entries are then deleted until the indicated size has been reduced by 20 Write configuration in report file If this option is enabled the configuration of the on access scan is recorded in the report file Avira Professional Security User Manual Status 23 Sep 2011 164 Ro AV RA Reference Configuration options Note If you have not specified any report file restriction older entries are automatically deleted when the report file reaches 100MB Entries are deleted until the size of the report file reaches 80 MB 11 8 Mail Protection The Mail
4. Scan Exceptions Note Spam URLs are URLs sent with spam emails The Fraud Deception category covers web pages with Subscription Expires and other offers of services whose costs are hidden by the provider Exceptions These options allow you to set exceptions based on MIME types content types for the transferred data and file types for URLs Internet addresses for scanning by Web Protection The MIME types and URLs specified are ignored by Web Protection i e that data is not scanned for viruses and malware when it is transferred to your computer system Options available in expert mode only MIME types skipped by Web Protection In this field you can select the MIME types content types for the transferred data to be ignored by Web Protection during scanning File types MIME types skipped by Web Protection user defined All MIME types content types for the transferred data in the list are ignored by Web Protection during scanning Input box In this box you can input the name of the MIME types and file types to be ignored by Web Protection during scanning For file types enter the file extension e g htm For MIME types indicate the media type and where applicable sub type The two statements are separated from one another by a single slash e g video mpeg or audio x wav Note No wildcards for any number of characters or for a single character can be used when entering file types and MIME types W
5. Alt underlined letter in the option name or button description Note All configuration sections are only displayed in expert mode Activate expert mode to view all configuration sections Expert mode can be protected by a password that must be defined during activation If you want to confirm your Configuration settings gt Click OK The configuration window is closed and the settings are accepted OR gt Click Accept The settings are applied The configuration window remains open If you want to finish configuration without confirming your settings gt Click Cancel The configuration window is closed and the settings are discarded If you want to restore all configuration settings to default values gt Click Restore defaults All settings of the configuration are restored to default values All amendments and custom entries are lost when default settings are restored Avira Professional Security User Manual Status 23 Sep 2011 33 Ro AV RA Overview of Avira Professional Security 4 1 8 Configuration profiles You have the option of saving your configuration settings as configuration profiles In the configuration profile i e of a configuration all configuration options are saved in a group The configuration is displayed in the navigation bar as a node You can add other configurations to the default configuration You also have the option of defining rules for switching to a specific c
6. Avira Realtime Protection only works with the address 127 0 0 1 localhost An Internet connection is not established The same applies to Avira Mail Protection Avira Mail Protection does not work Please check correct functioning of Avira Realtime Protection with the aid of the following checklists if problems occur with Avira Mail Protection Checklist gt Check whether your mail client logs in on the server via Kerberos APOP or RPA These verification methods are currently not supported gt Check whether your mail client reports to the server through SSL also often called TSL Transport Layer Security Avira Mail Protection does not support SSL and therefore terminates any encrypted SSL connections If you want to use encrypted SSL connections without having them protected by Mail Protection you will have to use a port that is not monitored by Mail Protection for the connection The ports monitored by Mail Protection can be configured in the configuration under Mail Protection Scan gt Is the Avira Mail Protection service active If necessary enable the service In the taskbar select Start Settings Control Panel Start the configuration panel Services with a double click under Windows 2000 and Windows XP the services applet is located in the sub directory Administrative Tools Find the entry Avira Mail Protection Automatic must be entered as the startup type and Started as the status If necessary
7. Check whether the login for the proxy server has changed and adapt it to your configuration if necessary Reason The update exe file is not fully approved by your personal firewall gt Ensure that the update exe file is fully approved by your personal firewall Otherwise gt Check your settings in the Configuration expert mode under General gt Update Your settings Viruses and malware cannot be moved or deleted Reason The file was loaded by windows and is active Update your Avira product If you use the Windows XP operating system deactivate System Restore Start the computer in Safe Mode Start the Avira product and the Configuration expert mode Select System Scanner gt Scan gt Files gt All files and confirm the window with OK Start a scan of all local drives Start the computer in Normal Mode Carry out a scan in Normal Mode v rir ow 0v yY 0v Y Ww If no other viruses or malware have been found activate System Restore if it is available and to be used The status of the tray icon is disabled Reason Avira Realtime Protection is disabled gt Inthe Control Center in the section Status in the Avira Realtime Protection area click on the Enable button Reason Avira Realtime Protection is blocked by a firewall gt Define a general approval for Avira Realtime Protection in the configuration of your firewall Avira Realtime Protection only works with the address 127 0 0 1 localhost An Interne
8. Off If this option is enabled then Mail Protection does not create a log It is recommended that you should turn off the logging function only in exceptional cases such as if you are executing trials with multiple viruses or unwanted programs Default If this option is enabled Mail Protection records important information concerning detections alerts and errors in the report file with less important information ignored for improved clarity This option is enabled as the default setting Extended If this option is enabled Mail Protection logs less important information to the report file as well Complete If this option is enabled Mail Protection logs all information to the report file Limit report file Avira Professional Security User Manual Status 23 Sep 2011 172 Ro AV l RA Reference Configuration options Limit size to n MB If this option is enabled the report file can be limited to a certain size possible values Permitted values are between 1 and 100 MB Around 50 kilobytes of extra space are allowed when limiting the size of the report file to minimize the use of system resources If the size of the log file exceeds the indicated size by more than 50 kilobytes then old entries are deleted until the indicated size minus 50 kilobytes is reached Backup report file before shortening If this option is enabled the report file is backed up before shortening For the save location see Configuration G
9. RAVIRA CS AVIRA troduction Trademarks and Copyright Trademarks Windows is a registered trademark of the Microsoft Corporation in the United States and other countries All other brand and product names are trademarks or registered trademarks of their respective owners Protected trademarks are not marked as such in this manual This does not mean however that they may be used freely Copyright information Code provided by third party providers was used for Avira Professional Security We thank the copyright owners for making the code available to us For detailed information on copyright please refer to Third Party Licenses in the Program Help of Avira Professional Security Avira Professional Security User Manual Status 23 Sep 2011 2 CG AVIRA E Table of Contents 1 Li Introduction 0e09060909000000000000000000000000000000000000000000000000000000000000000000000000000000 7 Tel Icons and empliase5 sspe EVER RESEIR E EEMRE MESURER AEN EROR KE SEURMUERRUEN remaster mine 7 2 Product information 090909000000000000000000000000000000000000000000000000000000000000000000000 9 XNEP DU Roe TIU enone 9 2 2 System TOQUINGITICING oiu wx RENTES VESETRACERKUEE VEU RUE UR Sovassea EVER UREEVU MUS ERUNT rensa ias 10 CECEEE e 0E overcome C iiio 11 2 3 1 License VTEC SN voragine Re Re KERE PREX OEx n ER Di EROR T EROR VER VER ae t PNE UR RN 11 3 Installation and uniristallalohas ues eib sna vAREASRENAEREAFWNUFRUE RARE
10. all Reload The changes made are reversed The last list saved is loaded Note If you remove vendors from the list and then select Apply the vendors will be permanently removed from the list The change cannot be reversed with Reload Note The FireWall prioritizes application rules before making entries in the list of trusted vendors If you have created an application rule and the application provider is listed in the list of trusted vendors the application rule will be executed 11 6 5 Further settings Options available in expert mode only Notifications Notifications define the events under which you wish to receive a desktop notification from the FireWall Avira Professional Security User Manual Status 23 Sep 2011 153 Ro AV RA Reference Configuration options Port scan If the option is activated you will receive a desktop notification if a port scan has been detected by the FireWall Flooding If the option is activated you will receive a desktop notification if a flooding attack has been detected by the FireWall Applications blocked If the option is activated you will receive a desktop notification if the FireWall has denied i e blocked network activity by an application IP blocked If the option is activated you will receive a desktop notification if the FireWall has denied i e blocked data traffic from an IP address Popup settings Inspect process launch stack If this option is ena
11. type no contents check is performed before the application is excluded from monitoring by the Realtime Protection To change the exclusion type click on the type displayed Warning Only use the Path type in exceptional cases Malcode can be added to an Avira Professional Security User Manual Status 23 Sep 2011 109 Ro AV RA Reference Configuration options application through an update The originally harmless application is now malware Note Some trusted applications including for example all application components of your Avira product are by default excluded from monitoring by the ProActiv component even though they are not included in the list Input box In this box you enter the application to be excluded from monitoring by the ProActiv component To identify the application the full path file name and file extension must be specified The path must either show the drive on which the application is located or start with an environment variable 5 The button opens a window in which you can select the application to be excluded Add With the Add button you can transfer the application specified in the input box to the list of applications to be excluded Delete The Delete button lets you remove a highlighted application from the list of applications to be excluded 11 2 3 Report Realtime Protection includes an extensive logging function to provide the user or administrator with exact notes about
12. 23 Sep 2011 188 CS AVIRA Reference Configuration options SUPDFILESLIST List of updated files Updater SUPDATETY PES Update type Update of scan Updater engine and virus definition file or product update with update of scan engine and virus definition file SUPDATEURL URL of download server used for Updater update SUPDATE ERRORS Update error in words Updater DIRCOUNTS Number of scanned directories System Scanner SFILECOUNTS Number of files scanned System Scanner SMALWARECOUNTS Number of viruses or unwanted System programs detected Scanner SREPAIREDCOUNTS Number of infected files repaired System Scanner SRENAMEDCOUNTS Number of infected files renamed System Scanner SDELETEDCOUNT Number of infected files deleted System Scanner SWI PECOUNTS Number of infected files System overwritten and deleted Scanner SMOVEDCOUNTS Number of infected files moved System to quarantine Scanner Avira Professional Security User Manual Status 23 Sep 2011 189 S AVIRA Reference Configuration options SWARNINGCOUNTS Number of warnings System Scanner SENDTYPES Status of scan System Terminated Successfully Scanner completed SSTART TIMES Start time of the scan System Start time of the update Scanner Updater SEND TIMES End of the scan System End of the update Scanner Updater STIME TAKEN Duration of scan in minutes System D
13. F rther Settings RET T E 153 Avira Professional Security User Manual Status 23 Sep 2011 5 S AVIRA Introd 11 6 6 Erde ae 154 11 7 Web dueceje m 155 DnBPEAMETCIIM eben 155 1172 JAG BOM addo RUNI bomen NOIRE NR NN RN EDEN RUNNING RR 164 T1259 Mal ProtecthoN serseri APARTE EUMD RUE RENE 165 Ae E oe SEE EEE EEEE EAEE AEE E E 165 aia Ee A CITATO Em 170 DIE Repol Mt HR 172 11 9 General Mc 173 11 9 1 Threat categories nenne ride FUR rbrei RE Ha e oPEREFE PEU PRERUENER UE reb R ond EHe Eve LER pER Een Sti 173 I EE 174 IE EE nim PPP 177 rr iu A EE E EE E P 178 11 9 5 siu cU Um m 179 143 9 6 2A GH E E A ESE ESEE EAE EE ANE EEE T EL 180 TAG a E E E NAE OSEE EA EES 192 IEEE Eoo E E E E E 192 11 9 9 DIFeGEOrl8S vissri si titt estre Rr dev ea t eu EEs SA AERE Tee Eee KENESE EREE RAEES riS es bea eeu SUN 193 Avira Professional Security User Manual Status 23 Sep 2011 6 S AVIRA S 1 Introduction Your Avira product protects your computer against viruses worms Trojans adware and spyware and other risks In this manual these are referred to as viruses or malware harmful software and unwanted programs The
14. Individual file extensions can also be excluded including wildcards Directory mdb mdb md xls Directory log Q x0 Directory names must end with a backslash V otherwise a file name is assumed If a directory is excluded all its sub directories are automatically also excluded For each drive you can specify a maximum of 20 exceptions by entering the complete path starting with the drive letter For example C Program Files Application Name log The maximum number of exceptions without a complete path is 64 For example log computerl C directoryl In case of dynamic drives that are mounted as a directory on another drive the alias of the operating system for the integrated drive in the list of the exceptions has to be used e g Device HarddiskDmVolumes PhysicalDmVolumes BlockVolumel If you use the mount point itself for example C DynDrive the dynamic drive will be scanned nonetheless You can determine the alias of the operating system to be used from the Realtime Protection report file L The button opens a window in which you can select the file object to be excluded Avira Professional Security User Manual Status 23 Sep 2011 104 Ro AV RA Reference Configuration options Add With this button you can add the file object entered in the input box to the display window Delete With this button you can delete a selected file object from the display window Please no
15. 135 Allow TCP packets from address 0 0 0 0 with mask 0 0 0 0 if local ports in 135 and remote port is in 0 65535 Apply for packets of existing connections Don t log when packet matches rule Advanced Discard packets that have following bytes empty with mask empty at offset 0 Deny TCP packets on 135 Deny TCP packets from address 0 0 0 0 with mask 0 0 0 0 if local port is in 135 and remote port is in 0 65535 Apply for all packets Don t log when packet matches rule Advanced Discard packets that have following bytes empty with mask empty at offset 0 TCP healthy traffic Monitor Allow TCP packets from address 0 0 0 0 with mask 0 0 0 0 if local port is in 0 65535 and remote port is in 0 65535 Apply for connection initiation and existing connection packets Don t log when packet matches rule Advanced Select packets that have following bytes empty with mask empty at offset 0 Discard TCP traffic Deny TCP packets from address 0 0 0 0 with mask 0 0 0 0 if local port is in 0 65535 and remote port is in 0 65535 Apply for all packets Don t log when packet matches rule Advanced Select packets that have following bytes empty with mask empty at offset 0 High Monitor established TCP traffic Allow TCP packets from address 0 0 0 0 with mask 0 0 0 0 if local port is in 0 65535 and remote port is in 0 65535 Apply for packets of existing connections Don t log when packet matches rule Advanced
16. 2011 8 R AV RA Product information 2 Product information This chapter contains all information relevant to the purchase and use of your Avira product see Chapter Delivery scope see Chapter System requirements see Chapter Licensing and Upgrade see Chapter License Manager Avira products are comprehensive and flexible tools you can rely on to protect your computer from viruses malware unwanted programs and other dangers gt Please note the following information Note Loss of valuable data usually has dramatic consequences Even the best virus protection program cannot provide one hundred percent protection from data loss Make regular copies Backups of your data for security purposes Note A program can only provide reliable and effective protection from viruses malware unwanted programs and other dangers if it is up to date Make sure your Avira product is up to date with automatic updates Configure the program accordingly 2 1 Delivery scope Your Avira product has the following functions Control Center for monitoring managing and controlling the entire program Central configuration with user friendly standard and advanced options and context sensitive help System Scanner on demand scan with profile controlled and configurable scan for all known types of virus and malware Integration into the Windows Vista User Account Control allows you to carry out tasks requiring administrator rights Rea
17. 23 Sep 2011 95 RR AV RA Reference Configuration options Note If All files is enabled the File extensions button cannot be selected Use smart extensions If this option is enabled the selection of the files scanned for viruses or unwanted programs is automatically chosen by the program This means that the program decides whether the files are scanned or not based on their content This procedure is somewhat slower than Use file extension list but more secure since not only on the basis of the file extension is scanned Note If Use smart extensions is enabled the File extensions button cannot be selected Use file extension list If this option is enabled only files with a specified extension are scanned All file types that may contain viruses and unwanted programs are preset The list can be edited manually via the File extensions button This option is enabled as the default setting and is recommended Note If this option is enabled and you have deleted all entries from the list with file extensions this is indicated with the text No file extensions under the File extensions button File extensions With the aid of this button a dialog box is opened in which all file extensions are displayed that are scanned in Use file extension list mode Default entries are set for the extensions but entries can be added or deleted Note Please note that the file extension list may vary from version to version S
18. Assume flooding if delay between packets is less than 50 ms Reject fragmented ICMP packets Incoming blocked types no types several types With a mouse click on the link a list of ICMP packet types is displayed From this list you can specify the desired incoming ICMP message types you want to block Outgoing blocked types no types several types With a mouse click on the link a list of ICMP packet types is displayed From this list you can select the desired outgoing ICMP message types you want to block Avira Professional Security User Manual Status 23 Sep 2011 120 Ro AV RA Reference Configuration options Assume Flooding With a mouse click on the link a dialog box is displayed where you can enter the maximum allowed ICMP delay Example 50 milliseconds Fragmented ICMP packets With a mouse click on the link you have the choice between Reject and Don t reject fragmented ICMP packets TCP port scan With this rule you can define when a TCP port scan is assumed by the FireWall and what should be done in this case This rule serves for preventing so called TCP port scan attacks that result in a detection of open TCP ports on your computer This kind of attack is used to search a computer for weak spots and is often followed by more dangerous attack types Predefined rules for the TCP Port Scan Setting Rules Low Assume a TCP Port Scan if 50 or more ports were scanned in 5 000 milliseconds When
19. Avira Professional Security User Manual Status 23 Sep 2011 Reference Configuration options 144 Ro AV RA Reference Configuration options High Monitor established TCP data traffic Allow TCP packets from address 0 0 0 0 with mask 0 0 0 0 if local ports in 0 65535 and remote ports in 0 65535 Apply for packets of existing connections Don t log when packet matches rule Advanced Discard packets that have following bytes lt empty gt with mask lt empty gt at offset 0 Accept reject TCP packets With a mouse click on the link you have the choice to allow or deny special defined incoming TCP packets IP address By clicking on this link with the mouse a dialog box opens in which you can enter the required IPv4 or IPv6 address IP mask By clicking on this link with the mouse a dialog box opens in which you can enter the required IPv4 or IPv6 mask Local ports With a mouse click on this link a dialog box appears in which you can define the local port number s or complete port ranges Remote ports With a mouse click on this link a dialog box appears in which you can define the remote port number s or complete port ranges Application method With a mouse click on this link you have the choice to apply the rule for connection initiation and existing connection packets or only for packets of existing connections or for all packets Report file By clicking on the link with the mouse you can decide whe
20. Avira Professional Security User Manual Status 23 Sep 2011 177 Ro AV RA Reference Configuration options considerably more computer resources than simple process protection The option is enabled as the default setting To disable this option you have to restart your computer Note Password protection is not available for Windows XP 64 bit Warning If process protection is enabled interaction problems can occur with other software products Disable process protection in these cases Protect files and registry entries from manipulation If this option is enabled all registry entries of the program and all program files binary and configuration files are protected from manipulation Protection against manipulation entails preventing write delete and in some cases read access to the registry entries or program files by users or external programs To enable this option you have to restart your computer Warning Please note that if this option is disabled the repair of computers infected with specific types of malware may fail Note When this option is activated changes can only be made to the configuration including changes to scan or update requests by means of the user interface Note Protection for files and registration entries is not available for Windows XP 64 bit 11 9 4 WMI Options available in expert mode only Support for Windows Management Instrumentation Windows Management Instrumentation is a bas
21. Online protection gt FireWall gt Application rules section an additional column with the heading Filtering is displayed in the list of application rules with the entry Basic for each application Connections Column Description Application Name of the application Active Number of active connections opened by the application Action Shows the action that the Avira FireWall will automatically take when the application is using the network whatever the network usage type is If you choose Basic in the Filtering column you can click the link to select another action type The values are Ask Allow or Deny If you choose Advanced in the Filtering column the Rules action type is displayed The Rules link opens the Advanced application rules window in which you can enter specific rules for the application Filtering Shows the type of filtering You can select another type of filtering by clicking the link Basic In the case of simple filtering the specified action is carried out on all network activities performed by the software application Advanced With this type of filtering the rules that were added to the extended configuration are applied Avira Professional Security User Manual Status 23 Sep 2011 132 Ro AV RA Reference Configuration options gt If you want to create specific rules for an application select the Advanced entry under Filtering The Rules entry is then di
22. Select packets that have following bytes empty with mask empty at offset 0 Allow Deny TCP packets Avira Professional Security User Manual Status 23 Sep 2011 124 Ro AV RA Reference Configuration options With a mouse click on the link you have the choice to allow or deny special defined incoming TCP packets IP address By clicking on this link with the mouse a dialog box opens in which you can enter the required IPv4 or IPv6 address IP mask By clicking on this link with the mouse a dialog box opens in which you can enter the required IPv4 or IPv6 mask Local ports With a mouse click on this link a dialog box appears in which you can define the local port number s or complete port ranges Remote ports With a mouse click on this link a dialog box appears in which you can define the remote port number s or complete port ranges Application method With a mouse click on this link you have the choice to apply the rule for connection initiation and existing connection packets or only for packets of existing connections or for all packets Event database By clicking on the link with the mouse you can choose between Log and Don t log to the event database if the packet complies with the rule Advanced The advanced feature enables content filtering For example packets can be rejected if they contain some specific data at a certain offset If you do not want to use this option do not select a file
23. System Scanner dialog the action Quarantine is displayed as the default action Permitted actions In this box actions can be specified which can be selected in individual or expert notification mode in case of a virus detection You must activate the corresponding options for this Repair The System Scanner repairs the infected file if possible Rename The System Scanner renames the file Direct access to these files e g with double click is therefore no longer possible The file can be repaired at a later time and renamed again Quarantine The System Scanner moves the file to Quarantine The file can be recovered from quarantine manager if it has an informative value or if necessary sent to the Avira Malware Research Center Depending on the file further selection options are available in the quarantine manager Delete The file will be deleted This process is much faster than overwrite and delete Ignore The file is to be ignored Overwrite and delete The System Scanner overwrites the file with a default pattern and then deletes it It cannot be restored Avira Professional Security User Manual Status 23 Sep 2011 87 Ro AV RA Reference Configuration options Default The button is used to define a default action by the System Scanner to handle the files encountered Highlight an action and click the Default button Only the selected default action for the relevant files can be executed in combined
24. To help protect your computer against viruses and other security threats make sure that your antivirus software is turned on and is up to date How does antivirus software help protect my computer Note The Windows Security Center is supported by your Avira product You can enable this option at any time via the Recommendations button Note Even if you have installed Windows XP Service Pack 2 or Windows Vista you still require a virus protection solution Although Windows XP Service Pack 2 monitors your anti virus software it does not contain any anti virus functions itself Therefore you would not be protected against viruses and other malware without an additional anti virus solution Avira Professional Security User Manual Status 23 Sep 2011 73 R AV RA Viruses and more 9 Viruses and more 9 1 Threat categories Adware Adware is software that presents banner ads or in pop up windows through a bar that appears on a computer screen These advertisements usually cannot be removed and are consequently always visible The connection data allow many conclusions on the usage behavior and are problematic in terms of data security Your Avira product detects Adware If the Adware option is enabled with a check mark in the configuration under Threat categories you receive a corresponding alert if your Avira product detects adware Adware Spyware Software that displays advertising or software that sends the user s personal d
25. When this option is activated the System Scanner logs the names of the files concerned with their path In addition the configuration for the current scan version information and information on the licensee is written in the report file Extended When this option is activated the System Scanner logs alerts and tips in addition to the default information Complete When this option is activated the System Scanner also logs all scanned files In addition all files involved as well as alerts and tips are included in the report file Note If you have to send us a report file at any time for troubleshooting please create this report file in this mode 11 2 Realtime Protection The Realtime Protection section of the configuration is responsible for the configuration of the on access scan Options available in expert mode only 11 2 1 Scan You will normally want to monitor your system constantly To this end use the Realtime Protection on access System Scanner You can thus scan all files that are copied or opened on the computer on the fly for viruses and unwanted programs Options available in expert mode only Files The Realtime Protection can use a filter to scan only those files with a certain extension type All files If this option is enabled all files are scanned for viruses or unwanted programs irrespective of their content and their file extension Avira Professional Security User Manual Status
26. application must be added to the list again and the desired rule reapplied Add This button opens a dialog box in which you can select a directory All group applications in the selected path are added to the application list with the rule Allow Remove The selected application rule is removed Remove All application rules are removed all 11 6 4 Trusted vendors A list of trusted software producers is displayed under Trusted vendors Applications from the listed software manufacturers will be granted access to the network You can add and remove manufacturers from the list Vendors The list shows all vendors classified as trusted Avira Professional Security User Manual Status 23 Sep 2011 152 CG AVIRA Reference Configuration options Buttons Button Description Add This button opens a dialog box in which you can select applications The manufacturer of the application is established and added to the list of trusted vendors Add This button opens a dialog box in which you can select a directory The group manufacturers of all the applications in the selected path are established and added to the list of trusted vendors Remove The highlighted entry is removed from the list of trusted vendors To permanently remove the selected provider from the list click Apply or OK in the configuration window Remove All entries are removed from the list of trusted vendors
27. are Microsoft Mozilla Opera Yahoo Google Hewlet Packard Sun Skype Adobe Lexmark Creative Labs ATI nVidia Remember last used state When this option is enabled the option Remember action for this application in the dialog box Network event is enabled in the same way as for the last network event If the option Hemember action for this application was enabled this option is enabled for the following network event If the option Remember action for this application was disabled for the last network event this option is also disabled for the following network event Show details In this group of configuration options you can setup the display of detailed information in the Network event window Show details on demand If this option is enabled the detailed information is only displayed in the Network event window on request i e the detailed information is displayed by clicking on the Show details button in the Network event window Always show details If this option is enabled detailed information is always displayed in the Network event window Remember last used state If this option is enabled the display of detailed information is managed in the same way as for the previous network event If detailed information was displayed or accessed during the last network event detailed information is displayed for the following network event If detailed information was hidden and not displayed during the las
28. by a honeypot it is logged and an alert is triggered Macro viruses Macroviruses are small programs that are written in the macro language of an application e g WordBasic under WinWord 6 0 and that can normally only spread within documents of this application Because of this they are also called document viruses In order to be active they need that the corresponding applications are activated and that one of the infected macros has been executed Unlike normal viruses macro viruses consequently do not attack executable files but they do attack the documents of the corresponding host application Pharming Pharming is a manipulation of the host file of web browsers to divert enquiries to spoofed websites This is a further development of classic phishing Pharming fraudsters operate their own large server farms on which fake websites are stored Pharming has established itself as an umbrella term for various types of DNS attacks In the case of a manipulation of the host file a specific manipulation of a system is carried out with the aid of a Trojan or virus The result is that the system can now only access fake websites even if the correct web address is entered Phishing Phishing means angling for personal details of the Internet user Phishers generally send their victims apparently official letters such as emails that are intended to induce them to reveal confidential information to the culprits in good faith in particular us
29. by the user e g based on his or her knowledge of whether the source of the code is trustworthy or not Macrovirus heuristics Macrovirus heuristics Your Avira product contains a highly powerful macrovirus heuristic If this option is enabled all macros in the relevant document are deleted in the event of a repair Avira Professional Security User Manual Status 23 Sep 2011 106 Ro AV RA Reference Configuration options alternatively suspect documents are only reported i e you receive an alert This option is enabled as the default setting and is recommended Advanced Heuristic Analysis and Detection AHeAD enable AHeAD Your Avira program contains a very powerful heuristic in the form of Avira AHeAD technology which can also detect unknown new malware If this option is enabled you can define how aggressive this heuristic should be This option is enabled as the default setting Low detection level If this option is enabled slightly less unknown malware is detected the risk of false alerts is low in this case Medium detection level This option is enabled as the default setting if you have selected the use of this heuristic High detection level If this option is enabled significantly more unknown malware is detected but there are also likely to be false positives 11 2 2 ProActiv Avira ProActiv protects you from new and unknown threats for which there are not yet any virus definitions or heuris
30. can be selected to be displayed in case of a virus detection You must activate the corresponding options for this Deny access The website requested from the web server and or any data or files transferred are not sent to your web browser An error message to notify you that access has been denied is displayed in the web browser Web Protection logs the detection to the report file if the report function is activated Quarantine In the event of a virus or malware being detected the website requested from the web server and or the transferred data and files are moved into quarantine The affected file can be recovered from the quarantine manager if it has any informative value or if necessary sent to the Avira Malware Research Center Ignore The website requested from the web server and or the data and files that were transferred are forwarded on by Web Protection to your web browser Default This button allows you to select an action that is activated in the dialog box by default when a virus is detected Select the action that is to be activated by default and click on the Default button Click here for more information Automatic If this option is enabled no dialog box in case of a virus detection appears Web Protection reacts according to the settings you predefine in this section as primary and secondary action Display detection alerts If this option is activated then for each detection of a virus or unwanted
31. defined Avira Mail Protection footer to confirm the sent email has been scanned by a virus protection program You also have the option of inserting text yourself for a user defined footer If you use both footer options the user defined text is preceded by the Avira Mail Protection footer Footer for emails to be sent Avira Professional Security User Manual Status 23 Sep 2011 171 Ro AV RA Reference Configuration options Attach Mail Protection footer If this option is enabled the Avira Mail Protection footer is displayed beneath the message text of the sent email The Avira Mail Protection footer confirms that the sent email has been scanned for viruses and unwanted programs by Avira The Avira Mail Protection footer contains the following text Scanned with Avira Mail Protection product version initials and version number of search engine initials and version number of virus definition file Attach the following footer If this option is enabled the text which you insert into the input box is displayed as a footer in sent emails Input box In this input box you can insert a text which is displayed as a footer in sent emails 11 8 3 Report Mail Protection includes an extensive logging function to provide the user or administrator with exact notes about the type and manner of a detection Options available in expert mode only Reporting This group allows for the content of the report file to be determined
32. e a ieS ea SE a ra E a E ganbaboMensabipoalean TREES 31 4 1 6 Accessing the Configuration store rto onere ite nene nU RR Unete n tuin Doi cul ts ncn ncn nb 34 4 1 7 Configuration CP STATICIN MESE 33 41 8 Co nig raton profile SssssssiiesisissiiseeiisrsirerorserenrstissirstsircisisecseasrinsesississiviedkenaisSoiieror aon leno 34 2 19 Tay MCG Line E E E m eod E E EEE E E 35 Avira Professional Security User Manual Status 23 Sep 2011 3 CS AVIRA rod 4 1 10 Entries in the context TIGE asesores hiv teke Rog tente ossnuonvonsvasnsonousonsovoneosiesabisn onanissionsnioniovnessaovage 36 4 2 HOW iO 5onenovan id nivea aae DEDE aM es 37 4 2 1 Activate r1 OS 37 4 22 Perform automatic updates asesores errker kektrko EHE Re rip RU essee ERREUR REPE REPRE UE ia 37 4253 STA ANIA update ssa ieee teei ped v aU his n a nae orn UPS Act pir ern p PN OE PU EUIS 39 4 2 4 Using a scan profiles to scan for viruses and malware eerte 40 4 2 5 Scan for viruses and malware using drag amp drop serere 41 4 2 6 Scan for viruses and malware via the context menu eese tete ente tnn 42 4 2 7 Automatically scan for viruses and malware eee esee tenes tente tn tente tn sentono 42 4 2 8 Targeted scan for Rootkits and active malware eee eeeeteeeeeetetententnnns 44 4 2 9 React to detected viruses and malware eee
