1.
Avira AntiVir Premium
www.avira.com
User ManualTrademarks and Copyright
Trademarks
AntiVir is a registered trademark of Avira GmbH.
Windows is a registered trademark of the Microsoft Corporation in the United States and other countries.
All other brand and product names are trademarks or registered trademarks of their respective owners.
Protected trademarks are not marked as such in this manual. This does not mean, however that they may be used freely.
Copyright information
A code provided by a third party has been used for Avira AntiVir Premium. We thank the copyright owners for making the
code available to us. For detailed information on copyright, please refer to in the help of Avira AntiVir Premium under the
Third Party Licenses.
ii
Table of Contents
1 Introduction.......................................................................................................... 1
2 Icons and emphases................................................................................................ 2
3 Product information............................................................................................... 3
3.1 Delivery scope........................................................................................................................3
3.2 System requirements.............................................................................................................4
3.3 Licensing................................................................................................................................5
4 Installation and Uninstallation............................................................................... 6
4.1 Installation.............................................................................................................................6
4.2 Modification installation....................................................................................................10
4.3 Installation modules............................................................................................................11
4.4 Uninstallation......................................................................................................................11
5 Overview of AntiVir Premium............................................................................... 13
5.1 User interface and operation..............................................................................................13
5.1.1 Control Center.......................................................................................................13
5.1.2 Configuration.........................................................................................................15
5.1.3 Tray icon.................................................................................................................18
5.2 How to...?.............................................................................................................................19
5.2.1 Activate product.....................................................................................................19
5.2.2 Avira AntiVir Premium automatic update............................................................20
5.2.3 Start a manual update............................................................................................21
5.2.4 On-demand scan: Using a scan profile to scan for viruses and malware............22
5.2.5 On-demand scan: Scan for viruses and malware using Dragamp;Drop..............23
5.2.6 On-demand scan: Scan for viruses and malware via the context menu..............24
5.2.7 On-demand scan: Automatically scan for viruses and malware..........................24
5.2.8 On-demand scan: Targeted scan for active rootkits............................................25
5.2.9 Reacting to detected viruses and malware............................................................25
5.2.10 Quarantine: Handling quarantined files (*.qua)...................................................29
5.2.11 Quarantine: Restore the files in quarantine.........................................................30
5.2.12 Quarantine: move suspicious files to quarantine.................................................31
5.2.13 Scan profile: Amend or delete file type in a scan profile......................................31
5.2.14 Scan profile: Create desktop shortcut for scan profile.........................................32
5.2.15 Events: Filter events..............................................................................................32
5.2.16 MailGuard: Exclude email addresses from scan...................................................33
6 Scanner................................................................................................................ 35
7 Updates................................................................................................................ 36
8 FAQ, Tips............................................................................................................. 37
8.1 Troubleshooting..................................................................................................................37
8.2 Shortcuts..............................................................................................................................40
8.2.1 In dialog boxes.......................................................................................................40
8.2.2 In the help..............................................................................................................41
8.2.3 In the Control Center.............................................................................................41
8.3 Windows Security Centre....................................................................................................43
8.3.1 General...................................................................................................................43
8.3.2 The Windows Security Center and Avira AntiVir Premium.................................43 Table of Contents
iii
9 Viruses and more.................................................................................................. 46
9.1 Extended threat categories.................................................................................................46
9.2 Viruses and other malware.................................................................................................48
10 Info and Service................................................................................................... 52
10.1 Contact address...................................................................................................................52
10.2 Technical support................................................................................................................52
10.3 Suspicious file......................................................................................................................52
10.4 Report false positive............................................................................................................53
10.5 Your feedback for more security.........................................................................................53
11 Reference: Configuration options......................................................................... 54
11.1 Scanner.................................................................................................................................54
11.1.1 Scan.........................................................................................................................54
11.1.1.1. Action for concerning files.............................................................................56
11.1.1.2. Exceptions.......................................................................................................59
11.1.1.3. Heuristic..........................................................................................................60
11.1.2 Report.....................................................................................................................61
11.2 Guard....................................................................................................................................61
11.2.1 Scan.........................................................................................................................62
11.2.1.1. Action for concerning files.............................................................................63
11.2.1.2. Further actions................................................................................................65
11.2.1.3. Exceptions.......................................................................................................66
11.2.1.4. Heuristic..........................................................................................................68
11.2.2 Report.....................................................................................................................69
11.3 MailGuard............................................................................................................................69
11.3.1 Scan.........................................................................................................................69
11.3.1.1. Action for concerning files.............................................................................70
11.3.1.2. Other actions..................................................................................................71
11.3.1.3. Heuristic..........................................................................................................72
11.3.2 General...................................................................................................................73
11.3.2.1. Exceptions.......................................................................................................73
11.3.2.2. Cache...............................................................................................................74
11.3.3 Report.....................................................................................................................74
11.4 WebGuard............................................................................................................................75
11.4.1 Scan.........................................................................................................................75
11.4.1.1. Action for concerning files.............................................................................76
11.4.1.2. Locked requests...............................................................................................77
11.4.1.3. Exceptions.......................................................................................................78
11.4.1.4. Heuristic..........................................................................................................81
11.4.2 Report.....................................................................................................................82
11.5 General.................................................................................................................................82
11.5.1 Configuration :: General........................................................................................82
11.5.1.1. Extended threat categories.............................................................................82
11.5.2 Configuration :: General........................................................................................83
11.5.2.1. Password..........................................................................................................83
11.5.3 Security...................................................................................................................85
11.5.4 WMI........................................................................................................................86
11.5.5 Directories..............................................................................................................86
11.5.6 Update....................................................................................................................87
11.5.6.1. Web server.......................................................................................................87
11.5.7 Warnings................................................................................................................89
11.5.7.1. Acoustic alerts.................................................................................................89 Avira AntiVir Premium
iv
11.5.8 Events.....................................................................................................................89
11.5.9 Limit reports..........................................................................................................90
11.5.10 Acoustic alerts........................................................................................................90
1
1 Introduction
Avira AntiVir Premium from Avira GmbH protects you computer against viruses,
malware, adware and spyware, unwanted programs and other dangers. This manual
deals with viruses and software in brief.
The manual describes the program installation and operation.
Please go to our website http://www.avira.com where you can download the Avira
AntiVir Premium manual in PDF from, update Avira AntiVir Premium or renew your
license.
You can also find information on our website such as telephone numbers for technical
support and information on how to subscribe to our newsletter.
Your Avira GmbH team
2
2 Icons and emphases
The following icons are used:
Icon /
Designation
Explanation
Placed before a condition which must be fulfilled prior to
implementation.
Placed before an action step that you implement.
Placed before an event that follows the previous action.
Warning Placed before a warning of the danger of critical data loss.
Note Placed before a link to particularly important information or
a tip which makes Avira AntiVir Premium easier to use.
The following emphases are used:
Emphasis Explanation
File name or path data. Cursive
Displayed software interface elements (e.g. window heading,
window field or options box).
Bold Clicked software interface elements (e.g. menu item, section or
button)
3
3 Product information
This chapter contains all information relevant to the purchase and use ofAvira AntiVir
Premium:
– see chapter: Delivery scope
– see chapter: System requirements
– see chapter: Licensing
– see chapter: License manager
Avira AntiVir Premium is a comprehensive and flexible tool you can rely on to protect
your computer from viruses, malware, unwanted programs, and other dangers
Please note the following information:
Note
Loss of valuable data usually has dramatic consequences. Even the best virus protection
program cannot provide one hundred percent protection from data loss. Make regular
copies (Backups) of your data for security purposes.
Note
A program can only provide reliable and effective protection from viruses, malware,
unwanted programs and other dangers if it is up-to-date. Make sure Avira AntiVir
Premium is up-to-date with automatic updates. Configure the program accordingly.
3.1 Delivery scope
Avira AntiVir Premium gives you the following functions:
– Control Center for monitoring, administering and controlling the entire program
– Central configuration with user-friendly standard and advanced options and
context-sensitive help
– Scanner (On-Demand Scan) with profile-controlled and configurable search for
all known types of virus and malware
– Integration into the Windows Vista User Account Control allows you to carry out
tasks requiring administrator rights
– Guard (On-Access Scan) for continuous monitoring of all file access attempts
– MailGuard (POP3 scanner, IMAP scanner and SMTP scanner) for the permanent
checking of emails for viruses and malware. Checking of email attachments is
included
– WebGuard for monitoring data and files transferred from the Internet using the
HTTP protocol (monitoring of ports 80, 8080, 3128)
– Integrated quarantine management to isolate and process suspicious files
– Rootkit protection for detecting hidden malware installed in your computer
system (rootkits)
(Only for 32-bit systems) Avira AntiVir Premium
4
– Direct access to detailed information on the detected viruses and malware via the
Internet
– Simple and quick updates to the program, virus definitions, and search engine
through Single File Update and incremental VDF updates via a webserver on the
Internet
– User-friendly licensing in License Manager
– Integrated Scheduler to plan one-off or recurring tasks, such as updates or test
runs
– Extremely high virus and malware detection via innovative scanning technology
(scan engine) including heuristic scanning method
– Detection of all conventional archive types including detection of nested archives
and smart extension detection
– High-performance multithreading function (simultaneous high-speed scanning
of multiple files)
3.2 System requirements
For Avira AntiVir Premium to work perfectly, the computer system must fulfill the
following requirements:
– Computer as from Pentium, at least 266 MHz
– Operating system
– Windows 2000, SP4 and update rollup 1 or
– Windows XP, SP2 (32 or 64 Bit) or
– Windows Vista (32 or 64 Bit, SP 1 recommended)
– At least 100 MB of free hard disk memory space (more if using Quarantine for
temporary storage)
– At least 192 MB RAM under Windows 2000/XP
– At least 512 MB RAM under Windows Vista
– For the installation of Avira AntiVir Premium: Administrator rights
– For all installations: Windows Internet Explorer 6.0 or higher
– Internet connection where appropriate (see Installation)
Information for Windows Vista users
On Windows 2000 and Windows XP, many users work with administrator rights.
However, this is not desirable from the point of view of security, because it is then easy
for viruses and unwanted programs to infiltrate computers.
For this reason, Microsoft is introducing the "User Account Control" with Windows
Vista. This offers more protection for users who are logged in as administrators: thus in
Windows Vista, one administrator only has the privileges of a normal user at first.
Actions for which administrator rights are required are clearly marked in Windows Vista
with an information icon. In addition, the user must explicitly confirm the required
action. Privileges are only increased and the administrative task carried out by the
operating system after this permission has been obtained. Product information
5
Avira AntiVir Premium requires administrator rights for some actions in Windows Vista.
These actions are marked with the following symbol: . If this symbol also appears on a
button, administrator rights are required to carry out this action. If your current user
account does not have administrator rights, the Windows Vista dialog of the User
Account Control asks you to enter the administrator password. If you do not have an
administrator password, you cannot carry out this action.
3.3 Licensing
In order to be able to use Avira AntiVir Premium, you require a license. You thereby
accept the license conditions of Avira AntiVir Premium.
The license is provided in the form of an activation key. The activation key is a letter and
figure code which you will receive after purchasing Avira AntiVir Premium . The
activation key contains the exact data of your license, i.e. which programs have been
licensed for which period of time.
The activation key will be sent to you by email, if you have purchased AntiVir Premium
on the Internet or it is rendered on the product packaging.
In order to license your program, please enter your activation key to activate Avira
AntiVir Premium. The product activation may be carried out during installation.
However, you can also activate Avira AntiVir Premium after the installation by running
Control Center under Help::License management .
6
4 Installation and Uninstallation
This chapter contains information relating to the installation and uninstallation of your
Avira AntiVir Premium:
– see Chapter Installation: Conditions, Installation types, Install
– see Chapter Installation modules
– see Chapter Modification installation
– see Chapter Uninstallation: Uninstall
4.1 Installation
Before installing Avira AntiVir Premium, check whether your computer fulfils all the
minimum system requirements. If your computer satisfies all requirements, you can
install Avira AntiVir Premium.
Note
From Windows XP, Avira AntiVir Premium generates a restore point of your computer
before installation of Avira AntiVir Premium. This enables you to safely remove Avira
AntiVir Premium if installation fails. Note that for this the option Turn off System
Restore under: "Start | Settings | Control Panel | System | Tab System Restore" must
not be marked.
If you want to recover your system earlier, you can do so with the function "Start |
Programs | Accessories | System Tools | System Restore". The restore point generated
by Avira AntiVir Premium is indicated by the entry AntiVir Premium.
Installation types
During installation you can select a setup type in the installation assistant:
Full
AntiVir Premium is completely installed with all program components. The program files
are installed into a given standard folder under C:\Program Files .
User-defined
You can choose to install individual program components (see Chapter Installation and
uninstallation::Installation modules). A target folder can be selected for the program
files to be installed. You can disable Create a desktop icon and program group in the
Start menu.
Before starting installation
Close your email program. It is also recommended to end all running applications.
Make sure that no other virus protection solutions are installed. The automatic
protection functions of various security solutions may interfere with each other. Installation and Uninstallation
7
Establish an internet connection: The internet connection is necessary for
performing the following installation steps:
Downloading the current program file and search engine, and the latest virus
definition files via the installation program (for internet-based installation)
Activating Avira AntiVir Premium
Where appropriate, carrying out a AntiVir Premium update after completed
installation
Have the license key for AntiVir Premium ready, if you want to activate AntiVir
Premium.
Note
Internet-based installation:
Avira GmbH provides an installation program for the internet-based installation of Avira
AntiVir Premium, which loads the current program file prior to installation by the Avira
GmbH web servers. This process ensures that AntiVir Premium is installed with the
latest virus definition file.
Installation with an installation package:
The installation package contains both the installation program and all necessary
program files. No language selection for AntiVir Premium is available for installation
with an installation package. We recommend that you carry out an update of the virus
definition file after installation.
Note
For product activation Avira AntiVir Premium uses the HTTP protocol and Port 80 (web
communication), as well as encryption protocol SSL and port 443, to communicate with
the servers of Avira GmbH. If you are using a firewall, please ensure that the required
connections and/or incoming or outgoing data are not blocked by the firewall.
Install
The installation program runs in self-explanatory dialog mode. Every window contains a
certain selection of buttons to control the installation process.
The most important buttons are assigned the following functions:
– OK: Confirm action.
– Abort: Abort action.
– Next: Go to next step.
– Back: Go to previous step.
How to install AntiVir Premium:
Start the installation program by double-clicking on the installation file that you
have downloaded from the internet or insert the program CD.
Internet-based installation
The dialog box Welcome... appears.
Click Next to continue with the installation.
The dialog box Language selection appears.
Select the language you want to use to install AntiVir Premium and confirm your
language selection by clicking Next.
The dialog box Download appears. All files necessary for installation are
downloaded by the Avira GmbH web servers. The Download window closes after Avira AntiVir Premium
8
conclusion of the download.
Installation with an installation package
The installation wizard opens with the dialog box Avira AntiVir Premium.
Click Accept to begin the installation.
The installation file is extracted. The installation routine is started.
The dialog box Welcome... appears.
Click Next.
Continuing internet-based installation and installation with an installation package
Installation continues with the dialog box Extended threat categories. The dialog
box provides you with information on the protective functions of AntiVir Premium and
on extending the protective functions of AntiVir Premium.
Click Next.
The dialog box with the license agreement appears.
Confirm that you accept the license agreement and click Continue.
The dialog box Select installation type appears.
Decide whether you want to perform a full or a user-defined installation.
Enable the option Full orUser-defined and confirm by clicking Continue.
User-defined installation
The dialog box Select destination directory appears.
Confirm the specified destination directory by clicking Continue.
- OR -
Use the Browse button to select a different destination directory and confirm by
clicking Next.