33. email address es of the recipient s in this box The individual addresses are separated by commas The maximum length of all addresses together i e the total character string is 260 characters System Scanner email alerts With certain events the on demand scan can send alerts and messages via email to one or more recipients Email alerts If this option is enabled the program sends email messages with the most important information when a certain event occurs This option is disabled as the default setting Email messages for the following events Avira Professional Security User Manual Status 23 Sep 2011 184 Ro AV RA Reference Configuration options The on demand scan detected a virus or unwanted program If this option is enabled you receive an email with the name of the virus or unwanted program and the affected file whenever the on demand scan detects a virus or an unwanted program Edit The Edit button opens the Email template window in which you can configure the notification for an Scan detection event You have the option of inserting text for the subject line and body of the email You can use variables for this purpose see Email Template End of scheduled scan When the option is activated an email is sent when a scan job has been performed The email contains data on the point and duration of the scan job on the folders and files scanned as well as on the viruses found and warnings Edit T
34. etes esee entente eaten ta neat ta nente nonne 44 4 2 10 Handling quarantined files qua soe nire pensi punte isa ivre trs orbe ise pe nut 49 42 11 Restore the files in quarantine seisscoosssssieoneossvsonssvoreonsstoceossonsheonsonosisonsonsiieosdovasiessaonsiieonuonssieonsonnobiovedsessonne 51 4 2 12 Move suspicious files to quarantine sseseesesseesssseesssssesssssesssssessssersssssesssssesssssessseresssesesssesesseesesseeses 53 4 2 13 Scan profile Amend or delete file type in a scan profile sss 53 4 2 14 Create desktop shortcut for scan profile eee eee es esee entente nnne 54 4 2 15 EEE E E TT m 54 4 2 16 Exclude email addresses from scan ssiissesisssnnessovirnosssvsoseosensgavonsdeonsonnviogznnsdissanneniygarnedignaamantgaansevinsaniens 55 4 2 17 Select the security level for the FireWall s ssssssssssssssssseesssssrssssessssssesssssrsssssesssesesseesesssesesseeeesseeses 55 5 System Scanner 0e090909060000000000000000000000000000000000000000000000000000000000000000000000 57 6 Updates 909090900000000000000000000000000000000000000000000000000000000000000000000000000000000000 58 T Firewall 0909090900000000000000000000000000000000000000000000000000000000000000000000000000000000000 60 8 1 Helpin case of a problem A rii tnit opio rhe rena Hl ccanacedscsvdusioeasdendicensenincsxenci atsdealecssacaticasaes 61 8 2 So qeii
35. file type in a scan profile To stipulate additional file types to be scanned or exclude specific file types from the scan in a scan profile only possible for manual selection and customized scan profiles V Inthe Control Center go to the PC protection gt System Scanner section gt With the right hand mouse button click on the scan profile you want to edit A context menu appears gt Select File filter gt Expand the context menu further by clicking on the small triangle on the right hand side of the context menu The entries Default Scan all files and User defined appear gt Select User defined The File extensions dialog box appears with a list of all file types to be scanned with the scan profile If you want to exclude a file type from the scan Highlight the file type and click Delete If you want to add a file type to the scan gt Highlight a file type gt Click Insert and enter the file extension of file type into the input box Use a maximum of 10 characters and do not enter the leading dot Wildcards and are allowed Avira Professional Security User Manual Status 23 Sep 2011 53 RR AV RA Overview of Avira Professional Security 4 2 14 Create desktop shortcut for scan profile You can start a system scan directly from your desktop via a desktop shortcut to a scan profile without accessing your Avira product s Control Center To create a desktop shortcut to the scan profile V Inth
36. find a list of variables you can use under Variables Realtime Protection und System Scanner Exceptions Heuristic This configuration section contains the settings for the heuristic of the scan engine Options available in expert mode only Avira products contain very powerful heuristics that can proactively uncover unknown malware i e before a special virus signature to combat the damaging element has been created and before a virus guard update has been sent Virus detection involves an extensive analysis and investigation of the affected codes for functions typical of malware If the code being scanned exhibits these characteristic features it is reported as being suspicious This does not necessarily mean that the code is in fact malware False Avira Professional Security User Manual Status 23 Sep 2011 93 Ro AV RA Reference Configuration options positives do sometimes occur The decision on how to handle affected code is to be made by the user e g based on his or her knowledge of whether the source of the code is trustworthy or not Macrovirus heuristic Macrovirus heuristic Your Avira product contains a highly powerful macrovirus heuristic If this option is enabled all macros in the relevant document are deleted in the event of a repair alternatively suspect documents are only reported i e you receive an alert This option is enabled as the default setting and is recommended Advanced Heuristic Analysis and D
37. if the file extension is eml Torestore a file to its original location gt Highlight the file and click the icon Windows 2000 XP Windows Vista Ce Ji This option is not available for emails Note Emails and email attachments can only be restored using the option c if the file extension is eml A message appears asking if you want to restore the file gt Click Yes The file is restored to the directory it was in before it was moved to quarantine To restore a file to a specified directory Highlight the file and click on C A message appears asking if you want to restore the file gt Click Yes The Windows default window Save As for selecting the directory appears gt Select the directory to restore the file to and confirm Avira Professional Security User Manual Status 23 Sep 2011 52 Ro AV RA Overview of Avira Professional Security The file is restored to the selected directory 4 2 12 Move suspicious files to quarantine To move a suspect file to quarantine manually gt Inthe Control Center select the section Administration gt Quarantine section gt Click on The Windows default window for selecting a file appears gt Select the file and confirm with Open The file is moved to quarantine You can scan files in quarantine with the Avira System Scanner see Chapter Quarantine Handling quarantined files qua 4 2 13 Scan profile Amend or delete
38. if under Configuration General Product update the via File Server Shared folders option has been selected Download Enter the name of the file server on which the update files for your Avira product and the required directories release update are located The following must be specified file IP address of the file server gt release update The release directory must be a directory that can be accessed by all users L The button opens a window in which you can select the required download directory Server login Login name Enter a user name to log in on the server Use a user account with access rights to the used shared folders on the server Login password Enter the password for the user account The characters entered are masked with Note If you do not specify any data in the Server login section no authentication will be performed when accessing the file server In this case the user must have sufficient rights for the file server Avira Professional Security User Manual Status 23 Sep 2011 116 Ro AV RA Reference Configuration options 11 4 4 Web Server The update can be performed directly via a web server on the Internet or the intranet Options available in expert mode only Web server connection Use existing connection network This setting is displayed if your connection is used via a network Use the following connection This setting is displayed if you define your conn
39. manual describes the program installation and operation For further options and information please visit our website http www avira com The Avira website lets you e access information on other Avira desktop programs e download the latest Avira desktop programs e download the latest product manuals in PDF format e download free support and repair tools e access our comprehensive knowledge database and FAQs for troubleshooting e access country specific support addresses Your Avira Team 1 1 Icons and emphases The following icons are used Icon Explanation designation J Placed before a condition which must be fulfilled prior to execution of an action gt Placed before an action step that you perform z Placed before an event that follows the previous action Warning Placed before a warning when critical data loss might occur Avira Professional Security User Manual Status 23 Sep 2011 7 AVIRA ntrodbeton Note Placed before a link to particularly important information or a tip which makes your Avira product easier to use The following emphases are used Emphasis Explanation Italics File name or path data Displayed software interface elements e g window section or error message Bold Clickable software interface elements e g menu item navigation area option box or button Avira Professional Security User Manual Status 23 Sep
40. notification mode The selected default action for the relevant files is preselected in individual and expert notification mode Note The action repair cannot be selected as the default action Note If you have selected Delete or Overwrite and delete as the default action and wish to set the notification mode to combined please note the following In the case of heuristic hits the affected files are not deleted but are instead moved to quarantine Automatic If this option is enabled no dialog box in case of a virus detection appears The System Scanner reacts according to the settings you predefine in this section as primary and secondary action Copy file to quarantine before action If this option is enabled the System Scanner creates a backup copy before carrying out the requested primary or secondary action The back up copy is saved in Quarantine where the file can be restored if it is of informative value You can also send the backup copy to the Avira Malware Research Center for further investigation Display detection alerts If this option is activated then for each detection of a virus or unwanted program an alert appears showing the actions being executed Primary action Primary action is the action performed when the System Scanner finds a virus or an unwanted program If the option Repair is selected but the affected file cannot be repaired the action selected under Secondary action is performed Note T
41. of attack is used to search a computer for weak spots and is often followed by more dangerous attack types Predefined rules for the UDP port scan Setting Rules Low Assume a UDP port scan if 50 or more ports were scanned in 5 000 milliseconds When detected log attacker s IP and don t add rule to block the attack Medium Assume a UDP port scan if 50 or more ports were scanned in 5 000 milliseconds When detected log attacker s IP and add rule to block the attack High Same rule as for medium level Ports With a mouse click on the link a dialog box appears in which you can enter the number of ports that must have been scanned so that a UDP port scan is assumed Port scan time window With a mouse click on this link a dialog box appears in which you can enter the time span for a certain number of port scans so that a UDP port scan is assumed Report file With a mouse click on the link you have the choice to log or not to log the attacker s IP address Avira Professional Security User Manual Status 23 Sep 2011 142 Ro AV RA Reference Configuration options Rule With a mouse click on the link you have the choice to add or not to add the rule to block the UDP port scan attack 11 6 2 Incoming Rules Incoming rules are defined to control incoming data traffic by the Avira FireWall Predefined rules for the TCP traffic monitor Avira Professional Security User Manual Status 23 Se
42. of suspicious program behavior by selecting the Always block this program option Applications to be blocked Application The list contains all applications which you have classified as harmful which you have entered via the configuration or by notifying the ProActiv component The applications on the list are blocked by Avira ProActiv and cannot be executed on your computer system An operating system message appears when a blocked program starts up The applications to be blocked are identified by Avira ProActiv on the basis of the path specified and the file name and are blocked irrespective of their content Input box Enter the application you want to block in this box To identify the application the full path file name and file extension must be specified The path must either show the drive on which the application is located or start with an environment variable L Avira Professional Security User Manual Status 23 Sep 2011 108 Ro AV RA Reference Configuration options The button opens a window in which you can select the application to be blocked Add With the Add button you can transfer the application specified in the input box to the list of applications to be blocked Note Applications required for the proper operation of the operating system cannot be added Delete The Delete button lets you remove a highlighted application from the list of applications to be blocked Allowed application
43. or choose an empty file Filtered content bytes With a mouse click on the link a dialog box appears in which you can select a file that contains the specific buffer Filtered content mask With a mouse click on the link a dialog box appears in which you can select the specific mask Filtered content offset With a mouse click on the link a dialog box appears in which you can define the filtered content offset The offset is computed from where TCP header ends Avira Professional Security User Manual Status 23 Sep 2011 125 Ro AV RA Reference Configuration options Predefined rules for the UDP data traffic monitor Setting Rules Low Medium UDP accepted traffic monitor Allow UDP packets from address 0 0 0 0 with mask 0 0 0 0 if local port is in 0 66535 and remote port is in 0 66535 Apply rule to open ports for all streams Don t log when packet matches rule Advanced Discard packets that have following bytes empty with mask empty at offset 0 Discard UDP traffic Deny UDP packets from address 0 0 0 0 with mask 0 0 0 0 if local port is in 0 65535 and the remote port is in 0 65535 Apply rule for all ports for all streams Don t log when packet matches rule Advanced Select packets that have following bytes empty with mask empty at offset 0 High Monitor established UDP traffic Allow UDP packets from address 0 0 0 0 with mask 0 0 0 0 if the local port is in 0 65535
44. program an alert appears showing the actions being executed Primary action The primary action is the action performed when Web Protection finds a virus or an unwanted program Deny access The website requested from the web server and or any data or files transferred are not sent to your web browser An error message to notify you that access has been denied is displayed in the web browser Web Protection logs the detection to the report file if the report function is activated Quarantine In the event of a virus or malware being detected the website requested from the web server and or the transferred data and files are moved into quarantine The affected Avira Professional Security User Manual Status 23 Sep 2011 157 Ro AV RA Reference Configuration options file can be recovered from the quarantine manager if it has any informative value or if necessary sent to the Avira Malware Research Center Ignore The website requested from the web server and or the data and files that were transferred are forwarded on by Web Protection to your web browser Access to the file is permitted and the file is ignored Warning The affected file remains active on your workstation It may cause serious damage on your workstation Blocked requests In Blocked requests you can specify the file types and MIME types content types for the transferred data to be blocked by Web Protection The Web filter lets you block known phi
45. programs You can define the recursion depth The default value for the recursion depth is 1 and is recommended all files that are directly located in the main archive are scanned Max number of files When scanning archives you can restrict the scan to a maximum number of files in the archive The default value for the maximum number of files to be scanned is 10 and is recommended Max size KB When scanning archives you can restrict the scan to a maximum archive size to be unpacked The standard value of 1000 KB is recommended Action on detection You can define the actions to be performed by Realtime Protection when a virus or unwanted program is detected Options available in expert mode only Interactive If this option is enabled a desktop notification appears when Realtime Protection detects a virus or unwanted program You have the option of removing the detected malware or accessing other possible virus treatment actions via the Details button The actions are displayed in a dialog box This option is enabled as the default setting Permitted actions In this display box you can specify the virus management actions that should be available as further actions in the dialog box You must activate the corresponding options for this Repair Realtime Protection repairs the infected file if possible Avira Professional Security User Manual Status 23 Sep 2011 98 Ro AV RA Reference Configuration options Re
46. protocols IP ICMP UDP TCP See Add new rule Warning When a packet is filtered the corresponding rules are applied successively therefore the rule order is very important Change the rule order only if you are completely aware of what you are doing Buttons to manage the rules Button Description Add rule Allows you to create a new rule If you press this button the Add new rule dialog box is opened In this dialog box you can select new rules Remove Removes the selected rule rule Rule up Moves the selected rule up one line i e increases the rule priority Rule Moves the selected rule down one line i e reduces the rule priority down Avira Professional Security User Manual Status 23 Sep 2011 130 Ro AV RA Reference Configuration options Rename Allows you to give the selected rule another name rule Note You can add new rules for individual adapters or for all adapters present on the computer To add an adapter rule for all adapters select My Computer from the adapter hierarchy that is displayed and click on the Add rule button See Add new rule Note To change the position of a rule you can also use the mouse to drag the rule to the required position 11 5 2 Application rules Application rules for user This list contains all users in the system If you are logged in as an administrator you can select the user to whom you want to apply the rules If you ar
47. purchased your Avira product on the Internet or via a program CD DVD the digital license code is sent to you by email You can load the license key during installation of the program or install it later in License Manager Note If your Avira product is managed under AMC your administrator will execute the upgrade You will be asked to save your data and reboot your computer otherwise you are not protected 2 3 1 License manager The Avira Professional Security License Manager enables very simple installation of the Avira Professional Security license Avira Professional Security User Manual Status 23 Sep 2011 11 R AV l RA Product information Avira Professional Security License Manager Avira Professional Security License Manager CAVIRA Avira Professional Security The selected file is an Avira Professional Security license key File You can now install this license into your Avira Professional Security product Please select the apropriate Avira Professional Security installation into which you would like to have this license installed and click OK Note only those local Avira Professional Security products For which this license key File contains a valid license are displayed License Valid until Destination Directory EJ avira Professional Security 12 31 2011 C Program FileslAviralAntiVir s 3i You can install the license by selecting the license file in your file manager or in the activation email wit
48. round the globe Script viruses and worms use one of the script languages such as Javascript VBScript etc to insert themselves in other new scripts or to spread themselves by calling operating system functions This frequently happens via email or through the exchange of files documents A worm is a program that multiplies itself but that does not infect the host Worms cannot consequently form part of other program sequences Worms are often the only possibility to infiltrate any kind of damaging programs on systems with restrictive security measures Spyware Spyware are so called spy programs that intercept or take partial control of a computer s operation without the user s informed consent Spyware is designed to exploit infected computers for commercial gain Trojan horses short Trojans Trojans are pretty common nowadays Trojans include programs that pretend to have a particular function but that show their real image after execution and carry out a different function that in most cases is destructive Trojan horses cannot multiply themselves which differentiates them from viruses and worms Most of them have an interesting name SEX EXE or STARTME EXE with the intention to induce the user to start the Trojan Immediately after execution they become active and can for example format the hard disk A dropper is a special form of Trojan that drops viruses i e embeds viruses on the computer system Zombie A zombie
49. rule is permitted e Access to networks by applications with the Deny rule is denied When applications are added the Allow rule is set Avira Professional Security User Manual Status 23 Sep 2011 151 CG AVIRA Application list This table shows the list of applications for which rules are defined The symbols indicate whether network access by the applications is allowed or denied The rules for the applications can be changed using a context menu Reference Configuration options Buttons Button Description Add by This button opens a dialog box in which you can select applications The path application is added to the application list with the rule Allow If you use the option Add by path the added FireWall application are identified by path and file name Rules for an application remain valid and will be used by the FireWall even if the content of an added executable file has been changed e g by an update Add by This button opens a dialog box in which you can select applications The md5 application is added to the application list with the rule Allow If you use the option Add by md5 all added applications are uniquely identified using the MD5 checksum This allows the FireWall to identify changes to the file content If an application changes following an update for example the application with the rule in question is automatically removed from the application list Following a change the
50. server you are using Avira Professional Security User Manual Status 23 Sep 2011 113 Ro AV RA Reference Configuration options 11 4 1 Product update Under Product update configure how product updates or the notification of available product updates are handled Options available in expert mode only Product updates Download and install product updates automatically If this option is enabled product updates are downloaded and automatically installed by the Update component as soon as they become available Updates to the virus definition file and scan engine are performed independently of this setting The conditions for this option are complete configuration of the update and an open connection to a download server Download product updates If a restart is necessary install the update after the system restart otherwise install it immediately If this option is enabled product updates will be downloaded as soon as they become available If no restart is necessary the update is installed automatically after the update file is downloaded If a product update requires you to restart your computer it will be executed at the next user controlled system reboot and not immediately after the download of the update file This has the advantage that the restart is not performed while users are working at their computers Updates to the virus definition file and scan engine are performed independently of this setting The conditio
51. started manually the virus definition file and scan engine are always updated A product update can only take place if you have activated the option Download and install product updates automatically in the configuration under PC protection Update Product update To start an update of your Avira product manually With the right hand mouse button click the Avira tray icon in the taskbar A context menu appears gt Select Start update The Updater dialog box appears OR gt Inthe Control Center select the section Overview gt Status gt In the Last update field click on the Start update link The Updater dialog box appears OR gt In the Control Center in the Update menu select the menu command Start update The Updater dialog box appears Note We recommend regular automatic updates The recommended update interval is 60 minutes Avira Professional Security User Manual Status 23 Sep 2011 39 Ro AV RA Overview of Avira Professional Security Note You can also carry out a manual update directly via the Windows security center 4 2 4 Using ascan profiles to scan for viruses and malware A scan profile is a set of drives and directories to be scanned The following options are available for scanning via a scan profile Use predefined scan profile If the predefined scan profile corresponds to your requirements Customize and apply scan profile manual selection If you want to scan
52. system settings option can only be used for proxy servers without authentication Use this proxy server If your web server connection is set up via a proxy server you can enter the relevant information here Avira Professional Security User Manual Status 23 Sep 2011 118 Ro AV RA Reference Configuration options Address Enter the computer name or IP address of the proxy server you want to use to connect to the web server Port Please enter the port number of the proxy server you want to use to connect to the web server Login name Enter a user name to log in on the proxy server Login password Enter the relevant password for logging in on the proxy server here For security reasons the actual characters you type in this space are replaced by asterisks Examples Address proxy domain com Port 8080 Address 192 168 1 100 Port 3128 11 5 Firewall The FireWall section under Online protection Configuration is responsible for configuration of the Avira FireWall 11 5 1 Adapter rules In the Avira FireWall an adapter represents a software simulated hardware device e g miniport bridge connection etc or a real hardware device e g network card The Avira FireWall displays the adapter rules of all existing adapters on your computer for which a driver was installed Options available in expert mode only e ICMP protocol e TCP Port Scan e UDP Port Scan e Incoming Rules e Incoming IP pr
53. weak spots and is often followed by more dangerous attack types Predefined rules for the TCP port scan Setting Rules Low Assume a TCP port scan if 50 or more ports were scanned in 5 000 milliseconds When detected log attacker s IP and don t add rule to block the attack Medium Assume a TCP port scan if 50 or more ports were scanned in 5 000 milliseconds When detected log attacker s IP and add rule to block the attack High Same rule as for medium level Ports With a mouse click on the link a dialog box appears in which you can enter the number of ports that must have been scanned so that a TCP port scan is assumed Port scan time window With a mouse click on this link a dialog box appears in which you can enter the time span for a certain number of port scans so that a TCP port scan is assumed Avira Professional Security User Manual Status 23 Sep 2011 141 Ro AV RA Reference Configuration options Report file With a mouse click on the link you have the choice to log or not to log the attacker s IP address Rule With a mouse click on the link you have the choice to add or not to add the rule to block the TCP port scan attack UDP port scan With this rule you can define when a UDP port scan is assumed by the FireWall and what should be done in this case This rule prevents so called UDP port scan attacks that result in a detection of open UDP ports on your computer This kind
54. when packet matches rule Advanced Discard packets that have following bytes lt empty gt with mask lt empty gt at offset 0 Avira Professional Security User Manual Status 23 Sep 2011 146 Ro AV RA Reference Configuration options High Monitor established UDP traffic Allow UDP packets from address 0 0 0 0 with mask 0 0 0 0 if the local port is in range 0 65535 and the remote port is in range 53 67 68 123 Apply rule to open ports Don t log when packet matches rule Advanced Discard packets that have following bytes empty with mask empty at offset 0 Accept reject UDP packets With a mouse click on the link you have the choice to allow or deny special defined incoming UDP packets IP address By clicking on this link with the mouse a dialog box opens in which you can enter the required IPv4 or IPv6 address IP mask By clicking on this link with the mouse a dialog box opens in which you can enter the required IPv4 or IPv6 mask Local ports With a mouse click on this link a dialog box appears in which you can define the local port number s or complete port ranges Remote ports With a mouse click on this link a dialog box appears in which you can define the remote port number s or complete port ranges Application method With a mouse click on this link you have the choice to apply this rule to all ports or only to all opened ports Report file By clicking on the link with
55. 23 Sep 2011 167 Ro AV RA Reference Configuration options Ignore If this option is enabled the affected email is ignored despite detection of a virus or unwanted program However you can decide what is to be done with the affected attachment Move to quarantine If this option is enabled the complete email including all attachments is placed in Quarantine if a virus or unwanted program is found If required it can later be restored The affected email itself is deleted The body of the email is replaced by the default text given below The same applies to all attachments included these are also replaced by a default text Affected attachments The option Affected attachments can only be selected if the setting Ignore has been selected under Affected emails With this option it is now possible to decide what is to be done if a virus or unwanted program is found in an attachment Delete If this option is enabled the affected attachment is deleted if a virus or unwanted program is found and replaced by a default text Ignore If this option is enabled the attachment is ignored despite detection of a virus or unwanted program and delivered Move to quarantine If this option is enabled the affected attachment is placed in Quarantine and then deleted replaced by a default text If required the affected attachment s can later be restored Warning If you select this option you have no protection against virus
56. A MEREn REA EAE 13 DER 0 c o 13 3 1 1 laire tre HT I FY OTI ET TT 13 32 roi deem ET CRE PT eT Ivy Ten REE Sae aaea AEEA O EEE MrT ESERE ES ACES ES marr 14 OM MEZ e Ace METTUS 15 3 4 Custom InstallablOriusiieeioce ta eana aee P Pda na tuta speV aaa socer aped ke poa dene Fun pP Rue U a eT e CR HUE RUE ERA NE EUER RR 17 3 5 C ntg rati n Wizard C 19 3 6 Change instalation RE UUU estan ence aaa 20 Sef instalation MOdUlES s svcsiscssaicarscnsceceientaateapsa vied eaenwtansenaceicvuni dine T 20 3 8 s FAA Mh RIETI Mm 22 3 9 Installation and uninstallation on the network Lese eee sees eerie eene eene nne nnet 22 3 9 1 Command line parameters for the setup program eese tenete tnn 24 4 Overview of Avira Professional Security eee eere eere 28 4 1 User interface and ODOFallOIT sione ine eiaonei Yen Nune VR VRYR UR SCENE RM VRER USE DURO UR A VRN UM ra Rex eR EVA NR ERR 28 AMEN EO Ns TATE TETTE 28 41 2 Starting and closing or Control Center veissicssssssveoasosonesserssnsonsonspecsssnsvsssannenesuernsuvonsnnedeonsensnvosannenipvannens 29 413 Operae Control GOD tel oesine pei PNou nausea nae P dU EUM Qut met e MEO aput 30 4 1 4 Control Center Overview sivassssssrssasssensansszonnsevixenaervonsonsovoneodannssesnvonsneoaionaniesuoveneoaiousneoniovanessionantnsaovaneisionale 30 4 1 5 Go nig ratoNs ssassn Ne aeeai ae Ne
57. Avira Realtime Protection Example Guard 1 e MailScanner Installs the Avira Mail Protection 1 Install Avira Mail Protection 0 Do not install Avira Mail Protection Example MailScanner 1 e KeyFile Specifies the path for the license file that is copied during installation For initial installation obligatory The file name must be specified completely fully qualified For a change installation optional Example KeyFile D inst license hbedv key e ShowReadMe Displays the readme txt file after installation 1 Display file 0 Do not display file Example ShowReadMe 1 e RestartWindows Restarts the computer after installation This entry has a higher priority than ShowRestartMessage 1 Restart computer 0 Do not restart computer Example RestartWindows 1 e ShowRestartMessage Displays information during the setup before carrying out an automatic restart 0 Do not display information 1 Display information Example ShowRestartMessage 1 e SetupMode Not required for initial installation The setup program knows if an initial installation has been performed Specifies the type of installation If an installation is available already it has to be indicated in the SetupMode whether this installation is an update only or a change installation reconfiguration or an uninstallation Update Updates an existing installation In this case configuration parameters for example Guard are ignored Modify M
58. Command line parameters for the setup program Note Parameters containing paths or file names must be placed in double quotes Example Install Path PROGRAMFILES Avira AntiVir Server The following parameter is possible for installation e inf The setup program starts with the script mentioned and retrieves all parameters required Example presetup exe inf c NtempNsetup inf The following parameters are possible for the uninstallation e remove The setup program uninstalls the Avira product Example presetup exe remove e remsilent The setup program uninstalls the Avira product without displaying dialogs The computer is restarted after uninstallation Example presetup exe remsilent Avira Professional Security User Manual Status 23 Sep 2011 24 R AVI RA Installation and uninstallation e remsilentaskreboot The setup program uninstalls the Avira product without displaying dialogs and requests a computer restart after uninstallation Example presetup exe remsilentaskreboot The following parameter is available as an option for the uninstallation log e unsetuplog All actions during uninstallation are logged Example presetup exe remsilent unsetuplog c logfiles unsetup log In the control file setup inf you can set the following parameters in the DATA field for the automatic installation of the Avira product The sequence of the parameters is unimportant If a parameter setting
59. Further actions Launch program following detection After the on demand scan the System Scanner can open a file of your choice if at least one virus or unwanted program has been detected for example an email program so that you can inform other users or the administrator Options available in expert mode only Note For security reasons it is only possible to start a program after a detection when a user is logged on the computer The file is then opened with the rights that apply to the logged on user If no user is logged on this option is not performed Program name In this input box you can enter the name and the relevant path of the program that the System Scanner should start after a detection 5 Avira Professional Security User Manual Status 23 Sep 2011 90 Ro AV RA Reference Configuration options This button opens a window in which you can select the desired program with the aid of the file selection dialog Arguments In this input box you can enter command line parameters for the program to be started if necessary Event log Use event log If this option is enabled an event report with the results of the scan is transferred to the Windows Event Log after a System Scanner scan has been completed The events can be called up in the Windows Event Viewer The option is disabled as the default setting Option available in expert mode only Archives When scanning archives the System Scanner uses a recur
60. If this option is enabled events listed in the event database are deleted after a certain period of time possible values 1 to 90 days This option is enabled as the default setting with a value of 30 days No limit When this option has been activated the size of the event database is not limited However a maximum of 20 000 entries are displayed in the program interface under Events 11 9 8 Reports Options available in expert mode only Avira Professional Security User Manual Status 23 Sep 2011 192 Ro AV RA Reference Configuration options Limit reports Limit number to max n piece When this option is enabled the maximum number of reports can be limited to a specific amount Values between 1 and 300 are permissible If the specified number is exceeded then the oldest report at that time is deleted Delete all reports older than n day s If this option is enabled reports are automatically deleted after a specific number of days Permissible values are 1 to 90 days This option is enabled as the default setting with a value of 30 days No limit If this option is enabled the number of reports is not restricted 11 9 9 Directories Options available in expert mode only Temporary path Use default system settings If this option is enabled the settings of the system are used for handling temporary files Note You can see where your system saves temporary files for example with Windows XP under Star
61. PC is a computer that is infected with malware programs and that enables hackers to abuse computers via remote control for criminal purposes On command the affected PC starts denial of service DoS attacks for example or sends spam and phishing emails Avira Professional Security User Manual Status 23 Sep 2011 80 S AVIRA ee 10 Info and Service This chapter contains information on how to contact us e See Chapter Contact address e See Chapter Technical support e See Chapter Suspicious files e See Chapter Report false positives e See Chapter Your feedback for more security 10 1 Contact address If you have any questions or requests concerning the Avira product range we will be pleased to help you For our contact addresses please refer to the Control Center under Help About Avira Professional Security 10 2 Technical support Avira support provides reliable assistance in answering your questions or solving a technical problem All necessary information on our comprehensive support service can be obtained from our website http www avira com professional support So that we can provide you with fast reliable help you should have the following information ready e License information You can find the program interface under the menu item Help gt About Avira Professional Security License information See License information e Version information You can find the program interface under the menu i