The dialog box Install components appears:
Enable or disable the required components and confirm by clicking Continue.
In the following dialog box you can decide whether to create a desktop shortcut
and/or a program group in the Start menu.
Click Next.
Continue for full and user-defined installation.
The license assistant is opened.
You have the following options to activate AntiVir Premium.
– Enter an activation key.
By entering your activation key Avira AntiVir Premium is activated with your
license.
– Select the option Product testing
If you select Product testing, an evaluation license will be generated during the
activation process, with which Avira AntiVir Premium is activated. You can test
Avira AntiVir Premium with its complete range of functions for a certain period
of time. Installation and Uninstallation
9
Note
By using the option Valid hbedv.key license file available you can load a valid license
file. During product activation with a valid activation key the license file is generated and
saved in the program folder of Avira AntiVir Premium. Use this option, if you have
already activated a product and want to re-install Avira AntiVir Premium.
Note
In some sales versions of Avira AntiVir Premium an activation key has already been
included in the product. For this reason the activation need not be entered. If and when
necessary, the activation key is displayed in the license assistant.
Note
In order to activate AntiVir Premium a connection to the server of Avira GmbH is
established. Under Proxy settings you can configure the Internet link by a proxy server.
Select an activation procedure and click Next to acknowledge.
Product activation
A dialog box will be opened, in which you can enter your personal data.
Enter your data and click Next
Your data will be transmitted to the servers of Avira GmbH and will be checked.
Avira AntiVir Premium will be activated with your license.
Your license data will be displayed in the next window.
Click Next.
Skip the following chapter on "Activate by selecting the option Valid hbedv.key
available ".
Select the option "Valid hbedv.key available"
A box will be opened for loading the license file.
Select the license file hbedv.key with your license data for AntiVir Premium and click
Open
Your license data will be displayed in the next window.
Click Next
Continuation after completed activation or loading of the license file
The program features will be installed. Installation progress is displayed in the
dialog box.
In the following dialog box you can choose whether to open the Readme file after
installation.
Agree where appropriate and complete the installation by clicking Finish.
The installation wizard is closed.
Where appropriate, the Readme file is opened.
In the following step, the configuration wizard is opened. The configuration
wizard enables you to define custom settings for AntiVir Premium. If you cancel the
configuration AntiVir Premium is started with default settings.
Custom settings in the configuration wizard
The Configure AHeAD dialog box enables you to select a detection level for the
AHeAD technology. The detection level selected is used for the Scanner (On-demand Avira AntiVir Premium
10
scan) and Guard (On-access scan) AHeAD technology settings.
Select a detection level and continue the installation by clicking Next.
In the following dialog box Select extended threat categories, you can adapt the
protective functions of AntiVir Premium to the threat categories specified.
Where appropriate, activate further threat categories and continue the installation
by clicking Next.
Enable the required option and continue the configuration by clicking Next.
In the following dialog box, System scan, a short system scan can be enabled or
disabled. The short system scan is carried out after the configuration has been completed
and before the computer is rebooted, and scans running programs and the most
important system files for viruses and malware.
Enable or disable the Short system scan option and continue the configuration by
clicking Next.
In the following dialog box, you can complete the configuration by clicking Finish
Click Finish to complete the configuration.
The specified and selected settings are accepted.
If you have enabled the Short system scan option, the Luke Filewalker window
opens. Scanner performs a short system scan.
A Close installation dialog box appears.
If you have installed AntiVir Premium on Windows XP and disabled the
Windows Firewall, a message window appears instructing you to reboot your computer.
Agree where appropriate and complete the installation by clicking Finish.
After a successful installation, we recommend that you check AntiVir Premium is up-to-
date in Control Center under Overview :: Status.
Where appropriate, update AntiVir Premium to ensure the virus definition file is up-
to-date.
Then perform a full system scan.
4.2 Modification installation
You have the option of adding or removing individual program components of the
current Avira AntiVir Premium installation (see Chapter Installation and
uninstallation::Installation modules)
If you wish to add or remove modules of the actual Avira AntiVir Premium installation,
you can use the option Add or Remove Programs in the Windows control panel to
Change/Remove programs.
Select Avira AntiVir Premium and click Change. In the welcome dialog of Avira AntiVir
Premium select the option Modify. You will be guided through the installation changes.
Installation and Uninstallation
11
4.3 Installation modules
In a user-defined installation or a modification installation, the following installation
modules can be selected, added or removed.
– AntiVir Premium
This module contains all components required for successful installation of Avira
AntiVir Premium.
– AntiVir Guard
The AntiVir Guard runs in the background. It monitors and repairs, where
necessary, files during operations such as open, write and copy in on-access
mode. Whenever a user carries out a file operation (e.g. load document, execute,
copy), Avira AntiVir Premium automatically scans the file. Renaming a file does
not trigger a scan by AntiVir Guard.
– AntiVir MailGuard
MailGuard is the interface between your computer and the email server from
which your email program (mail client) downloads the emails. MailGuard is
connected as a so-called proxy between the email program and the email server.
All incoming emails are routed through this proxy, scanned for viruses and
unwanted programs and forwarded to your email program. Depending on the
configuration, the program processes the affected emails automatically or asks
the user for a certain action.
– AntiVir WebGuard
When surfing the internet, you are using your web browser to request data from
a web server. The data transferred from the web server (HTML files, script and
image files, Flash files, video and music streams, etc) will normally be moved
directly into the browser cache for display in the web browser, meaning that an
on-access scan as performed by AntiVir Guard is not possible. This could allow
viruses and unwanted programs to access your computer system. WebGuard is
what is known as an HTTP proxy which monitors the ports used for data transfer
(80, 8080, 3128) and scans the transferred data for viruses and unwanted
programs. Depending on the configuration, the program may process the affected
files automatically or prompt the user for a specific action.
– Rootkit Detection
The Rootkit Detection checks whether software is already installed on your
computer that can no longer be detected with conventional methods of malware
protection after penetrating the computer system.
– Shell Extension
The Avira AntiVir Premium Shell Extension generates an entry Scan selected files
with AntiVir in the context menu of the Windows Explorer (right-hand mouse
button). With this entry you can directly scan files or directories.
4.4 Uninstallation
If you wish to remove Avira AntiVir Premium from your computer, you can use the
option Add or Remove Programs to Change/Remove programs in the Windows
Control Panel.
To uninstall Avira AntiVir Premium (e.g. in Windows XP and Windows Vista): Avira AntiVir Premium
12
Open the Control Panel via the Windows Start menu.
Double click on Programs (Windows XP: Software).
Select Avira AntiVir Premium and clickRemove.
You will be asked if you really want to remove the program.
Click Yes to confirm.
All components of the program are removed.
Click on Finish to complete uninstallation.
Where appropriate, a dialog box appears recommending that your computer be
restarted.
Click Yes to confirm.
Avira AntiVir Premium is uninstalled, and all directories, files and registry
entries for Avira AntiVir Premium are deleted when your computer is restarted.
13
5 Overview of AntiVir Premium
This chapter contains an overview of the functionality and operation of AntiVir
Premium.
– see Chapter Interface and operation
– see ChapterHow to...?
5.1 User interface and operation
Your operate AntiVir Premium via three program interface elements:
– Control Center: Monitoring and control of AntiVir Premium
– Avira AntiVir Premium Configuration: Configuration of AntiVir Premium
– Tray Icon in the system tray of the taskbar: Open Control Center and other
functions
5.1.1 Control Center
The Control Center is designed to monitor the protection status of your computer
systems and control and operate the protection components and functions of AntiVir
Premium.
The Control Center window is divided into three areas: the menu bar, the navigation
bar and the detail window view:
– Menu bar: In the Control Center menu bar, you can access general program
functions and information on AntiVir Premium. Avira AntiVir Premium
14
– Navigation area: In the navigation area, you can easily swap between the
individual sections of Control Center. The individual sections contain
information and functions of the program components of AntiVir Premium and
are arranged in the navigation bar according to activity. Example: Activity
Overview - Section Status.
– View: This window shoes the section selected in the navigation area. Depending
on the section, you will find buttons to execute functions and actions in the
upper bar of the detail window. Data or data objects are displayed in lists in the
individual sections. You can sort the lists by clicking in the box defining how you
wish to sort the list.
Starting and ending of Control Center
To start the Control Center, the following options are available:
– Double-click the program icon on your desktop
– via the AntiVir Premium program entry in the start menu | program.
– via the Avira AntiVir Premium tray icon.
Close the Control Center via the menu command Close in the menu File or by clicking
on the close tab in the Control Center.
Control Center operation
To navigate in the Control Center
Select an activity in the navigation bar.
The activity opens and other sections appear. The first section of the activity is
selected and displayed in the view.
If necessary, click another section to display this in the detail window.
- OR -
Select a section via the menu View.
Note
You can activate the keyboard navigation in the menu bar with the help of the [ALT] key.
If navigation is activated, you can move within the menu with the arrow keys. With the
Return key you activate the active menu item.
To open or close menus in Control Center, or to navigate within the menus, you can also
use the following key combinations: [Alt] + underlined letter in the menu or menu
command. Hold down the [Alt] key if you want to access a menu, a menu command or a
submenu.
To process data or objects displayed in the detail window:
highlight the data or object you wish to edit.
To highlight multiple elements (elements in columns), hold down the control key or
the shift key while selecting the elements.
Click the appropriate button in the upper bar of the detail window to edit the object
Overview of Control Center
– Overview: In Overview you will find all sections with which you can monitor
the functioning of Avira AntiVir Premium. Overview of AntiVir Premium
15
– The Status section lets you see at a glance which Avira AntiVir Premium modules
are active and provides information on the last update carried out. You can also
see whether you own a valid license.
– The Events section enables you to view events generated by certain Avira AntiVir
Premium modules.
– Die Reports section enables you to view the results of actions executed by Avira
AntiVir Premium.
– Local protection: InLocal protection you will find the components for
checking the files on your computer system for viruses and malware.
– The Scanner section enables you to easily configure and start an on-demand scan.
Predefined profiles enable you to run a scan with preset default options. In the
same way it is possible to adapt the scan for viruses and unwanted programs to
your personal requirements with the help of manual selection (not saved) or by
creating user-defined profiles, .
– The Guard section displays information on scanned files, as well as other
statistical data, which can be reset at any time, and enables access to the report
file. More detailed information on the last virus or unwanted program detected
can be obtained practically "at the push of a button".
– Online protection: In Online protection you will find the components to
protect your computer system against viruses and malware from the internet,
and against unauthorized network access.
– The MailGuard section shows you all the emails scanned by MailGuard, their
properties and other statistical data.
– The WebGuard section shows you information on scanned URLs and detected
viruses, as well as other statistical data, which can be reset at any time and
enables access to the report file. More detailed information on the last virus or
unwanted program detected can be obtained practically "at the push of a button".
– Administration: In Administration you will find tools for isolating and
managing suspicious or infected files, and for planning recurring tasks.
– The Quarantine section contains the so-called Quarantine manager. This is the
central point for files already placed in quarantine or for suspect files which you
would like to place in quarantine. It is also possible to send a selected file to the
Avira Malware Research Center by email.
– The Scheduler section enables you to configure scheduled scanning and update
jobs and to adapt or delete existing jobs.
5.1.2 Configuration
In Avira AntiVir Premium Configuration, you can implement settings for AntiVir
Premium. After installation, AntiVir Premium is configured with standard settings,
ensuring optimal protection for your computer system. However, your computer system
or your specific requirements for AntiVir Premium may mean you need to adapt the
protective components of AntiVir Premium. Avira AntiVir Premium
16
Avira AntiVir Premium Configuration opens a dialog box: You can save your
configuration settings via the OK or Accept buttons, delete you settings by clicking the
Cancel button, or restore your default configuration settings using the Restore defaults
button. You can select individual configuration sections in the left-hand navigation bar.
Accessing Avira AntiVir Premium Configuration
You have several options for accessing the configuration:
– via the Windows control panel.
– via the Windows Security Center - from Windows XP Service Pack 2.
– via the Avira AntiVir Premium tray icon.
– in the Avira AntiVir Premium Control Center via the menu item Extras |
Configuration.
– In the Avira AntiVir Premium Control Center via the button Configuration.
Note
If you are accessing configuration via the Configuration button in Control Center, go to
the configuration register of the section which is active in Control Center. Expert mode
must be activated to select individual configuration registers. In this case, a dialog
appears asking you to activate expert mode.
Avira AntiVir Premium Configuration operation
Navigate in the configuration window as you would in Windows Explorer:
Click on an entry in the tree structure to display this configuration section in the
detail window Overview of AntiVir Premium
17
Click on the plus symbol in front of an entry to expand the configuration section and
display configuration subsections in the tree structure.
To hide configuration subsections, click on the minus symbol in front of the
expanded configuration section.
Note
To enable or disable Avira AntiVir Premium Configuration options and use the buttons,
you can also use the following key combinations: [Alt] + underlined letter in the option
name or button description.
Note
All configuration sections are only displayed in expert mode. Activate expert mode to
view all configuration sections. Expert mode can be protected by a password which must
be defined during activation.
If you want to confirm your configuration settings:
Click OK.
The configuration window is closed and the settings are accepted.
- OR -
Click Accept.
The settings are accepted. The configuration window remains open.
If you want to finish configuration without confirming your settings:
Click Cancel.
The configuration window is closed and the settings are discarded.
If you want to restore all configuration settings to default values:
Click Restore defaults.
All settings of the configuration are reset to default values. All amendments and
custom entries are lost when default settings are reset.
Overview of configuration options
The following configuration options are available:
– Scanner: Configuration of on-demand scan
Scan options
Action on concerning files
File scan options
On-demand scan exceptions
On-demand scan heuristics
Report function setting
– Guard: On-access scan configuration
Scan options
Action on concerning files
On-access scan exceptions
On-access scan heuristics
Report function setting Avira AntiVir Premium
18
– MailGuard: Configuration of MailGuard
Scan options: Enable the monitoring of POP3 accounts, IMAP accounts, outgoing
emails (SMTP)
Action on malware
MailGuard scan heuristics
MailGuard scan exceptions
Configuration of cache, empty cache
Report function setting
– WebGuard: Configuration of WebGuard
Scan options, enabling and disabling the WebGuard
Action on concerning files
Blocked access: Unwanted file types and MIME types, Web filter for known
unwanted URLS (malware, phishing, etc.)
WebGuard scan exceptions: URLs, file types, MIME types
WebGuard heuristics
Report function setting
– General:
Configuration of email using SMTP
Extended risk categories for on-demand and on-access scan
Password protection for access to Control Center and Avira AntiVir Premium
Configuration
Security: Update status display, full system scan status display, product protection
WMI: Enable WMI support
Event log configuration
Configuration of report functions
Setting of directories used
Update: configuration of connection to download server, set-up of product updates
Configuration of acoustic alerts when malware is detected
5.1.3 Tray icon
After installation, you will see the AntiVir Premium tray icon in the system tray of the
taskbar:
Icon Description
AntiVir Guard is enabled
AntiVir Guard is disabled
The tray icon displays the status of the AntiVir Guard service. Overview of AntiVir Premium
19
Central functions of Avira AntiVir Premium can be quickly accessed via the context
menu of the tray icon. To open the context menu, click on the tray icon with the right-
hand mouse button.
Entries in the context menu
– Activate AntiVir Guard: Enables or disables Avira AntiVir Guard.
– Start AntiVir: Opens the Avira AntiVir Premium Control Center.
– Configure AntiVir: Opens the Avira AntiVir Premium Configuration.
– Start update: Starts an update.
– Help: opens this online help.
– Avira on the internet: Opens the web portal of AntiVir Premium on the
internet. The condition for this is that you have an active connection to the
Internet.
5.2 How to...?
5.2.1 Activate product
To activate Avira AntiVir Premium, you have the following options:
– Activation with a valid full license
To activate Avira AntiVir Premium with a full license, you need a valid activation
key, which holds data of the license you have purchased. You have received the
activation key from us either by email or it has been printed on the product
packaging.
– Activation with an evaluation license
Avira AntiVir Premium is activated with an automatically generated evaluation
license, with which you can test the Avira AntiVir Premium with its complete
range of function for a limited period of time.
Note
For product activation or for a test license you need an active Internet link.
If no connection can be established to the servers of Avira GmbH, please check the
settings of the firewall used: Connections via the HTTP protocol and Port 80 (web
communication), and via the encryption protocol SSL and port 443 are used for product
activation. Make sure that your firewall does not block incoming and outgoing data. First
of all check whether you can access web pages with your web browser.
This is the way to activate the AntiVir Premium:
If you have not installed Avira AntiVir Premium yet:
Install Avira AntiVir Premium.
During the installation process you will be asked to select an activation option
– Activate product
= Activation with a valid full license
– Test product
= Activation with an evaluation license Avira AntiVir Premium
20
Enter the activation key for an activation with a full license.
Acknowledge the selection of the activation procedure by clicking Next.
If and when necessary, enter your personal data for registration and acknowledge by
clicking Next.
Your license data will be displayed in the next window. Avira AntiVir Premium
has been activated.
Continue to install.
If you have installed Avira AntiVir Premium already:
In Control Center of Avira AntiVir Premium select the menu item Help :: License
management.
The license assistant opens, in which you can select an activation option. The
next steps of product activation are identical with the procedure described above.
5.2.2 Avira AntiVir Premium automatic update
Note
An update job has been pre-installed to update Avira AntiVir Premium every2 hours if an
internet connection is available and additionally when an internet connection is
established.
To create a job in AntiVir Scheduler to update Avira AntiVir Premium automatically:
In Control Center, select the Manager:: section. Scheduler.
Click on the Create new job with the wizard icon.
The dialog box Name and description of job appears.
Give the job a name and, where appropriate, a description.
Click Next.
The dialog box Type of job is displayed.
Select Update job from the list.
Click Next.
The dialog box Time of job appears.
Select a time for the update:
– Immediately
– Daily
– Weekly
– Interval
– Single
– Login
Note
We recommend that you update Avira AntiVir Premium regularly and often, e.g. every2
hours.
Where appropriate, specify a date according to the selection.
Where appropriate, select additional options (availability depends on type of job): Overview of AntiVir Premium
21
– Also start job when internet connection is established
In addition to the defined frequency, the job is carried out when an Internet
connection is set up.
– Repeat job if the time has already expired
Past jobs are carried out that could not be carried out at the required time, for
example because the computer was switched off.
Click Next.
The dialog box Select display mode appears.
Select the display mode of the job window:
– Minimize: progress bar only
– Maximize: Entire job window
– Hide: No job window
Click Finish.
Your newly created job appears on the start page of the Manager :: Scanner
section with the status activated (check mark).
Where appropriate, deactivate jobs which are not to be carried out.
Use the following icons to further define your jobs:
View properties of a job
Modify job
Delete job
Start job
Stop job
5.2.3 Start a manual update
You have various options for starting an Avira AntiVir Premium update manually: When
an update is started manually, the virus definition file and search engine are always
updated. A product update can only take place if you have activated the option
Download and automatically install product updates in the configuration under
General :: Update
To start an Avira AntiVir Premium update manually:
With the right-hand mouse button, click on the Avira AntiVir Premium tray icon in
the taskbar.
A context menu appears.
Select Start update.
The Avira AntiVir Premium Updater dialog box appears.
- OR -
In Control Center select the section Overview :: Status.
In the Last update field, click on the link Start update. Avira AntiVir Premium
22
The Avira AntiVir Premium Updater dialog box appears.
- OR -
In the Control Center, in the Update menu, select the menu command Start update.
The Avira AntiVir Premium Updater dialog box appears.
Note
We strongly recommend regular automatic updates for Avira AntiVir Premium, e.g. every
2 hours.
Note
You can also carry out a manual update directly via the Windows security centre.
5.2.4 On-demand scan: Using a scan profile to scan for viruses and
malware
A scan profile is a set of drives and directories to be scanned.
The following options are available for scanning via a scan profile:
– Use predefined scan profile
if the predefined scan profile corresponds to your requirements.
– Customize and apply scan profile (manual selection)
if you want to scan with a customized scan profile.
– Create and apply new scan profile
if you want to create your own scan profile.
Depending on the operating system, various icons are available for starting a scan
profile:
– In Windows XP and 2000:
This icon starts the scan via a scan profile.
– In Windows Vista:
In Microsoft Windows Vista, the control center at the moment only has limited
rights, e.g. for access to directories and files. Certain actions and file accesses can
only be carried out in the control centre with extended administrator rights. These
extended administrator rights must be granted at the start of each scan via a scan
profile.
This icon starts a limited scan via a scan profile. Only directories and files that
Windows Vista has granted access rights to are scanned.
This icon starts the scan with extended administrator rights. After confirmation,
all directories and files in the selected scan profile are scanned.
To scan for viruses and malware with a scan profile:
In the Control Center select the Local protection :: section. Scanner.
Predefined scan profiles appear.
Select one of the predefined scan profiles.
-OR- Overview of AntiVir Premium
23
Adapt the scan profile Manual selection.
-OR-
Create a new scan profile
Click on the icon (Windows XP: or Windows Vista: ).
The Luke Filewalker window appears and an on-demand scan is started.
When the scan is completed, the results are displayed.
If you want to adapt a scan profile:
In the scan profile, expand Manual Selection the file tree so that all the drives and
directories you want to scan are open.
– Click on the + symbol: The next directory level is displayed.
– Click on the - symbol: The next directory level is hidden.
Highlight the nodes and directories you want to scan by clicking on the relevantbox
of the appropriate directory level.
The following options are available, Select directories:
– Directory, including sub-directories (black check mark)
– Directory excluding sub-directories (green check mark)
– Sub-directories of one directory only (grey check mark, sub-directories have black
check marks)
– No directory (no check mark)
If you want to create a new scan profile:
Click on the Create new profile icon.
The profile New profile appears below the profiles previously created.
Where appropriate, rename the scan profile by clicking on the icon .
Highlight the nodes and directories to be saved by clicking on the check box of the
respective directory level.
The following options are available, Select directories:
– Directory, including sub-directories (black check mark)
– Directory excluding sub-directories (green check mark)
– Sub-directories of one directory only (grey check mark, sub-directories have black
check marks)
– No directory (no check mark)
5.2.5 On-demand scan: Scan for viruses and malware using
Dragamp;Drop
To scan for viruses and malware systematically using Drag&Drop:
Open the Control Center of Avira AntiVir Premium.
Highlight the file or directoryyou want to scan.
Use the left-hand mouse button to drag the highlighted file or directory into the
Control Center. Avira AntiVir Premium
24
The Luke Filewalker window appears and an on-demand scan is started.
When the scan is completed, the results are displayed.
5.2.6 On-demand scan: Scan for viruses and malware via the context
menu
To scan for viruses and malware systematically via the context menu:
Click with the right-hand mouse button (e.g. in Windows Explorer, on the desktop or
in an open Windows directory) on the file or directoryyou want to scan.
The Windows Explorer context menu appears.
Select Scan selected files with AntiVir in the context menu.
The Luke Filewalker window appears and an on-demand scan is started.
When the scan is completed, the results are displayed.
5.2.7 On-demand scan: Automatically scan for viruses and malware
To create a job to automatically scan for viruses and malware:
In Control Center, select the Manager:: section. Scheduler.
Click on the icon
The dialog box Name and description of job appears.
Give the job a name and, where appropriate, a description.
Click Next.
The dialog box Type of job appears.
Select Scan job.
Click Next.
The dialog box Select profile appears.
Select the profile to be scanned.
Click Next.
The dialog box Time of job appears.
Select a time for the scan:
– Immediately
– Daily
– Weekly
– Interval
– Single
– Login
Where appropriate, specify a date according to the selection.
Where appropriate, select the following additional options (availability depends on
job type):
– Repeat job if the time has already expired
Past jobs are carried out that could not be carried out at the required time, for
example because the computer was switched off. Overview of AntiVir Premium
25
Click Next.
The dialog box Select display mode appears.
Select the display mode of the job window:
– Minimize: progress bar only
– Maximize: Entire job window
– Hide: No job window
Click Finish.
Your newly created job appears on the start page of the Manager :: Scheduler
section with the status activated (check mark).
Where appropriate, deactivate jobs which are not to be carried out.
Use the following icons to further define your jobs:
View properties of a job
Modify job
Delete job
Start job
Stop job
5.2.8 On-demand scan: Targeted scan for active rootkits
To scan for active rootkits, use the predefined scan profile Scan for rootkits.
To scan for active rootkits systematically:
In the Control Center select the Local protection :: section. Scanner.
Predefined scan profiles appear.
Select the predefined scan profile Scan for rootkits.
Where appropriate, highlight other nodes and directories to be scanned by clicking
on the check box of the directory level.
Click on the icon (Windows XP: or Windows Vista: ).
The Luke Filewalker window appears and an on-demand scan is started.
When the scan is completed, the results are displayed.
5.2.9 Reacting to detected viruses and malware
For the individual protection components of AntiVir Premium, you can define how
AntiVir Premium reacts to a detected virus or unwanted program in the configuration
under the section Action for concerning files.
Scanner options:
– Interactive Avira AntiVir Premium
26
In interactive action mode, the results of the Scanner scan are displayed in a dialog
box. This option is enabled as the default setting.
When scanning for rootkits, boot sector viruses and when scanning active
processes, a dialog box appears in which you can select what to do with the infected
object.
When scanning files, the notification and selection option for dealing with the
relevant files depends on the notification mode selected:
Notification mode: Combined
In combined notification mode you will receive an alert with a list of the relevant
files detected when you have completed the file scan. There is no selection option for
handling the relevant files. You can execute the default action of Scanner for all
infected files or cancel Scanner.
Notification mode: Combined (expert)
In expert notification mode you will receive an alert with a list of the relevant files
detected when you have completed the file scan. You can use the content-sensitive
menu to select an action to be executed for the various files affected. You can execute
the standard actions for all affected files or cancel the Scanner.
Notification mode: Individual
In individual notification mode, every virus detected during the file scan is reported
in a separate window. You can choose what to do with the relevant file in the dialog
box.
– Automatic
In automatic action mode, when a virus or unwanted program is detected, the action
you selected in this area is executed automatically. If you enable the option Display
alert, you will receive an alert whenever a virus is detected, indicating the action
carried out.
Options for Guard, MailGuard, WebGuard:
– Interactive
In interactive action mode, if a virus or unwanted program is detected, a dialog box
appears in which you can select what to do with the infected object. This option is
enabled as the default setting.
– Automatic
In automatic action mode, when a virus or unwanted program is detected, the action
you selected in this area is executed automatically. If you enable the option Display
alert, you will receive an alert whenever a virus is detected, indicating the action
carried out.
In interactive action mode, you can react to detected viruses and unwanted programs by
selecting an action for the infected object, displayed in the alert, and executing the
selected action by clicking Confirm. The following actions for handling infected objects
are available for selection:
Note
Which actions are available for selection depends on the operating system, the
protection components (AntiVir Guard, AntiVir Scanner, AntiVir MailGuard, AntiVir
WebGuard) reporting the detection, and the type of malware detected.
Actions of Scanner and Guard:
– Repair Overview of AntiVir Premium
27
The file is repaired
This option is only available if the infected file can be repaired.
– Move to Quarantine
The file is packaged into a special format (*.qua) and moved to the Quarantine
directory INFECTED on your hard disk, so that direct access is no longer
possible. Files in this directory can be repaired in Quarantine at a later data or, if
necessary, sent to Avira GmbH.
– Delete
The file is deleted but can be recovered with the appropriate tools (e.g. Avira
UnErase). This allows the virus signature to be recovered. This process is much
quicker than overwrite and delete. If a boot sector virus is detected, this can be
deleted by deleting the boot sector. A new boot sector is written.
– Overwrite and delete
The file is overwritten with a default template and then deleted. It cannot be
restored.
– Rename
The file is renamed with a *.vir extension. Direct access to these files (e.g. with
double-click) is therefore no longer possible. Files can be repaired and given their
original name at a later time.
– Ignore
Avira AntiVir Premium takes no further action. The infected file remains active on
your computer.
Warning
This could result in loss of data and damage to the operating system! Only select the
Ignore option in exceptional cases.
– Deny access
Action option for detection by Guard: Access to the infected file is blocked. The
detection is only entered in the report file if the report function is enabled).
– Copy to Quarantine
Action option for a rootkit detection: The detection is copied in Quarantine.
– Terminate program
Action option for detection of a suspicious process: The process is terminated. A
dialog box opens in which you can choose what to do with the executable file.
Actions of MailGuard: Incoming emails
– Move to Quarantine
The email including all attachments is moved to quarantine. The affected email is
deleted. The body of the text and any attachments of the email are replaced by a
default text.
– Delete
The affected email is deleted. The body of the text and any attachments of the email
are replaced by a default text.
– Delete attachment Avira AntiVir Premium
28
The infected attachment is replaced by a default text. If the body of the email is
affected, it is deleted and also replaced by a default text. The email itself is delivered.
– Move attachment to Quarantine
The infected attachment is placed in Quarantine and then deleted (replaced by a
default text). The body of the email is delivered. The affected attachment can be
delivered later by the Quarantine manager.
– Ignore
The affected email is delivered.
Warning
This could allow viruses and unwanted programs to access your computer system. Only
select the Ignoreoption in exceptional cases. Disable the preview in your mail client,
never open any attachments with a double click!
Actions of MailGuard: Outgoing emails
– Move mail to Quarantine (do not send)
The email, together with all attachments, is copied to Quarantine and is not sent.
The email remains in the outbox of your email client. You receive an error message in
your email program. All other emails sent from your email account will be scanned
for malware.
– Block sending of mails (do not send)
The email is not sent and remains in the outbox of your email client. You receive an
error message in your email program. All other emails sent from your email account
will be scanned for malware.
– Ignore
The affected email is sent.
Warning
Viruses and unwanted programs can penetrate the computer system of the email
recipient in this way.
Actions of WebGuard:
– Deny access
The website requested from the web server and/or any data or files transferred are
not sent to your web browser. An error message to notify you that access has been
denied is displayed in the web browser.
– Move to Quarantine
The website requested from the web server and/or any data or files transferred are
moved to Quarantine. The affected file can be restored via the Quarantine Manager
if it is of informative value or - if necessary - sent to the Avira Malware Research
Center.
– Ignore
The website requested from the web server and/or the data and files that were
transferred are forwarded on by WebGuard to your web browser.
Warning
This could allow viruses and unwanted programs to access your computer system. Only
select the Ignore option in exceptional cases. Overview of AntiVir Premium
29
Note
We recommend that you move any suspicious file that cannot be repaired to Quarantine.
Note
You can also send files reported by the heuristic to us for analysis.
For example, you can upload these files to our
website:http://www.avira.com/sample_upload
You can identify files reported by the heuristic from the designation HEUR/ or
HEURISTIC/ that prefixes the file name, e.g.: HEUR/testfile.*.
5.2.10 Quarantine: Handling quarantined files (*.qua)
To handle quarantined files:
In Control Center, select the Manager :: Quarantine section.
Check which files are involved, so that, if necessary, you can reload the original back
onto your computer from another location.
If you want to see more information on a file:
Highlight the file and click on . .
The dialog box Properties appears with more information on the file.