62. Protection section of the Configuration is responsible for the configuration of the Mail Protection 11 8 1 Scan Use Mail Protection to scan incoming emails for viruses and malware Outgoing emails can be scanned for viruses and malware by Mail Protection Enable Mail Protection If this option is enabled email traffic is monitored by Mail Protection Mail Protection is a proxy server which checks data traffic between the email server you use and the email client program on your computer system incoming emails are scanned for malware by default If this option is disabled the Mail Protection service is still started but monitoring by Mail Protection is disabled Scan incoming emails If this option is enabled incoming emails are scanned for viruses and malware Mail Protection supports POP3 and IMAP protocols Enable the inbox account used by your email client to receive emails for monitoring by Mail Protection Monitor POP3 accounts If this option is enabled the POP3 accounts are monitored on the specified ports Monitored ports In this field you should enter the port to be used as the inbox by the POPS protocol Multiple ports are separated by commas Option available in expert mode only Default This button resets the specified port to the default POP3 port Option available in expert mode only Monitor IMAP accounts If this option is enabled the IMAP accounts are monitored on the specified ports Monitored ports In
63. Scan engine The scan engine contains the methods used by your Avira product to scan for viruses and malware e Program files product update Update packages for product updates make extra functions available to the individual program components An update checks whether the virus definition file and scan engine are up to date and if necessary implements an update Depending on the settings in the configuration the Updater also carries out a product update or informs you of the product updates available After a product update you may have to restart your computer system If only the virus definition file and scan engine are updated the computer does not have to be restarted Note For security reasons the Updater checks whether the Windows hosts file of your computer was altered whether the Update URL for example was manipulated by malware and is diverting the Updater to unwanted download sites If the Windows hosts file has been manipulated this is shown in the Updater report file An update is automatically performed in the following interval 60 minutes You can edit or disable the automatic update through the configuration Configuration Update In the Control Center under Scheduler you can create additional update jobs that are performed by Updater at the specified intervals You also have the option to start an update manually e inthe Control Center in the Update menu and in the Status section e via the context m
64. The advanced feature enables content filtering For example packets can be rejected if they contain some specific data at a certain offset If you do not want to use this option do not select a file or choose an empty file Filtered content bytes With a mouse click on the link a dialog box appears in which you can select a file that contains the specific buffer Filtered content mask With a mouse click on the link a dialog box appears in which you can select the specific mask Filtered content offset With a mouse click on the link a dialog box appears in which you can define the filtered content offset The offset is computed from where UDP header ends Avira Professional Security User Manual Status 23 Sep 2011 127 Ro AV RA Reference Configuration options Predefined rules for the ICMP traffic monitor Setting Rules Low Medium Do not discard ICMP based on IP address Allow ICMP packets from address 0 0 0 0 with mask 0 0 0 0 Don t log when packet matches rule Advanced Discard packets that have following bytes empty with mask empty at offset 0 High Same rule as for medium level Allow Deny ICMP packets With a mouse click on the link you have the choice to allow or deny special defined incoming ICMP packets IP address By clicking on this link with the mouse a dialog box opens in which you can enter the required IPv4 address IP mask By clicking on this link with the m
65. Windows Vista and higher The option is not available if you are managing the Avira program under AMC Note This option should not be used if you are using third party tools that modify system files and adapt the boot or start screen to your own requirements Examples of such tools are skinpacks TuneUp utilities or Vista Customization Optimized scan When the option is enabled the processor capacity is optimally utilized during a System Scanner scan For performance reasons an optimized scan is only logged on standard level Note This option is only available on multi processor systems If your Avira program is managed with AMC the option is always displayed and can be enabled If the managed system does not have more than one processor the System Scanner option is not used Follow symbolic links If this option is enabled System Scanner performs a scan that follows all symbolic links in the scan profile or selected directory and scans the linked files for viruses and malware Note The option does not include any shortcuts but refers exclusively to symbolic links generated by mklink exe or Junction Points generated by junction exe that are transparent in the file system Search for Rootkits before scan If this option is enabled and a scan is started the System Scanner scans the Windows system directory for active rootkits in a so called shortcut This process does not scan your computer for active rootkits as compreh
66. You can protect your Avira product in different areas with a password If a password has been issued you will be asked for this password every time you want to open the protected area Password Enter password Enter your required password here For security reasons the actual characters you type in this space are replaced by asterisks The password can only have a maximum of 20 chars Once the password has been issued the program refuses access if an incorrect password is entered An empty box means No password Confirmation Confirm the password entered above by entering again here For security reasons the actual characters you type in this space are replaced by asterisks Note The password is case sensitive Areas protected by password Options available in expert mode only Your Avira product can protect individual areas with a password By clicking the relevant box the password request can be disabled or re enabled for individual areas as required Avira Professional Security User Manual Status 23 Sep 2011 174 S AVIRA Reference Configuration options Password protected Function area Control Center If this option is enabled the pre defined password is required to start the Control Center Activate If this option is enabled the pre defined deactivate password is required to enable or disable Realtime AntiVir Realtime Protection Protection Activate If this o
67. a LE Settings All Users PROGRAMFILES C Program Files C Program Files C Program Files x86 PROGRAMFILES PROGRAMFILES PROGRAMFILES x8 C Program Files x86 x86 6 3 x86 SSYSTEMROOTS C Windows C Windows C Windows SINSTALLDIR C Program C Program C Program Files Files Avira Antivir Files Avira Antivir x86 AviralAntivir Desktop Desktop Desktop SAVAPPDATAS C Documents and C ProgramData Avira C ProgramData Avira Settings All AntiVir Desktop AntiVir Desktop Users Avira AntiVir Desktop The paths marked with are language dependent The above mentioned examples name the relevant paths on an English operating system 11 4 Update In the Update section you can configure the automatic receiving of updates and the connection to the download servers You can specify various update intervals and activate or deactivate automatic updating Note If you configure your Avira product in the Avira Management Console automatic updates are not available Avira Professional Security User Manual Status 23 Sep 2011 112 Ro AV RA Reference Configuration options Automatic update Activate If this option is enabled automatic updates are performed for the enabled events at the specified interval All n Day s Hour s Minute s In this box you can specify the interval at which the automatic update is performed To change the update interval highligh
68. a connected external speaker WAVE file In this input box you can enter the name and the associated path of an audio file of your choice The program s default acoustic signal is entered as standard L The button opens a window in which you can select the required file with the aid of the file explorer Test This button is used to test the selected WAVE file Alerts Your Avira product generates so called slide ups desktop notifications for specific events which give information on successful or failed program sequences such as updates Under Alerts you can enable or disable the notifications for specific events With desktop notifications you have the option of disabling the notification directly in the slide up You can reactivate the notification in the Alerts configuration window Options available in expert mode only Update Alert if last update is older than n day s In this box you can enter the maximum number of days allowed to have passed since the last update If this number of days has passed a red icon is displayed for the update status under Status in the Control Center Show notice if the virus definition file is out of date If this option is enabled you will obtain an alert if the virus definition file is not up to date With the help of the alert option you can configure the temporal interval for an alert if the last update is older than n day s Warnings Notes with the following situations Av
69. active If this option is enabled a dialog box appears when a virus or unwanted program is detected in an email or attachment in which you can choose what is to be done with the email or attachment concerned This option is enabled as the default setting Show progress bar If this option is enabled the Mail Protection shows a progress bar during downloading of emails This option can only be enabled if the option Interactive has been selected Permitted actions Avira Professional Security User Manual Status 23 Sep 2011 166 Ro AV RA Reference Configuration options In this box actions can be specified which can be selected to be displayed in case of a virus detection You must activate the corresponding options for this Move to quarantine When this option has been activated the email including all attachments is moved to quarantine It can be later be delivered via the quarantine manager The affected email is deleted The body of the text and any attachments of the email are replaced by a default text Delete mail If this option is enabled the affected email is deleted when a virus or unwanted program is detected The body of the text and any attachments of the email are replaced by a default text Delete attachment If this option has been activated the affected attachment is replaced by a default text If the body of the email is affected it will be erased and also replaced by a default text The email itsel
70. all ProActiv 0 Do not install ProActiv Example ProActiv 1 e FireWall Installs the Avira FireWall component Avira FireWall monitors and controls the incoming and outgoing data traffic on your computer system and protects your computers from threats originating from the Internet or other network environments 1 Install FireWall 0 Do not install FireWall Example FireWwall 1 Avira Professional Security User Manual Status 23 Sep 2011 27 RR AV RA Overview of Avira Professional Security 4 Overview of Avira Professional Security This chapter contains an overview of the functionality and operation of your Avira product e see Chapter Interface and operation e See Chapter How to 4 1 User interface and operation You operate your Avira product via three program interface elements e Control Center monitoring and controlling the Avira product e Configuration Configuring the Avira product e Tray Icon in the system tray of the taskbar Opening the Control Center and other functions 4 1 1 Control Center The Control Center is designed to monitor the protection status of your computer systems and control and operate the protection components and functions of your Avira product Avira Professional Security User Manual Status 23 Sep 2011 28 C AVIRA amp Avira Professional Security File View Extras Llpdate Help AVIRA L Overview LE PC protection Scanner Realtime Protection Internet pro
71. an select individual configuration sections in the left hand navigation bar 4 1 6 Accessing the Configuration You have several options for accessing the configuration via the Windows control panel via the Windows Security Center from Windows XP Service Pack 2 via the Tray Icon of your Avira product in the Control Center via the menu item Extras Configuration in the Control Center via the Configuration button Note If you are accessing configuration via the Configuration button in the Control Center go to the Configuration register of the section which is active in the Control Center Expert mode must be activated to select individual Avira Professional Security User Manual Status 23 Sep 2011 32 Ro AV l RA Overview of Avira Professional Security configuration registers In this case a dialog appears asking you to activate expert mode 4 1 7 Configuration operation Navigate in the configuration window as you would in Windows Explorer gt Click an entry in the tree structure to display this configuration section in the detail window gt Click the plus symbol in front of an entry to expand the configuration section and display configuration subsections in the tree structure To hide configuration subsections click on the minus symbol in front of the expanded configuration section Note To enable or disable Configuration options and use the buttons you can also use the following key combinations
72. and the remote port is in 53 67 68 123 Apply rule to open ports for all streams Don t log when packet matches rule Advanced Discard packets that have following bytes empty with mask empty at offset 0 Allow Deny UDP packets With a mouse click on the link you have the choice to allow or deny special defined incoming UDP packets IP address By clicking on this link with the mouse a dialog box opens in which you can enter the required IPv4 or IPv6 address IP mask By clicking on this link with the mouse a dialog box opens in which you can enter the required IPv4 or IPv6 mask Avira Professional Security User Manual Status 23 Sep 2011 126 Ro AV RA Reference Configuration options Local ports With a mouse click on this link a dialog box appears in which you can define the local port number s or complete port ranges Remote ports With a mouse click on this link a dialog box appears in which you can define the remote port number s or complete port ranges Application method Ports With a mouse click on this link you have the choice to apply this rule to all ports or only to all opened ports Streams With a mouse click on this link you have the choice to apply this rule for all streams or only for outbound streams Event database By clicking on the link with the mouse you can choose between Log and Don t log to the event database if the packet complies with the rule Advanced
73. application provider is listed in the list of trusted vendors the application rule will be executed 11 5 4 Settings Options available in expert mode only Advanced options Turn on FireWall If the option is activated the Avira FireWall is enabled and protects your computer from risks originating from the Internet and other networks Stop Windows Firewall on startup If this option is enabled the Windows Firewall is deactivated when the computer is rebooted This option is enabled as the default setting Automatic rule timeout Avira Professional Security User Manual Status 23 Sep 2011 135 Ro AV RA Reference Configuration options Block forever If this option is enabled a rule that was automatically created for example during a port scan is retained Remove rule after n seconds If this option is enabled a rule that was automatically created for example during a port scan is removed again after the time you have defined This option is enabled as the default setting In the box you can specify the number of seconds after which the rules is to be removed Notifications Notifications define the events under which you wish to receive a desktop notification from the FireWall Port scan If the option is activated you will receive a desktop notification if a port scan has been detected by the FireWall Flooding If the option is activated you will receive a desktop notification if a flooding attack has been d
74. apter LAN or high speed Internet e Wireless e Dial up connection From the adapter s context menu in the Generic adapter rules window right click My Computer or Default Wireless Dial up etc you can specify predefined adapter rules for each available adapter e Set security level Low e Set security level Medium e Set security level High You also have the option of modifying individual adapter rules to suit your own particular requirements Note The default security level setting for all predefined rules of the Avira FireWall is Medium e ICMP protocol Avira Professional Security User Manual Status 23 Sep 2011 139 CG AVIRA e TCP Port Scan e UDP Port Scan e Incoming rules e Incoming IP protocol rule e Outgoing rules e Buttons to manage the rules ICMP protocol Reference Configuration options The Internet Control Message Protocol ICMP is used to exchange error and information messages on networks The protocol is also used for status messages with ping or tracer With this rule you can define the incoming and outgoing blocked message types the behavior in case of flooding and the reaction to fragmented ICMP packets This rule serves for preventing so called ICMP flood attacks which results in an increase of the CPU load of the attacked machine as it responds to every packet Predefined rules for the ICMP protocol Setting Rules Low Incoming blocked types no type Outgoing blo
75. arning All file types and content types on the exclusion list are downloaded into the Internet browser without further scanning of the blocked requests List of file and MIME types to be blocked in Web Protection Scan Blocked requests or Avira Professional Security User Manual Status 23 Sep 2011 160 Ro AV RA Reference Configuration options by Web Protection For all entries on the exclusion list the entries on the list of file and MIME types to be blocked are ignored No scan for viruses and malware is performed MIME types Examples for media types text for text files image for graphics files video for video files audio for sound files application for files linked to a particular program Examples of excluded file and MIME types audio All audio media type files are excluded from Web Protection scans video quicktime All Quicktime sub type video files qt mov are excluded from Web Protection scans pdf All Adobe PDF files are excluded from Web Protection scans Add The button allows you to copy MIME and file types from the input field into the display window Delete The button deletes a selected entry from the list This button is inactive if no entry is selected URLs skipped by Web Protection All URLs in this list are excluded from Web Protection scans Input box In this box you can input URLs Internet addresses to be excluded from Web Protection scan
76. ase remember to tell us the password 10 5 Your feedback for more security At Avira our customers security is paramount For this reason we don t just have an in house expert team that tests the quality and security of every Avira solution before the product is released We also attach great importance to the indications regarding security relevant gaps that could develop and we treat those seriously If you think you have detected a security gap in one of our products please send us an email to the following address vulnerabilities professional avira com Avira Professional Security User Manual Status 23 Sep 2011 82 Ro AV RA Reference Configuration options 11 Reference Configuration options The configuration reference documents all available configuration options 11 1 System Scanner The System Scanner section of configuration is responsible for the configuration of the on demand scan Options available in expert mode only 11 1 1 Scan You can define the behavior of the on demand scan routine options available in expert mode only If you select certain directories to be scanned depending on the configuration the System Scanner scans e With a certain scanning priority e also boot sectors and main memory e all or selected files in the directory Files The System Scanner can use a filter to scan only those files with a certain extension type All files If this option is enabled all file
77. ata to a third party often without their knowledge or consent and for this reason may be unwanted Your Avira product recognizes Adware Spyware If the option Adware Spyware is enabled with a check mark in the configuration under Threat categories you receive a corresponding alert if your Avira product detects adware or spyware Application The term APPL respectively application refers to an application which may involve a risk when used or is of dubious origin Your Avira product recognizes Application APPL If the option Application is enabled with a check mark in the configuration under Threat categories you receive a corresponding alert if your Avira product detects such behavior Backdoor Clients In order to steal data or manipulate computers a backdoor server program is smuggled in unknown to the user This program can be controlled by a third party using backdoor control software client via the Internet or a network Your Avira product recognizes Backdoor control software If the Backdoor control software option is enabled with a check mark in the configuration under Threat categories you receive a corresponding alert if your Avira product detects such software Avira Professional Security User Manual Status 23 Sep 2011 74 R AV RA Viruses and more Dialer Certain services available in the Internet have to be paid for They are invoiced in Germany via dialers with 0190 0900 numbers or via 09x0 number
78. ation behavior window Action options for the System Scanner Interactive In interactive action mode the results of the System Scanner scan are displayed in a dialog box This option is enabled as the default setting In the case of System Scanner scan you will receive an alert with a list of the affected files when the scan is complete You can use the content sensitive menu to select an action to be executed for the various infected files You can execute the standard actions for all infected files or cancel the System Scanner Automatic In automatic action mode when a virus or unwanted program is detected the action you selected in this area is executed automatically If you enable the option Display detection alerts you will receive an alert whenever a virus is detected indicating the action performed Avira Professional Security User Manual Status 23 Sep 2011 44 Ro AV RA Overview of Avira Professional Security Action options for the Realtime Protection Interactive In interactive action mode data access is denied and a desktop notification is displayed In the desktop notification you can remove the malware detected or transfer the malware to the System Scanner component using the Details button for further virus management The System Scanner opens a window containing notification of the detection which gives you various options for managing the affected file via a context menu see Detection System Scanner
79. been executed is performed automatically at the specified interval A countdown message appears with no option for canceling the computer restart Periodic restart reminder If this option is enabled the restart which is necessary after a product update has been executed is not performed automatically At the specified interval you will receive restart notifications without cancel options These notifications let you confirm the computer restart or select the Remind me again option Avira Professional Security User Manual Status 23 Sep 2011 115 Ro AV RA Reference Configuration options Query whether computer should be restarted If this option is enabled the restart which is necessary after a product update has been executed is not performed automatically You will receive only one message which offers the option to perform a restart directly or cancel the restart routine Restart computer without query If this option is enabled the restart which is necessary after a product update has been executed is performed automatically You will not receive any notification 11 4 3 File server In the case of more than one workstation on a network your Avira product can download an update from a file server in the intranet which in turn obtains the update files from a proprietary download server on the Internet This ensures that the Avira product is up to date on all workstations Note The Configuration heading is only enabled
80. bject F3 Restore object Avira Professional Security User Manual Status 23 Sep 2011 FAQ Tips 68 CS AVIRA F4 Send object F6 Restore object to Return Properties Ins Add file Del Delete object Scheduler section Shortcut Description F2 Edit job Return Properties Ins Insert new job Del Delete job Reports section Shortcut Description F3 Display report file F4 Print report file Return Display report Del Delete report s Avira Professional Security User Manual Status 23 Sep 2011 FAQ Tips 69 CG AVIRA FAQ Tips Events section Shortcut Description F3 Export event s Return Show event Del Delete event s 8 3 Windows Security Center Windows XP Service Pack 2 or higher 8 3 1 General The Windows Security Center checks the status of a computer for important security aspects If a problem is detected with one of these important points e g an outdated anti virus program the Security Center issues an alert and gives recommendations on how to protect your computer better 8 3 2 The Windows Security Center and your Avira product FireWall You may receive the following information from the Security Center with regard to your firewall e Firewall ACTIVE Firewall on e Firewall INACTIVE Firewall off Firewall ACTIVE Firewall on After installing your Avira prod
81. bled Reason These files are accessed with Execute File rights If you want to exclude these files or even executed files on network drives from scanning by the Realtime Protection enter the files in the list of file objects to be excluded see Realtime Protection Scan Exceptions Enable caching If this option is enabled monitored files on network drives will be made available in the Realtime Protection s cache Monitoring of network drives without the caching function is more secure but does not perform as well as the monitoring of network drives with caching Archives Avira Professional Security User Manual Status 23 Sep 2011 97 Ro AV RA Reference Configuration options Scan archives If this option is enabled then archives will be scanned Compressed files are scanned then decompressed and scanned again This option is deactivated by default The archive scan is restricted by the recursion depth the number of files to be scanned and the archive size You can set the maximum recursion depth the number of files to be scanned and the maximum archive size Note This option is deactivated by default since the process puts heavy demands on the computer s performance It is generally recommended that archives be checked using an on demand scan Max recursion depth When scanning archives the Realtime Protection uses a recursive scan Archives in archives are also unpacked and scanned for viruses and unwanted
82. bled the Realtime Protection creates a backup copy before carrying out the requested primary or secondary action The backup copy is saved in quarantine It can be restored via the Quarantine manager if it is of informative value Avira Professional Security User Manual Status 23 Sep 2011 99 Ro AV RA Reference Configuration options You can also send the backup copy to the Avira Malware Research Center Depending on the object more selection options are available in the Quarantine manager Display detection alerts If this option is enabled then for each detection of a virus or unwanted program an alert appears Primary action Primary action is the action performed when the Realtime Protection finds a virus or an unwanted program If the Repair option is selected but the affected file cannot be repaired the action selected under Secondary action is performed Note The Secondary action option can only be selected if the Repair setting was selected under Primary action Repair If this option is enabled the Realtime Protection repairs affected files automatically If the Realtime Protection cannot repair an affected file it carries out the action selected under Secondary action Note An automatic repair is recommended but means that the Realtime Protection modifies files on the workstation Rename If this option is enabled the Realtime Protection renames the file Direct access to these files e g with doub
83. bled the process stack inspection allows a more accurate control The FireWall will assume that any of the untrustworthy processes in the stack may actually be the one accessing the network through its child process Therefore a different popup window will be opened for each untrustworthy process in the process stack This option is disabled as the default setting Allow multiple popups per process If this option is enabled every time an application is making a network connection a popup is triggered Alternatively you will be informed only on the first connection attempt This option is disabled as the default setting 11 6 6 Display settings Options available in expert mode only Remember the action for this application Always enabled When this option is enabled the option Hemember action for this application of the dialog box Network event is enabled as the default setting This option is enabled as the default setting Always disabled When this option is enabled the option Hemember action for this application of the dialog box Network event is disabled as the default setting Avira Professional Security User Manual Status 23 Sep 2011 154 Ro AV RA Reference Configuration options Enabled for signed applications When this option is enabled the option Hemember action for this application of the dialog box Network event is automatically enabled during network access by signed applications The manufacturers
84. can mode Here the time for scanning of a file is defined Scan when reading If this option is enabled the Realtime Protection scans the files before they are read or executed by the application or the operating system Avira Professional Security User Manual Status 23 Sep 2011 96 Ro AV RA Reference Configuration options Scan when writing If this option is enabled the Realtime Protection scans a file when writing You can only access the file again after this process has been completed Scan when reading and writing If this option is enabled the Realtime Protection scans files before opening reading and executing and after writing This option is enabled as the default setting and is recommended Drives Monitor network drives If this option is enabled files on network drives mapped drives such as server volumes peer drives etc are scanned Note In order not to reduce the performance of your computer too much the option Monitor network drives should only be enabled in exceptional cases Warning If this option is disabled the network drives are not monitored They are no longer protected against viruses or unwanted programs Note When files are executed on network drives they are scanned by the Realtime Protection irrespective of the setting for the Monitor network drives option In some cases files on network drives are scanned while being opened even though the Monitor network drives option is disa
85. cked types no type Assume flooding if delay between packets is less than 50 ms Reject fragmented ICMP packets Medium Same rule as for the low level High Incoming blocked types several types Outgoing blocked types several types Assume flooding if delay between packets is less than 50 ms Reject fragmented ICMP packets Incoming blocked types no types several types With a mouse click on the link a list of ICMP packet types is displayed From this list you can specify the desired incoming ICMP message types you want to block Avira Professional Security User Manual Status 23 Sep 2011 140 Ro AV RA Reference Configuration options Outgoing blocked types no types several types With a mouse click on the link a list of ICMP packet types is displayed From this list you can select the desired outgoing ICMP message types you want to block Flooding With a mouse click on the link a dialog box is displayed where you can enter the maximum allowed ICMPA delay Fragmented ICMP packets With a mouse click on the link you have the choice to reject or not to reject fragmented ICMP packets TCP port scan With this rule you can define when a TCP port scan is assumed by the FireWall and what should be done in this case This rule serves for preventing so called TCP port scan attacks that result in a detection of open TCP ports on your computer This kind of attack is used to search a computer for
86. cluded a file here no longer exists In this case you should remove the name of this file from this list again Avira Professional Security User Manual Status 23 Sep 2011 92 Ro AV RA Reference Configuration options Input box In this input box you can enter the name of the file object that is not included in the on demand scan No file object is entered as the default setting 5 The button opens a window in which you can select the required file or the required path When you have entered a file name with its complete path only this file is not scanned for infection If you have entered a file name without a path all files with this name irrespective of the path or drive are not scanned Add With this button you can add the file object entered in the input box to the display window Delete The button deletes a selected entry from the list This button is inactive if no entry is selected Note If you add a complete partition to the list of the file objects only those files that are saved directly under the partition will be excluded from the scan which does not apply to files in sub directories on the corresponding partition Example File object to be skipped D D file txt Will be excluded from the scan of the System Scanner D folder file txt will not be excluded from the scan Note If you are managing the Avira program in AMC you can use variables in the path details for file exceptions You can
87. cm E 66 8 2 1 logs ioo se i c e c P 66 SE AMEN oTa aE ANE S EEN ETE E E 67 Bo MAME COMPO Ez ui ge 67 E MBUIeeULEV VEIL 70 Boel EEEC iu tr 70 8 8 2 The Windows Security Center and your Avira product eee 70 Avira Professional Security User Manual Status 23 Sep 2011 4 S AVIRA RS 9 Viruses and VON Q uecceseeseseveceeceeseseceosceeosecoeccesosscecseecccceceeceececessecesce 74 9 1 Threat catledgorlBs uicit etate aenea bu ssddna kae pal eh pasta Pe eps Ye ra Una Yd auae xRspEpe Hl Ve een ra dn VR Deoa PER eeu sana 74 9 2 Viruses and other malware cccccccccsssssssccccccccsssssssscccccccccccsssssccccccccccsscssssscceccccccscsssssceeees 77 10 Info and SBIVICB Loses cS MEINER E PPM IVINMDRIE D EM MUELPE SE E P FEM KE RE REFE E 81 10 1 Eee 81 10 2 Technical SUD DOM Lisa bise esrti ede RE RE eA E Ro naat Rue Y elisa d vrRRd Edu ugue Da en Dues ea ande pesa 81 10 3 sees pe T M 82 10 4 Reporting false POSWIVES E E 82 10 5 Your feedback for more security esesssessesssessesssesseessesseeseesseessessesseesseeseessesseessessoessessessse 82 11 Reference Configuration options ccccccccccccsccsccccccccccccccccscsccess OS 11 1 System SOS OE asso eps ase ERE vane vnye
88. d Warning This could allow viruses and unwanted programs to access your computer system Only select the Ignore option in exceptional cases Disable the preview in your mail client never open any attachments with a double click Mail Protection actions Outgoing emails Move mail to quarantine do not send The email together with all attachments is copied to Quarantine and is not sent The email remains in the outbox of your email client You receive an error message in your email program All other emails sent from your email account will be scanned for malware Block sending of mails do not send The email is not sent and remains in the outbox of your email client You receive an error message in your email program All other emails sent from your email account will be scanned for malware Ignore The affected email is sent Warning Viruses and unwanted programs can penetrate the computer system of the email recipient in this way Web Protection actions Deny access The website requested from the web server and or any data or files transferred are not sent to your web browser An error message to notify you that access has been denied is displayed in the web browser Avira Professional Security User Manual Status 23 Sep 2011 48 R AV RA Overview of Avira Professional Security Move to quarantine The website requested from the web server and or any data or files transferred are moved to quarantine The a
89. d file if it cannot be repaired Rename If this option is enabled the Realtime Protection renames the file Direct access to these files e g with double click is therefore no longer possible Files can later be repaired and given their original names again Quarantine If this option is enabled the Realtime Protection moves the file to Quarantine The files can later be repaired or if necessary sent to the Avira Malware Research Center Delete If this option is enabled the file is deleted This process is much faster than Overwrite and delete Ignore If this option is enabled access to the file is allowed and the file is left as it is Warning The affected file remains active on your workstation It may cause serious damage on your workstation Avira Professional Security User Manual Status 23 Sep 2011 101 Ro AV RA Reference Configuration options Overwrite and delete If this option is enabled the Realtime Protection overwrites the file with a default pattern and then deletes it It cannot be restored Deny access If this option is enabled the affected file is not written the Realtime Protection only enters the detection in the report file if the report function is enabled In addition the Realtime Protection writes an entry in the Event log if this option is enabled Note If you have selected Delete or Overwrite and delete as the primary or secondary action please note In the case of heurist
90. d network drives with the activated Realtime Protection You can now read the path to be used from the Realtime Protection report file The report file can be accessed in the Control Center under Local protection gt Realtime Protection If you are managing the Avira product in AMC you can use variables in the path details for process and file exceptions You can find a list of variables you can use under Variables Realtime Protection and Scanner Exceptions Examples for processes to be excluded e application exe The application exe process is excluded from the Realtime Protection scan irrespective of which hard disk drive it is located on and which directory it is in e C Program Files1l Application exe The process for the file application exe which is located under the path C Program Files1 is excluded from the Realtime Protection scan Avira Professional Security User Manual Status 23 Sep 2011 105 Ro AV RA Reference Configuration options e C Program Files1 exe All processes for executable files located under the path C Program Files1 are excluded from the Realtime Protection scan Examples for files to be excluded e mdb All files with the extension mdb are excluded from the Realtime Protection scan e xls All files with a file extension beginning x s are excluded from the Realtime Protection scan e g files with the extensions x s and x sx e C Directory log All log files with the e