If you want to rescan a file:
Scanning a file is recommended if the Avira AntiVir Premium virus definition file has
been updated and a false positive report is suspected. This enables you to confirm a false
positive with a rescan and restore the file.
Highlight the file and click on . .
The file is scanned for viruses and malware using the on-demand scan settings.
After the scan, the dialog Scan statistics appears which displays statistics on the
status of the file before and after the rescan.
To delete a file:
Highlight the file and click on . .
If you want to upload the file to a Avira Malware Research Center web server for analysis:
Highlight the file you want to upload.
Click on . .
A dialog opens with a form for inputting your contact data.
Enter all the required data.
Select a type: Suspicious file or False positive.
Drücken Sie auf OK.
The file is uploaded to a Avira Malware Research Center web server in
compressed form. Avira AntiVir Premium
30
Note
In the following cases, analysis by the Avira Malware Research Center is recommended:
Heuristic hits (Suspicious file): During a scan, a file has been classified as suspicious
by AntiVir Premium and moved to Quarantine: Analysis of the file by the Avira Malware
Research Center has been recommended in the virus detection dialog box or in the
report file generated by the scan.
Suspicious file: You consider a file to be suspicious and have therefore moved this file
to Quarantine, but a scan of the file for viruses and malware is negative.
False positive: You assume that a virus detection is a false positive: AntiVir Premium
reports a detection in a file, which is very unlikely to have been infected by malware.
Note
The size of the files you upload is limited to 20 MB uncompressed or 8 MB compressed.
Note
You can only upload one file at a time.
You can also restore the files in Quarantine:
– see Chapter: Quarantine: Restoring files in Quarantine
5.2.11 Quarantine: Restore the files in quarantine
Different icons control the restore procedure, depending on the operating system:
– In Windows XP and 2000:
This icon restores the files to their original directory.
This icon restores the files to a directory of your choice.
– In Windows Vista:
In Microsoft Windows Vista, the control center at the moment only has limited
rights, e.g. for access to directories and files. Certain actions and file accesses can
only be carried out in the control centre with extended administrator rights. These
extended administrator rights must be granted at the start of each scan via a scan
profile.
This icon restores the files to a directory of your choice.
This icon restores the files to their original directory. If extended administrator
rights are necessary to access this directory, a corresponding request appears.
To restore files in quarantine:
Warning
This could result in loss of data and damage to the operating system of the computer!
Only use the function Restore selected object in exceptional cases. Only restore files that
could be repaired by a new scan.
File rescanned and repaired.
In Control Center, select the Manager:: section. Quarantine section.
Note
Emails and email attachments can only be restored using the option if the file
extension is *.eml.
To restore a file to its original location: Overview of AntiVir Premium
31
Highlight the file and click on the (Windows 2000/XP: , Windows Vista )
icon.
This option is not available for emails.
Note
Emails and email attachments can only be restored using the option if the file
extension is *.eml.
A message appears asking if you want to restore the file.
Click Yes.
The file is restored to the directory it was in before it was moved to quarantine.
To restore a file to a specified directory:
Highlight the file and click on .
A message appears asking if you want to restore the file.
Click Yes.
The Windows default window for selecting the directory appears.
Select the directory to restore the file to and confirm.
The file is restored to the selected directory.
5.2.12 Quarantine: move suspicious files to quarantine
To move a suspect file to quarantine manually:
In Control Center, select the Manager:: section. Quarantine section.
Click on
The Windows default window for selecting a file appears.
Select the file and confirm.
The file is moved to quarantine.
You can scan files in quarantine with AntiVir Scanner:
see Chapter: Quarantine: Handling quarantined files (*.qua)
5.2.13 Scan profile: Amend or delete file type in a scan profile
To stipulate additional file types to be scanned or exclude specific file types from the
scan in a scan profile (only possible for manual selection and customized scan profiles):
In the Control Center go to the section Local protection :: Scanner.
With the right-hand mouse button, click on the scan profile you want to edit.
A context menu appears.
Select File filter.
Expand the context menu further by clicking on the small triangle on the right-hand
side of the context menu.
The entries Default, Scan all files and User-defined appear.
Select User-defined.
The File extensions dialog box appears with a list of all file types to be scanned Avira AntiVir Premium
32
with the scan profile.
If you want to exclude a file type from the scan:
Highlight the file type and click Delete.
If you want to add a file type to the scan:
Highlight the file type.
Click Add and enter the file extension of file type into the input box.
Use a maximum of 10 characters and do not enter the leading dot. Wildcards (*
and ? ) are allowed as replacements.
5.2.14 Scan profile: Create desktop shortcut for scan profile
You can start an on-demand scan directly from your desktop via a desktop shortcut to a
scan profile without accessing the Avira AntiVir Premium Control Center.
To create a desktop shortcut to the scan profile:
In the Control Center go to the section Local protection :: Scanner.
Select the scan profile you want to create a shortcut for.
Click on the icon .
The desktop shortcut is created.
5.2.15 Events: Filter events
In Control Center, under Overview :: Events events are displayed that have been
generated by AntiVir Premium program components. (analogous to the event display of
your Windows operating system). The program components are:
– Updater
– Guard
– MailGuard
– Scanner
– Scheduler
The following event types are displayed:
– Information
– Warning
– Error
– Detection
To filter displayed events:
In Control Center select the section Overview :: Events.
Check the box of the program components to display the events of the activated
components.
- OR -
Uncheck the box of the program components to hide the events of the deactivated
components.
Check the event type box to display these events. Overview of AntiVir Premium
33
- OR -
Uncheck the event type box to hide these events.
5.2.16 MailGuard: Exclude email addresses from scan
To define which email addresses (senders) are excluded from the MailGuard scan
(whitelisting):
Go to Control Center and select the section Online protection :: MailGuard.
The list shows incoming emails.
Highlight the email you want to exclude from the MailGuard scan.
Click on the appropriate icon to exclude the email from the MailGuard scan:
In future, the selected email address will no longer be scanned for viruses and
unwanted programs.
The email sender address is included in the exclusion list and no longer scanned
for viruses, malware .
Warning
Only exclude email addresses from the MailGuard scan if the senders are completely
trustworthy.
Note
In the configuration, under MailGuard:: General :: Exceptions, you can add other email
addresses to the exclusion list or remove email addresses from the exclusion list.
34
Scanner :: Overview
35
6 Scanner
With the Scanner component, you can carry out targeted scans (on-demand scans) for
viruses and unwanted programs. The following options are available for scanning for
infected files:
– On-demand scan via context menu
The on-demand-scan via the context menu (right-hand mouse button - entry
Scan selected files with AntiVir) is recommended if, for example, you wish to
scan individual files and directories. Another advantage is that it is not necessary
to first start the Avira AntiVir Premium Control Center for an on-demand scan
via the context menu.
– On-demand scan via drag & drop
When a file or directory is dragged into the program window of the Avira AntiVir
Premium Control Center, the Scanner scans the file or directory and all sub-
directories it contains. This procedure is recommended if you wish to scan
individual files and directories that you have saved, for example, on your desktop.
– On-demand scan via profiles
This procedure is recommended if you wish to regularly scan certain directories
and drives (e.g. your work directory or drives on which you regularly store new
files). You do not then need to select these directories and drives again for every
new scan, you simply select using the relevant profile.
– On-demand scan via the Scheduler
The Scheduler enables you to carry out time-controlled scans.
Special processes are required when scanning for rootkits, boot sector viruses, and when
scanning active processes. The following options are available:
– Scan for rootkits via the scan profil Scan for rootkits
– Scan active processes via the scan profile Active processes
– Scan for boot sector viruses via the menu command Scan for boot sector
viruses in the Extras menu
36
7 Updates
The effectiveness of anti-virus software depends on how up-to-date the program is, in
particular the virus definition file and the search engine. To carry out updates, the
component AntiVir Updater in integrated into AntiVir Premium . AntiVir Updater
ensures that Avira AntiVir Premium is always up-to-date and able to deal with the new
viruses that appear every day. AntiVir Updater updates the following components:
– Virus definition file:
The virus definition file contains the virus patterns of the harmful programs used by
AntiVir Premium to scan for viruses and malware and repair infected objects.
– Search engine:
The search engine contains the methods used by AntiVir Premium to scan for viruses
and malware.
– Program files (product update):
Update packages for product updates make extra functions available to the
individual program components.
An update checks whether the virus definition file and search engine are up-to-date and
if necessary implements an update. Depending on the settings in the configuration,
AntiVir Updater also carries out a product update or informs you of the product updates
available. After an update AntiVir Premium does not have to be restarted.
Note
For security reasons, the Avira AntiVir Premium Updater checks whether the Windows
host file of your computer was altered to the effect that, for example, the Avira AntiVir
Premium update URL was manipulated by malware and diverts the Avira AntiVir
Premium Updater to unwanted download sites. If the Windows host file has been
manipulated, this is shown in the Avira AntiVir Premium Updater report file.
In the Control Center under Scheduler, you can organize update jobs which are carried
out by AntiVir Updater at the intervals stipulated. An update job is created by default
after installation of AntiVir Premium. You also have the option to start an update
manually:
– in Control Center: in the Update menu and in the Status section
– via the context menu of the tray icon
Updates can be obtained from the internet via a Web server of the manufacturer. The
existing network connection is the default connection to the download servers of Avira
GmbH. You can change this default setting in Avira AntiVir Premium Configuration
under General:: Update.
37
8 FAQ, Tips
This chapter provides a collection of frequently asked questions (FAQs) relating to Avira
AntiVir Premium, a troubleshooting section and tips and tricks for using Avira AntiVir
Premium.
see Chapter Troubleshooting
see Chapter Keyboard commands
see Chapter Windows Security Center
8.1 Troubleshooting
Here you will find information on causes and solutions of possible problems.
– The error message The license file cannot be opened appears.
– AntiVir MailGuard does not work.
– An email sent via a TSL connection has been blocked by MailGuard.
– Webchat is not operational: Chat messages will not be displayed
The error message The license file cannot be opened appears.
Reason: The file is encrypted.
To activate the license, you do not need to open the file, but rather you save it in
the program directory of Avira AntiVir Premium.
The error message Connection failed while downloading the file ... appears
when attempting to start an update.
Reason: Your Internet connection is inactive. This is why Avira AntiVir Premium cannot
find the web server on the Internet.
Test whether other Internet services such as WWW or email work. If not,
reestablish the Internet connection.
Reason: The proxy server cannot be reached.
Check whether the login for the proxy server has changed and adapt it to your
configuration if necessary.
Reason: The update.exe file is not fully approved by your personal firewall.
Ensure that the update.exe file is fully approved by your personal firewall.
Otherwise:
Check your settings in the Avira AntiVir Premium Configuration (Expert mode)
under General :: Update.
Viruses and malware cannot be moved or deleted. Avira AntiVir Premium
38
Reason: The file was loaded by windows and is active.
Update Avira AntiVir Premium.
If you use the operating system Windows XP, deactivate System Restore.
Start the computer in Safe Mode.
Start Avira AntiVir Premium and the Avira AntiVir Premium Configuration
(Expert mode).
Select Scanner :: Scan :: Files :: All files and confirm the window with OK.
Start a scan of all local drives.
Start the computer in Normal Mode.
Carry out a scan in Normal Mode.
If no other viruses or malware have been found, activate System Restore if it is
available and to be used.
The status of the tray icon is disabled.
Reason: AntiVir Guard is deactivated.
In Control Center, click on the section Overview :: Status, find the field AntiVir
Guard and click on the Enable link.
Reason: AntiVir Guard is being blocked by a firewall.
Define a general approval for AntiVir Guard in the configuration of your firewall.
AntiVir Guard only works with the address 127.0.0.1 (localhost). An Internet connection
is not established. The same applies to AntiVir MailGuard.
Otherwise:
Check the startup type of the AntiVir Guard service. If necessary, enable the
service: In the taskbar, select "Start | Settings | Control Panel". Start the configuration
panel "Services" with a double-click (under Windows 2000 and Windows XP the services
applet is located in the sub-directory "Administrative Tools"). Find the entry "Avira
AntiVir Guard". "Automatic" must be entered as the startup type and "Started" as the
status. If necessary, start the service manually by selecting the relevant line and the
button "Start". If an error message appears, please check the event display.
The computer is extremely slow when I perform a data back-up.
Reason: During the back-up procedure, AntiVir Guard scans all files being used by the
back-up procedure.
Select Guard :: Scan :: Exceptions in the Avira AntiVir Premium Configuration
(Expert mode) and enter the process names of the back-up software.
My firewall reports AntiVir Guardand AntiVir MailGuard immediately after
activation.
Reason: Communication with AntiVir Guardand AntiVir MailGuardoccurs via the TCP/IP
Internet protocol. A firewall monitors all connections via this protocol.
Define a general approval for AntiVir Guard and AntiVir MailGuard. AntiVir
Guard only works with the address 127.0.0.1 (localhost). An Internet connection is not
established. The same applies to AntiVir MailGuard. FAQ, Tips
39
AntiVir MailGuard does not work
Please check correct functioning of AntiVir MailGuard with the aid of the following
checklists if problems occur with AntiVir MailGuard.
Checklist
Check whether your mail client communicates with the mail server via IMAP.
This protocol is currently not supported.
Check whether your mail client logs in on the server via Kerberos, APOP or RPA.
These verification methods are currently not supported.
Check whether your mail client logs in on the server via SSL (frequently also
known as TSL - Transport Layer Security). AntiVir MailGuard supports SSL, but without
scanning the encrypted emails for viruses and unwanted programs. The condition for
this is that connection is made via port 995 and not via the normal POP3 port 110. This
port is also frequently referred to as "Alternate port". Most email servers also support
SSL via this port.
Is the AntiVir MailGuard service active? If necessary, enable the service: In the
taskbar, select "Start | Settings | Control Panel". Start the configuration panel "Services"
with a double-click (under Windows 2000 and Windows XP the services applet is located
in the sub-directory "Administrative Tools"). Find the entry "Avira AntiVir MailGuard".
"Automatic" must be entered as the startup type and "Started" as the status. If necessary,
start the service manually by selecting the relevant line and the button "Start". If an
error message appears, please check the event display. If this is not successful, you may
have to completely deinstall Avira AntiVir Premium via "Start | Settings | Control Panel
| Add or Remove Programs", restart the computer and then reinstall Avira AntiVir
Premium.
General
AntiVir MailGuard does not currently support the so-called IMAP (Internet
Message Access Protocol), i.e. if your email program communicates with the email server
via this protocol, you are not protected against viruses or unwanted programs.
POP3 connections encrypted via SSL (Secure Sockets Layer, also frequently
referred to as TLS (Transport Layer Security)) cannot currently be protected and are
ignored.
Verification to the mail server is currently only supported via "passwords".
"Kerberos" and "RPA" are not currently supported.
Avira AntiVir Premium does not check outgoing emails for viruses and unwanted
programs.
Note
We recommend regularly installing Microsoft updates to close any gaps in security.
An email sent via a TSL connection has been blocked by MailGuard.
Reason: Transport Layer Security (TLS: encryption protocol for data transfers on the
internet) is not supported by MailGuard at this time. The following options are available
for sending the email:
Use a different port from port 25, which is used by SMTP. This will bypass
monitoring by MailGuard
Turn off the TSL encrypted connection and disable TSL support in your email
client. Avira AntiVir Premium
40
Disable (temporarily) monitoring of outgoing emails by MailGuard in the
configuration under MailGuard::Scan.
Webchat is not operational: Chat messages are not displayed; data are being
loaded in the browser.
This phenomenon may occur during chats, which are based on the HTTP protocol with
'transfer-encoding= chunked’.
Reason: WebGuard checks the data sent completely for viruses and undesired programs
first of all, before the data are loaded into the web browser. During a data transfer with
’transfer-encoding= chunked’, WebGuard cannot determine the message length
or the data volume.
Enter the configuration of the URL of the web chats as an exception (see Avira
AntiVir Premium Configuration: WebGuard::Exceptions).
8.2 Shortcuts
Keyboard commands - also called shortcuts - offer a fast possibility to navigate, to
retrieve individual modules and to start actions through Avira AntiVir Premium.
Below we provide you with an overview of the available keyboard commands in Avira
AntiVir Premium. Please find further indications regarding the functionality in the
corresponding chapter of the help.
8.2.1 In dialog boxes
Shortcut Description
Ctrl + Tab
Ctrl + Page
down
Go to next section.
Ctrl + Shift +
Tab
Ctrl + Page up
Go to previous section.
Tab Change to the next option or options group.
Shift + Tab Change to the previous option or options group.
← ↑ → ↓
Change between the options in a marked drop-down list or
between several options in a group of options.
Space
Activate or deactivate a check box, if the active option is a
check box.
Alt + underlined
letter
Select option or start command.
Alt + ↓
F4
Open selected drop-down list. FAQ, Tips
41
Esc
Close selected drop-down list.
Cancel command and close dialog.
Enter Start command for the active option or button.
8.2.2 In the help
Shortcut Description
Alt + Space Display system menu.
Alt + Tab Shift between the help and the other opened windows.
Alt + F4 Close help.
Shitf + F10 Display context menu of the help.
Ctrl + Tab Go to next section in the navigation window.
Ctrl + Shift +
Tab
Go to previous section in the navigation window.
Page up
Change to the subject, which is displayed above in the
contents, in the index or in the list of the search results.
Page down
Change to the subject, which is displayed below the current
subject in the contents, in the index or in the list of the search
results.
F6 Shift between the navigation and the subject window.
Page up
Page down
Browse through a subject.
8.2.3 In the Control Center
General
Shortcut Description
F1 Display help
Alt + F4 Close Control Center
F5 Refresh
F8 Open configuration
F9 Start update
Section Scanner
Shortcut Description
F2 Rename selected profile
F3 Start scan with the selected profile Avira AntiVir Premium
42
F4 Create desktop link for the selected profile
Ins Create new profile
Del Delete selected profile
Quarantine section
Shortcut Description
F2 Rescan object
F3 Restore object
F4 Send object
F6 Restore object to...
Return Properties
Ins Add file
Del Delete object
Section Scheduler
Shortcut Description
F2 Edit job
Return Properties
Ins Insert new job
Del Delete job
Reports section
Shortcut Description
F3 Display report file
F4 Print report file
Return Display report
Del Delete report(s)
Section Events
Shortcut Description
F3 Export event(s)
Return Display event
Del Delete event(s)
FAQ, Tips
43
8.3 Windows Security Centre
- Windows XP Service Pack 2 or higher -
8.3.1 General
The Windows Security Center checks the status of a computer for important security
aspects.
If a problem is detected with one of these important points (e.g. an outdated anti-virus
program), the Security Center issues an alert and gives recommendations on how to
protect your computer better.
8.3.2 The Windows Security Center and Avira AntiVir Premium
Virus protection software / Protection against malicious software
You may receive the following information from the Windows Security Center with
regard to your virus protection.
Virus protection NOT FOUND
Virus protection OUT OF DATE
Virus protection ON
Virus protection OFF
Virus protection NOT MONITORED
Virus protection NOT FOUND
This information of the Windows Security Center appears when the Windows Security
Center has not found any anti-virus software on your computer.
Note
Install Avira AntiVir Premium on your computer to protect it against viruses and other
unwanted programs!
Virus protection OUT OF DATE
If you have already installed Windows XP Service Pack 2 or Windows Vista and then
install Avira AntiVir Premium or you install Windows XP Service Pack 2 or Windows
Vista on a system on which Avira AntiVir Premium has already been installed, you
receive the following message: Avira AntiVir Premium
44
Note
In order for the Windows Security Center to recognize Avira AntiVir Premium as up to
date, an update must be carried out after installation. Update your system by carrying
out an Avira AntiVir Premium update.
Virus protection ON
After installation of Avira AntiVir Premium and a subsequent update, you receive the
following message:
Avira AntiVir Premium is now up to date and the AntiVir Guard is enabled.
Virus protection OFF
You receive the following message if you disable the AntiVir Guard or stop the Guard
service.
Note
You can enable or disable AntiVir Guard in the section Overview :: Enable / disable the
status of Avira AntiVir Premium Control Center. You can also see that the AntiVir Guard
is enabled if the red umbrella in your taskbar is open.
Virus protection NOT MONITORED
If you receive the following message from the Windows Security Center, you have
decided that you want to monitor your anti-virus software yourself.
Note
This function is not supported by Windows Vista. FAQ, Tips
45
Note
The Windows Security Center is supported by Avira AntiVir Premium. You can enable
this option at any time via the button "Recommendations...".
Note
Even if you have installed Windows XP Service Pack 2 or Windows Vista, you still require
a virus protection solution, e.g. Avira AntiVir Premium. Although Windows XP Service
Pack 2 monitors your anti-virus software, it does not contain any anti-virus functions
itself. Therefore you would not be protected against viruses and other malware without
an additional anti-virus solution!
46
9 Viruses and more
9.1 Extended threat categories
Dialer (DIALERS)
Certain services available in the internet have to be paid for. They are invoiced in
Germany via dialers with 0190/0900 numbers (or via 09x0 numbers in Austria and
Switzerland; in Germany, the number is set to change to 09x0 in the medium term).
Once installed on the computer, these programs guarantee a connection via a suitable
premium rate number whose scale of charges can vary widely.
The marketing of online content via your telephone bill is legal and can be of advantage
to the user. Genuine dialers leave no room for doubt that they are used deliberately and
intentionally by the user. They are only installed on the user’ s computer subject to the
user’ s consent, which must be given via a completely unambiguous and clearly visible
labeling or request. The dial-up process of genuine dialers is clearly displayed. Moreover,
genuine dialers tell you the incurred costs exactly and unmistakably.
Unfortunately there are also dialers which install themselves on computers unnoticed,
by dubious means or even with deceptive intent. For example they replace the internet
user’ s default data communication link to the ISP (Internet Service Provider) and dial a
cost-incurring and often horrendously expensive 0190/0900 number every time a
connection is made. The affected user will probably not notice until his next phone bill
that an unwanted 0190/0900 dialer program on his computer has dialed a premium rate
number with every connection, resulting in dramatically increased costs.
We recommend you to directly ask your telephone provider to block this number range
to be immediately protected against undesired dialers (0190/0900 dialers).
Avira AntiVir Premium can detect the familiar dialers by default.
If the option Dialers is enabled with a check mark in the configuration under Extended
threat categories, you receive a corresponding alert if a dialer is detected. You can now
simply delete the potentially unwanted 0190/0900 dialer. However, if it is a wanted dial-
up program, you can declare it an exceptional file and this file is then no longer scanned
in future.
Games (GAMES)
There is a place for computer games - but it is not necessarily at work (except perhaps in
the lunch hour). Nevertheless, with the wealth of games downloadable from the
internet, a fair bit of mine sweeping and Patience playing goes on among company
employees and civil servants. You can download a whole array of games via the Internet.
Email games have also become more popular: numerous variants are circulating, ranging
from simple chess to "fleet exercises" (including torpedo combats): The corresponding
moves are sent to partners via email programs, who answer them. Viruses and more
47
Studies have shown that the number of working hours devoted to computer games has
long reached economically significant proportions. It is therefore not surprising that
more and more companies are considering ways of banning computer games from
workplace computers.
Avira AntiVir Premium detects computer games. If the Games option is enabled with a
check mark in the configuration under Extended threat categories, you receive a
corresponding alert if Avira AntiVir Premium detects a game. The game is now over in
the truest sense of the word, because you can simply delete it.
Jokes (JOKES)
Jokes are merely intended to give someone a fright or provide general amusement
without causing harm or reproducing. When a joke program is loaded, the computer will
usually start at some point to play a tune or display something unusual on the screen.
Examples of jokes are the washing machine in the disk drive (DRAIN.COM) or the screen
eater (BUGSRES.COM).
But beware! All symptoms of joke programs may also originate from a virus or Trojan. At
the very least users will get quite a shock or be thrown into such a panic that they may
themselves may cause real damage.
Thanks to the extension of its scanning and identification routines, Avira AntiVir
Premium is able to detect joke programs and eliminate them as unwanted programs if
required. If the option Jokes is enabled with a check mark in the configuration under
Extended threat categories, a corresponding alert is issued if a joke program is detected.
Security Privacy Risk (SPR)
Software that maybe is able to compromise the security of your system, initiate
unwanted program activities, damage your privacy or spy out your user behavior and
might therefore be unwanted.
Avira AntiVir Premium detects "Security Privacy Risk" software. If the option Security
Privacy Risk is enabled with a check mark in the configuration under Extended threat
categories, you receive a corresponding alert if Avira AntiVir Premium detects such
software.
Backdoor Clients (BDC)
In order to steal data or manipulate computers, a backdoor server program is smuggled
in unknown to the user. This program can be controlled by a third party using backdoor
control software (client) via the internet or a network.
Avira AntiVir Premium detects "backdoor control software". If the option Backdoor
Clients is enabled with a check mark in the configuration under Extended threat
categories, you receive a corresponding alert if Avira AntiVir Premium detects such
software.
Adware/Spyware (ADSPY)
Software that displays advertising or software that sends the user's personal data
to a third party, often without their knowledge or consent, and for this reason may be
unwanted. Avira AntiVir Premium
48
Avira AntiVir Premium detects "Adware/Spyware". If the option Adware/Spyware is
enabled with a check mark in the configuration under Extended threat categories, you
receive a corresponding alert if Avira AntiVir Premium detects such software.
Unusual Runtime Compression Tools (PCK)
Files that have been compressed with an unusual runtime compression tool and that can
therefore be classified as possibly suspicious.
Avira AntiVir Premium detects "Unusual runtime Compression Tools". If the option
Unusual runtime Compression Tools is enabled with a check mark in the
configuration under Extended threat categories, you receive a corresponding alert if
Avira AntiVir Premium detects such packers.
Double Extension Files (HEUR-DBLEXT)
Executable files that hide their real file extension in a suspicious way. This camouflage
method is often used by malware.
Avira AntiVir Premium detects " Double Extension Files" . If the option Double
Extension files (HEUR-DBLEXT) is enabled with a check mark in the configuration
under Extended threat categories, you receive a corresponding alert if Avira AntiVir
Premium detects such files.
Phishing
Phishing, also known as brand spoofing is a clever form of data theft aimed at customers
or potential customers of Internet service providers, banks, online banking services,
registration authorities.
When submitting your email address on the Internet, filling in online forms, accessing
newsgroups or websites, your data can be stolen by "Internet crawling spiders" and then
used without your permission to commit fraud or other crimes.
Avira AntiVir Premium detects "Phishing". If the option Phishing is enabled with a
check mark in the configuration under Extended threat categories, you receive a
corresponding alert if Avira AntiVir Premium detects such behavior.
Application (APPL)
The term APPL refers to an application which may involve a risk when used or is of
dubious origin.
Avira AntiVir Premium detects "Application (APPL)". If the option Application (APPL)
is enabled with a check mark in the configuration under Extended threat categories, you
receive a relevant alert if Avira AntiVir Premium detects such behavior.
9.2 Viruses and other malware
Adware Viruses and more
49
Adware is software that presents banner ads or in pop-up windows through a bar that
appears on a computer screen. These advertisements usually cannot be removed and are
consequently always visible. The connection data allow many conclusions on the usage
behavior and are problematic in terms of data security.
Backdoors
A backdoor can gain access to a computer by going around the computer access security
mechanisms.
A program that is being executed in the background generally enables the attacker
almost unlimited rights. User's personal data can be spied with the backdoor's help, but
are mainly used to install further computer viruses or worms on the relevant system.
The connection data allow many conclusions on the usage behavior and are problematic
in terms of data security.
Boot viruses
The boot or master boot sector of hard disks is mainly infected by boot sector viruses.
They overwrite important information necessary for the system execution. One of the
awkward consequences: the computer system cannot be loaded any more&ldots;
Bot-Net
A bot net is defined as a remote network of PCs (on the Internet), which is composed of
bots that communicate with each other. A Bot-Net can comprise a collection of cracked
machines running programs (usually referred to as worms, Trojans) under a common
command and control infrastructure. Bot-Nets serve various purposes, including Denial-
of-service attacks etc., partly without the affected PC user's knowledge. The main
potential of Bot-Nets is that the networks can achieve dimensions on thousands of
computers and its bandwidth sum bursts most conventional Internet accesses.
Exploit
An exploit (security gap) is a computer program or script that takes advantage of a bug,
glitch or vulnerability leading to privilege escalation or denial of service on a computer
system. A form of an exploit for example are attacks from the Internet with the help of
manipulated data packages. Programs can be infiltrated in order to obtain higher access.
Hoaxes hoax - Scherz, Schabernack, Ulk)
For several years, internet and other network users have received alerts about viruses
that are purportedly spread via email. These alerts are spread per email with the request
that they should be sent to the highest possible number of colleagues and to other users,
in order to warn everyone against the "danger".
Honeypot Avira AntiVir Premium
50
A honeypot is a service (program or server) installed in a network. It has the function to
monitor a network and to protocol attacks. This service is unknown to the legitimate
user - because of this reason he is never addressed. If an attacker examines a network for
the weak points and uses the services which are offered by a Honeypot, it is logged and
an alert is triggered.
Macro viruses
Macro viruses are small programs that are written in the macro language of an
application (e.g. WordBasic under WinWord 6.0) and that can normally only spread
within documents of this application. Because of this, they are also called document
viruses. In order to be active, they need that the corresponding applications are activated
and that one of the infected macros has been executed. Unlike "normal" viruses, macro
viruses do consequently not attack executable files but they do attack the documents of
the corresponding host-application.
Pharming
Pharming is a manipulation of the host file of web browsers to divert enquiries to
spoofed websites. This is a further development of classic phishing. Pharming fraudsters
operate their own large server farms on which fake websites are stored. Pharming has
established itself as an umbrella term for various types of DNS attacks. In the case of a
manipulation of the host file, a specific manipulation of a system is carried out with the
aid of a Trojan or virus. The result is that the system can now only access fake websites,
even if the correct web address is entered.
Phishing
Phishing means angling for personal details of the Internet user. Phishers generally send
their victims apparently official letters such as emails that are intended to induce them
to reveal confidential information to the culprits in good faith, in particular user names
and passwords or PINs and TANs of online banking accounts. With the stolen access
details, the phishers can assume the identities of the victims and carry out transactions
in their name. What is clear is that banks and insurance companies never ask for credit
card numbers, PINs, TANs or other access details by email, SMS or telephone.
Polymorph viruses
Polymorph viruses are the real masters of disguise. They change their own programming
codes - and are therefore very hard to detect.
Program viruses
A computer virus is a program that is capable to attach itself to other programs after
being executed and cause an infection. Viruses multiply themselves unlike logic bombs
and Trojans. In contrast to a worm, a virus always requires a program as host, where the
virus deposits his virulent code. The program execution of the host itself is not changed
as a rule.
Rootkit Viruses and more
51
A rootkit is a collection of software tools that are installed after a computer system has
been infiltrated to conceal logins of the infiltrator, hide processes and record data -
generally speaking: to make themselves invisible. They attempt to update already
installed spy programs and reinstall deleted spyware.
Script viruses and worms
Such viruses are extremely easy to program and they can spread - if the required
technology is on hand - within a few hours via email round the globe.