91. d or removed Avira Professional Security User Manual Status 23 Sep 2011 20 R AVI RA Installation and uninstallation Avira Professional Security This module contains all components required for successful installation of your Avira product Avira Realtime Protection The Avira Realtime Protection runs in the background It monitors and repairs if possible files during operations such as open write and copy in on access mode Whenever a user carries out a file operation e g load document execute copy the Avira product automatically scans the file Renaming a file does not trigger a scan by Avira Realtime Protection e Avira ProActiv The ProActiv component monitors application actions and alerts users to suspicious application behavior This behavior based recognition enables you to protect yourself against unknown malware The ProActiv component is integrated into Avira Realtime Protection Avira Mail Protection Mail Protection is the interface between your computer and the email server from which your email program email client downloads emails Mail Protection is connected as a so called proxy between the email program and the email server All incoming emails are routed through this proxy scanned for viruses and unwanted programs and forwarded to your email program Depending on the configuration the program processes the affected emails automatically or asks the user for a certain action e Avira Web Protect
92. d specifying an entire top level domain or parts of a second level domain because there is a risk that Internet pages that distribute malware and undesirable programs will be excluded from the Web Protection scan through global specifications under exclusions You are recommended to specify at least the complete second level domain and the top level domain domainname com Heuristic This configuration section contains the settings for the heuristic of the scan engine Options available in expert mode only Avira products contain very powerful heuristics that can proactively uncover unknown malware i e before a special virus signature to combat the damaging element has been created and before a virus guard update has been sent Virus detection involves an extensive analysis and investigation of the affected codes for functions typical of malware If the code being scanned exhibits these characteristic features it is reported as being suspicious This does not necessarily mean that the code is in fact malware False positives do sometimes occur The decision on how to handle affected code is to be made by the user e g based on his or her knowledge of whether the source of the code is trustworthy or not Macrovirus heuristic Your Avira product contains a highly powerful macrovirus heuristic If this option is enabled all macros in the relevant document are deleted in the event of a repair alternatively suspect documents are only reported
93. d will open 3 5 Configuration Wizard At the end of a user defined installation the configuration wizard is opened The configuration wizard enables you to define custom settings for your Avira product gt Click Next in the welcome window of the configuration wizard to begin configuration of the program The Configure AHeAD dialog box enables you to select a detection level for the AHeAD technology The detection level selected is used for the System Scanner On demand scan and Realtime Protection On access scan AHeAD technology settings P Select a detection level and continue the installation by clicking Next In the following dialog box Select extended threat categories you can adapt the protective functions of your Avira product to the threat categories specified Where appropriate activate further threat categories and continue the installation by clicking Next f you have selected the Avira FireWall installation module the Default rules for accessing the network and using network resources dialog box appears You can define whether the Avira FireWall should permit external access to enabled resources as well as network access by applications of trusted companies gt Enable the required options and continue the configuration by clicking Next f you have selected the Avira Realtime Protection installation module the Realtime Protection start mode dialog box appears You can stipulate the Realtime Protec
94. dard servers indicated will be used The format for the address of the web server is as follows http address of web server gt Port update lf you do not specify a port port 80 will be used Default server Enter the addresses URL of the web servers from which the updates and the required update directory update are to be loaded The format for the address of the web server is as follows http address of the web server Port update If you do not specify a port port 80 will be used By default the accessible Avira web servers are specified for updating You can however use your own web servers on the company intranet If a number of web servers are specified separate each one by a comma Default The button restores the predefined addresses Proxy settings Proxy server Do not use a proxy server If this option is enabled your connection to the web server is not established via a proxy server Use proxy system settings When the option is enabled the current Windows system settings are used for the connection to the web server via a proxy server Configure the Windows system settings to use a proxy server under Control panel gt Internet options gt Connections LAN settings You can also access the Internet options in the Extras menu in Internet Explorer Warning If you are using a proxy server which requires authentication enter all the required data under the option Use this proxy server The Use proxy
95. detected log attacker s IP and don t add rule to block the attack Medium Assume a TCP Port Scan if 50 or more ports were scanned in 5 000 milliseconds When detected log attacker s IP and add rule to block the attack High Same rule as for Medium level Ports With a mouse click on the link a dialog box appears in which you can enter the number of ports that must have been scanned so that a TCP port scan is assumed Port scan time window With a mouse click on this link a dialog box appears in which you can enter the time span for a certain number of port scans so that a TCP port scan is assumed Event database With a mouse click on the link you have the choice between log and don t log the attacker s IP address Avira Professional Security User Manual Status 23 Sep 2011 121 Ro AV RA Reference Configuration options Rule With a mouse click on the link you have the choice between add and don t add the rule to block the TCP port scan attack UDP Port Scan With this rule you can define when a UDP port scan is assumed by the FireWall and what should be done in this case This rule prevents so called UDP port scan attacks that result in a detection of open UDP ports on your computer This kind of attack is used to search a computer for weak spots and is often followed by more dangerous attack types Predefined rules for the UDP Port Scan Setting Rules Low Assume a UDP port scan if 50 o
96. drives Do not specify any exceptions for processes where the executable files are located on dynamic drives Dynamic drives are used for removable disks such as CDs DVDs or USB sticks Warning Please note that all file accesses by processes recorded in the list are excluded from the scan for viruses and unwanted programs The Windows Explorer and the operating system itself cannot be excluded A corresponding entry in the list is ignored L The button opens a window in which you can select an executable file Processes The Processes button opens the Process selection window in which the running processes are displayed Add With this button you can add the process entered in the input box to the display window Avira Professional Security User Manual Status 23 Sep 2011 103 Ro AV RA Reference Configuration options Delete With this button you can delete a selected process from the display window File objects to be omitted by the Realtime Protection All file accesses to objects in this list are excluded from monitoring by the Realtime Protection Input box In this box you can enter the name of the file object that is not included in the on access scan No file object is entered as the default setting The entries in the list must have no more than 6000 characters in total When specifying file objects to be omitted you can use the wildcards any number of characters and a single character
97. duct update you can configure further restart notification and cancellation options under Restart settings Options available in expert mode only 11 4 2 Restart settings When a product update for your Avira product is performed you may have to restart your computer system If you have selected automatic product updates under Local protection gt Update Product update you can choose between the different restart notification and restart cancellation options under Restart settings Options available in expert mode only Note Note that your restart settings allow you to choose between two options for executing a product update requiring a computer restart in the configuration under Local protection Update Product update Download and install product updates automatically The update and the restart are performed while users are working on their computers If you have enabled this option it may be useful to select restart routines with a cancel option or reminder function Download product updates If a restart is necessary install the update after the system restart otherwise install it immediately the update and the restart are performed after users have started up their computers and logged in Automatic restart routines are recommended for this option Restart the computer after n Seconds with countdown messages cannot be canceled If this option is enabled the restart which is necessary after a product update has
98. e Control Center go to the PC protection gt System Scanner section gt Select the scan profile for which you want to create a shortcut gt Click the icon The desktop shortcut is created 4 2 15 Filter events Events that have been generated by program components of your Avira product are displayed in the Control Center under Administration gt Events analogous to the event display of your Windows operating system The program components in alphabetical order are the following e FireWall e Helper Service e Mail Protection e Realtime Protection e Scheduler e System Scanner e Updater e Web Protection The following event types are displayed e Information e Warning e Error e Detection To filter displayed events gt Inthe Control Center select the section Administration gt Events gt Check the box of the program components to display the events of the activated components OR Avira Professional Security User Manual Status 23 Sep 2011 54 AV RA Overview of Avira Professional Security Uncheck the box of the program components to hide the events of the deactivated components gt Check the event type box to display these events OR Uncheck the event type box to hide these events 4 2 16 Exclude email addresses from scan To define which email addresses senders are excluded from the Mail Protection scan white listing gt Go to Control Center and select the sect
99. e indicated size minus 50 kilobytes is reached Back up report file before shortening If this option is enabled the report file is backed up before shortening For the save location see Report directory Write configuration to report file If this option is enabled the configuration of the on access scan is recorded in the report file Note If you have not specified any report file restriction a new report file is automatically created when the report file reaches 100MB A backup of the old report file is created Up to three backups of old report files are saved The oldest backups are deleted first 11 3 Variables Realtime Protection and System Scanner exceptions If your Avira product is managed with AMC you may use variables to configure exceptions for the Realtime Protection and the System Scanner When saving the configuration on the managed system the variables are automatically replaced by true values corresponding to the operating system and its language The following variables may be used Avira Professional Security User Manual Status 23 Sep 2011 111 S AVIRA Reference Configuration options Variable Windows XP 32 Bit Windows 7 32 Bit Windows 7 64 Bit English English English SWINDIRS C Windows C Windows C Windows SSYSDIR C Windows Syste C Windows System3 C Windows System3 m32 2 2 SALLUSERSPROFI C Documents and C ProgramData C ProgramDat
100. e not a privileged user you can see only the user currently logged on Application This table shows the list of applications for which rules are defined The application list contains the settings of each application that was executed and had a rule saved since the Avira FireWall was installed Normal view Column Description Application Name of the application Active Number of active connections opened by the application Connections Avira Professional Security User Manual Status 23 Sep 2011 131 S AVIRA Action Reference Configuration optio Shows the action that the Avira FireWall will automatically take when the application is using the network whatever the network usage type is With a mouse click on the link you can switch to another action type The action types are Ask Allow or Deny Ask is the default action ns Advanced configuration If the network accesses of an application require individual rules you can create the application rules based on packet filters in the same way as you created the adapter rules gt To change to the advanced configuration of the application rules first activate the Expert mode option in the Configuration window gt Then go to Configuration gt Online protection gt FireWall gt Settings and enable the Advanced settings option under Application rules gt Save the setting by clicking Apply or OK Under Configuration gt
101. eWall monitors and regulates incoming and outgoing data traffic on your computer system and protects you from a wide range of attacks and threats from the Internet Incoming or outgoing data traffic or listening to ports will be allowed or denied based on security guidelines You will receive a desktop notification if Avira FireWall denies network activity and thus blocks network connections The following options are available for Avira FireWall settings by setting a security level in the Control Center You can define a security level in the Control Center The low medium and high security levels each contain several complementary security rules based on packet filters These security rules are saved as predefined adapter rules in the Configuration under FireWall gt Adapter rules by saving actions in the Network event window When an application first tries to create a network or Internet connection the Network Event popup window appears The Network Event window allows the user to choose whether the network activity of the application is allowed or denied If the Save Action for this application option is enabled the action is created as an application rule and is saved in the configuration under FireWall gt Application Rules Saving the actions in the Network event window gives you a set of rules for the network activities of applications Note For applications from trusted vendors network access is allowed by default unless an adapt
102. eassivansion AVR VRAR RYE V UR a VSIRER PRVE UR PR YR vata te VAS GRAN VER ER USER QUA U UY RUS 83 BNET M 83 111 2 Repor soon neosu prix aiiai ieties Rees ton OE ONU NESSUN DONI RUNI 94 Jue El l niwjeere jT c 95 BEES gets esswsnsyconannan e aae tyua hun a iea ieta aoaea ade onahievepowlehdyvebuanssotuehyveniavueniahiooeneanuvetien 95 aa ee TA O iN AE EE EE AA E E 107 IE E Eoo a E S E E A E A E E 110 11 3 Variables Realtime Protection and System Scanner exceptions 111 QE dise a r P S 112 TEAT Vobis ERU NE 114 11 42 Restant SEMIS ER SaE S n 115 1143 EE au mM 116 mr WE eer 117 Tees FINO I 119 DERE CCo secerneren seeren eree ees Eeee eE SRE SEE NESER eE EETAS EEEE S EEE RE EEEE EEE EER EREE E EESE 119 11 52 Coeur TUES m E ieaS t is 131 BE cM cobi eo mprE M 134 D1 As SOUT S mer PP gawk 135 11 5 5 TODOS SINGS aco ife sue tH EUR RUTRUM OLD HE VIDI EE HQ TO RA FOU OLHL PUEDE O RH ODE UPUAT UR ar 137 UEM Eupsdcl Pe 138 161 General Settings Umm 138 11 6 2 Incoming RUlESsiseissserciiicrettissrcecessersseriscisierses m 143 Thbos Application MISE vars sassenessarnadgsarrandaaieabis a a A e EN E NOS RN 151 EST TRUSTER WETS Rm 152 116 5
103. eceive the following message W Virus Protection ON Avira Desktop reports that it is up to date and virus scanning is on Antivirus software helps protect your computer against viruses and other security threats How does antivirus software help protect my computer Your Avira product is now up to date and the Avira Realtime Protection is enabled Virus protection OFF You receive the following message if you disable the Avira Realtime Protection or stop the Realtime Protection service Avira Professional Security User Manual Status 23 Sep 2011 72 A AVIRA s 90 s Avira Desktop reports that it is turned off Antivirus software helps protect your computer against viruses and other security threats Click Recommendations for suggested actions you can take How does antivirus software help protect my computer Note Windows does not detect all antivirus programs Recommendations Note You can enable or disabled Avira Realtime Protection in the Overview gt Status section of the Control Center You can also see that the Avira Realtime Protection is enabled if the red umbrella in your taskbar is open Virus protection NOT MONITORED If you receive the following message from the Windows Security Center you have decided that you want to monitor your anti virus software yourself Note This function is not supported by Windows Vista You ve told us you re using antivirus software that you will monitor yourself
104. ection individually The Updater automatically detects which connection options are available Connection options that are not available are grayed out and cannot be activated A dial up connection can be established manually via a phone book entry in Windows for example User Enter the user name of the selected account Password Enter the password for this account For security reasons the actual characters you type in this space are replaced by asterisks Note If you have forgotten an existing Internet account name or password contact your Internet Service Provider Note The automatic dial up of the updater through so called dial up tools e g SmartSurfer Oleco etc is currently not yet available Terminate a dial up connection that was set up for the update If this option is enabled the dial up connection made for the update is automatically interrupted again as soon as the download has been successfully performed Note This option is not available under Vista and Windows 7 Under these operating systems the dial up connection opened for the update is always terminated as soon as the download has been performed Download Avira Professional Security User Manual Status 23 Sep 2011 117 Ro AV RA Reference Configuration options Priority server In this field enter the update directory and URL of the web server that will first be requested to provide the update If this server cannot be reached the stan
105. ections Repair The file is repaired Avira Professional Security User Manual Status 23 Sep 2011 45 R AV RA Overview of Avira Professional Security This option is only available if the infected file can be repaired Rename The file is renamed with a vir extension Direct access to these files e g with double click is therefore no longer possible Files can be repaired and given their original name at a later time Quarantine The file is packaged into a special format qua and moved to the Quarantine directory INFECTED on your hard disk so that direct access is no longer possible Files in this directory can be repaired in Quarantine at a later data or if necessary sent to Avira Delete The file will be deleted This process is much quicker than Overwrite and delete If a boot sector virus is detected this can be deleted by deleting the boot sector A new boot sector is written Ignore No further action is taken The infected file remains active on your computer Overwrite and delete The file is overwritten with a default template and then deleted It cannot be restored Warning This could result in loss of data and damage to the operating system Only select the Ignore option in exceptional cases Always ignore Action option for Realtime Protection detections No further action is taken by Realtime Protection Access to the file is permitted All further access to this file is permitted and no
106. eneral Directories Report directory Write configuration in report file If this option is enabled the Mail Protection configuration is recorded in the report file Note If you have not specified any report file restriction a new report file is automatically created when the report file reaches 100MB A backup of the old report file is created Up to three backups of old report files are saved The oldest backups are deleted first 11 9 General 11 9 1 Threat categories Selection of extended threat categories Options available in expert mode only Your Avira product protects you against computer viruses In addition you can scan according to the following extended threat categories e Adware e Adware Spyware e Application e Backdoor Clients e Dialer e Double Extension Files e Fraudulent software e Games e Jokes e Phishing e Programs that violate the private domain Avira Professional Security User Manual Status 23 Sep 2011 173 Ro AV RA Reference Configuration options e Unusual runtime packers By clicking on the relevant box the selected type is enabled check mark set or disabled no check mark Select all If this option is enabled all types are enabled Default values This button restores the predefined default values Note If a type is disabled files recognized as being of the relevant program type are no longer indicated No entry is made in the report file 11 9 2 Password
107. ensively as the scan profile Scan for rootkits but it is significantly quicker to perform Avira Professional Security User Manual Status 23 Sep 2011 85 Ro AV RA Reference Configuration options Note The rootkits scan is not available for Windows XP 64 bit Scan Registry If this option is enabled the Registry is scanned for references to malware Ignore files and paths on network drives If this option is enabled network drives connected to the computer are excluded from the on demand scan This option is recommended when the servers or other workstations are themselves protected with anti virus software This option is disabled as the default setting Scan process Allow stopping the Scanner If this option is enabled the scan for viruses or unwanted programs can be terminated at any time with the button Stop in the Luke Filewalker window If you have disabled this setting the Stop button in the Luke Filewalker window has a gray background Premature ending of a scan process is thus not possible This option is enabled as the default setting Scanner priority With the on demand scan the System Scanner distinguishes between priority levels This is only effective if several processes are running simultaneously on the workstation The selection affects the scanning speed low The System Scanner is only allocated processor time by the operating system if no other process requires computation time i e a
108. enu of the tray icon Avira Professional Security User Manual Status 23 Sep 2011 58 CS AVIRA Update Updates can be obtained from the Internet via a proprietary web server or via a web or file server on an intranet which downloads the update files from the Internet and makes them available to other computers on the network This is useful if you want to update Avira products on more than one computer in a network A download server on an intranet can be used to ensure Avira products are up to date on the protected computers using a minimum of resources To set up a functioning download server on an intranet you need a server that is compatible with the update structure of your Avira product Note You can use Avira Update Manager file server or web server in Windows as a web server or file server in the intranet Avira Update Manager mirrors the download servers of Avira products and can be obtained from the Avira website on the Internet http www avira com When a web server is used the HTTP protocol is used for the download When using a file server access to the update file is provided via the network You can configure the connection to the web server or file server in the Configuration under General Update The default configuration uses the existing Internet connection as the connection to the Avira web servers Avira Professional Security User Manual Status 23 Sep 2011 59 CG AVIRA rewal 7 Firewall Avira Fir
109. ep 2011 66 CS AVIRA Enter Start command for the active option or button FAQ Tips 8 2 2 In the help Shortcut Description Alt Space Display system menu Alt Tab Shift between the help and the other opened windows Alt F4 Close help Shift F10 Display context menu of the help Ctrl Tab Go to next section in the navigation window Ctrl Shift Tab Go to previous section in the navigation window Page up Change to the subject which is displayed above in the contents in the index or in the list of the search results Page down Change to the subject which is displayed below the current subject in the contents in the index or in the list of the search results Page up Browse through a subject Page down 8 2 3 In the Control Center General Shortcut Description F1 Display help Alt F4 Close Control Center Avira Professional Security User Manual Status 23 Sep 2011 67 S AVIRA F5 Refresh F8 Open configuration F9 Start update Scan section Shortcut Description F2 Rename selected profile F3 Start scan with the selected profile F4 Create desktop link for the selected profile Ins Create new profile Del Delete selected profile FireWall section Shortcut Description Return Properties Quarantine section Shortcut Description F2 Rescan o
110. er names and passwords or PINs and TANs of online banking accounts With the stolen access details the phishers can assume the identities of the victims and carry out transactions in their name What is clear is that banks and insurance companies never ask for credit card numbers PINs TANs or other access details by email SMS or telephone Polymorph viruses Polymorph viruses are the real masters of disguise They change their own programming codes and are therefore very hard to detect Program viruses A computer virus is a program that is capable of attaching itself to other programs after being executed and cause an infection Viruses multiply themselves unlike logic bombs and Trojans In contrast to a worm a virus always requires a program as host where the virus deposits its virulent code The program execution of the host itself is not changed as a rule Avira Professional Security User Manual Status 23 Sep 2011 79 R AV RA Viruses and more Rootkits A rootkit is a collection of software tools that are installed after a computer system has been infiltrated to conceal logins of the infiltrator hide processes and record data generally speaking to make themselves invisible They attempt to update already installed spy programs and reinstall deleted spyware Script viruses and worms Such viruses are extremely easy to program and they can spread if the required technology is on hand within a few hours via email
111. er rule prohibits network access You have the option of removing providers from the list of trusted vendors by creating adapter and application rules in the Configuration You can alter predefined adapter rules or create new adapter rules in the Configuration The security level of the FireWall is automatically set to the value User if you add or change adapter rules Application rules allow you to define monitoring rules specified for applications You can use simple application rules to define whether all network activities of a software application are to be denied or allowed or whether they are to be handled by means of the Network Event popup window In the advanced configuration of the Application rules setting you can define different packet filters for an application which are executed as specified application rules Avira Professional Security User Manual Status 23 Sep 2011 60 S AVIRA FAQ Tips FAQ Tips This chapter contains important information on troubleshooting and further tips on using your Avira product e See Chapter Help in case of a problem e See Chapter Shortcuts e See Chapter Windows Security Center 8 1 Help in case of a problem Here you will find information on causes and solutions of possible problems The error message The license file cannot be opened appears The error message Connection failed while downloading the file appears when attempting to start an update Viruses and malware cann
112. er rules have been modified Note The default security level setting for all predefined rules of the Avira FireWall is Medium To define the security level for the FireWall gt Go to the Control Center and select the section Internet protection gt FireWall Move the slider to the required security level The selected security level is applied immediately Avira Professional Security User Manual Status 23 Sep 2011 56 Ro AV l RA System Scanner 5 System Scanner With the System Scanner component you can carry out targeted scans on demand scans for viruses and unwanted programs The following options are available for scanning for infected files System scan via context menu The system scan via the context menu right hand mouse button entry Scan selected files with Avira is recommended if for example you wish to scan individual files and directories Another advantage is that it is not necessary to first start the Control Center for a system scan via the context menu System scan via drag amp drop When a file or directory is dragged into the program window of the Control Center the System Scanner scans the file or directory and all sub directories it contains This procedure is recommended if you wish to scan individual files and directories that you have saved for example on your desktop System scan via profiles This procedure is recommended if you wish to regularly scan certain directories and driv
113. es e g your work directory or drives on which you regularly store new files You do not then need to select these directories and drives again for every new scan you simply select using the relevant profile See System scan via profiles System scan via the Scheduler The Scheduler enables you to carry out time controlled scans See System scan via the Scheduler Special processes are required when scanning for rootkits boot sector viruses and when scanning active processes The following options are available Scan for rootkits via the scan profile Scan for Rootkits and active malware Scan active processes via the scan profile Active processes Scan for boot sector viruses via the menu command Boot records scan in the menu Extras Avira Professional Security User Manual Status 23 Sep 2011 57 CG AVIRA Updates 6 Updates The effectiveness of anti virus software depends on how up to date the program is in particular the virus definition file and the scan engine To carry out regular updates the Updater component is integrated into your Avira product The Updater ensures that your Avira product is always up to date and able to deal with the new viruses that appear every day Updater updates the following components e Virus definition file The virus definition file contains the virus patterns of the harmful programs which are used by your Avira product to scan for viruses and malware and repair infected objects e
114. es and unwanted programs by the Mail Protection Only select this item if you are certain you know what you are doing Disable the preview in your email program never open attachments by double clicking Further actions This configuration section contains further settings for actions performed when Mail Protection finds a virus or unwanted program in an email or in an attachment Options available in expert mode only Note These actions are performed exclusively when a virus is detected in incoming emails Avira Professional Security User Manual Status 23 Sep 2011 168 Ro AV RA Reference Configuration options Default text for deleted and moved emails The text in this box is inserted in the email as a message instead of the affected email You can edit this message A text may contain a maximum of 500 characters You can use the following key combination for formatting Ctrl Enter inserts a line break Default The button inserts a pre defined default text in the edit box Default text for deleted and moved attachments The text in this box is inserted in the email as a message instead of the affected attachment You can edit this message A text may contain a maximum of 500 characters You can use the following key combination for formatting Ctrl Enter inserts a line break Default The button inserts a pre defined default text in the edit box Heuristic This configuration section contains the settings fo
115. essional Security User Manual Status 23 Sep 2011 137 Ro AV RA Reference Configuration options Show details on demand If this option is enabled the detailed information is only displayed in the Network event window on request i e the detailed information is displayed by clicking on the Show details button in the Network event window Always show details If this option is enabled detailed information is always displayed in the Network event window Remember last used state If this option is enabled the display of detailed information is managed in the same way as for the previous network event If detailed information was displayed or accessed during the last network event detailed information is displayed for the following network event If detailed information was hidden and not displayed during the last network event detailed information is not displayed for the following network event 11 6 Firewall under SMC The FireWall is configured to meet the specific requirements of administration through the Avira Management Console Extended options and restrictions exist for individual configuration options e The FireWall settings apply to all users of the client computer e Adapter rules Security levels for individual adapters can be set using context menus e Application rules Network access by applications can be allowed or denied There is no way of creating specific application rules If your Avira product
116. etected by the FireWall Applications blocked If the option is activated you will receive a desktop notification if the FireWall has denied i e blocked network activity by an application IP blocked If the option is activated you will receive a desktop notification if the FireWall has denied i e blocked data traffic from an IP address Application rules The application rules options are used to set the configuration options for application rules in the FireWall Application rules section Advanced settings If this option is enabled you can regulate different network accesses of an application on an individual basis Basic settings If this option is enabled only one action can be set for different network accesses of the application Avira Professional Security User Manual Status 23 Sep 2011 136 Ro AV RA Reference Configuration options 11 5 5 Popup settings Options available in expert mode only Inspect process launch stack If this option is enabled the process stack inspection allows a more accurate control The FireWall will assume that any of the untrustworthy processes in the stack may actually be the one accessing the network through its child process Therefore a different popup window will be opened for each untrustworthy process in the process stack This option is disabled as the default setting Allow multiple popups per process If this option is enabled every time an application is making a net
117. etection AHeAD enable AHeAD Your Avira program contains a very powerful heuristic in the form of Avira AHeAD technology which can also detect unknown new malware If this option is enabled you can define how aggressive this heuristic should be This option is enabled as the default setting Low detection level If this option is enabled slightly less unknown malware is detected the risk of false alerts is low in this case Medium detection level This option is enabled as the default setting if you have selected the use of this heuristic High detection level If this option is enabled significantly more unknown malware is detected but there are also likely to be false positives 11 1 2 Report The System Scanner has a comprehensive reporting function You thus obtain precise information on the results of an on demand scan The report file contains all entries of the system as well as alerts and messages of the on demand scan Options available in expert mode only Note To be able to establish what actions the System Scanner has performed when viruses or unwanted programs have been detected you should activate the report file in the expert mode configuration Reporting Avira Professional Security User Manual Status 23 Sep 2011 94 Ro AV RA Reference Configuration options Off If this option is enabled the System Scanner does not report the actions and results of the on demand scan Default
118. ext The dialog box Time of job appears Select a time for the update Immediately Daily Weekly Interval Single Login Note We recommend regular and frequent updates The recommended update interval is 60 minutes Where appropriate specify a date according to the selection Where appropriate select additional options availability depends on type of job Repeat job if time has expired Past jobs are performed that could not be performed at the required time for example because the computer was switched off Start job while connecting to the Internet connection dial up In addition to the defined frequency the job is performed when an Internet connection is set up Click Next The dialog box Select display mode appears Select the display mode of the job window Invisible No job window Minimize progress bar only Maximize Entire job window Click Finish Your newly created job appears on the start page of the Administration gt Scheduler section with the status enabled check mark Where appropriate deactivate jobs that are not to be performed the following icons to further define your jobs Avira Professional Security User Manual Status 23 Sep 2011 38 RR AV RA Overview of Avira Professional Security View properties of a job Editjob i Delete job Start job E Stop job 4 2 3 Start a manual update You have various options for starting an update manually When an update is
119. ey combinations for formatting the message Shortcut Description Ctrl Inserts a tab The current line is indented by several Tab characters to the right Ctrl Inserts a line break Enter The message can include wildcards for information found during the search These wildcards are replaced by the actual text when sent The following wildcards can be used Avira Professional Security User Manual Status 23 Sep 2011 181 Ro AV RA Reference Configuration options Wildcard Description SVIRUS contains the name of the detected virus or of the unwanted program SFILES contains the path and file name of the affected file SCOMPUTER contains the name of the computer on which the Realtime Protection is running SNAMES contains the name of the user who accessed the affected file SACTIONS contains the action performed after the detection of the virus SMACADDR contains the MAC address of the computer on which the Realtime Protection is running Default The button restores the predefined default text for an alert System Scanner network alerts Enable network alerts If this option is enabled network alerts are sent This option is disabled as the default setting Note To be able to activate this option at least one recipient must be entered under Configuration gt General gt Alerts gt Network Message to be sent The window shows the message sent to
120. f is delivered Move attachment to quarantine If this option has been activated the affected attachment is moved to quarantine and then deleted replaced by a default text The body of the email is delivered The affected attachment can later be delivered via the quarantine manager Ignore If this option is enabled an affected email is delivered despite detection of a virus or unwanted program Default This button allows you to select an action that is activated in the dialog box by default when a virus is detected Select the action that should be activated by default and click on the Default button Automatic If this option is enabled you are no longer notified when a virus or unwanted program is found Mail Protection reacts according to the settings you define in this section Affected emails The action chosen for Affected emails is performed when the Mail Protection finds a virus or an unwanted program in an email If the option Ignore is selected it is also possible under Affected attachments to select the process for dealing with a virus or unwanted program detected in an attachment Delete If this option is enabled the affected email is automatically deleted if a virus or unwanted program is found The body of the email is replaced by the default text given below The same applies to all attachments included these are also replaced by a default text Avira Professional Security User Manual Status