Script viruses and worms use one of the script languages, such as Javascript, VBScript
etc., to insert themselves in other, new scripts or to spread themselves by calling
operating system functions. This frequently happens via email or through the exchange
of files (documents).
A worm is a program that multiplies itself but that does not infect the host. Worms can
consequently not form part of other program sequences. Worms are often the only
possibility to infiltrate any kind of damaging programs on systems with restrictive
security measures.
Spyware
Spyware are so called spy programs that intercept or take partial control of a computer's
operation without the user's informed consent. Spyware is designed to exploit infected
computers for commercial gain.
Trojan horses (short Trojans)
Trojans are pretty common nowadays. We are talking about programs that pretend to
have a particular function, but that show their real image after execution and carry out a
different function that, in most cases, is destructive. Trojan horses cannot multiply
themselves, which differentiates them from viruses and worms. Most of them have an
interesting name (SEX.EXE or STARTME.EXE) with the intention to induce the user to
start the Trojan. Immediately after execution they become active and can, for example,
format the hard disk. A dropper is a special form of Trojan that 'drops' viruses, i.e.
embeds viruses on the computer system.
Zombie
A Zombie-PC is a computer that is infected with malware programs and that enables
hackers to abuse computers via remote control for criminal purposes. On command, the
affected PC starts denial-of-service (DoS) attacks, for example, or sends spam and
phishing emails.
52
10 Info and Service
This chapter contains information on how to contact us.
see Chapter Contact address
see Chapter Technical support
see Chapter Suspicious files
see Chapter Report false positives
see Chapter Your feedback for more security
10.1 Contact address
If you have any questions or requests concerning the Avira AntiVir Premium product
range, we will be pleased to help you. For our contact addresses, please refer to Control
Center Help :: About Avira AntiVir Premium
10.2 Technical support
Avira AntiVir Premium support provides reliable assistance in answering your questions
or solving a technical problem.
All necessary information on our comprehensive support service can be obtained from
our website http://www.avira.com/premium-support.
So that we can provide you with fast, reliable help, you should have the following
information ready:
– License information. These can be found in the Avira AntiVir Premium Control
Center under the menu item .
– Version information. You can find this in Avira AntiVir Premium Control
Center under the menu item Help :: About AntiVir Premium :: Version
information.
– Operating system version and any Service Packs installed.
– Installed software packages, e.g. anti-virus software of other vendors.
– Exact messages of the program or of the report file.
10.3 Suspicious file
Viruses that may not yet be detected or removed by our products or suspect files can be
sent to us. We provide you with several ways of doing this. Info and Service
53
– In Quarantine manager select the Control Centerfile file and use the context
menu or corresponding button to select the item Send file.
– Send the required file packed (WinZIP, PKZip, Arj etc.) in the attachment of an
email to virus@avira.com. As some email gateways work with anti-virus software,
you should also provide the file(s) with a password (please remember to tell us
the password).
You can also send us the suspect file via our website.
10.4 Report false positive
If you believe that Avira AntiVir Premium reports something about a file that is most
likely "clean", send the required file packed (WinZIP, PKZip, Arj etc.) in the attachment
of an email to virus@avira.com. As some email gateways work with anti-virus software,
you should also provide the file(s) with a password (please remember to tell us the
password).
10.5 Your feedback for more security
The security of our customers plays a central role at Avira. Because of this reason, we
don't only have an in-house expert team who tests the quality and security of every Avira
solution before the product is released. We also attach great importance to the
indications regarding security relevant gaps which could develop and we treat those
frankly.
If you think you have detected a security gap in one of our products, please send us an
email to vulnerabilities@avira.com.
54
11 Reference: Configuration options
The configuration reference documents all configuration options available in Avira
AntiVir Premium.
11.1 Scanner
The Scanner section of the Avira AntiVir Premium Configuration is responsible for the
configuration of the on-demand scan.
11.1.1 Scan
Here you define the basic behavior of the scan routine for an on-demand scan. If you
select certain directories to be scanned with an on-demand scan, depending on the
configuration the Scanner scans:
– with a certain scanning power (priority),
– also boot sectors and main memory,
– certain or all boot sectors and the main memory,
– all or selected files in the directory.
Files
The Scanner can use a filter to scan only those files with a certain extension (type).
All files
If this option is enabled, all files are scanned for viruses or unwanted programs,
irrespective of their content and file extension. The filter is not used.
Note
If All files is enabled, the button File extensions cannot be selected.
Smart Extensions
If this option is enabled, the selection of the files scanned for viruses or unwanted
programs is automatically chosen by Avira AntiVir Premium. This means that Avira
AntiVir Premium decides whether the files are scanned or not based on their content.
This procedure is somewhat slower than Use file extension list, but more secure, since
not only on the basis of the file extension is scanned. This setting is activated by default
and is recommended.
Note
If Smart Extensions is enabled, the button File extensions cannot be selected.
Use file extension list
If this option is enabled, only files with a specified extension are scanned. All file types
that may contain viruses and unwanted programs are preset. The list can be edited
manually via the button File extension. Reference: Configuration options
55
Note
If this option is enabled and you have deleted all entries from the list with file
extensions, this is indicated with the text "No file extensions" under the button File
extensions.
File extensions
With the aid of this button, a dialog window is opened in which all file extensions are
displayed that are scanned in Use file extension list mode. Default entries are set for
the extensions, but entries can be added or deleted.
Note
Please note that the default list may vary from version to version.
Additional settings
Scan boot sectors of selected drives
If this option is enabled, the Scanner only scans the boot sectors of the drives selected
for the on-demand scan. This option is enabled as the default setting.
Scan master boot sectors
If this option is enabled, the Scanner scans the master boot sectors of the hard disk(s)
used in the system.
Ignore offline files
If this option is enabled, the direct scan ignores so-called offline files completely during a
scan. This means that these files are not scanned for viruses and unwanted programs.
Offline files are files that were physically moved by a so-called Hierarchical Storage
Management System (HSMS) from the hard disk onto a tape, for example. This option is
enabled as the default setting.
Integrity check on system files
When this option is enabled, the most important Windows system files are subjected to
a particularly secure check for changes by malware during every on-demand scan. If an
amended file is detected, this is reported as suspect. This function uses a lot of computer
capacity. That is why the option is disabled as the default setting.
Optimized scan
When the option is enabled, the processor capacity is optimally utilized during a Scanner
scan. For performance reasons, an optimized scan is only logged on standard level.
Note
This option is only available on multi-processor systems. If AntiVir Premium is
administered with SMC, the option is always displayed and can be enabled: If the
administered system does not have more than one processor, the Scanner option is not
used.
Follow symbolic links
If this option is enabled, Scanner performs a scan that follows all symbolic links in the
scan profile or selected directory and scans the linked files for viruses and malware. This
option is not supported by Windows 2000 and has been deactivated.
Important
The option does not include any shortcuts, but refers exclusively to symbolic links
(generated by mklink.exe) or Junction Points (generated by junction.exe) which are
transparent in the file system.
scan for Rootkits before scan Avira AntiVir Premium
56
If this option is enabled and a scan is started, Scanner scans the Windows system
directory for active rootkits in a so-called shortcut. This process does not scan your
computer for active rootkits as comprehensively as the scan profile Scan for rootkits,
but it is significantly quicker to perform.
Important
In 64 bit systems the rootkit scan is not yet available!
Scan process
Allow stopping
If this option is enabled, the scan for viruses or unwanted programs can be terminated at
any time with the button Stop in the window of the "Luke Filewalker". If you have
disabled this setting, the button Stop in the window "Luke Filewalker" has a gray
background. Premature ending of a scan process is thus not possible! This option is
enabled as the default setting.
Scanner priority
With the on-demand scan, the Scanner distinguishes between priority levels. This is only
effective if several processes are running simultaneously on the workstation. The
selection affects the scanning speed.
Low
The Scanner is only allocated processor time by the operating system if no other process
requires computation time, i.e. as long as only the Scanner is running, the speed is
maximum. All in all, work with other programs is optimal: The computer responds more
quickly if other programs require computation time while the Scanner continues running
in the background. This setting is activated by default and is recommended.
Medium
The Scanner is performed with normal priority. All processes are allocated the same
amount of processor time by the operating system. Under certain circumstances, work
with other applications may be affected.
High
The Scanner has the highest priority. Simultaneous work with other applications is
almost impossible. The Scanner completes its scan at maximum speed, however.
11.1.1.1. Action for concerning files
Action for concerning files
You can define the actions to be carried out by Scanner when a virus or unwanted
program is detected.
Interactive
If this option is enabled, the results of the Scanner scan are displayed in a dialog box.
When scanning for rootkits, boot sector viruses and when scanning active processes, a
dialog box appears in which you can choose what is to happen to the object encountered.
When scanning files, the notification and selection option for dealing with the relevant
files depend on the notification mode selected. This option is enabled as the default
setting.
Click here for more information.
Notification mode Reference: Configuration options
57
Notification mode allows you to define the form in which viruses detected during the file
scan by Scanner are to be reported. You can use the notification mode to decide whether
there are selection options for handling the relevant files.
Combined
In combined notification mode you will receive an alert with a list of the relevant files
detected when you have completed the file scan. There is no selection option for
handling the relevant files. You can execute the standard action of Scanner for all
affected files or cancel the Scanner.
Combined (expert)
In expert notification mode you will receive an alert with a list of the relevant files
detected when you have completed the file scan. You can use the content-sensitive menu
to select an action to be executed for the various files affected. You can execute the
standard actions for all affected files or cancel the Scanner.
Individual
In individual notification mode, every virus detected during the file scan is reported in a
separate window. You can choose what to do with the relevant file in the dialog box.
Automatic
If this option is enabled, then no dialog box for selecting an action appears following the
detection of a virus or unwanted program. Scanner reacts according to the settings you
define in this section.
Copy file in quarantine before action
If this option is enabled, the Scanner creates a back-up copy before carrying out the
requested primary or secondary action. The back-up copy is saved in quarantine, where
the file can be restored if it is of informative value. You can also send the back-up copy to
the Avira Malware Research Center for further investigation.
Primary action
Primary action is the action carried out when the Scanner finds a virus or an unwanted
program. If the option repair is selected but a repair of the file involved is not possible,
the action selected under Secondary action is carried out.
Note
The option Secondary action can only be selected if the setting repair was selected
under Primary action.
repair
If this option is enabled, the Scanner repairs affected files automatically. If the Scanner
cannot repair an affected file, it carries out the action selected under Secondary action.
Note
An automatic repair is recommended, but means that the Scanner modifies files on the
workstation.
delete
If this option is enabled, the file is deleted but can be restored if necessary with
appropriate tools (e.g. Avira UnErase). This means the virus pattern could be detected
again. This process is much faster than "overwrite and delete".
overwrite and delete
If this option is enabled, the Scanner overwrites the file with a default pattern and then
deletes it. It cannot be restored.
rename Avira AntiVir Premium
58
If this option is enabled, the Scanner renames the file. Direct access to these files (e.g.
with double-click) is therefore no longer possible. Files can later be repaired and given
their original names again.
ignore
If this option is enabled, access to the file is allowed and the file is left as it is.
Warning
The affected file remains active on your workstation! It may cause serious damage on
your workstation!
Quarantine
If this option is enabled, the Scanner moves the file to the quarantine. These files can
later be repaired or - if necessary - sent to the Avira Malware Research Center.
Secondary action
The option Secondary action can only be selected if the setting Repair was selected
under Primary action. With this option it can now be decided what is to be done with
the affected file if it cannot be repaired.
delete
If this option is enabled, the file is deleted but can be restored if necessary with
appropriate tools (e.g. Avira UnErase). This means the virus pattern could be detected
again. This process is much faster than "overwrite and delete".
overwrite and delete
If this option is enabled, the Scanner overwrites the file with a default pattern and then
deletes (wipes) it. It cannot be restored.
rename
If this option is enabled, the Scanner renames the file. Direct access to these files (e.g.
with double-click) is therefore no longer possible. Files can later be repaired and given
their original names again.
ignore
If this option is enabled, access to the file is allowed and the file is left as it is.
Warning
The affected file remains active on your workstation! It may cause serious damage on
your workstation!
Quarantine
If this option is enabled, the Scanner moves the file to the quarantine. These files can
later be repaired or - if necessary - sent to the Avira Malware Research Center.
Note
If you have selected Deleteor Overwrite and Delete as the primary or secondary
action, you should note the following: In the case of heuristic hits, the affected files are
not deleted, but are instead moved to quarantine.
When scanning archives, the Scanner uses a recursive scan: Archives in archives are also
unpacked and scanned for viruses and unwanted programs. The files are scanned,
decompressed and scanned again.
Scan archives
If this option is enabled, the selected archives in the archive list are scanned. This option
is enabled as the default setting. Reference: Configuration options
59
All archive types
If this option is enabled, all archive types in the archive list are selected and scanned.
Smart extensions
If this option is enabled, the Scanner detects whether a file is a packed file format
(archive), even if the file extension differs from the usual extensions, and scans the
archive. However, for this every file must be opened - which reduces the scanning speed.
Example: if a *.zip archive has the file extension *.xyz, the Scanner also unpacks this
archive and scans it. This option is enabled as the default setting.
Note
Only those archive types are supported, which are marked in the archive list.
Limit recursion depth
Unpacking and scanning recursive archives can require a great deal of computer time and
resources. If this option is enabled, you limit the depth of the scan in multi-packed
archives to a certain number of packing levels (maximum recursion depth). This saves
time and computer resources.
Note
In order to find a virus or an unwanted program in an archive, the Scanner must scan up
to the recursion level in which the virus or the unwanted program is located.
Maximum recursion depth
In order to enter the maximum recursion depth, the option Limit recursion depth must
be enabled.
You can either enter the requested recursion depth directly or by means of the right
arrow key on the entry field. The permitted values are 1 to 99. The standard value is 20
which is recommended.
Default values
The button restores the pre-defined values for scanning archives.
Archive list
In this display area you can set which archives the Scanner should scan. For this, you
must select the relevant entries.
11.1.1.2. Exceptions
File objects to be omitted for the Scanner
The list in this window contains files and paths that should not be included by the
Scanner in the scan for viruses or unwanted programs.
Please enter as few exceptions as possible here and really only files that, for whatever
reason, should not be included in a normal scan. We recommend that you always scan
these files for viruses or unwanted programs before they are included in this list!
Note
The entries on the list must not result more than 6000 characters in total.
Warning
These files are not included in a scan! Avira AntiVir Premium
60
Note
The files included in this list are entered in the report file. Please check the report file
from time to time for unscanned files, as perhaps the reason you excluded a file here no
longer exists. In this case you should remove the name of this file from this list again.
Input box
In this input box you can enter the name of the file object that is not included in the on-
demand scan. No file object is entered as the default setting.
The button opens a window in which you can select the required file or the required
path.
When you have entered a file name with its complete path, only this file is not scanned
for infection. If you have entered a file name without a path, all files with this name
(irrespective of the path or drive) are not scanned.
Add rule
With this button, you can add the file object entered in the input box to the display
window.
Delete
The button deletes a selected entry from the list. This button is inactive if no entry is
selected.
Note
If you add a complete partition to the list of the file objects, only those files which are
saved directly under the partition will be excluded from the scan, which does not apply
for files in sub-directories on the corresponding partition:
Example: File object to be skipped: D:\ = D:\file.txt will be excluded from the
scan of the Scanner, D:\folder\file.txt will not be excluded from the scan.
11.1.1.3. Heuristic
This configuration section contains the settings for the heuristic of the Avira AntiVir
Premium search engine.
Avira AntiVir Premium contains very powerful heuristics that can proactively uncover
unknown malware, i.e. before a special virus signature to combat the damaging element
has been created and before a virus guard update has been sent. Virus detection involves
an extensive analysis and investigation of the affected codes for functions typical of
malware. If the code being scanned exhibits these characteristic features, it is reported as
being suspicious. This does not necessarily mean that the code is in fact malware. False
positives do sometimes occur. The decision on how to handle affected code is to be made
by the user, e.g. based on his or her knowledge of whether the source of the code is
trustworthy or not.
Macrovirus heuristic
Macrovirus heuristic
Avira AntiVir Premium contains a highly powerful macro virus heuristic. If this option is
enabled, all macros in the relevant document are deleted in the event of a repair,
alternatively suspect documents are only reported, i.e. you receive an alert. This option is
enabled as the default setting and is recommended. Reference: Configuration options
61
Advanced Heuristic Analysis and Detection (AHeAD)
Enable AHeAD
Avira AntiVir Premium contains a very powerful heuristic in the form of AntiVir AheAD
technology, which can also detect unknown (new) malware. If this option is activated,
you can define how "aggressive" this heuristic should be. This option is enabled as the
default setting.
Low detection level
If this option is enabled, Avira AntiVir Premium detects slightly less unknown malware,
the risk of false alerts is low in this case.
Medium detection level
This setting is activated by default if you have selected the use of this heuristic.
High detection level
If this option is enabled, Avira AntiVir Premium detects much more unknown malware,
however false positives can also be expected.
11.1.2 Report
The Scanner has a comprehensive reporting function. You thus obtain precise
information on the results of an on-demand scan. The report file contains all entries of
the system as well as alerts and messages of the on-demand scan.
Note
So that you can establish what actions the Scanner has carried out when viruses or
unwanted programs have been detected, a report file should always be created.
Logging
Off
If this option is enabled, the Scanner does not report the actions and results of the on-
demand scan.
Default
When this option is activated, the Scanner logs the names of the files concerned with
their path. In addition, the configuration for the current scan, version information and
information on the licensee is written in the report file.
Extended
When this option is activated, the Scanner logs alerts and tips in addition to the default
information.
Full
When this option is activated, the Scanner also logs all scanned files. In addition, all files
involved as well as alerts and tips are included in the report file.
Note
If you have to send us a report file at any time (for troubleshooting), please create this
report file in this mode.
11.2 Guard
Avira AntiVir Premium
62
The Guard section of the Avira AntiVir Premium Configuration is responsible for the
configuration of the on-access scan.
11.2.1 Scan
You will normally want to monitor your system constantly. To this end, use the Guard (=
on-access scanner). You can thus scan all files that are copied or opened on the computer
"on the fly", for viruses and unwanted programs.
Scan mode
Here the time for scanning of a file is defined.
Scan when reading
If this option is enabled, the Guard scans the files before they are read or executed by the
application or the operating system.
Scan when writing
If this option is enabled, the Guard scans a file when writing. You can only access the file
again after this process has been completed.
Scan when reading and writing
If this option is enabled, the Guard scans files before opening, reading and executing and
after writing. This option is enabled as the default setting and is recommended.
Files
The Guard can use a filter to scan only those files with a certain extension (type).
All files
If this option is enabled, all files, irrespective of their content and their file extension,
are scanned for viruses or unwanted programs, i.e. the filter is not used.
Note
If All files is enabled, the button File extensions cannot be selected.
Smart Extensions
If this option is enabled, the selection of the files scanned for viruses or unwanted
programs is automatically chosen by Avira AntiVir Premium. This means that Avira
AntiVir Premium decides whether the files are scanned or not based on their content.
This procedure is somewhat slower than Use file extension list, but more secure, since
not only on the basis of the file extension is scanned.
Note
If Smart Extensions is enabled, the button File extensions cannot be selected.
Use file extension list
If this option is enabled, only files with a specified extension are scanned. All file types
that may contain viruses and unwanted programs are preset. The list can be edited
manually via the button File extension. This setting is activated by default and is
recommended. Reference: Configuration options
63
Note
If this option is enabled and you have deleted all entries from the list with file
extensions, this is indicated with the text "No file extensions" under the button File
extensions.
File extensions
With the aid of this button, a dialog window is opened in which all file extensions are
displayed that are scanned in Use file extension list mode. Default entries are set for
the extensions, but entries can be added or deleted.
Note
Please note that the file extension list may vary from version to version.
Archives
Scan archive
If this option is enabled, then archives will be scanned. Compressed files are scanned,
then decompressed and scanned again. This option is deactivated by default. The archive
scan is restricted by the recursion depth, the number of files to be scanned and the
archive size. You can set the maximum recursion depth, the number of files to be
scanned and the maximum archive size.
Note
This option is deactivated by default, since the process puts heavy demands on the
computer's performance. It is generally recommended that archives be checked using an
on-demand scan.
Maximum recursion depth
When scanning archives, the Guard uses a recursive scan: Archives in archives are also
unpacked and scanned for viruses and unwanted programs. You can define the recursion
depth. The default value for the recursion depth is 1 and is recommended: all archives
that are directly located in the main archive are unpacked and scanned.
Maximum number of files
When scanning archives, you can restrict the scan to a maximum number of files in the
archive. The default value for the maximum number of files to be scanned is 10 and is
recommended.
Maximum size (KB)
When scanning archives, you can restrict the scan to a maximum archive size to be
unpacked. The standard value of 1000 KB is recommended.
11.2.1.1. Action for concerning files
Action for concerning files
You can define the actions to be carried out by Guard when a virus or unwanted program
is detected.
Interactive
If this option is enabled, a dialog window appears during the on-access scan when a virus
or unwanted program is detected in which you can choose what is to be done with the
file concerned. This option is enabled as the default setting.
Click here for more information. Avira AntiVir Premium
64
Automatic
If this option is enabled, then no dialog box for selecting an action appears following the
detection of a virus or unwanted program. Guard reacts according to the settings you
define in this section.
Copy file in Quarantine before action
If this option is enabled, the Guard creates a backup copy before carrying out the
requested primary or secondary action. The backup copy is saved in Quarantine. It can be
restored via the Quarantine manager if it is of informative value. You can also send the
back-up copy to the Avira Malware Research Center. Depending on the object, there are
more selection possibilities in the Quarantine manager.
Primary action
Primary action is the action carried out when the Guard finds a virus or an unwanted
program. If the option repair is selected but a repair of the file involved is not possible,
the action selected under Secondary action is carried out.
Note
The option Secondary action can only be selected if the option Repair was selected under
Primary action.
repair
If this option is enabled, the Guard repairs affected files automatically. If the Guard
cannot repair an affected file, it carries out the action selected under Secondary action.
Note
An automatic repair is recommended, but means that the Guard modifies files on the
workstation.
delete
If this option is enabled, the file is deleted but can be restored if necessary with
appropriate tools (e.g. Avira UnErase). This means the virus pattern could be detected
again. This process is much faster than "overwrite and delete".
overwrite and delete
If this option is enabled, the Guard overwrites the file with a default pattern and then
deletes it. It cannot be restored.
rename
If this option is enabled, the Guard renames the file. Direct access to these files (e.g. with
double-click) is therefore no longer possible. Files can later be repaired and given their
original names again.
ignore
If this option is enabled, access to the file is allowed and the file is left as it is.
Warning
The affected file remains active on your workstation! It may cause serious damage on
your workstation!
Deny access
If this option is enabled, the Guard only enters the detection in the report file if the
report function is enabled. In addition, the Guard writes an entry in the Event log, if this
option is enabled.
Quarantine
If this option is enabled, the Guard moves the file to the Quarantine. The files in this
directory can later be repaired or - if necessary - sent to the Avira Malware Research
Center. Reference: Configuration options
65
Secondary action
The option Secondary action can only be selected if the option Repair was selected
under Primary action. With this option it can now be decided what is to be done with
the affected file if it cannot be repaired.
delete
If this option is enabled, the file is deleted but can be restored if necessary with
appropriate tools (e.g. Avira UnErase). This means the virus pattern could be detected
again. This process is much faster than "overwrite and delete".
overwrite and delete
If this option is enabled, the Guard overwrites the file with a default pattern and then
deletes it. It cannot be restored.
rename
If this option is enabled, the Guard renames the file. Direct access to these files (e.g. with
double-click) is therefore no longer possible. Files can later be repaired and given their
original names again.
ignore
If this option is enabled, access to the file is allowed and the file is left as it is.
Warning
The affected file remains active on your workstation! It may cause serious damage on
your workstation!
Deny access
If this option is enabled, the Guard only enters the detection in the report file if the
report function is enabled. In addition, the Guard writes an entry in the Event log, if this
option is enabled.
Quarantine
If this option is enabled, the Guard moves the file to the quarantine. The files can later
be repaired or - if necessary - sent to the Avira Malware Research Center.
Note
If you have selected Delete or Overwrite and Delete as the primary or secondary
action, you should note the following: In the case of heuristic hits, the affected files are
not deleted, but are instead moved to Quarantine.
11.2.1.2. Further actions
Notifications
Use event log
When this option is enabled, an entry is added to the event log for every detection. The
administrator can identify detections and react accordingly. This option is enabled as the
default setting.
Avira AntiVir Premium
66
11.2.1.3. Exceptions
With these options you can configure exception objects for the Guard (on-access scan).
The relevant objects are then not included in the on-access scan. The Guard can ignore
file accesses to these objects during the on-access scan via the list of processes to be
omitted. This is useful, for example, with databases or back-up solutions.
Processes to be omitted by Guard
All file accesses of processes in this list are excluded from monitoring by Guard.
Input box
In this box, you can enter the name of the process that is not included in the on-access
scan. No process is entered as the default setting. The names of the individual process
can most easily be obtained via the task manager. The "Processes" tab in the task
manager contains the names of all currently active processes. Select "your" process and
enter its name under "Image Name".
Note
You can enter up to 20 processes.
Warning:
Only the first 15 characters of the process name (including the file extension) are
considered. If there are 2 processes with the same name, Guard excludes both processes
from the monitoring.
Warning
Please note that all file accesses by processes recorded in the list are excluded from the
scan for viruses and unwanted programs! The Windows Explorer and the operating
system itself cannot be excluded. A corresponding entry in the list is ignored.
Add rule
With this button, you can add the process entered in the input box to the display
window.
Delete
With this button you can delete a selected process from the display window.
File objects to be omitted for the Guard
All file accesses to objects in this list are excluded from monitoring by the Guard.
Note
The entries on the list must not result more than 6000 characters in total.
Input box
In this box you can enter the name of the file object that is not included in the on-access
scan. No file object is entered as the default setting.
The button opens a window in which you can select the file object to be excluded.
Add rule
With this button, you can add the file object entered in the input box to the display
window.
Delete
With this button you can delete a selected file object from the display window. Reference: Configuration options
67
Please observe the following points:
– The file name can only contain the wildcards * (any number of characters) and
? (a single character).
– Directory names must end with a backslash \, otherwise a file name is assumed.
– The list is processed from top to bottom.
– Individual file extensions can also be excluded (inclusive wildcards).
– If a directory is excluded, all its sub-directories are automatically also excluded.
– The longer the list is, the more processor time is required for processing the list
for each access. Therefore, keep the list as short as possible.
– In order to also exclude objects when they are accessed with short DOS file names
(DOS name convention 8.3), the relevant short file name must also be entered in
the list.
Note
A file name that contains wildcards may not be terminated with a backslash.
For example:
C:\Program Files\Application\applic*.exe\
This entry is not valid and not treated as an exception!
Note
In case of dynamic drives which are mounted as a directory on another drive, the alias of
the operating system for the integrated drive in the list of the exceptions has to be used:
e.g. \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1\
If you use the mount point itself, for example, C:\DynDrive, the dynamic drive will be
scanned nonetheless. You can determine the alias of the operating system to be used
from the report file of Guard:
Note
You can locate the path Guard uses to scan for infected files in the Guard report file.
Indicate exactly the same path in the list of exceptions. Proceed as follows: set the
protocol function of Guard to Complete in the configuration under Guard :: Report.
Now access the files, folders, mounted drives with the activated Guard. You can now read
the path to be used from the Guard report file. The report file can be accessed in Control
Center under Local protection :: Guard.
Examples:
C:
C:\
C:\*.*
C:\*
*.exe
*.xl?
*.*
C:\Program Files\Application\application.exe Avira AntiVir Premium
68
C:\Program Files\Application\applic*.exe
C:\Program Files\Application\applic*
C:\Program Files\Application\applic?????.e*
C:\Program Files\
C:\Program Files
C:\Program Files\Application\*.mdb
11.2.1.4. Heuristic
This configuration section contains the settings for the heuristic of the Avira AntiVir
Premium search engine.
Avira AntiVir Premium contains very powerful heuristics that can proactively uncover
unknown malware, i.e. before a special virus signature to combat the damaging element
has been created and before a virus guard update has been sent. Virus detection involves
an extensive analysis and investigation of the affected codes for functions typical of
malware. If the code being scanned exhibits these characteristic features, it is reported as
being suspicious. This does not necessarily mean that the code is in fact malware. False
positives do sometimes occur. The decision on how to handle affected code is to be made
by the user, e.g. based on his or her knowledge of whether the source of the code is
trustworthy or not.
Macrovirus heuristic
Macrovirus heuristic
Avira AntiVir Premium contains a highly powerful macro virus heuristic. If this option is
enabled, all macros in the relevant document are deleted in the event of a repair,
alternatively suspect documents are only reported, i.e. you receive an alert. This option is
enabled as the default setting and is recommended.
Advanced Heuristic Analysis and Detection (AHeAD)
Enable AHeAD
Avira AntiVir Premium contains a very powerful heuristic in the form of AntiVir AheAD
technology, which can also detect unknown (new) malware. If this option is activated,
you can define how "aggressive" this heuristic should be. This option is enabled as the
default setting.
Low detection level
If this option is enabled, Avira AntiVir Premium detects slightly less unknown malware,
the risk of false alerts is low in this case.
Medium detection level
This setting is activated by default if you have selected the use of this heuristic.
High detection level
If this option is enabled, Avira AntiVir Premium identifies far more unknown malware,
but you must also accept that there are likely to be false positives.
Reference: Configuration options
69
11.2.2 Report
Guard includes an extensive logging function to provide the user or administrator with
exact notes about the type and manner of a detection.
Logging
This group allows for the content of the report file to be determined.
Off
If this option is enabled, then Guard does not create a log.
It is recommended that you should turn off the logging function only in exceptional
cases, such as if you are executing trials with multiple viruses or unwanted programs.
Default
If this option is enabled, Guard records important information (concerning detections,
alerts and errors) in the report file, with less important information ignored for
improved clarity. This option is enabled as the default setting.
Extended
If this option is enabled, Guard logs less important information to the report file as well.
Full
If this option is enabled, Guard logs all available information in the report file, including
file size, file type, date, etc.
Limit report file
Limit size to n MB
If this option is enabled, the report file can be limited to a certain size; possible values:
Permitted values are between 1 and 100 MB. This option is activated by default with a
value of 1 MB.
Backup report file before shortening
If this option is enabled, the report file is backed up before shortening.
Write configuration in report file
If this option is enabled, the configuration of the on-access scan is recorded in the report
file.
11.3 MailGuard
The MailGuard section of Avira AntiVir Premium Configuration is used to configure
MailGuard.
11.3.1 Scan
Use MailGuard to scan incoming emails for viruses and malware . Outgoing emails can
be scanned for viruses and malware by MailGuard.
Scan Avira AntiVir Premium
70
Scan incoming emails
If this option is enabled, incoming emails are scanned for viruses, malware . MailGuard
supports the POP3 and IMAP protocols. Enable the inbox account used by your email
client to receive emails for monitoring by MailGuard.
Monitor POP3 accounts
If this option is enabled, the POP3 accounts are monitored on the specified ports.