121. ffected file can be recovered from quarantine manager if it has an informative value or if necessary sent to the Avira Malware Research Center Ignore The website requested from the web server and or the data and files that were transferred are forwarded on by Web Protection to your web browser Warning This could allow viruses and unwanted programs to access your computer system Only select the Ignore option in exceptional cases Note We recommend that you move any suspicious file that cannot be repaired to quarantine Note You can also send files reported by the heuristic to us for analysis For example you can upload these files to our website http www avira com sample upload You can identify files reported by the heuristic from the designation HEUR or HEURISTIC that prefixes the file name e g HEUR testtile 4 2 10 Handling quarantined files qua To handle quarantined files gt Inthe Control Center select the section Administration gt Quarantine section gt Check which files are involved so that if necessary you can reload the original back onto your computer from another location If you want to see more information on a file gt Highlight the file and click on The dialog box Properties appears with more information on the file If you want to rescan a file Avira Professional Security User Manual Status 23 Sep 2011 49 Ro AV RA Overview of Avira Professional Securi
122. files image for graphics files video for video files audio for sound files application for files linked to a particular program Examples of excluded file and MIME types application octet stream application octet stream MIME type files executable files bin exe com dll class are blocked by Web Protection application olescript application olescript MIME type files ActiveX script files axs are blocked by Web Protection exe All files with the extension exe executable files are blocked by Web Protection msi All files with the extension msi Windows Installer files are blocked by Web Protection Add The button allows you to copy MIME and file types from the input field into the display window Delete The button deletes a selected entry from the list This button is inactive if no entry is selected Web Filter The web filter is based on an internal database updated daily that classifies URLs according to content Activate web filter When the option is enabled all URLs matching the selected categories in the Web filter list are blocked Web filter list In the Web filter list you can select the content categories whose URLs are to be blocked by Web Protection Avira Professional Security User Manual Status 23 Sep 2011 159 Ro AV RA Reference Configuration options Note The Web filter is ignored for entries in the list of excluded URLs under Web Protection
123. fined IP packages IP address By clicking on this link with the mouse a dialog box opens in which you can enter the required IPv4 or IPv6 address IP mask By clicking on this link with the mouse a dialog box opens in which you can enter the required IPv4 or IPv6 mask Avira Professional Security User Manual Status 23 Sep 2011 149 Ro AV RA Reference Configuration options Report file By clicking on the link with the mouse you can decide whether to write to a report file or not if the package complies with the rule Incoming IP Protocol rule IP packages By clicking on the link with the mouse you can decide whether you want to accept or reject specially defined IP packages IP address By clicking on this link with the mouse a dialog box opens in which you can enter the required IPv4 or IPv6 address IP mask By clicking on this link with the mouse a dialog box opens in which you can enter the required IPv4 or IPv6 mask Protocol By clicking on this link with the mouse a dialog box opens in which you can enter the required IP protocol Report file By clicking on the link with the mouse you can decide whether to write to a report file or not if the package complies with the rule Outgoing Rules Outgoing rules are defined to control outgoing data traffic by the Avira FireWall You can define an outgoing rule for one of the following protocols IP ICMP UDP and TCP See Add new rule Warning When a packet
124. following dialog box you can complete the configuration by clicking Finish The specified and selected settings are accepted f you have enabled the Short system scan option the Luke Filewalker window opens The Scanner performs a short system scan gt If after the scan you are asked to restart your computer click Yes to ensure that your system is fully protected After a successful installation we recommend that you check whether the program is up to date in the Status field of the Control Center gt If your Avira product shows that your computer is not secure click Fix problem The dialog Restore protection opens gt Activate the preset options in order to maximize the security of your system gt If appropriate perform a complete system scan afterwards 3 6 Change installation You have the option of adding or removing individual program components of the current Avira product installation see Chapter Installation and uninstallation gt Installation modules If you wish to add or remove modules of the current installation you can use the option Add or Remove Programs in the Windows control panel to Change Remove programs Select your Avira product and click Change In the Welcome dialog of the program select the option Modify You will be guided through the installation changes 3 7 Installation modules In a user defined installation or a change installation the following installation modules can be selected adde
125. further notifications will be provided until the computer is restarted or the virus definition file is updated Copy to quarantine Action option for a rootkits detection The detection is copied to quarantine Repair boot sector Download repair tool Action options when infected boot sectors are detected A number of options are available for repairing infected diskette drives If your Avira product is unable to perform the repair you can download a special tool for detecting and removing boot sector viruses Avira Professional Security User Manual Status 23 Sep 2011 46 Ro AV l RA Overview of Avira Professional Security Note If you carry out actions on running processes the processes in question are terminated before the actions are performed Actions of the Realtime Protection for detections made by the ProActiv component notification of suspicious actions of an application Trusted program The application continues to run The program is added to the list of permitted applications and is excluded from monitoring by the ProActiv component When adding to the list of permitted applications the monitoring type is set to Content This means that the application is only excluded from monitoring by the ProActiv component if the content remains unchanged see Configuration Realtime Protection gt ProActiv gt Application filter Permitted applications Block program once The application is blocked i e the application i
126. h a double click and following the relevant instructions on the screen Note The Avira Professional Security License Manager automatically copies the corresponding license in the relevant product folder If a license already exists a note appears as to whether the existing license file is to be replaced In this case the existing file is overwritten by the new license file Avira Professional Security User Manual Status 23 Sep 2011 12 S AVIRA Installation and uninstallation 3 Installation and uninstallation 3 1 Overview This chapter contains information relating to the installation and uninstallation of your Avira product see Chapter see Chapter see Chapter see Chapter see Chapter see Chapter see Chapter see Chapter Pre Setup Requirements preparing the computer for installation Express installation Standard installation according to default settings Custom installation Configurable installation Configuration Wizard Change installation Installation modules Uninstallation Uninstall Installation and uninstallation on the network 3 1 1 Installation types During installation you can select a setup type in the installation wizard Express Standard components will be installed The program files are installed into a specified default folder under C Program Files Your Avira product is installed with default settings You have the option of defining custom settings using the configuration w
127. he Edit button opens the Email template window in which you can configure the notification for the End of scan event You have the option of inserting text for the subject line and body of the email You can use variables for this purpose see Email Template Add report file as attachment If this option is enabled the current report file of the System Scanner component is added to the email as an attachment when sending System Scanner notifications Recipient s Enter the email address es of the recipient s in this box The individual addresses are separated by commas The maximum length of all addresses together i e the total character string is 260 characters Updater email alerts The Updater component can send notifications by email to one or more recipients for specific events Email alerts If this option is enabled the Update component sends email messages with the most important data when a specific event occurs This option is disabled as the default setting Email messages for the following events Avira Professional Security User Manual Status 23 Sep 2011 185 Ro AV RA Reference Configuration options No update necessary Your program is up to date If this option is enabled an email is sent if the Updater has successfully made a connection to the download server but there are no new files available on the server This means that your Avira product is up to date Edit The Edit button opens the E
128. he Email template window in which you can configure the notification for an Update failed event You have the option of inserting text for the subject line and body of the email You can use variables for this purpose see Email Template Add report file as attachment If this option is enabled the current report file of the Updater component is added to the email as an attachment when sending Updater notifications Avira Professional Security User Manual Status 23 Sep 2011 186 Ro AV RA Reference Configuration options Recipient s Enter the email address es of the recipient s in this box The individual addresses are separated by commas The maximum length of all addresses together i e the total character string is 260 characters Note Alerts are always sent by email for the following events if an SMTP server and a recipient address have been configured for Updater notifications A product update is required for every further update of the program An update of the scanning engine or of the virus definition file could not be performed as a product update is necessary These alerts are sent irrespective of your email warning settings for the Update component Email template In the Email template window you can configure the email notifications for the individual components to the enabled events You can insert text of up to a maximum of 128 characters in the subject line and up to a maximum of 1024 characters in t
129. he message field The following variables can be used in the email subject and email message Globally acceptable variables Variable Value Windows The email notifications component supports all environment Windows environment variables variables SYSTEM IP IP address of the computer SFQDN Fully qualified domain name STIMESTAMPS Event time stamp Time and date format as per the language settings of the operating system SCOMPUTERNAME NetBIOS computer name SUSERNAME Name of user accessing the component Avira Professional Security User Manual Status 23 Sep 2011 187 S AVIRA Reference Configuration options PRODUCTVER Product version PRODUCTNAME Product name SMODULENAME Name of the component sending the email SMODULEVERS Version of the component sending the email Specific component variables Variable Value Component emails SENGINEVERS Version of scan engine used Realtime Protection System Scanner SVDFVER Z Version of virus definition file Realtime used Protection System Scanner SOURCE Fully qualified file name Realtime Protection VIRUSNAME Name of the virus or unwanted Realtime program Protection LACTIONS Action performed after the Realtime detection Protection SMACADDR amp MAC address of the first Realtime registered network card Protection Avira Professional Security User Manual Status
130. he option Secondary action can only be selected if the setting Repair was selected under Primary action With this option it can now be decided what is to be done with the affected file if it cannot be repaired Rename If this option is enabled the System Scanner renames the file Direct access to these files e g with double click is therefore no longer possible Files can later be repaired and given their original names again Avira Professional Security User Manual Status 23 Sep 2011 89 Ro AV RA Reference Configuration options Quarantine If this option is enabled the System Scanner moves the file to Quarantine These files can later be repaired or if necessary sent to the Avira Malware Research Center Delete If this option is enabled the file is deleted This process is much faster than overwrite and delete Ignore If this option is enabled access to the file is allowed and the file is left as it is Warning The affected file remains active on your workstation It may cause serious damage on your workstation Overwrite and delete If this option is enabled the System Scanner overwrites the file with a default pattern and then deletes wipes it It cannot be restored Note If you have selected Delete or Overwrite and delete as the primary or secondary action you should note the following In the case of heuristic hits the affected files are not deleted but are instead moved to quarantine
131. he option Secondary action can only be selected if the setting Repair was selected under Primary action Avira Professional Security User Manual Status 23 Sep 2011 88 Ro AV RA Reference Configuration options Repair If this option is enabled the System Scanner repairs affected files automatically If the System Scanner cannot repair an affected file it carries out the action selected under Secondary action Note An automatic repair is recommended but means that the System Scanner modifies files on the workstation Rename If this option is enabled the System Scanner renames the file Direct access to these files e g with double click is therefore no longer possible Files can later be repaired and given their original names again Quarantine If this option is enabled the System Scanner moves the file to the quarantine These files can later be repaired or if necessary sent to the Avira Malware Research Center Delete If this option is enabled the file is deleted This process is much faster than overwrite and delete Ignore If this option is enabled access to the file is allowed and the file is left as it is Warning The affected file remains active on your workstation It may cause serious damage on your workstation Overwrite and delete If this option is enabled the System Scanner overwrites the file with a default pattern and then deletes it It cannot be restored Secondary action T
132. he type of packages dispatched by the VPN software so called GRE packets do not fit into the other categories and therefore they are filtered by this rule Replace the rule Deny all IP packets with two new rules which will deny the TCP and UPD packets In this way there is the possibility to allow packets of other protocols An email sent via a TSL connection has been blocked by Mail Protection Reason Transport Layer Security TLS encryption protocol for data transfers on the Internet is not supported by Mail Protection at this time The following options are available for sending the email gt Use a different port from port 25 which is used by SMTP This will bypass monitoring by Mail Protection gt Turn off the TSL encrypted connection and disable TSL support in your email client P Disable temporarily monitoring of outgoing emails by Mail Protection in the configuration under Mail Protection gt Scan Webchat is not operational Chat messages are not displayed data are being loaded in the browser This phenomenon may occur during chats which are based on the HTTP protocol with transfer encoding chunked Reason Web Protection checks the data sent completely for viruses and undesired programs first of all before the data are loaded into the web browser During a data transfer with transfer encoding chunked Web Protection cannot determine the message length or the data volume gt Enter the configurat
133. i e you receive an alert This option is enabled as the default setting and is recommended Advanced Heuristic Analysis and Detection AHeAD enable AHeAD Your Avira program contains a very powerful heuristic in the form of Avira AHeAD technology which can also detect unknown new malware If this option is enabled you can define how aggressive this heuristic should be This option is enabled as the default setting Low detection level If this option is enabled slightly less unknown malware is detected the risk of false alerts is low in this case Medium detection level This option is enabled as the default setting if you have selected the use of this heuristic Avira Professional Security User Manual Status 23 Sep 2011 163 Ro AV RA Reference Configuration options High detection level If this option is enabled significantly more unknown malware is detected but there are also likely to be false positives 11 7 2 Report The Web Protection includes an extensive logging function to provide the user or administrator with exact notes about the type and manner of a detection Reporting This group allows for the content of the report file to be determined Off If this option is enabled then Web Protection does not create a log It is recommended that you should turn off the logging function only in exceptional cases such as if you are executing trials with multiple viruses or unwanted programs Default
134. ibited without previous written consent from Avira Operations GmbH amp Co KG Issued Q4 2011 Brand and product names are trademarks or registered trademarks of their respective owners Protected trademarks are not marked as such in this manual However this does not mean that they may be used freely live free 2011 Avira Operations GmbH amp Co KG All rights reserved Avira Operations GmbH amp Co KG Telephone 49 7542 500 O Errors and technical subject to change Kaplaneiweg 1 88069 Tettnang Facsimile 49 7542 500 3000 Germany www avira com
135. ic Windows management technique that uses script and programming languages to allow read and write access both local and remote to settings on Windows systems Your Avira product supports WMI and provides data status information statistical data reports planned requests etc as well as events Avira Professional Security User Manual Status 23 Sep 2011 178 Ro AV RA Reference Configuration options and methods stopping and starting processes via an interface WMI gives you the option of downloading operating data from the program and controlling the program You can request a complete reference guide to the WMI interface from the manufacturer The reference file is available in PDF format when you sign a confidentiality agreement Enable WMI support When this option is enabled you can download operating data from the program via WMI Allow services to be enabled disabled When this option is enabled you can enable and disable program services via WMI 11 9 5 Proxy settings Proxy server Do not use a proxy server If this option is enabled your connection to the web server is not established via a proxy server Use proxy system settings When the option is enabled the current Windows system settings are used for the connection to the web server via a proxy server Configure the Windows system settings to use a proxy server under Control panel gt Internet options gt Connections LAN settings You can also acce
136. ic hits the affected files are not deleted but are instead moved to quarantine Further actions Use event log If this option is enabled an entry is added to the Windows event log for every detection The events can be called up in the Windows event viewer This option is enabled as the default setting Option available in expert mode only Exceptions With these options you can configure exception objects for the Realtime Protection on access scan The relevant objects are then not included in the on access scan The Realtime Protection can ignore file accesses to these objects during the on access scan via the list of processes to be omitted This is useful for example with databases or backup solutions Options available in expert mode only Please note the following when specifying processes and file objects to be omitted The list is processed from top to bottom The longer the list is the more processor time is required for processing the list for each access Therefore keep the list as short as possible Processes to be omitted by the Realtime Protection All file accesses of processes in this list are excluded from monitoring by Realtime Protection Input box In this field enter the name of the process that is to be ignored by the real time scan No process is entered as the default setting The specified path and file name of the process should contain a maximum of 255 characters You can enter up to 128 processe
137. ically using drag amp drop V The Control Center of your Avira product has been opened Highlight the file or directory you want to scan Avira Professional Security User Manual Status 23 Sep 2011 41 Ro AV l RA Overview of Avira Professional Security gt Use the left hand mouse button to drag the highlighted file or directory into the Control Center The Luke Filewalker window appears and a system scan is started When the scan is completed the results are displayed 4 2 6 Scan for viruses and malware via the context menu To scan for viruses and malware systematically via the context menu gt Click with the right hand mouse button e g in Windows Explorer on the desktop or in an open Windows directory on the file or directory you want to scan The Windows Explorer context menu appears gt Select Scan selected files with Avira in the context menu The Luke Filewalker window appears and a system scan is started When the scan is completed the results are displayed 4 2 7 Automatically scan for viruses and malware Note After installation the scan job Full system scan is created in the Scheduler A complete system scan is automatically performed at a recommended interval To create a job to automatically scan for viruses and malware gt In the Control Center select the section Administration gt Scheduler gt Click the icon The dialog box Name and description of job appears gt
138. ion When surfing the Internet you are using your web browser to request data from a web server The data transferred from the web server HTML files script and image files Flash files video and music streams etc will normally be moved directly into the browser cache for display in the web browser meaning that an on access scan as performed by Avira Realtime Protection is not possible This could allow viruses and unwanted programs to access your computer system Web Protection is what is known as an HTTP proxy which monitors the ports used for data transfer 80 8080 3128 and scans the transferred data for viruses and unwanted programs Depending on the configuration the program may process the affected files automatically or prompt the user for a specific action Avira FireWall Avira FireWall controls communication to and from your computer It permits or denies communications based on security policies e Avira Rootkits Protection Avira Rootkits Protection checks whether software is already installed on your computer that can no longer be detected with conventional methods of malware protection after penetrating the computer system e Shell Extension The Shell Extension generates an entry Scan selected files with Avira in the context menu of the Windows Explorer right hand mouse button With this entry you can directly scan files or directories Avira Professional Security User Manual Status 23 Sep 2011 21 R AVI RA In
139. ion which in reality is the real attack Your Avira product detects scareware If the option Fraudulent software is enabled with a check mark in the configuration Threat categories you receive a corresponding alert if your Avira product detects such files Games There is a place for computer games but it is not necessarily at work except perhaps in the lunch hour Nevertheless with the wealth of games downloadable from the Internet a fair bit of mine sweeping and Patience playing goes on among company employees and civil servants You can download a whole array of games via the Internet Email games have also become more popular numerous variants are circulating ranging from simple chess to fleet exercises including torpedo combats The corresponding moves are sent to partners via email programs who answer them Studies have shown that the number of working hours devoted to computer games has long reached economically significant proportions It is therefore not surprising that more and more companies are considering ways of banning computer games from workplace computers Your Avira product recognizes computer games If the Games option is enabled with a check mark in the configuration under Threat categories you receive a corresponding alert if your Avira product detects a game The game is now over in the truest sense of the word because you can simply delete it Jokes Jokes are merely intended to give someone a fright o
140. ion Internet protection gt Mail Protection The list shows incoming emails gt Highlight the email you want to exclude from the Mail Protection scan gt Click the icon to exclude the email from the Mail Protection scan The selected email address will no longer be scanned for viruses and unwanted programs The email sender address is included in the exclusion list and no longer scanned for viruses malware Warning Only exclude email addresses from the Mail Protection scan if the senders are completely trustworthy Note In the Configuration under Mail Protection General Exceptions you can add other email addresses to the exclusion list or remove email addresses from the exclusion list 4 2 17 Select the security level for the FireWall There are various security levels to choose from Depending on which you choose you have different adapter rule configuration options The following security levels are available Low Flooding and port scan are detected Avira Professional Security User Manual Status 23 Sep 2011 55 Ro AV RA Overview of Avira Professional Security Medium Suspicious TCP and UDP packages are discarded Flooding and port scan are prevented High Computer is not visible on the network Connections from outside are blocked Flooding and port scan are prevented User User defined rules If this security level is selected the program automatically recognizes that the adapt
141. ion of the URL of the web chats as an exception see Configuration Web Protection Exceptions Avira Professional Security User Manual Status 23 Sep 2011 65 CG AVIRA 8 2 Shortcuts FAQ Tips Keyboard commands also called shortcuts offer a fast possibility to navigate through the program to retrieve individual modules and to start actions Below we provide you with an overview of the available keyboard commands Please find further indications regarding the functionality in the corresponding chapter of the help 8 2 1 In dialog boxes Shortcut Description Ctrl Tab Ctrl Page down Navigation in the Control Center Go to next section Ctrl Shift Tab Ctrl Page up Navigation in the Control Center Go to previous section 121 Navigation in the configuration sections First use the mouse to set the focus on a configuration section Tab Change to the next option or options group Shift Tab Change to the previous option or options group t Change between the options in a marked drop down list or between several options in a group of options Space Activate or deactivate a check box if the active option is a check box Alt underlined letter Select option or start command Alt Open selected drop down list F4 Esc Close selected drop down list Cancel command and close dialog Avira Professional Security User Manual Status 23 S
142. ion on single user computers gt Change installation and update Note We recommend that you test automatic installation before the installation routine is implemented on the network Note When installing on a server operating system the Realtime Protection and the files protection are not available To install Avira product on the network automatically V You must have administrator rights also required in batch mode gt Configure the parameter of the file setup inf and save the file Avira Professional Security User Manual Status 23 Sep 2011 23 R AVI RA Installation and uninstallation gt Begin installation with the parameter inf or integrate the parameter into the login script of the server Example presetup exe inf c NtempNsetup inf The installation starts automatically To uninstall Avira products on the network automatically V You must have administrator rights also required in batch mode gt Start the uninstallation with the parameter remsilent or remsilentaskreboot or integrate the parameter into the login script of the server You can also specify the parameter for the uninstallation log Example presetup exe remsilent unsetuplog c logfiles unsetup log The uninstallation starts automatically Note The setup program for the uninstallation should be started on the PC on which the Avira product is to be uninstalled do not start the setup program from a network drive 3 9 1
143. ions Malware When this option is enabled the email address is no longer scanned for malware Up You can use this button to move a highlighted email address to a higher position If no entry is highlighted or the highlighted address is at the first position in the list this button is not enabled Down You can use this button to move a highlighted email address to a lower position If no entry is highlighted or the highlighted address is at the last position in the list this button is not enabled Cache The Mail Protection cache contains data regarding the scanned emails that is displayed as statistical data in the Control Center under Mail Protection Options available in expert mode only Maximum number of emails to be stored in the cache This field is used to set the maximum number of emails that are stored by Mail Protection in the cache Emails are deleted oldest first Maximum days for an email to be stored The maximum storage period of an email in days is entered in this box After this time the email is removed from the cache Empty Cache Click on this button to delete the emails stored in the cache Footer Under Footer you can configure an email footer which is displayed in the emails you send Options available in expert mode only This function requires activation of the Mail Protection scan of outgoing emails see option Scan outgoing emails SMTP under Configuration Mail Protection Scan You can use the
144. ira Professional Security User Manual Status 23 Sep 2011 191 Ro AV RA Reference Configuration options Dial up connection is used If this option is enabled you will receive a desktop notification alert if a dialer creates a dial up connection on your computer via the telephone or ISDN network There is a danger that the connection may have been created by an unknown and unwanted dialer and that the connection may be chargeable see Viruses and more Threat categories Dialer Files have been successfully updated If this option is enabled you will receive a desktop notification whenever an update has been successfully performed and files updated Update failed If this option is enabled you will receive a desktop notification whenever an update fails No connection to the download server could be created or the update files could not be installed No update necessary If this option is enabled you will receive a desktop notification whenever an update is started but installation of the files is not necessary as your program is up to date 11 9 7 Events Options available in expert mode only Limit size of event database Limit size to max n entries If this option is enabled the maximum number of events listed in the event database can be limited to a certain size possible values 100 to 10000 entries If the number of entered entries is exceeded the oldest entries are deleted Delete all events older than n day s
145. irus software on your computer vrerin 6er Windows did not find antivirus software on this computer Antivirus software helps protect your computer against viruses and other security threats Click Recommendations For suggested actions you can take How does antivirus software help protect my computer Note Windows does not detect all antivirus programs Recommendations Avira Professional Security User Manual Status 23 Sep 2011 71 S AVIRA FAQ Tips Note Install your Avira product on your computer to protect it against viruses and other unwanted programs Virus protection OUT OF DATE If you have already installed Windows XP Service Pack 2 or Windows Vista and then install your Avira product or you install Windows XP Service Pack 2 or Windows Vista on a system on which your Avira product has already been installed you will receive the following message 9 Virus Protection o OUT OF DATE Avira Desktop reports that it might be out of date Click Recommendations For suggested actions you can take How does antivirus software help protect my computer Note Windows does not detect all antivirus programs Recommendations Note In order for the Windows Security Center to recognize your Avira product as up to date an update must be performed after installation Update your system by carrying out an update Virus protection ON After installation of your Avira product and a subsequent update you will r
146. is filtered the corresponding rules are applied successively therefore the rule order is very important Change the rule order only if you are completely aware of what you are doing Avira Professional Security User Manual Status 23 Sep 2011 150 Ro AV RA Reference Configuration options Buttons to manage the rules Button Description Add rule Allows you to create a new rule If you press this button the Add new rule dialog box is opened In this dialog box you can select new rules Remove Removes the selected rule rule Rule up Moves the selected rule up one line i e increases the rule priority Rule Moves the selected rule down one line i e reduces the rule priority down Rename Allows you to give the selected rule another name rule Note You can add new rules for individual adapters or for all adapters present on the computer To add an adapter rule for all adapters select My Computer from the adapter hierarchy that is displayed and click on the Add rule button See Add new rule Note To change the position of a rule you can also use the mouse to drag the rule to the required position 11 6 3 Application list You can use the application list to create rules specifying how applications access networks You can add applications to lists and set the Allow and Deny rules for the selected application using a context menu e Access to networks by applications with the Allow
147. is managed by the Avira Management Console the following FireWall setting options in the Control Center are deactivated on client computers e Setting of the FireWall security levels e Setting of adapter and application rules 11 6 1 General settings Options available in expert mode only Advanced options Enable FireWall If the option is activated the Avira FireWall is enabled and protects your computer from risks originating from the Internet and other networks Avira Professional Security User Manual Status 23 Sep 2011 138 Ro AV RA Reference Configuration options Stop Windows FireWall on startup If this option is enabled the Windows FireWall is deactivated when the computer is rebooted This option is enabled as the default setting Learn mode If the option is activated the learn mode of Avira FireWall is enabled Automatic rule timeout Block forever If this option is enabled a rule that was automatically created for example during a port scan is retained Remove rule after n seconds If this option is enabled a rule that was automatically created for example during a port scan is removed again after the time you have defined This option is enabled as the default setting Generic adapter rules Optionen nur bei aktiviertem Expertenmodus verf gbar Network connections that have been set up are designated adapters Adapter rules can be drawn up for the following Client network connections e Default ad
148. is missing or wrong the setup routine is aborted and an error message is displayed Note Parameters containing paths or file names must be placed in double quotes Example Install Path PROGRAMFILES Avira AntiVir Server V e DestinationPath Destination path in which the program is installed It has to be included to the script Please note that the setup includes company name and product name automatically Environment variables can be used Example DestinationPath PROGRAMFILES produces the installation path C Program Files Avira AntiVir Desktop e ProgramGroup Creates a program group for all users of the computer in the Windows Start menu 1 Create program group 0 Do not create program group Example ProgramGroup 1 e Desktoplcon Creates a shortcut desktop icon for all users of the computer on the desktop 1 Create desktop icon 0 Do not create desktop icon Example DesktopIcon 1 e ShellExtension Registers the shell extension in the registry With the shell extension files or directories can be scanned for viruses and malware via the context menu of the right hand mouse button 1 Register shell extension 0 Do not register shell extension Example ShellExtension 1 Avira Professional Security User Manual Status 23 Sep 2011 25 R AVI RA Installation and uninstallation e Guard Installs the Avira Realtime Protection on access Scanner 1 Install Avira Realtime Protection 0 Do not install
149. is required to copy the affected object Add and modify jobs If this option is enabled the pre defined password is required to add and modify jobs in the Scheduler Start product updates If this option is enabled the pre defined password is required to start the product updates in the Update menu Download rescue CD from the Internet If this option is enabled the pre defined password is required to start the Avira Rescue CD download Configuration If this option is enabled configuration of the program is only possible after entering the pre defined password Manually switch configuration If this option is enabled the pre defined password is required to manually switch to a different configuration profile Installation uninstallation If this option is enabled the pre defined password is required for installation or uninstallation of the program Avira Professional Security User Manual Status 23 Sep 2011 176 Ro AV RA Reference Configuration options 11 9 3 Security Options available in expert mode only Autostart Block autostart function If this option is enabled the execution of the Windows autostart function is blocked on all connected drives including USB sticks CD and DVD drives and network drives With the Windows autostart function files on data media or network drives are read immediately on loading or connection and files can therefore be
150. izard Custom You can choose to install individual program components see Chapter Installation and uninstallation Installation modules A target folder can be selected for the program files to be installed You can disable Create a desktop icon and program group in the Start menu Using the configuration wizard you can define custom settings for your Avira product and initiate a short system scan that is performed automatically after installation Avira Professional Security User Manual Status 23 Sep 2011 13 R AVI RA Installation and uninstallation 3 2 Pre Setup Note Before installation check whether your computer fulfils all the minimum system requirements If your computer satisfies all requirements you can install the Avira product Note When installing on a server operating system the Realtime Protection and the files protection are not available Pre Setup V Close your email program It is also recommended to end all running applications V Make sure that no other virus protection solutions are installed The automatic protection functions of various security solutions may interfere with each other The Avira product will search for possible incompatible software on your computer f potentially incompatible software is detected Avira generates a list of these programs tis recommended to remove these software programs in order not to endanger the stability of your computer gt Selec
151. kage Installation is started with a script or batch file and all necessary information is obtained from the control file The script commands therefore replace the usual manual inputs during installation Note Please note that a license file is obligatory for initial installation on the network N N Avira Professional Security User Manual Status 23 Sep 2011 R AVI RA Installation and uninstallation Note Please note that an installation package for the Avira product is required for installation via a network An installation file for Internet based installation cannot be used Avira products can be easily shared on the network with a server login script or via SMS For information on installation and uninstallation on the network e see Chapter Command line parameters for the setup program e See Chapter Parameter of the file setup inf e See Chapter Installation on the network e See Chapter Uninstallation on the network Note The Avira Management Console provides another easy option for the installation and uninstallation of Avira products on the network The Avira Management Console enables the remote installation and maintenance of Avira products on the network For further information please refer to our website http www avira com The installation can be script controlled in batch mode The setup is suitable for the following installations e Initial installation via the network unattended setup e Installat
152. l the ProActiv component the Avira ProActiv Community window appears You have the option of confirming participation in the Avira ProActiv Community If this option is enabled Avira ProActiv sends data on suspicious programs detected by the ProActiv component to the Avira Malware Research Center The data is used only for an advanced online scan and to expand and refine detection technology You can use the further information link to obtain more details on the expanded online scan gt If the dialogue box Avira ProActiv Community has been displayed enable or disable participation in the Avira ProActiv Community and confirm by clicking Next n the following dialog box you can decide whether to create a desktop shortcut and or a program group in the Start menu P Click Next The program features will be installed Installation progress is displayed in the dialog box The dialog box Install license appears gt Goto the directory in which you have saved the license file read the message in the dialog box and confirm by clicking Next The license file is copied and the components are installed and started The program features will be installed Installation progress is displayed in the dialog box gt Click Finish to end setup process Avira Professional Security User Manual Status 23 Sep 2011 18 R AVI RA Installation and uninstallation The Installation Wizard is closed and the Configuration Wizar
153. le click is therefore no longer possible Files can later be repaired and given their original names again Quarantine If this option is enabled the Realtime Protection moves the file to Quarantine The files in this directory can later be repaired or if necessary sent to the Avira Malware Research Center Delete If this option is enabled the file is deleted This process is much faster than Overwrite and delete Ignore If this option is enabled access to the file is allowed and the file is left as it is Avira Professional Security User Manual Status 23 Sep 2011 100 Ro AV RA Reference Configuration options Warning The affected file remains active on your workstation It may cause serious damage on your workstation Overwrite and delete If this option is enabled the Realtime Protection overwrites the file with a default pattern and then deletes it It cannot be restored Deny access If this option is enabled the Realtime Protection only enters the detection in the report file if the report function is enabled In addition the Realtime Protection writes an entry in the Event log if this option is enabled Warning If Realtime Protection is set to Scan when writing the affected file is not written Secondary action The option Secondary action can only be selected if the Repair option was selected under Primary action With this option it can now be decided what is to be done with the affecte
154. led with a check mark in the configuration under Threat categories you receive a corresponding alert if your Avira product detects such behavior Programs that violate the private domain Software that may be able to compromise the security of your system initiate unwanted program activities damage your privacy or spy on your user behavior and could therefore be unwanted Your Avira product detects Security Privacy Risk software If the option Programs that violate the private domain is enabled with a check mark in the configuration under Threat categories you receive a corresponding alert if your Avira product detects such software Unusual Runtime Packers Files that have been compressed with an unusual runtime packer and that can therefore be classified as potentially suspicious Your Avira product recognizes Unusual runtime packers If the option Unusual runtime packers is enabled with a check mark in the configuration under Threat categories you receive a corresponding alert if your Avira product detects such packers 9 2 Viruses and other malware Adware Adware is software that presents banner ads or in pop up windows through a bar that appears on a computer screen These advertisements usually cannot be removed and are consequently always visible The connection data allow many conclusions on the usage behavior and are problematic in terms of data security Backdoors A backdoor can gain access to a computer by bypas
155. lers 0190 0900 dialers Your Avira product can detect the familiar dialers by default If the option Dialers is enabled with a check mark in the configuration under Threat categories you receive a corresponding alert if a dialer is detected You can now simply delete the potentially unwanted 0190 0900 dialer However if it is a wanted dial up program you can declare it an exceptional file and this file is then no longer scanned in future Double Extension Files Executable files that hide their real file extension in a suspicious way This camouflage method is often used by malware Your Avira product recognizes Double Extension Files If the option Double Extension files is enabled with a check mark in the configuration under Threat categories you receive a corresponding alert if your Avira product detects such files Fraudulent software Also known as scareware or rogueware it is a fraudulent software that pretends that your computer is infected by viruses or malware This software looks deceptively similar to professional antivirus software but is meant to raise uncertainty or to scare the user Its purpose is to make the victims feel threatened of imminent unreal danger and to make Avira Professional Security User Manual Status 23 Sep 2011 75 R AV RA Viruses and more them pay to eliminate it There are also cases when the victims are lead to believe they were attacked and they are instructed to carry out an act
156. les in quarantine 4 2 11 Restore the files in quarantine Different icons control the restore procedure depending on the operating system e In Windows XP and 2000 iO This icon restores the files to their original directory c This icon restores the files to a directory of your choice e n Windows Vista In Microsoft Windows Vista the Control Center only has limited rights at the moment e g for access to directories and files Certain actions and file accesses can only be performed in the Control Center with extended administrator rights These extended administrator rights must be granted at the start of each scan via a scan profile C This icon restores the files to a directory of your choice Avira Professional Security User Manual Status 23 Sep 2011 51 R AV RA Overview of Avira Professional Security CiPThis icon restores the files to their original directory If extended administrator rights are necessary to access this directory a corresponding request appears Torestore files in quarantine Warning This could result in loss of data and damage to the operating system of the computer Only use the function Restore selected object in exceptional cases Only restore files that could be repaired by a new scan V File rescanned and repaired P Inthe Control Center select the section Administration gt Quarantine section Note Emails and email attachments can only be restored using the option c
157. les the FireWall Block all traffic Enabled Blocks all data transfers except transfers to the host computer system Local Host IP 127 0 0 1 Enable game mode Enables or disables the mode Enabled When activated all defined adapter and application rules apply Applications for which no rule is defined are permitted network access and no pop up window is opened e Start Avira Opens the Control Center e Configure Avira Opens the Configuration e Start update Starts an update e Select configuration Opens a submenu with the available configuration profiles Click on a configuration to activate this configuration The menu command is disabled if you have already defined rules for automatic switching to a configuration e Help opens the Online Help e About Avira Professional Security Opens a dialog box with information on your Avira product Product information Version information License information e Avira on the Internet Opens the Avira web portal on the Internet The condition for this is that you have an active connection to the Internet Avira Professional Security User Manual Status 23 Sep 2011 36 Ro AV RA Overview of Avira Professional Security 4 2 Howto 4 2 1 Activate license To activate your Avira product s license Activate your license for your Avira product with the license file hbedv key You can obtain the license file by email from Avira The license file contains the license for all pr
158. lick Next The installation progress is displayed by a green bar gt Click Finish to end setup process and close the License Wizard Avira Professional Security User Manual Status 23 Sep 2011 16 R AVI RA Installation and uninstallation The Avira Tray Icon is placed in the taskbar n order to ensure effective protection for your computer the module Updater will search for possible updates The Luke Filewalker window opens and a short system scan is performed The status of the check as well as the results are displayed P If after the scan you are asked to restart your computer click Yes to ensure that your system is fully protected After a successful installation we recommend that you check the program is up to date in the Status field of the Control Center gt If your Avira product shows that your computer is not secure click Fix problem The dialog Restore protection opens gt Activate the preset options in order to maximize the security of your system gt If appropriate perform a complete system scan afterwards 3 4 Custom Installation Installing your Avira product Start the installation program by double clicking the installation file you have downloaded from the Internet or insert the program CD Internet based installation The Welcome screen appears gt Click Next to continue with the installation The dialog Language selection appears gt Select the language you want to use t
159. ll works as expected Reason The virtual machine emulates a network card by means of software This emulation encapsulates the data packages of the guest system in special packages UDP packages and routes them via the external gateway back to the host system Avira FireWall rejects these packages coming from outside starting from security level medium To avoid this behavior do the following gt Go to Control Center and select the section Online protection gt FireWall gt Click the Configuration button The Configuration dialog box is displayed You are in the configuration section Application rules Activate the Expert mode option Select the configuration section Adapter rules Click add rule Select UDP in the section ncoming rules Type the name of the rule in the Section Name of the rule Click OK wo o 0v 0v w Y Avira Professional Security User Manual Status 23 Sep 2011 64 S AVIRA FAQ Ts gt Check if the rule is directly above the rule Deny all IP packets Warning This rule is potentially dangerous because it will allow UDP packets without any filtering After working with the virtual machine change to your previous security level Virtual Private Network VPN Connection is blocked if the security level of Avira FireWall is set to medium or high Reason This problem is caused by the last rule Deny all IP packets which discards all packets that do not comply with any of the rules above it T
160. lock the program or select Ignore to continue to use the program The monitoring process excludes Programs classified as trusted trusted and signed programs included by default in the permitted applications filter and all programs which you have added to the application filter for permitted programs Improve your computer security with Avira ProActiv If this option is enabled Avira ProActiv sends data on suspicious programs and in certain cases suspicious program files executable files to the Avira Malware Research Center for advanced online scanning After evaluation these data are added to the ProActiv behavioral analysis rule sets In this way you become part of the Avira ProActiv community and contribute to the continuous improvement and refinement of the ProActiv security technology No data are sent if this option is disabled This has no effect on ProActiv functionality Click here to learn more With this link you can access an Internet page where you can obtain detailed information on the advanced online scan All data transmitted during an advanced online scan is included on the Internet page Blocked applications Under Applications to be blocked you can enter applications which you classify as harmful and which you want Avira ProActiv to block by default The applications added cannot be executed on your computer system You can also add programs to the application filter for blocking via Realtime Protection notifications
161. ltime Protection on access scan for continuous monitoring of all file access attempts Avira Professional Security User Manual Status 23 Sep 2011 R AV l RA Product information ProActiv component for the permanent monitoring of program actions for 32 bit system only not available under Windows 2000 Mail Protection POP3 Scanner IMAP Scanner and SMTP Scanner for the permanent checking of emails for viruses and malware Checking of email attachments is included Web Protection for monitoring data and files transferred from the Internet using the HTTP protocol monitoring of ports 80 8080 3128 Integrated quarantine management to isolate and process suspicious files Rootkits protection for detecting hidden malware installed in your computer system rootkits Not available under Windows XP 64 bit Direct access to detailed information on the detected viruses and malware via the Internet Simple and quick updates to the program virus definitions and search engine through Single File Update and incremental VDF updates via a web server on the Internet or an intranet User friendly licensing in License Manager Integrated Scheduler for planning one off or recurring jobs such as updates or scans Extremely high virus and malware detection via innovative scanning technology scan engine including heuristic scanning method Detection of all conventional archive types including detection of nested archives and smart extension de
162. mail template window in which you can configure the notification for a No update necessary event You have the option of inserting text for the subject line and body of the email You can use variables for this purpose see Email Template Update completed successfully New files have been installed If this option is enabled an email is sent for all updates performed This may be a product update or an update of the virus definition file or of the scanning engine Edit The Edit button opens the Email template window in which you can configure the notification for an Update successful new files installed event You have the option of inserting text for the subject line and body of the email You can use variables for this purpose see Email Template Update finished successfully A new product update is available If this option is enabled an email is only sent if an update of the scanning engine or virus definition file was performed without a product update but a product update is available Edit The Edit button opens the Email template window in which you can configure the notification for an Update successful product update available event You have the option of inserting text for the subject line and body of the email You can use variables for this purpose see Email Template Update failed If this option is enabled an email is sent if the update has failed due to an error Edit The Edit button opens t
163. n Services Note An alert is always sent to computers not to a certain user Warning This functionality is no longer supported by the following operating systems Windows Server 2008 and higher Windows Vista and higher Send message to The list in this window shows names of computers that receive a message when a virus or unwanted program is found Note A computer can always be entered only once in this list Avira Professional Security User Manual Status 23 Sep 2011 180 Ro AV RA Reference Configuration options Insert With this button you can add a further computer A window is opened in which you can enter the names of new computers A computer name can be a maximum of 15 characters long L The button opens a window in which you can alternatively select a computer directly from your computer environment Delete With this button you can delete the currently selected entry from the list Realtime Protection network alerts Network alerts If this option is enabled network alerts are sent This option is disabled as the default setting Note To be able to activate this option at least one recipient must be entered under Configuration General Alerts Network Message to be sent The window shows the message sent to the selected workstation when a virus or unwanted program is detected You can edit this message A text may contain a maximum of 500 characters You can use the following k
164. n of report functions Setting of directories used Update Configuration of connection to download server download via Web server or fileserver set up of product updates Alerts Configuration of email alerts for component s System Scanner Realtime Protection Updater Configuration of network alerts for the component s System Scanner Realtime Protection Configuration of acoustic alerts when malware is detected 4 1 9 Tray icon After installation you will see the tray icon of your Avira product in the system tray of the taskbar Avira Professional Security User Manual Status 23 Sep 2011 35 Ro AV l RA Overview of Avira Professional Security Icon Description A Avira Realtime Protection is enabled and the FireWall is enabled Avira Realtime Protection is disabled and the FireWall is disabled The tray icon displays the status of the Realtime Protection and the FireWall service Central functions of your Avira product can be quickly accessed via the context menu of the tray icon To open the context menu click the tray icon with the right hand mouse button 4 1 10 Entries in the context menu e Activate Avira Realtime Protection Enables or disables the Avira Realtime Protection e Enable Avira Mail Protection Enables or disables the Avira Mail Protection e Enable Avira Web Protection Enables or disables the Avira Web Protection e FireWall Enable FireWall Enables or disab
165. name Realtime Protection renames the file Direct access to these files e g with double click is therefore no longer possible The file can be repaired at a later time and renamed again Quarantine Realtime Protection moves the file to Quarantine The file can be recovered from Quarantine manager if it has an informative value or if necessary sent to the Avira Malware Research Center Depending on the file further options are available in the Quarantine manager Delete The file will be deleted This process is much faster than Overwrite and delete see below Ignore Access to the file is permitted and the file is ignored Overwrite and delete Realtime Protection overwrites the file with a default pattern before deleting it It cannot be restored Warning If Realtime Protection is set to Scan when writing the affected file is not written Default This button allows you to select an action that is activated in the dialog box by default when a virus is detected Select the action that should be activated by default and click on the Default button Note The action Repair cannot be selected as the default action Click here for more information Automatic If this option is enabled no dialog box in case of a virus detection appears Realtime Protection reacts according to the settings you predefine in this section as primary and secondary action Copy file to quarantine before action If this option is ena
166. nd a system scan is started When the scan is completed the results are displayed If you want to adapt a scan profile gt Inthe scan profile expand Manual Selection the file tree so that all the drives and directories you want to scan are open Click the icon The next directory level is displayed Click the icon The next directory level is hidden gt Highlight the nodes and directories you want to scan by clicking on the relevant box of the appropriate directory level The following options are available for selecting directories Directory including sub directories black check mark Sub directories of one directory only grey check mark sub directories have black check marks No directory no check mark If you want to create a new scan profile gt Click the icon Create new profile The profile New profile appears below the profiles previously created Where appropriate rename the scan profile by clicking on the icon gt Highlight the nodes and directories to be saved by clicking the check box of the respective directory level The following options are available for selecting directories Directory including sub directories black check mark Sub directories of one directory only grey check mark sub directories have black check marks No directory no check mark 4 2 5 Scan for viruses and malware using drag amp drop To scan for viruses and malware systemat
167. nd the components to protect your computer system against viruses and malware from the Internet and against unauthorized network access The Mail Protection section shows you all the emails scanned by Mail Protection their properties and other statistical data The Web Protection section displays information on scanned URLs and detected viruses as well as other statistical data which can be reset at any time and enables access to the report file More detailed information on the last virus or unwanted program detected can be obtained practically at the push of a button The FireWall section enables you to configure the basic settings for the Avira FireWall In addition the current data transfer rate and all active applications using a network connection are displayed e Management In Management you will find tools for isolating and managing suspicious or infected files and for planning recurring tasks The Quarantine section contains the so called quarantine manager This is the central point for files already placed in quarantine or for suspect files that you would like to place in quarantine It is also possible to send a selected file to the Avira Malware Research Center by email The Scheduler section enables you to configure scheduled scanning and update jobs and to adapt or delete existing jobs 4 1 5 Configuration You can define settings for your Avira product in the Configuration After installation your Avira product is co
168. ndors for user This list contains all users in the system If you are logged in as an administrator you can select the user whose list of trusted vendors you want to view or update If you are not a privileged user you can see only the current user logged on Automatically allow applications created by trusted vendors If this option is enabled the application provided with the signature of a known and trusted provider is automatically permitted access to the network The option is enabled as the default setting Vendors The list shows all vendors classified as trusted Avira Professional Security User Manual Status 23 Sep 2011 134 Ro AV RA Reference Configuration options Buttons Button Description Remove The highlighted entry is removed from the list of trusted vendors To permanently remove the selected provider from the list click Apply or OK in the configuration window Reload The changes made are reversed The last list saved is loaded Note If you remove vendors from the list and then select Apply the vendors will be permanently removed from the list The change cannot be reversed with Reload However you can use the Always trust this vendor option in the Network Event popup window to add a vendor to the list of trusted vendors again Note The FireWall prioritizes application rules before making entries in the list of trusted vendors If you have created an application rule and the
169. nfigured with standard settings ensuring optimal protection for your computer system However your computer system or your specific requirements for your Avira product may mean you need to adapt the protective components of the program Avira Professional Security User Manual Status 23 Sep 2011 31 C AVIRA amp Avira Professional Security ZANLI Standard configuration v m Expert mode J PC protection EE system Scanner Realtime Protection Update Online protection L o J General Overview of Avira Professional Security Avira Professional Security k PC protection gt System Scanner gt Scan Files Additional settings O all Files Scan boot sectors of selected drives Use smart extensions Scan master boot sectors O use file extension list Ignore offline files _Bleextensions C Follow symbolic links E Search for Rootkits before scan Scan Registry C Ignore files and paths on network drives Scan process Allow stopping the Scanner Scanner prioriby normal Description If this option is enabled all files are scanned For viruses or unwanted programs irrespective of their content and File extension The Filter is not used The Configuration opens a dialog box You can save your configuration settings via the OK or Apply buttons delete your settings by clicking the Cancel button or restore your default configuration settings using the Default values button You c
170. ns for this option are complete configuration of the update and an open connection to a download server Notify user if product updates are available If this option is enabled you will be notified by email when new product updates become available Updates to the virus definition file and scan engine are performed independently of this setting The conditions for this option are complete configuration of the update and an open connection to a download server You will receive notifications via a desktop popup window and via an alert from the Updater in the Control Center under Overview Events Notify once again after n day s If the product update was not installed after the initial notification enter in this box the number of days that are to elapse before you are again notified that product updates are available Do not download product updates If this option is enabled no automatic product updates or notifications of available product updates by the Updater are performed Updates to the virus definition file and search engine are performed independently of this setting Avira Professional Security User Manual Status 23 Sep 2011 114 Ro AV RA Reference Configuration options Warning An update of the virus definition file and of the search engine is performed during every update process independent of the settings for the product update see Chapter Updates Note If you have enabled an option for an automatic pro
171. nter To start the Control Center the following options are available e Double click the program icon on your desktop e Via the program entry in the Start gt Programs menu e Via the Tray Icon of your Avira product Avira Professional Security User Manual Status 23 Sep 2011 29 Ro AV l RA Overview of Avira Professional Security Close the Control Center via the menu command Close in the menu File or by clicking on the close tab in the Control Center 4 1 3 Operate Control Center To navigate in the Control Center gt Select an activity in the navigation bar The activity opens and other sections appear The first section of the activity is selected and displayed in the view P If necessary click another section to display this in the detail window Note You can activate the keyboard navigation in the menu bar with the help of the Alt key If navigation is activated you can move within the menu with the arrow keys With the Return key you activate the active menu item To open or close menus in the Control Center or to navigate within the menus you can also use the following key combinations Alt underlined letter in the menu or menu command Hold down the Alt key if you want to access a menu a menu command or a submenu To process data or objects displayed in the detail window gt Highlight the data or object you wish to edit To highlight multiple elements elements in columns hold down the co
172. ntrol key or the shift key while selecting the elements gt Click the appropriate button in the upper bar of the detail window to edit the object 4 1 4 Control Center overview e Status In Status screen you will find all sections with which you can monitor the functioning of your Avira product The Status section lets you see at a glance which program modules are active and provides information on the last update performed You can also see whether you own a valid license e Local protection In Local protection you will find the components for checking the files on your computer system for viruses and malware The Scan section enables you to easily configure and start an on demand scan Predefined profiles enable you to run a scan with already adapted standard options In the same way it is possible to adapt the scan for viruses and unwanted programs to your personal requirements with the help of manual selection not saved or by creating user defined profiles The Realtime Protection section displays information on scanned files as well as other statistical data which can be reset at any time and enables access to the Avira Professional Security User Manual Status 23 Sep 2011 30 RR AV RA Overview of Avira Professional Security report file More detailed information on the last virus or unwanted program detected can be obtained practically at the push of a button e Online protection In Online protection you will fi
173. o install your Avira product and confirm your language selection by clicking Next The dialog box Download appears All files necessary for installation are downloaded from the Avira web servers The Download window closes after conclusion of the download Installation with an installation package The window Preparing installation appears The installation file is extracted The installation routine is started The dialog box Select installation type appears Avira Professional Security User Manual Status 23 Sep 2011 17 R AVI RA Installation and uninstallation Note By default Express installation is preset All standard components will be installed which you may not configure If you like to execute an Express installation please refer to the chapter Installation gt Express installation gt Choose Custom to install individual program components gt Confirm that you accept the End User License Agreement For reading the detailed text of the End User License Agreement click the EULA link gt Click Next The Choose Destination Folder window opens The default folder will be C Program Files Avira AntiVir Desktop gt Click Next to continue OR Use the Browse button to select a different destination folder and confirm by clicking Next The Install components dialog appears gt Select or deselect components from the list and confirm with Next to proceed f you have chosen to instal
174. odifies reconfigures an existing installation In the process no files are copied into the destination path Remove Uninstalls your Avira product from the system Example SetupMode Update Avira Professional Security User Manual Status 23 Sep 2011 26 R AVI RA Installation and uninstallation e AVWinIni optional Specifies the destination path for the configuration file that may be copied during installation The file name must be specified completely fully qualified Example AVWinIni d inst config avwin ini e Password This option assigns the password that was set for the modification installation and uninstallation to the setup routine The entry is only scanned by the setup routine when a password has been set If a password has been set and the password parameter is missing or wrong the setup routine is aborted Example Password Password123 e WebGuard Installs the Avira Web Protection 1 Install Avira Web Protection 0 Do not install Avira Web Protection Example WebGuard 1 e RootKit Installs the Avira Rootkits Protection module Without Avira Rootkits Protection the System Scanner will not be able to scan for rootkits on the system 1 Install Avira Rootkits Protection 0 Do not install Avira Rootkits Protection Example RootKit 1 e ProActiv Installs the Avira ProActiv component Avira ProActiv is a pattern based detection technology that enables as yet unknown malware to be detected 1 Inst
175. oducts that you have ordered in one order process If you have not yet installed your Avira product gt Save the license file to a local directory on your computer gt Install your Avira product gt During installation enter the save location of the license file If you have already installed your Avira product Double click the license file in File Manager or in the activation email and follow the on screen instructions when License Manager opens OR In your Avira product s Control Center select the menu item Help Load license file Note In Windows Vista the User Account Control dialog box appears Log in as administrator if appropriate Click Continue gt Highlight the license file and click Open A message appears gt Click OK to confirm The license is activated gt If necessary restart your system 4 2 2 Perform automatic updates To create a job with the Avira Scheduler to update your Avira product automatically gt Inthe Control Center select the section Administration gt Scheduler gt Click the Insert new job icon The dialog box Name and description of the job appears gt Give the job a name and where appropriate a description Avira Professional Security User Manual Status 23 Sep 2011 37 RA b Use V RA Overview of Avira Professional Security Click Next The dialog box Type of job is displayed Select Update job from the list Click N
176. og box opens in which you can enter the required IPv4 or IPv6 address IP mask By clicking on this link with the mouse a dialog box opens in which you can enter the required IPv4 or IPv6 mask Report file By clicking on the link with the mouse you can decide whether to write to a report file or not if the package complies with the rule Avira Professional Security User Manual Status 23 Sep 2011 148 Ro AV RA Reference Configuration options The advanced feature enables content filtering For example packets can be rejected if they contain some specific data at a certain offset If you do not want to use this option do not select a file or choose an empty file Filtered content Data With a mouse click on the link a dialog box appears in which you can select a file that contains the specific buffer Filtered content Mask With a mouse click on the link a dialog box appears in which you can select the specific mask Filtered content Offset With a mouse click on the link a dialog box appears in which you can define the filtered content offset The offset is computed from where ICMP header ends Predefined rules for IP packets Setting Rules Low Medium High Deny all IP packets Deny IP packets from address 0 0 0 0 with mask 0 0 0 0 Don t log when packet matches rule Accept deny IP packets By clicking on the link with the mouse you can decide whether you want to accept or reject specially de
177. onclusion of the download Installation with an installation package The window Preparing installation appears The installation file is extracted The installation routine is started The dialog box Select installation type appears Note By default Express installation is preset All standard components will be installed which you may not configure If you like to execute a customized installation please refer to the chapter Installation Custom installation gt You may participate in the Avira ProActiv Community Configuration gt Realtime Scanner ProActiv gt Confirm that you accept the End User License Agreement For reading the detailed text of the End User License Agreement click the EULA link P Click Next gt If you have chosen to take part in the Avira ProActiv Community the Avira ProActiv Community information window appears You may obtain more details on the expanded online scan gt Click Next The License Wizard opens and helps you to activate your product You have the opportunity to configure a Proxy server right here gt Click Proxy settings for configuration and confirm your settings with OK f you already received an activation key select Activate product Alternatively click the link already have a valid HBEDV KEY License file The Open File Dialog appears gt Select your HBEDV KEY and click Open The activation code is copied to the License Wizard gt C
178. onfiguration When switching configuration using a rule based procedure the configuration can be linked to the use of a LAN or Internet connection identification via default gateway In this way configuration profiles can be created for different laptop usage scenarios e Use on company networks Update via intranet server Web Protection disabled e Use at home Update via default Avira web server Web Protection enabled If no switching rules have been defined you can switch to a configuration manually in the context menu of the tray icon You can add rename delete copy or restore configurations and define rules for switching configurations using the buttons in the navigation bar or using commands from the context menu in the configuration section Note Automatic switching to another configuration is not supported in Windows 2000 No rules for switching configurations can be defined in Windows 2000 Overview of configuration options The following configuration options are available e System Scanner Configuration of on demand scan Scan options Action on detection File scan options On demand scan exceptions On demand scan heuristics Report function setting e Realtime Protection Configuration of on access scan Scan options Action on detection On access scan exceptions On access scan heuristics Report function setting e Mail Protection Configuration of Mail Protection Scan options Enable
179. ons you can define how aggressive this heuristic should be This option is enabled as the default setting Low detection level If this option is enabled slightly less unknown malware is detected the risk of false alerts is low in this case Medium detection level This option is enabled as the default setting if you have selected use of this heuristic This option is enabled as the default setting and is recommended High detection level If this option is enabled significantly more unknown malware is detected but there are also likely to be false positives 11 8 2 General Exceptions Scanning exceptions This table shows you the list of email addresses excluded from scanning by Mail Protection white list Note The list of exceptions is used exclusively by Mail Protection with regard to incoming emails Scanning exceptions Input box In this box you enter the email address that you want to add to the list of email addresses not to be scanned Depending on your settings the email address will no longer be scanned in future by the Mail Protection Add With this button you can add the email address entered in the input box to the list of email addresses not to be scanned Delete This button deletes a highlighted email address from the list Email address Email that is no longer to be scanned Avira Professional Security User Manual Status 23 Sep 2011 170 Ro AV RA Reference Configuration opt
180. ot be moved or deleted The status of the tray icon is disabled The computer is extremely slow when perform a data back up My firewall reports Avira Realtime Protection and Avira Mail Protection immediately after activation AviraMail Protection does not work There is no network connection available in a virtual machine e g VMWare Virtual PC if Avira FireWall is installed on the host machine and the security level of Avira FireWall is set to medium or high Virtual Private Network VPN Connection is blocked if the security level of Avira FireWall is set to medium or high An email sent via a TSL connection has been blocked by Mail Protection Webchat is not operational Chat messages will not be displayed The error message The license file cannot be opened appears Reason The file is encrypted P To activate the license you do not need to open the file but rather you save it in the program directory See also Chapter License Manager The error message Connection failed while downloading the file appears when attempting to start an update Reason Your Internet connection is inactive No connection to the web server on the Internet can therefore be established Avira Professional Security User Manual Status 23 Sep 2011 61 CG AVIRA FAQ Ts gt Test whether other Internet services such as WWW or email work If not re establish the Internet connection Reason The proxy server cannot be reached gt
181. otection sends email messages with the most important information when a certain event occurs This option is disabled as the default setting Avira Professional Security User Manual Status 23 Sep 2011 183 Ro AV RA Reference Configuration options Email messages for the following events The on access scan detected a virus or unwanted program If this option is enabled you always receive an email with the name of the virus or unwanted program and the affected file when the on access scan detects a virus or an unwanted program Edit The Edit button opens the Email template window in which you can configure the notification for an On access detection event You have the option of inserting text for the subject line and body of the email You can use variables for this purpose see Email Template A critical error occurred in Realtime Protection If this option is enabled you will receive an email whenever an internal critical error is detected Note In this case please inform our technical support and include the data given in the email The specified file should also be sent for examination Edit The Edit button opens the Email template window in which you can configure the notification for a Critical error in Realtime Protection event You have the option of inserting text for the subject line and body of the email You can use variables for this purpose see Email Template Recipient s Enter the
182. otocol rule e Outgoing Rules e Buttons to manage the rules A predefined adapter rule depends on the security level You can change the Security level under Online protection gt FireWall in the Control Center or define your own adapter rules If you have defined your own adapter rules the Security level in the FireWall section of the Control Center is set to Custom Avira Professional Security User Manual Status 23 Sep 2011 119 Ro AV RA Reference Configuration options Note The default Security level setting for all predefined rules of the Avira FireWall is Medium ICMP protocol The Internet Control Message Protocol ICMP is used to exchange error and information messages on networks The protocol is also used for status messages with ping or tracer With this rule you can define the incoming and outgoing blocked message types the behavior in case of flooding and the reaction to fragmented ICMP packets This rule serves for preventing so called ICMP flood attacks which results in an increase of the CPU load of the attacked machine as it responds to every packet Predefined rules for the ICMP protocol Setting Rules Low Incoming blocked types no type Outgoing blocked types no type Assume flooding if delay between packets is less than 50 ms Reject fragmented ICMP packets Medium Same rule as for the Low level High Incoming blocked types several types Outgoing blocked types several types
183. ous I frames option allows you to check and block the loading of I Frames Block suspicious I frames If this option is enabled I Frames on the web pages you request are scanned according to certain criteria If there are suspect I Frames on a requested web page the I Frame is blocked An error message is displayed in the I Frame window Action on detection You can define the actions to be performed by Web Protection when a virus or unwanted program is detected Options available in expert mode only Interactive If this option is enabled a dialog box appears when a virus or unwanted program is detected during an on demand scan in which you can choose what is to be done with the affected file This option is enabled as the default setting Show progress bar If this option is enabled a desktop notification appears with a download progress bar if a download of website content exceeds a 20 second timeout This desktop notification is designed in particular for downloading websites with larger data volumes If you are surfing with Web Protection website contents are not downloaded incrementally in the Internet browser as they are scanned for viruses and malware before being displayed in the Internet browser This option is disabled as the default setting Permitted actions Avira Professional Security User Manual Status 23 Sep 2011 156 Ro AV RA Reference Configuration options In this box actions can be specified which
184. ous file You consider a file to be suspicious and have therefore moved this file to quarantine but a scan of the file for viruses and malware is negative Suspicion of false positive You assume that a virus detection is a false positive Your Avira product reports a detection in a file which is very unlikely to have been infected by malware Avira Professional Security User Manual Status 23 Sep 2011 50 RR AV RA Overview of Avira Professional Security Note The size of the files you upload is limited to 20 MB uncompressed or 8 MB compressed If you want to copy a quarantined object from quarantine to another directory gt Highlight the quarantined object and click on a The dialog Browse For Folder opens from which you can select a directory gt Select a directory where you want to save a copy of the quarantined object and confirm your selection The selected quarantined object is saved to the selected directory Note The quarantined object is not identical to the restored file The quarantined object is encrypted and cannot be executed or read in its original format If you want to export the properties of a quarantined object to a text file Highlight the quarantined object and click on The text file quarantaene Notepad opens containing the data from the selected quarantined object gt Save the text file You can also restore the files in quarantine see Chapter Quarantine Restoring fi
185. ouse a dialog box opens in which you can enter the required IPv4 mask Event database By clicking on the link with the mouse you can choose between Log and Don t log to the event database if the packet complies with the rule Advanced The advanced feature enables content filtering For example packets can be rejected if they contain some specific data at a certain offset If you do not want to use this option do not select a file or choose an empty file Filtered content bytes With a mouse click on the link a dialog box appears in which you can select a file that contains the specific buffer Filtered content mask With a mouse click on the link a dialog box appears in which you can select the specific mask Avira Professional Security User Manual Status 23 Sep 2011 128 Ro AV RA Reference Configuration options Filtered content offset With a mouse click on the link a dialog box appears in which you can define the filtered content offset The offset is computed from where ICMP header ends Predefined rules for IP packets Setting Rules Low Medium High Deny all IP packets Deny IPv4 packets from address 0 0 0 0 with mask 0 0 0 0 Don t log when packet matches rule Allow Deny By clicking on the link with the mouse you can decide whether you want to accept or reject specially defined IP packages IPv4 IPv6 By clicking on the link with the mouse you can choose IPv4 or IP
186. ow Delete The button deletes a selected entry from the list This button is inactive if no entry is selected Examples Skipped URLs www avira com OR www avira com All URLs with the domain www avira com are excluded from Web Protection scans www avira com en pages index php www avira com en support index html Wwww avira com en download index html etc URLs with the domain www avira de are not excluded from Web Protection scans avira com OR avira com All URLs with the second and top level domain avira com are excluded from Web Protection scans The specification implies all existing subdomains for avira com WWW avira com forum avira com etc avira OR avira All URLs with the second level domain avira are excluded from Web Protection scans The specification implies all existing top level domains or subdomains for avira WWW avira com www avira de forum avira com etc domain All URLs containing a second level domain with the string domain are excluded from Web Protection scans www domain com www new domain de www sample domain de net OR net All URLs with the top level domain net are excluded from Web Protection scans www name1 net www name2 net etc Avira Professional Security User Manual Status 23 Sep 2011 162 Ro AV RA Reference Configuration options Warning Enter the URLs you want to exclude from the Web Protection scan as precisely as possible Avoi
187. p 2011 143 S AVIRA Setting Rules Low No incoming data traffic is blocked by the Avira FireWall Medium e Allow established TCP connections on 135 Allow TCP packets from address 0 0 0 0 with mask 0 0 0 0 if local ports in 135 and remote ports in 0 65535 Apply for packets of existing connections Don t log when packet matches rule Advanced Discard packets that have following bytes lt empty gt with mask lt empty gt at offset 0 Deny TCP packets on 135 Deny TCP packets from address 0 0 0 0 with mask 0 0 0 0 if local ports in 135 and remote ports in 0 65535 Apply for all packets Don t log when packet matches rule Advanced Discard packets that have following bytes lt empty gt with mask lt empty gt at offset 0 Monitor TCP healthy data traffic Allow TCP packets from address 0 0 0 0 with mask 0 0 0 0 if local ports in 0 65535 and remote ports in 0 65535 Apply for connection initiation and existing connection packets Don t log when packet matches rule Advanced Discard packets that have following bytes lt empty gt with mask lt empty gt at offset 0 Deny all TCP packets Deny TCP packets from address 0 0 0 0 with mask 0 0 0 0 if local ports are in range 0 65535 and the remote port is in range 0 65535 Apply for all packets Don t log when packet matches rule Advanced Discard packets that have following bytes lt empty gt with mask lt empty gt at offset 0
188. ption is enabled the pre defined deactivate Mail password is required to enable disable Mail Protection Protection Activate If this option is enabled the pre defined deactivate password is required to enable disable the FireWall FireWall Activate If this option is enabled the pre defined deactivate Web password is required to enable disable Web Protection Protection Quarantine If this option is enabled all areas of the quarantine manager protected by a password are enabled By clicking on the relevant box the password enquiry can be disabled or enabled again on request for individual areas Restore If this option is enabled the pre defined affected password is required to restore an object objects Rescan If this option is enabled the pre defined affected password is required to rescan an object objects Avira Professional Security User Manual Status 23 Sep 2011 175 CS AVIRA Reference Configuration options Affected If this option is enabled the pre defined object password is required to display the properties properties of an object Delete If this option is enabled the pre defined affected password is required to delete an object objects Send email to Avira If this option is enabled the pre defined password is required to send an object to the Avira Malware Research Center for examination Copying affected objects If this option is enabled the pre defined password
189. r more ports were scanned in 5 000 milliseconds When detected log attacker s IP and don t add rule to block the attack Medium Assume a UDP Port Scan if 50 or more ports were scanned in 5 000 milliseconds When detected log attacker s IP and add rule to block the attack High Same rule as for Medium level Ports With a mouse click on the link a dialog box appears in which you can enter the number of ports that must have been scanned so that a UDP Port Scan is assumed Port scan time window With a mouse click on this link a dialog box appears in which you can enter the time span for a certain number of port scans so that a UDP Port Scan is assumed Event database With a mouse click on the link you have the choice between log and don t log the attacker s IP address Rule With a mouse click on the link you have the choice between add and don t add the rule to block the UDP port scan attack Avira Professional Security User Manual Status 23 Sep 2011 122 Ro AV RA Reference Configuration options Incoming Rules Incoming rules are defined to control incoming data traffic by the Avira FireWall Predefined rules for the TCP traffic monitor Avira Professional Security User Manual Status 23 Sep 2011 123 CS AVIRA Reference Configuration options Setting Rules Low No incoming data traffic is blocked by the Avira FireWall Medium Allow Established TCP Connections on
190. r provide general amusement without causing harm or reproducing When a joke program is loaded the computer will usually start at some point to play a tune or display something unusual on the screen Examples of jokes are the washing machine in the disk drive DRAIN COM or the screen eater BUGSRES COM But beware All symptoms of joke programs may also originate from a virus or Trojan At the very least users will get quite a shock or be thrown into such a panic that they themselves may cause real damage Thanks to the extension of its scanning and identification routines your Avira product is able to detect joke programs and eliminate them as unwanted programs if required If the option Jokes is enabled with a check mark in the configuration under Threat categories a corresponding alert is issued if a joke program is detected Phishing Phishing also known as brand spoofing is a clever form of data theft aimed at customers or potential customers of Internet service providers banks online banking services Avira Professional Security User Manual Status 23 Sep 2011 76 R AV RA Viruses and more registration authorities When submitting your email address on the Internet filling in online forms accessing newsgroups or websites your data can be stolen by Internet crawling spiders and then used without your permission to commit fraud or other crimes Your Avira product recognizes Phishing If the option Phishing is enab
191. r the heuristic of the scan engine Options available in expert mode only Avira products contain very powerful heuristics that can proactively uncover unknown malware i e before a special virus signature to combat the damaging element has been created and before a virus guard update has been sent Virus detection involves an extensive analysis and investigation of the affected codes for functions typical of malware If the code being scanned exhibits these characteristic features it is reported as being suspicious This does not necessarily mean that the code is in fact malware False positives do sometimes occur The decision on how to handle affected code is to be made by the user e g based on his or her knowledge of whether the source of the code is trustworthy or not Macrovirus heuristic Your Avira product contains a highly powerful macrovirus heuristic If this option is enabled all macros in the relevant document are deleted in the event of a repair alternatively suspect documents are only reported i e you receive an alert This option is enabled as the default setting and is recommended Advanced Heuristic Analysis and Detection AHeAD Enable AHeAD Your Avira program contains a very powerful heuristic in the form of Avira AHeAD technology which can also detect unknown new malware If this option is enabled Avira Professional Security User Manual Status 23 Sep 2011 169 RR AV RA Reference Configuration opti
192. ropriate deactivate jobs that are not to be performed Use the following icons to further define your jobs View properties of a job Edit job Delete job Start job Stop job Avira Professional Security User Manual Status 23 Sep 2011 43 Ro AV RA Overview of Avira Professional Security 4 2 8 Targeted scan for Rootkits and active malware To scan for active rootkits use the predefined scan profile Scan for Rootkits and active malware To scan for active rootkits systematically gt Go to Control Center and select the section PC protection gt System Scanner Predefined scan profiles appear gt Select the predefined scan profile Scan for Rootkits and active malware Where appropriate highlight other nodes and directories to be scanned by clicking the check box of the directory level gt Click the icon Windows XP p or Windows Vista Se The Luke Filewalker window appears and a system scan is started When the scan is completed the results are displayed 4 2 9 React to detected viruses and malware For the individual protection components of your Avira product you can define how your Avira product reacts to a detected virus or unwanted program in the Configuration under the section Action on detection No configurable action options are available for the ProActiv component of the Realtime Protection Notification of a detection is always given in the Realtime Protection Suspicious applic
193. s The section Applications to be skipped lists the applications excluded from monitoring by the ProActiv component signed programs classified as trusted and included in list by default all applications classified as trusted and added to the application filter You can add permitted applications to the list in Configuration You also have the option of adding applications to suspicious program behavior via Realtime Protection notifications by using the Trusted program option in the Realtime Protection notification Applications to be skipped Application The list contains applications excluded from monitoring by the ProActiv component In the default installation settings the list contains signed applications from trusted vendors You have the option of adding applications that you consider to be trustworthy via the configuration or via Realtime Protection notifications The ProActiv component identifies applications using the path the file name and the content We recommend checking the content as malware can be added to a program through changes such as updates You can determine whether a contents check should be performed from the Type specified For the Contents type the applications specified by path and file name are checked for changes to the file content before they are excluded from monitoring by the ProActiv component If the file contents have been modified the application is again monitored by the ProActiv component For the Path
194. s The entries in the list must not result in more than 6000 characters in total Avira Professional Security User Manual Status 23 Sep 2011 102 Ro AV RA Reference Configuration options When entering the process Unicode symbols are accepted You can therefore enter process or directory names containing special symbols Drive information must be entered as follows Drive letter The colon symbol is only used to specify drives When specifying the process you can use the wildcards any number of characters and a single character C Program Files Application application exe C Program Files Application applicatio exe J C Program Files Application applic exe FE C Program Files Application exe To avoid the process being excluded globally from monitoring by Realtime Protection specifications exclusively comprising the following characters are invalid asterisk question mark forward slash backslash dot colon You have the option of excluding processes from monitoring by the Realtime Protection without full path details For example application exe This however only applies to processes where the executable files are located on hard disk drives Full path details are required for processes where the executable files are located on connected drives e g network drives Please note the general information on the notation of Exceptions on connected network
195. s e g www domainname com You can specify parts of the URL using leading or following dots to indicate the domain level domainname com for all pages and all subdomains of the domain Indicate websites with any top level domain com or net with a following dot domainname If you indicate a string without a leading or concluding dot the string is interpreted as a top level domain e g net for all NET domains www domain net Note You can also use the wildcard for any number of characters when specifying URLs You can also use leading or following dots in combination with wildcards to indicate the domain level Avira Professional Security User Manual Status 23 Sep 2011 161 Ro AV RA Reference Configuration options domainname domainname com name com valid but not recommended Specifications without dots like name are interpreted as part of a top level domain and are not advisable Warning All websites on the list of excluded URLs are downloaded into the Internet browser without further scanning by the web filter or by Web Protection For all entries in the list of excluded URLs the entries in the web filter see Web Protection gt Scan gt Blocked requests are ignored No scan for viruses and malware is performed Only trusted URLs should therefore be excluded from Web Protection scans Add The button allows you to copy the URL entered in the input field Internet address to the viewer wind
196. s are scanned for viruses or unwanted programs irrespective of their content and file extension The filter is not used Note If All files is enabled the button File extensions cannot be selected Use smart extensions If this option is enabled the selection of the files scanned for viruses or unwanted programs is automatically chosen by the program This means that your Avira program decides whether the files are scanned or not based on their content This procedure is somewhat slower than Use file extension list but more secure since not only on the basis of the file extension is scanned This option is enabled as the default setting and is recommended Avira Professional Security User Manual Status 23 Sep 2011 83 Ro AV RA Reference Configuration options Note If Use smart extensions is enabled the button File extensions cannot be selected Use file extension list If this option is enabled only files with a specified extension are scanned All file types that may contain viruses and unwanted programs are preset The list can be edited manually via the button File extension Note If this option is enabled and you have deleted all entries from the list with file extensions this is indicated with the text No file extensions under the button File extensions File extensions With the aid of this button a dialog box is opened in which all file extensions are displayed that are scanned in Use file extension li
197. s in Austria and Switzerland in Germany the number is set to change to 09x0 in the medium term Once installed on the computer these programs guarantee a connection via a suitable premium rate number whose scale of charges can vary widely The marketing of online content via your telephone bill is legal and can be of advantage to the user Genuine dialers leave no room for doubt that they are used deliberately and intentionally by the user They are only installed on the user s computer subject to the user s consent which must be given via a completely unambiguous and clearly visible labeling or request The dial up process of genuine dialers is clearly displayed Moreover genuine dialers tell you the incurred costs exactly and unmistakably Unfortunately there are also dialers which install themselves on computers unnoticed by dubious means or even with deceptive intent For example they replace the Internet user s default data communication link to the ISP Internet Service Provider and dial a cost incurring and often horrendously expensive 0190 0900 number every time a connection is made The affected user will probably not notice until his next phone bill that an unwanted 0190 0900 dialer program on his computer has dialed a premium rate number with every connection resulting in dramatically increased costs We recommend that you ask your telephone provider to block this number range directly for immediate protection against undesired dia
198. s long as only the System Scanner is running the speed is maximum All in all work with other programs is optimal The computer responds more quickly if other programs require computation time while the System Scanner continues running in the background normal The System Scanner is executed with normal priority All processes are allocated the same amount of processor time by the operating system This option is enabled as the default setting and is recommended Under certain circumstances work with other applications may be affected high The System Scanner has the highest priority Simultaneous work with other applications is almost impossible However the System Scanner completes its scan at maximum speed Avira Professional Security User Manual Status 23 Sep 2011 86 Ro AV RA Reference Configuration options Action on detection You can define the actions to be performed by System Scanner when a virus or unwanted program is detected Options available in expert mode only Interactive If this option is enabled the results of the System Scanner scan are displayed in a dialog box When carrying out a scan with the System Scanner you will receive an alert with a list of the affected files at the end of the scan You can use the content sensitive menu to select an action to be executed for the various infected files You can execute the standard actions for all infected files or cancel the System Scanner Note In the
199. s terminated The actions of the application continue to be monitored by the ProActiv component Always block this program The application is blocked i e the application is terminated The program is added to list of blocked applications and can no longer be run see Configuration Realtime Protection gt ProActiv gt Application filter Applications to be blocked Ignore The application continues to run The actions of the application continue to be monitored by the ProActiv component Mail Protection actions Incoming emails Move to quarantine The email including all attachments is moved to quarantine The affected email is deleted The body of the text and any attachments of the email are replaced by a default text Delete mail The affected email is deleted The body of the text and any attachments of the email are replaced by a default text Delete attachment The infected attachment is replaced by a default text If the body of the email is affected it is deleted and also replaced by a default text The email itself is delivered Avira Professional Security User Manual Status 23 Sep 2011 47 R AV RA Overview of Avira Professional Security Move attachment to quarantine The infected attachment is placed in quarantine and then deleted replaced by a default text The body of the email is delivered The affected attachment can later be delivered via the quarantine manager Ignore The affected email is delivere
200. select Advanced filtering again the existing advanced application rules will be reactivated and displayed in the Application rules configuration window Application details In this box you can see details of the application selected in the application list box e Name Name of the application e Path Full path to the executable file Avira Professional Security User Manual Status 23 Sep 2011 133 Ro AV RA Reference Configuration options Buttons Button Description Add Allows you to create a new application rule If you press this button a application dialog box is opened Here you can select the required application for creating a new rule Remove rule Removes the selected application rule Show details The window Properties displays the details of the application selected in the application list box Option available in expert mode only Reload Reloads the list of applications and simultaneously discards the changes just made 11 5 3 Trusted vendors A list of trusted software producers is displayed under Trusted vendors Options available in expert mode only You can add remove producers to from the list using the Always trust this provider option in the Network Event popup window You can allow network access from applications that are signed by the listed providers by default by enabling the Automatically allow applications created by trusted vendors option Trusted ve
201. shing and malware URLs Web Protection prevents the transfer of data from the Internet to your computer system Options available in expert mode only Web Protection blocks the following file types MIME Types All file types and MIME types content types for the transferred data in the list are blocked by Web Protection Input box In this box enter the names of the MIME types and file types you want Web Protection to block For file types enter the file extension e g htm For MIME types indicate the media type and where applicable sub type The two statements are separated from one another by a single slash e g video mpeg or audio x wav Note Files which are already stored on your system as temporary Internet files and blocked by Web Protection can however be downloaded locally from the Internet by your computer s Internet browser Temporary Internet files are files saved on your computer by the Internet browser so that websites can be accessed more quickly Note The list of blocked file and MIME types is ignored if they are entered in the list of excluded file and MIME types under Web Protection Scan Exceptions Avira Professional Security User Manual Status 23 Sep 2011 158 Ro AV RA Reference Configuration options Note No wildcards for any number of characters or for a single character can be used when entering file types and MIME types MIME types Examples for media types text for text
202. sing the computer access security mechanisms A program that is being executed in the background generally enables the attacker almost unlimited rights User s personal data can be spied with the backdoor s help But are mainly used to install further computer viruses or worms on the relevant system Avira Professional Security User Manual Status 23 Sep 2011 77 R AV RA Viruses and more Boot viruses The boot or master boot sector of hard disks is mainly infected by boot sector viruses They overwrite important information necessary for the system execution One of the awkward consequences the computer system cannot be loaded any more Bot Net A bot net is defined as a remote network of PCs on the Internet that is composed of bots that communicate with each other A bot net can comprise a collection of cracked machines running programs usually referred to as worms Trojans under a common command and control infrastructure Bot nets serve various purposes including denial of service attacks etc usually without the affected PC user s knowledge The main potential of bot nets is that the networks can achieve grow to thousands of computers and their total bandwidth exceeds most conventional Internet accesses Exploit An exploit security gap is a computer program or script that takes advantage of a bug glitch or vulnerability leading to privilege escalation or denial of service on a computer system One form of exploi
203. sive scan Archives in archives are also unpacked and scanned for viruses and unwanted programs The files are scanned decompressed and scanned again Options available in expert mode only Scan archives If this option is enabled the selected archives in the archive list are scanned This option is enabled as the default setting All archive types If this option is enabled all archive types in the archive list are selected and scanned Smart Extensions If this option is enabled the System Scanner detects whether a file is a packed file format archive even if the file extension differs from the usual extensions and scans the archive However every file must be opened for this which reduces the scanning speed Example If a zip archive has the file extension xyz the System Scanner also unpacks this archive and scans it This option is enabled as the default setting Note Only those archive types marked in the archive list are supported Limit recursion depth Unpacking and scanning recursive archives can require a great deal of computer time and resources If this option is enabled you limit the depth of the scan in multi packed archives to a certain number of packing levels maximum recursion depth This saves time and computer resources Avira Professional Security User Manual Status 23 Sep 2011 91 Ro AV RA Reference Configuration options Note In order to find a virus or an unwanted program in an archive
204. splayed in the Action column gt Click on Rules to open the window for creating specific application rules Specified application rules in the advanced configuration Using the specified application rules you can allow or deny specified data traffic for the application or you can allow or deny passive listening to individual ports The following options are available Allow Deny Code injection Code injection is a technique for introducing code into the address space of another process to execute actions forcing this process to load a dynamic link library DLL Code injection is used by malware amongst other things to execute code under cover of another program In this way access to the Internet in front of the FireWall can be hidden In default mode code injection is enabled for all signed applications Allow Deny passive listening to the application of ports Allow Deny Traffic Allow or deny incoming and or outgoing IP packets Allow or deny incoming and or outgoing TCP packets Allow or deny incoming and or outgoing UDP packets You can create as many application rules as you like for each application The application rules are executed in the sequence shown You will find more information under Advanced application rules Note If you switch from Advanced to Basic filtering of an application rule the already existing application rules in the advanced configuration are simply deactivated not irretrievably deleted When you
205. ss the Internet options in the Extras menu in Internet Explorer Warning If you are using a proxy server which requires authentication enter all the required data under the option Use this proxy server The Use proxy system settings option can only be used for proxy servers without authentication Use this proxy server If your web server connection is set up via a proxy server you can enter the relevant information here Address Enter the computer name or IP address of the proxy server you want to use to connect to the web server Port Please enter the port number of the proxy server you want to use to connect to the web server Avira Professional Security User Manual Status 23 Sep 2011 179 Ro AV RA Reference Configuration options Login name Enter a user name to log in on the proxy server Login password Enter the relevant password for logging in on the proxy server here For security reasons the actual characters you type in this space are replaced by asterisks Examples Address proxy domain com Port 8080 Address 192 168 1 100 Port 3128 11 9 6 Alerts Network alerts You can send individually configurable alerts from the System Scanner or from the Realtime Protection to any workstations in your network Note Please check whether the Message service has been started You will find the service i e in Windows XP for example under Start Settings System control Administratio
206. st mode Default entries are set for the extensions but entries can be added or deleted Note Please note that the default list may vary from version to version Additional settings Scan boot sectors of selected drives If this option is enabled the System Scanner scans the boot sectors of the drives selected for the system scan This option is enabled as the default setting Scan master boot sectors If this option is enabled the System Scanner scans the master boot sectors of the hard disk s used in the system Ignore offline files If this option is enabled the direct scan ignores so called offline files completely during a scan This means that these files are not scanned for viruses and unwanted programs Offline files are files that were physically moved by a so called Hierarchical Storage Management System HSMS from the hard disk onto a tape for example This option is enabled as the default setting Integrity checking of system files When this option is enabled the most important Windows system files are subjected to a particularly secure check for changes by malware during every on demand scan If Avira Professional Security User Manual Status 23 Sep 2011 84 Ro AV RA Reference Configuration options an amended file is detected this is reported as suspect This function uses a lot of computer capacity That is why the option is disabled as the default setting Note This option is only available with
207. stallation and uninstallation 3 8 Uninstallation If you wish to remove the Avira product from your computer you can use the option Add or Remove Programs to Change Remove programs in the Windows Control Panel To uninstall your Avira product e g in Windows XP and Windows Vista Open the Control Panel via the Windows Start menu Double click on Programs Windows XP Software gt Select your Avira product in the list and click Remove You will be asked if you really want to remove the program gt Click Yes to confirm You will be asked if you want to re enable Windows Firewall the Avira FireWall is disabled gt Click Yes to confirm All components of the program are removed gt Click Finish to complete uninstallation Where appropriate a dialog box appears recommending that your computer be restarted gt Click Yes to confirm The Avira product is now uninstalled and all directories files and registry entries for the program are deleted when your computer is restarted 3 9 Installation and uninstallation on the network To simplify installation of Avira products on a network of multiple client computers for the system administrator your Avira product has a special procedure for the initial installation and the change installation For automatic installation the setup program works with the control file setup inf The setup program presetup exe is contained in the program s installation pac
208. start the service manually by selecting the relevant line and the button Start If an error message appears please check the event display If this is not successful you may have to completely uninstall the Avira product via Start gt Avira Professional Security User Manual Status 23 Sep 2011 63 CG AVIRA FAQ Ts Settings gt Control Panel gt Add or Remove Programs restart the computer and then reinstall your Avira product General POP3 connections encrypted via SSL Secure Sockets Layer also frequently referred to as TLS Transport Layer Security cannot currently be protected and are ignored Verification to the mail server is currently only supported via passwords Kerberos and RPA are not currently supported Your AntiVir program does not check outgoing emails for viruses and unwanted programs Note We recommend regularly installing Microsoft updates to close any gaps in security There is no network connection available in a virtual machine e g VMWare Virtual PC if Avira FireWall is installed on the host machine and the security level of Avira FireWall is set to medium or high If Avira FireWall is installed on a computer on which a virtual machine for example VMWare virtual PC etc is also running the Avira FireWall will block all network connections for the virtual machine when the security level of the Avira FireWall is set to medium or high If the security level is set to low the FireWa
209. started and copied automatically This functionality carries with it a high security risk however as malware and unwanted programs can be installed with the automatic start The autostart function is especially critical for USB sticks as data on a stick can be changed at any time Exclude CDs and DVDs When this option is enabled the autostart function is permitted on CD and DVD drives Warning Only disable the autostart function for CD and DVD drives if you are sure you are only using trusted data media System protection Protect Windows hosts files from changes If this option is set to activated the Windows hosts files are write protected Manipulation is no longer possible For example malware is not able to redirect you to undesired websites This option is activated as the default setting Product protection Note The product protection options are not available if the Realtime Protection has not been installed using the user defined installation option Protect processes from unwanted termination If this option is enabled all processes of the program are protected against unwanted termination by viruses and malware or against uncontrolled termination by a user e g via Task Manager This option is enabled as the default setting Advanced process protection If this option is enabled all processes of the program are protected with advanced options against unwanted termination Advanced process protection requires
210. t Settings Control Panel System Index card Advanced Button Environment Variables The temporary variables TEMP TMP for the currently registered user and for system variables TEMP TMP are shown here with their relevant values Use following directory If this option is enabled the path displayed in the input box is used Input box In this input box enter the path where the program will store its temporary files L The button opens a window in which you can select the required temporary path Default The button restores the pre defined directory for the temporary path Avira Professional Security User Manual Status 23 Sep 2011 193 Ro AV RA Reference Configuration options Report directory Input box This input box contains the path to the report directory L The button opens a window in which you can select the required directory Default The button restores the pre defined path to the report directory Quarantine directory Input box This box contains the path to the quarantine directory L The button opens a window in which you can select the required directory Default The button restores the predefined path to the quarantine directory Avira Professional Security User Manual Status 23 Sep 2011 194 This manual was created with great care However errors in design and contents cannot be excluded The reproduction of this publication or parts thereof in any form is proh
211. t connection is not established The same applies to Avira Mail Protection Otherwise gt Check the startup type of the Avira Realtime Protection service If necessary enable the service In the taskbar select Start Settings Control Panel Start the Avira Professional Security User Manual Status 23 Sep 2011 62 S AVIRA FAQ Tips configuration panel Services with a double click under Windows 2000 and Windows XP the services applet is located in the sub directory Administrative Tools Find the entry Avira Realtime Protection Automatic must be entered as the startup type and Started as the status If necessary start the service manually by selecting the relevant line and the button Start If an error message appears please check the event display The computer is extremely slow when I perform a data back up Reason During the backup procedure Avira Realtime Protection scans all files being used by the backup procedure P Select Realtime Protection gt Scan gt Exceptions in the Configuration expert mode and enter the process names of the back up software My firewall reports Avira Realtime Protection and Avira Mail Protection immediately after activation Reason Communication with Avira Realtime Protection and Avira Mail Protection occurs via the TCP IP Internet protocol A firewall monitors all connections via this protocol gt Define a general approval for Avira Realtime Protection and Avira Mail Protection
212. t network event detailed information is not displayed for the following network event 11 7 Web Protection The Web Protection section under Configuration gt Online protection is responsible for the configuration of the Web Protection Options available in expert mode only 11 7 1 Scan Web Protection protects you against viruses or malware that reach your computer from web pages that you load on your web browser from the Internet The Scan options can be Avira Professional Security User Manual Status 23 Sep 2011 155 Ro AV RA Reference Configuration options used to set the behavior of the Web Protection component Options available in expert mode only Scan Enable Web Protection If this option is enabled the Web Protection feature is active Enable IPv6 support If this option is enabled Internet Protocol version 6 is supported by the Web Protection Drive by protection Drive by protection allows you to make settings to block I Frames also known as inline frames I Frames are HTML elements i e elements of Internet pages that delimit an area of a web page I Frames can be used to load and display different web content usually other URLs as independent documents in a sub window of the browser I Frames are mostly used for banner advertising In some cases I Frames are used to conceal malware In these cases the area of the I Frame is mostly invisible or almost invisible in the browser The Block suspici
213. t one of the time options in the box and change it using the arrow key to the right of the input box Start job while connecting to the Internet dial up If this option is enabled in addition to the specified update interval the update job is performed every time an Internet connection is established Option available in expert mode only Repeat job if the time has already expired If this option is enabled past update jobs are performed that could not be performed at the time specified for example because the computer was switched off Option available in expert mode only Download via web server The update is performed via a web server using an HTTP connection You can use a proprietary web server on the Internet or a web server on an intranet which obtains the update files from a proprietary download server on the Internet Note You can access further settings for updating via a web server under Configuration Local protection Update Web server If this option is enabled you can configure the Web server and where necessary the proxy server via file server shared folders The update is performed via a file server on an intranet which obtains the update files from a proprietary download server on the Internet Note You can access further settings for updating via a file server under Configuration gt Local protection gt Update gt File server If this option is enabled you can configure the file
214. t the check box for those programs that should be removed automatically from your computer and click Next gt You have to confirm manually the uninstallation of some programs Select the programs and click Next The uninstallation of one or more of the selected programs requires a restart of your computer After reboot the installation will continue Warning Your computer will not be protected until the installation of the Avira product is finished Note If the Avira product on your computer is administered by the Avira Management Console AMC you will not be asked to remove incompatible software programs yourself Avira Professional Security User Manual Status 23 Sep 2011 14 R AVI RA Installation and uninstallation Install The installation program runs in self explanatory dialog mode Every window contains a certain selection of buttons to control the installation process The most important buttons are assigned the following functions Avira Professional Security User Manual Status 23 Sep 2011 OK Confirm action Abort Abort action Next Go to next step Back Go to previous step gt Establish an internet connection The Internet connection is necessary for performing the following installation steps Downloading the current program file and scan engine as well as the latest virus definition files via the installation program for internet based installation Where appropriate carrying o
215. tation for example is an attack from the Internet with the help of manipulated data packages Programs can be infiltrated in order to obtain higher access Fraudulent software Also known as scareware or rogueware it is a fraudulent software that pretends that your computer is infected by viruses or malware This software looks deceptively similar to professional Antivirus software but is meant to raise uncertainty or to scare the user Its purpose is to make the victims feel threatened of imminent unreal danger and to make them pay to eliminate it There are also cases when the victims are lead to believe they were attacked and they are instructed to carry out an action which in reality is the real attack Hoaxes For several years Internet and other network users have received alerts about viruses that are purportedly spread via email These alerts are spread via email with the request that they should be sent to the highest possible number of colleagues and to other users in order to warn everyone against the danger Honeypot A honeypot is a service program or server installed in a network Its function is to monitor a network and log attacks This service is unknown to the legitimate user because of this Avira Professional Security User Manual Status 23 Sep 2011 78 R AV RA Viruses and more reason he is never addressed If an attacker examines a network for the weak points and uses the services which are offered
216. te the further information when specifying exceptions In order to also exclude objects when they are accessed with short DOS file names DOS name convention 8 3 the relevant short file name must also be entered in the list A file name that contains wildcards may not be terminated with a backslash For example C Program Files Application applic exe This entry is not valid and not treated as an exception Please note the following with regard to exceptions on connected network drives If you use the drive letter of the connected network drive the files and folders specified are NOT excluded from the Realtime Protection scan If the UNC path in the list of exceptions differs from the UNC path used to connect to the network drive IP address specification in the list of exceptions specification of computer name for connection to network drive the specified folders and files are NOT excluded by the Realtime Protection scan Locate the relevant UNC path in the Realtime Protection report file lt Computer name gt lt Enable gt OR lt IP address gt lt Enable gt You can locate the path Realtime Protection uses to scan for infected files in the Realtime Protection report file Indicate exactly the same path in the list of exceptions Proceed as follows Set the protocol function of the Realtime Protection to Complete in the configuration under Realtime Protection gt Report Now access the files folders mounted drives or connecte
217. tection High performance multithreading function simultaneous high speed scanning of multiple files Avira FireWall for protecting your computer from unauthorized access from the Internet or another network and from unauthorized access to the Internet network by unauthorized users 2 2 System requirements The system requirements are as follows Computer Pentium or later at least 1 GHz Operating system Windows XP SP2 32 or 64 bit or Windows Vista 32 or 64 bit SP1 or Windows 7 32 or 64 bit At least 150 MB of free hard disk memory space more if using quarantine for temporary storage At least 512 MB RAM under Windows XP At least 1024 MB RAM under Windows Vista Windows 7 Avira Professional Security User Manual Status 23 Sep 2011 10 R AV RA Product information e For the program installation Administrator rights e For all installations Windows Internet Explorer 6 0 or higher e Internet connection where appropriate see Installation 2 3 Licensing and Upgrade In order to be able to use your Avira product you require a license You thereby accept the license terms The license is issued via a digital license code in the form of the file hbedv key This digital license code is the key to your personal license It contains exact details of which programs are licensed to you and for what period of time A digital license code can therefore also contain the license for more than one product If you
218. tection Web Protection Mail Protection B Administration Quarantine Scheduler Reports Events Avira Professional Security wv Your computer is secure All services are working correctly PC protection Realtime Protection P Scan system Last scan s Start update Last update Your product is activated s Renew 8 31 2011 8 31 2011 12 31 2011 Overview of Avira Professional Security Internet protection Firewall Web Protection Mail Protection Presentation Mode The Control Center window is divided into three areas The Menu bar the Navigation bar and the detail window Status e Menu bar In the Control Center menu bar you can access general program functions and information on the program e Navigation area In the navigation area you can easily swap between the individual sections of the Control Center The individual sections contain information and functions of the program components and are arranged in the navigation bar according to activity Example Activity Local Protection Section Realtime Protection e Status This window shows the section selected in the navigation area Depending on the section you will find buttons to execute functions and actions in the upper bar of the detail window Data or data objects are displayed in lists in the individual sections You can sort the lists by clicking in the box defining how you wish to sort the list 4 1 2 Starting and closing of Control Ce
219. tem Help gt About Avira Professional Security Version information See Version information e Operating system version and any Service Packs installed Installed software packages e g anti virus software of other vendors e Exact messages of the program or of the report file Avira Professional Security User Manual Status 23 Sep 2011 81 CG AVIRA Kita 10 3 Suspicious file Viruses that may not yet be detected or removed by our products or suspect files can be sent to us We provide you with several ways of doing this e Identify the file in the quarantine manager of the Control Center and select the item Send file via the context menu or the corresponding button e Send the required file packed WinZIP PKZip Arj etc in the attachment of an email to the following address virus professional avira com As some email gateways work with anti virus software you should also provide the file s with a password please remember to tell us the password e You can also send us the suspicious file via our website http www avira com sample upload 10 4 Reporting false positives If you believe that your Avira product is reporting a detection in a file that is most likely clean send the relevant file packed WinZIP PKZip Arj etc as an email attachment to the following address virus professional avira com As some email gateways work with anti virus software you should also provide the file s with a password ple
220. the System Scanner must scan up to the recursion level in which the virus or the unwanted program is located Maximum recursion depth In order to enter the maximum recursion depth the option Limit recursion depth must be enabled You can either enter the requested recursion depth directly or by means of the right arrow key on the entry field The permitted values are 1 to 99 The standard value is 20 which is recommended Default values The button restores the pre defined values for scanning archives Archives In this display area you can set which archives the System Scanner should scan For this you must select the relevant entries Exceptions File objects to be omitted for the System Scanner Options available in expert mode only The list in this window contains files and paths that should not be included by the System Scanner in the scan for viruses or unwanted programs Please enter as few exceptions as possible here and really only files that for whatever reason should not be included in a normal scan We recommend that you always scan these files for viruses or unwanted programs before they are included in this list Note The entries in the list must not result in more than 6000 characters in total Warning These files are not included in a scan Note The files included in this list are recorded in the report file Please check the report file from time to time for unscanned files as perhaps the reason you ex
221. the monitoring of POP3 accounts IMAP accounts outgoing emails SMTP Actions on malware Mail Protection scan heuristics Mail Protection scan exceptions Avira Professional Security User Manual Status 23 Sep 2011 34 Ro AV RA Overview of Avira Professional Security Configuration of cache empty cache Configuration of a footer in sent emails Report function setting e Web Protection Configuration of Web Protection Scan options enabling and disabling the Web Protection Action on detection Blocked access Unwanted file types and MIME types Web filter for known unwanted URLS malware phishing etc Web Protection scan exceptions URLs file types MIME types Web Protection heuristics Report function setting e FireWall Configuration of the FireWall Adapter rule setting User defined application rule settings List of trusted vendors exceptions for network access by applications Expanded settings Timeout for rules lock Windows host file stop Windows FireWall notifications Popup settings alerts for network access by applications e General Configuration of email using SMTP Extended risk categories for on demand and on access scan Password protection for access to the Control Center and the Configuration Security Update status display complete system scan status display product protection WMI Enable WMI support Event log configuration Configuratio
222. the mouse you can decide whether to write to a report file or not if the package complies with the rule The advanced feature enables content filtering For example packets can be rejected if they contain some specific data at a certain offset If you do not want to use this option do not select a file or choose an empty file Avira Professional Security User Manual Status 23 Sep 2011 147 Ro AV RA Reference Configuration options Filtered content Data With a mouse click on the link a dialog box appears in which you can select a file that contains the specific buffer Filtered content Mask With a mouse click on the link a dialog box appears in which you can select the specific mask Filtered content Offset With a mouse click on the link a dialog box appears in which you can define the filtered content offset The offset is computed from where UDP header ends Predefined rules for the ICMP traffic data monitor Setting Rules Low Medium Do not discard ICMP based on IP address Allow ICMP packets from address 0 0 0 0 with mask 0 0 0 0 Don t log when packet matches rule Advanced Discard packets that have following bytes empty with mask empty at offset 0 High Same rule as for medium level Accept reject ICMP packets With a mouse click on the link you have the choice to allow or deny special defined incoming ICMP packets IP address By clicking on this link with the mouse a dial
223. the selected workstation when a virus or unwanted program is detected You can edit this message A text may contain a maximum of 500 characters You can use the following key combinations for formatting the message Avira Professional Security User Manual Status 23 Sep 2011 182 CS AVIRA Reference Configuration options Shortcuts Description Ctrl Tab Inserts a tab The current line is indented by several characters to the right Ctrl Enter Inserts a line break The message can include wildcards for information found during the search These wildcards are replaced by the actual text when sent The following wildcards can be used Wildcard Description SVIRUS contains the name of the detected virus or of the unwanted program ZNAME contains the name of the logged in user using the System Scanner SFILES contains the path and file name of the affected file SCOMPUTER contains the name of the computer on which the System Scanner is running SACTIONS contains the action performed after the detection of the virus MACADDR contains the MAC address of the computer on which the System Scanner is running Default The button restores the predefined default text for an alert Realtime Protection email alerts Avira Realtime Protection can send alerts by email to one or more recipients for certain events Email alerts If this option is enabled Avira Realtime Pr
224. the type and manner of a detection Options available in expert mode only Reporting This group allows for the content of the report file to be determined Off If this option is enabled then Realtime Protection does not create a log It is recommended that you should turn off the logging function only in exceptional cases such as if you are executing trials with multiple viruses or unwanted programs Avira Professional Security User Manual Status 23 Sep 2011 110 Ro AV RA Reference Configuration options Default If this option is enabled Realtime Protection records important information concerning detections alerts and errors in the report file with less important information ignored for improved clarity This option is enabled as the default setting Extended If this option is enabled Realtime Protection logs less important information to the report file as well Complete If this option is enabled Realtime Protection logs all available information in the report file including file size file type date etc Limit report file Limit size to n MB If this option is enabled the report file can be limited to a certain size Permitted values are between 1 and 100 MB Around 50 kilobytes of extra space are allowed when limiting the size of the report file to minimize the use of system resources If the size of the log file exceeds the indicated size by more than 50 kilobytes then old entries are deleted until th
225. ther to write to a report file or not if the package complies with the rule The advanced feature enables content filtering For example packets can be rejected if they contain some specific data at a certain offset If you do not want to use this option do not select a file or choose an empty file Avira Professional Security User Manual Status 23 Sep 2011 145 Ro AV RA Reference Configuration options Filtered content Data With a mouse click on the link a dialog box appears in which you can select a file that contains the specific buffer Filtered content Mask With a mouse click on the link a dialog box appears in which you can select the specific mask Filtered content Offset With a mouse click on the link a dialog box appears in which you can define the filtered content offset The offset is computed from where TCP header ends Predefined rules for the UDP traffic data monitor Setting Rules Low Medium e Monitor UDP accepted data traffic Allow UDP packets from address 0 0 0 0 with mask 0 0 0 0 if local port is in 0 66535 and remote port is in 0 66535 Apply rule to open ports Don t log when packet matches rule Advanced Discard packets that have following bytes empty with mask empty at offset 0 e Deny all UDP packets Deny UDP packets from address 0 0 0 0 with mask 0 0 0 0 if local ports are in range 0 65535 and the remote port is in range 0 65535 Apply for all ports Don t log
226. this field you should enter the port to be used as the inbox by the IMAP protocol Multiple ports are separated by commas Option available in expert mode only Avira Professional Security User Manual Status 23 Sep 2011 165 Ro AV RA Reference Configuration options Default This button resets the specified port to the default IMAP port Option available in expert mode only Scan outgoing emails SMTP If this option is enabled outgoing emails are scanned for viruses and malware Monitored ports In this field you should enter the port to be used as the outbox by the SMTP protocol Multiple ports are separated by commas Option available in expert mode only Default This button resets the specified port to the default SMTP port Option available in expert mode only Note To verify the protocols and ports used call up the properties of your email accounts in your email client program Default ports are mostly used Enable IPv6 support If this option is enabled Internet Protocol version 6 is supported by the Mail Protection Option available in expert mode only Action on detection This configuration section contains settings for actions performed when Mail Protection finds a virus or unwanted program in an email or in an attachment Options available in expert mode only Note These actions are performed both when a virus is detected in incoming emails and when a virus is detected in outgoing emails Inter
227. tics available ProActiv technology is integrated into the Realtime Protection component and observes and analyzes the program actions performed The behavior of the program is checked against typical malware action patterns Type of action and action sequences If a program exhibits behavior typical of malware this is treated as a virus detection You have the option of blocking the program or ignoring the notification and continuing to use the program You can classify the program as trusted and add it to the application filter for permitted programs You have the option of adding the program to the application filter for blocked programs using the Always block command The ProActiv component uses rule sets developed by the Avira Malware Research Center to identify suspicious behavior The rule sets are supplied by Avira databases Avira ProActiv sends information on any suspicious programs detected to the Avira databases for logging You have the option of disabling data transmission to the Avira databases Note ProActiv technology is not yet available for 64 bit systems General Options available in expert mode only Avira Professional Security User Manual Status 23 Sep 2011 107 Ro AV RA Reference Configuration options Enable Avira ProActiv If this option is enabled programs on your computer system are monitored and checked for suspicious actions You will receive a message if typical malware behavior is detected You can b
228. tion start time At each computer reboot the Realtime Protection will be started in the start mode specified Note The specified Realtime Protection start mode is saved in the registry and cannot be changed via the Configuration Note When the default start mode for Realtime Protection Normal start has been chosen and the logon process upon startup is carried out fast programs configured to start automatically upon startup might not be scanned because they might be up and running before the Realtime Protection has been started completely gt Enable the required option and continue the configuration by clicking Next Avira Professional Security User Manual Status 23 Sep 2011 19 R AVI RA Installation and uninstallation In the following Select email settings dialog box you can define the Server settings for sending emails Your Avira product uses SMTP to send emails as well as send email alerts Where appropriate make the necessary adjustments to the server settings and continue the configuration by clicking Next n the following System scan dialog box a short system scan can be enabled or disabled The short system scan is performed after the configuration has been completed and before the computer is rebooted and scans running programs and the most important system files for viruses and malware gt Enable or disable the Short system scan option and continue the configuration by clicking Next n the
229. ty Scanning a file is recommended if the virus definition file of your Avira product has been updated and a false positive report is suspected This enables you to confirm a false positive with a rescan and restore the file Highlight the file and click on p The file is scanned for viruses and malware using the system scan settings After the scan the dialog Rescan statistics appears which displays statistics on the status of the file before and after the rescan To delete a file gt Highlight the file and click on gt You have to confirm your choice with Yes If you want to upload the file to a Avira Malware Research Center web server for analysis gt b Highlight the file you want to upload Click on lt A dialog opens with a form for inputting your contact data Enter all the required data Select a type Suspicious file or Suspicion of false positive Select a response format HTML Text HTML amp Text Click OK The file is uploaded to a Avira Malware Research Center web server in compressed form Note In the following cases analysis by the Avira Malware Research Center is recommended Heuristic hits Suspicious file During a scan a file has been classified as suspicious by your Avira product and moved to quarantine Analysis of the file by the Avira Malware Research Center has been recommended in the virus detection dialog box or in the report file generated by the scan Suspici
230. uct and turning off Windows Firewall you will receive the following message Firewall 9 ON a FireWall is currently ON 4 Firewall helps protect your computer against viruses and other security threats How does a Firewall help protect my computer Avira Professional Security User Manual Status 23 Sep 2011 70 S AVIRA FAQ Tips Firewall INACTIVE Firewall off You will receive the following message as soon as you disable the Avira FireWall Eo Firewall reports that it is currently turned off 4 Firewall helps protect your computer from potentially harmful content on the Internet Click Recommendations to learn how to fix this problem How does a firewall help protect my computer Recommendations Note You can enable or disable the Avira FireWall via the Status tab in the Control Center Warning If you turn the Avira FireWall off your computer is no longer prevented by unauthorized users from gaining access to it through a network or the Internet Virus protection software Protection against malicious software You may receive the following information from the Windows Security Center with regard to your virus protection e Virus protection NOT FOUND e Virus protection OUT OF DATE e Virus protection ON e Virus protection OFF e Virus protection NOT MONITORED Virus protection NOT FOUND This information of the Windows Security Center appears when the Windows Security Center has not found any anti v
231. uration of the update in minutes Scanner Updater SLOGFILEPATHS Path and file name of the report System file Scanner Updater Acoustic alerts Options available in expert mode only When a virus or malware is detected by the System Scanner or Realtime Protection an acoustic alert is heard in interactive action mode You can now choose to activate or deactivate the acoustic alert and select an alternative WAVE file for the alert Note The action mode of the System Scanner is set in the configuration under System Scanner gt Scan gt Action on detection The action mode of the Realtime Protection is set in the configuration under Realtime Protection gt Scan gt Action on detection No warning When this option is enabled there is no acoustic alert when a virus is detected by the System Scanner or Realtime Protection Avira Professional Security User Manual Status 23 Sep 2011 190 Ro AV RA Reference Configuration options Use PC speakers only in interactive mode If this option is enabled there is an acoustic alert with the default signal when a virus is detected by the System Scanner or Realtime Protection The acoustic alert is sounded on the PC s internal speaker Use the following WAVE file only in interactive mode If this option is enabled there is an acoustic alert with the selected WAVE file when a virus is detected by the System Scanner or Realtime Protection The selected WAVE file is played over
232. ut an update after completed installation Save the license file hbedv key on your computer system if you want to activate your Avira product Note Internet based installation For the Internet based installation of the program an installation program is provided that loads the current program file prior to installation by the Avira web servers This process ensures that your Avira product is installed with the latest virus definition file Installation with an installation package The installation package contains both the installation program and all necessary program files No language selection for your Avira product is available for installation with an installation package We recommend that you Carry out an update of the virus definition file after installation 3 3 Express installation Installing your Avira product Start the installation program by double clicking the installation file you have downloaded from the Internet or insert the program CD Internet based installation The Welcome screen appears gt Click Next to continue with the installation 15 R AVI RA Installation and uninstallation The dialog Language selection appears gt Select the language you want to use to install your Avira product and confirm your language selection by clicking Next The dialog box Download appears All files necessary for installation are downloaded from the Avira web servers The Download window closes after c
233. v6 IP address By clicking on this link with the mouse a dialog box opens in which you can enter the required IPv4 or IPv6 address IP mask By clicking on this link with the mouse a dialog box opens in which you can enter the required IPv4 or IPv6 mask Event database By clicking on the link with the mouse you can decide whether to write to the event database or not if the packet complies with the rule Incoming IP Protocol rule You can define a rule for incoming or outgoing IP Protocol See Add new rule Allow Deny By clicking on the link with the mouse you can decide whether you want to accept or reject specially defined IP packages Avira Professional Security User Manual Status 23 Sep 2011 129 Ro AV RA Reference Configuration options IP address By clicking on this link with the mouse a dialog box opens in which you can enter the required IPv4 or IPv6 address IP mask By clicking on this link with the mouse a dialog box opens in which you can enter the required IP mask IP Protocol By clicking on this link with the mouse a dialog box opens in which you can enter the required IP protocol Event database By clicking on the link with the mouse you can choose between Log and Don t log to the event database if the packet complies with the rule Outgoing Rules Outgoing rules are defined to control outgoing data traffic by the Avira FireWall You can define an outgoing rule for one of the following
234. with a customized scan profile Create and apply new scan profile If you want to create your own scan profile Depending on the operating system various icons are available for starting a scan profile e In Windows XP and 2000 This icon starts the scan via a scan profile e In Windows Vista In Microsoft Windows Vista the Control Center only has limited rights at the moment e g for access to directories and files Certain actions and file accesses can only be performed in the Control Center with extended administrator rights These extended administrator rights must be granted at the start of each scan via a scan profile This icon starts a limited scan via a scan profile Only directories and files that Windows Vista has granted access rights to are scanned S This icon starts the scan with extended administrator rights After confirmation all directories and files in the selected scan profile are scanned To scan for viruses and malware with a scan profile Goto Control Center and select the section PC protection gt System Scanner Predefined scan profiles appear gt Select one of the predefined scan profiles OR Adapt the scan profile Manual selection Avira Professional Security User Manual Status 23 Sep 2011 40 RR AV RA Overview of Avira Professional Security OR Create a new scan profile gt Click the icon Windows XP or Windows Vista Se gt The Luke Filewalker window appears a
235. work connection a popup is triggered Alternatively you will be informed only on the first connection attempt This option is disabled as the default setting Remember the action for this application Always enabled When this option is enabled the option Hemember action for this application of the dialog box Network event is enabled as the default setting Always disabled When this option is enabled the option Hemember action for this application of the dialog box Network event is disabled as the default setting Enabled for signed applications When this option is enabled the option Hemember action for this application of the dialog box Network event is automatically enabled during network access by signed applications Signed applications are distributed by so called trusted vendors see Trusted Vendors Remember last used state When this option is enabled the option Remember action for this application in the dialog box Network event is enabled in the same way as for the last network event If the option Hemember action for this application was enabled this option is enabled for the following network event If the option Remember action for this application was disabled for the last network event this option is also disabled for the following network event Show details In this group of configuration options you can setup the display of detailed information in the Network event window Avira Prof
236. xtension og located under the path C Directory are excluded from the Realtime Protection scan e Computer name Sharedl1 All files are excluded from the Realtime Protection scan accessed via a connection Computer name 1 Shared1 This is generally a connected network drive which accesses another computer with a shared folder via the computer name Computer namet and the shared name Shared7 e 1 0 0 0 Shared1 mdb All files with the extension mdb are excluded from the Realtime Protection scan accessed via a connection 7 0 0 0 Shared7 This is generally a connected network drive which accesses another computer with a shared folder via the IP address 1 0 0 0 and the shared name Sharea7 Heuristic This configuration section contains the settings for the heuristic of the scan engine Options available in expert mode only Avira products contain very powerful heuristics that can proactively uncover unknown malware i e before a special virus signature to combat the damaging element has been created and before a virus guard update has been sent Virus detection involves an extensive analysis and investigation of the affected codes for functions typical of malware If the code being scanned exhibits these characteristic features it is reported as being suspicious This does not necessarily mean that the code is in fact malware False positives do sometimes occur The decision on how to handle affected code is to be made
Download Pdf Manuals
Related Search