Monitored ports
In this field you should enter the port to be used as the inbox by the POP3 protocol.
Multiple ports are separated by commas.
Default
This button resets the specified port to the default POP3 port.
Monitor IMAP accounts
If this option is enabled, the IMAP accounts are monitored on the specified ports.
Monitored ports
In this field you should enter the port to be used as the inbox by the IMAP protocol.
Multiple ports are separated by commas.
Default
This button resets the specified port to the default IMAP port.
Scan outgoing emails (SMTP)
If this option is enabled, outgoing emails are scanned for viruses and malware.
Monitored ports
In this field you should enter the port to be used as the outbox by the SMTP protocol.
Multiple ports are separated by commas.
Default
This button resets the specified port to the default SMTP port.
Note
To verify the protocols and ports used, call up the properties of your email accounts in
your email client program. Default ports are mostly used.
11.3.1.1. Action for concerning files
This configuration section contains settings for actions performed when MailGuard
finds a virus or unwanted program in an email or in an attachment.
Note
These actions are performed both when a virus is detected in incoming emails and when
a virus is detected in outgoing emails.
Action for concerning files
Interactive
If this option is enabled, a dialog window appears when a virus or unwanted program is
detected in an email or attachment in which you can choose what is to be done with the
email or attachment concerned. This option is enabled as the default setting.
Show progress bar Reference: Configuration options
71
If this option is enabled, the MailGuard shows a progress bar during downloading of
emails. This option can only be enabled if the option Interactive has been selected.
Automatic
If this option is enabled, you are no longer notified when a virus or unwanted program is
found. MailGuard reacts according to the settings you define in this section.
Primary action
Primary action is the action carried out when the MailGuard finds a virus or an
unwanted program in an email. If the option Ignore email is selected, it is also possible
to select under Affected attachments what is to be done if a virus or unwanted
program is detected in an attachment.
Delete email
If this option is enabled, the affected email is automatically deleted if a virus or
unwanted program is found. The body of the email is replaced by the default text given
below. The same applies to all attachments included; these are also replaced by a default
text.
Isolate email
If this option is enabled, the complete email including all attachments is placed in
Quarantine if a virus or unwanted program is found. If required, it can later be restored.
The affected email itself is deleted. The body of the email is replaced by the default text
given below. The same applies to all attachments included; these are also replaced by a
default text.
Ignore email
If this option is enabled, the affected email is ignored despite detection of a virus or
unwanted program. However, you can decide what is to be done with the affected
attachment:
Affected attachments
The option Affected attachments can only be selected if the setting Ignore email has
been selected under Primary action. With this option it is now possible to decide what
is to be done if a virus or unwanted program is found in an attachment.
delete
If this option is enabled, the affected attachment is deleted if a virus or unwanted
program is found and replaced by a default text.
isolate
If this option is enabled, the affected attachment is placed in quarantine and then
deleted (replaced by a default text). If required, it can later be restored.
ignore
If this option is enabled, the attachment is ignored despite detection of a virus or
unwanted program and delivered.
Warning
If you select this option, you have no protection against viruses and unwanted programs
by the MailGuard. Only select this item if you are certain you know what you are doing.
Disable the preview in your email program, never open attachments by double-clicking!
11.3.1.2. Other actions
This configuration section contains other settings for actions performed when
MailGuard finds a virus or unwanted program in an email or in an attachment.
Note
These actions are performed exclusively when a virus is detected in incoming emails. Avira AntiVir Premium
72
Default text for deleted and moved emails
The text in this box is inserted in the email as a message instead of the affected email.
You can edit this message. You can enter a maximum of 500 characters.
You can use the following key combination for formatting:
inserts a line break.
Default
The button inserts a pre-defined default text in the edit box.
Default text for deleted and moved attachments
The text in this box is inserted in the email as a message instead of the affected
attachment. You can edit this message. You can enter a maximum of 500 characters.
You can use the following key combination for formatting:
inserts a line break.
Default
The button inserts a pre-defined default text in the edit box.
11.3.1.3. Heuristic
This configuration section contains the settings for the heuristic of the Avira AntiVir
Premium search engine.
Avira AntiVir Premium contains very powerful heuristics that can proactively uncover
unknown malware, i.e. before a special virus signature to combat the damaging element
has been created and before a virus guard update has been sent. Virus detection involves
an extensive analysis and investigation of the affected codes for functions typical of
malware. If the code being scanned exhibits these characteristic features, it is reported as
being suspicious. This does not necessarily mean that the code is in fact malware. False
positives do sometimes occur. The decision on how to handle affected code is to be made
by the user, e.g. based on his or her knowledge of whether the source of the code is
trustworthy or not.
Macrovirus heuristic
Macrovirus heuristic
Avira AntiVir Premium contains a highly powerful macro virus heuristic. If this option is
enabled, all macros in the relevant document are deleted in the event of a repair,
alternatively suspect documents are only reported, i.e. you receive an alert. This option is
enabled as the default setting and is recommended.
Advanced Heuristic Analysis and Detection (AHeAD)
Enable AHeAD
Avira AntiVir Premium contains a very powerful heuristic in the form of AntiVir AheAD
technology, which can also detect unknown (new) malware. If this option is activated,
you can define how "aggressive" this heuristic should be. This option is enabled as the
default setting. Reference: Configuration options
73
Low detection level
If this option is enabled, Avira AntiVir Premium detects slightly less unknown malware,
the risk of false alerts is low in this case.
Medium detection level
This option is enabled as the default setting if you have selected application of this
heuristic. This option is enabled as the default setting and is recommended.
High detection level
If this option is enabled, Avira AntiVir Premium identifies far more unknown malware,
but you must also accept that there are likely to be false positives.
11.3.2 General
11.3.2.1. Exceptions
Email addresses not scanned
This table shows you the list of email addresses excluded from scanning by AntiVir
MailGuard (white list).
Note
The list of exceptions is used exclusively by MailGuard with regard to incoming emails.
Status
Icon Description
This email address will no longer be scanned for malware.
Email address
Email that is no longer to be scanned.
Malware
When this option is enabled, the email address is no longer scanned for malware.
Up
You can use this button to move a highlighted email address to a higher position. If no
entry is highlighted or the highlighted address is at the first position in the list, this
button is not enabled.
Down
You can use this button to move a highlighted email address to a lower position. If no
entry is highlighted or the highlighted address is at the last position in the list, this
button is not enabled.
Input box
In this box you enter the email address that you want to add to the list of email
addresses not to be scanned. Depending on your settings, the email address will no
longer be scanned in future by the MailGuard.
Add rule Avira AntiVir Premium
74
With this button you can add the email address entered in the input box to the list of
email addresses not to be scanned.
Delete
This button deletes a highlighted email address from the list.
11.3.2.2. Cache
Cache
The MailGuard cache contains data regarding the scanned emails that is displayed as
statistical data in Control Center under MailGuard.
Maximum number of emails to be stored in the cache
This field is used to set the maximum number of emails that are stored by MailGuard in
the cache. Emails are deleted oldest first.
Maximum storage period of an email in days
The maximum storage period of an email in days is entered in this box. After this time,
the email is removed from the cache.
Empty cache
Click on this button to delete the emails stored in the cache.
11.3.3 Report
MailGuard includes an extensive logging function to provide the user or administrator
with exact notes about the type and manner of a detection.
Logging
This group allows for the content of the report file to be determined.
Off
If this option is enabled, then MailGuard does not create a log.
It is recommended that you should turn off the logging function only in exceptional
cases, such as if you are executing trials with multiple viruses or unwanted programs.
Default
If this option is enabled, MailGuard records important information (concerning
detections, alerts and errors) in the report file, with less important information ignored
for improved clarity. This option is enabled as the default setting.
Extended
If this option is enabled, MailGuard logs less important information to the report file as
well.
Full
If this option is enabled, MailGuard logs all available information in the report file,
including file size, file type, date, etc.
Limit report file
Limit size to n MB Reference: Configuration options
75
If this option is enabled, the report file can be limited to a certain size; possible values:
Permitted values are between 1 and 100 MB. This option is activated by default with a
value of 1 MB. Up to 50 kilobytes of extra space are allowed to minimise the use of
system resources. If the size of the log file exceeds the indicated size by more than 50
kilobytes, then old entries are then deleted until the indicated size minus 50 kilobytes is
attained.
Backup report file before shortening
If this option is enabled, the report file is backed up before shortening.
Write configuration in report file
If this option is enabled, the MailGuard configuration is recorded in the report file.
11.4 WebGuard
The WebGuard section of Avira AntiVir Premium Configuration is used to configure
WebGuard.
11.4.1 Scan
WebGuard protects you against viruses or malware that reaches your computer from
web pages that you load on your web browser from the Internet. The Scan heading can be
used to set the behavior of the WebGuard component.
Scan
Enable Webguard
If this option is enabled, the web pages you request using an Internet browser are
scanned for viruses and malware. WebGuard monitors the data transferred from the
Internet using the HTTP protocol at ports 80, 8080, 3128. If any affected web pages are
detected, the loading of the web pages is blocked. If an option is disabled, the WebGuard
service remains started, but the scan for viruses and malware is disabled.
Drive-by protection
Drive-by protection allows you to make settings to block I-Frames, also known as inline
frames. I-Frames are HTML elements, i.e. elements of Internet pages that delimit an
area of a web page. I-Frames can be used to load and display different web content -
usually other URLs - as independent documents in a subwindow of the browser. I-
Frames are mostly used for banner advertising. In some cases, I-Frames are used to
conceal malware. In these cases the area of the I-Frame is mostly invisible or almost
invisible in the browser. The Block Suspect I-Frames option allows you to check and block
the loading of I-Frames.
Block Suspect I-Frames
If this option is enabled, I-Frames on the web pages you request are scanned according to
certain criteria. If there are suspect I-Frames on a requested web page, the I-Frame is
blocked. An error message (HTTP status code 403) is displayed in the I-Frame window.
Default
If this option is enabled, I-Frames with suspect content is blocked. Avira AntiVir Premium
76
Extended
If this option is enabled, I-Frames with suspect content and I-Frames used in a
suspicious way are blocked. The use of I-Frames is considered suspect if the I-Frame is
very small and is therefore invisible or almost invisible in the browser of if the I-Frame is
placed in an unusual position on the web page.
11.4.1.1. Action for concerning files
Action for concerning files
You can define the actions to be carried out by WebGuard when a virus or unwanted
program is detected.
Interactive
If this option is enabled, a dialog window appears when a virus or unwanted program is
detected during an on-demand scan, in which you can choose what is to be done with the
affected file. This option is enabled as the default setting.
Click here for more information.
Display progress bar
If this option is enabled, a desktop notification appears with a download progress bar if a
download of website content exceeds a 20 second timeout. This desktop notification is
designed in particular for downloading websites with larger data volumes: If you are
surfing with WebGuard, website contents are not downloaded incrementally in the
internet browser, as they are scanned for viruses and malware before being displayed in
the internet browser. This option is disabled as the default setting.
Automatic
If this option is enabled, then no dialog box for selecting an action appears following the
detection of a virus or unwanted program. WebGuard reacts according to the settings
you define in this section.
Primary action
The primary action is the action carried out when WebGuard finds a virus or an
unwanted program.
Deny access
The website requested from the web server and/or any data or files transferred are not
sent to your web browser. An error message to notify you that access has been denied is
displayed in the web browser. WebGuard logs the detection to the report file if the report
function is activated. WebGuard also appends an entry to the event log if the relevant
option is enabled.
isolate
In the event of a virus or malware being detected, the website requested from the web
server and/or the transferred data and files are moved into quarantine. The infected file
can be be restored via the Quarantine Manager if it is of informative value or - if
necessary - sent to the Avira Malware Research Center.
ignore
The website requested from the web server and/or the data and files that were
transferred are forwarded on by WebGuard to your web browser. Access to the file is
permitted and the file is ignored. Reference: Configuration options
77
Warning
The affected file remains active on your workstation! It may cause serious damage on
your workstation!
11.4.1.2. Locked requests
In Locked requests you can specify the file types and MIME types (content types for
the transferred data) to be blocked by WebGuard. The Web filter lets you block known
phishing and malware URLs. WebGuard prevents the transfer of data from the internet
to your computer system.
File types / MIME types to be blocked by WebGuard (user-defined)
All file types and MIME types (content types for the transferred data) in the list are
blocked by WebGuard.
Input box
In this box, enter the names of the MIME types and file types you want WebGuard to
block. For file types, enter the file extension, e.g. .htm. For MIME types, indicate the
media type and, where applicable, sub-type. The two statements are separated from one
another by a single slash, e.g. . video/mpeg or audio/x-wav.
Note
Files which are already stored on your computer system as temporary internet files and
blocked by WebGuard can however by downloaded locally from the internet by your
computer's internet browser. Temporary internet files are files saved on your computer
by the internet browser so that websites can be accessed more quickly
Note
The list of blocked file and MIME types is ignored if they are entered in the list of
excluded file and MIME types under WebGuard::Scan::Exceptions.
Note
No wildcards (* for any number of characters or ? for a single character) can be used
when entering file types and MIME types.
MIME types: Examples for media types:
– text = for text files
– image = for graphics files
– video = for video files
– audio = for sound files
– application = for files linked to a particular program
Examples: Excluded file and MIME types
– application/octet-stream = application/octet-stream MIME type files
(executable files *.bin, *.exe, *.com, *dll, *.class) are blocked by WebGuard.
– application/olescript = application/olescript MIME type files (ActiveX
script-files *.axs) are blocked by WebGuard.
– .exe = All files with the extension .exe (executable files) are blocked by
WebGuard.
– .msi = All files with the extension .msi (Windows Installer files) are blocked by
WebGuard.
Avira AntiVir Premium
78
Add rule
The button allows you to copy MIME and file types from the input field into the display
window.
Delete
The button deletes a selected entry from the list. This button is inactive if no entry is
selected.
Web filter
The Web filter is based on an internal database, updated daily, that classifies URLs
according to content.
Enable Web filter
When the option is enabled, all URLs matching the selected categories in the Web filter
list are blocked.
Web filter list
In the Web filter list you can select the content categories whose URLs are to be blocked
by WebGuard.
Note
The Web filter is ignored for entries in the list of excluded URLs under
WebGuard::Scan::Exceptions.
Note
Spam URLs are URLs sent with spam emails. The Fraud and Deception category covers
web pages with “Subscription Expires” and other offers of services whose costs are
hidden by the provider.
11.4.1.3. Exceptions
These options allow you to set exceptions based on MIME types (content types for the
transferred data) and file types for URLs (internet addresses) for scanning by WebGuard.
The MIME types and URLs specified are ignored by WebGuard, i.e. that data is not
scanned for viruses and malware when it is transferred to your computer system.
MIME types skipped by WebGuard
In this field you can select the MIME types (content types for the transferred data) to be
ignored by WebGuard during scanning.
File types/MIME types skipped by WebGuard (user-defined)
All MIME types (content types for the transferred data) in the list are ignored by
WebGuard during scanning.
Input box
In this box you can input the name of the MIME types and file types to be ignored by
WebGuard during scanning. For file types, enter the file extension, e.g. z.B. .htm. For
MIME types, indicate the media type and, where applicable, sub-type. The two
statements are separated from one another by a single slash, z.B. video/mpeg or
audio/x-wav. Reference: Configuration options
79
Note
No wildcards (* for any number of characters or ? for a single character) can be used
when entering file types and MIME types.
Warning
All file types and content types on the exclusion list are downloaded into the internet
browser without further scanning of the blocked access (List of file and MIME types to
be blocked in WebGuard::Scan::Blocked access) or by WebGuard: For all entries on the
exclusion list, the entries on the list of file and MIME types to be blocked are ignored. No
scan for viruses and malware is carried out.
MIME types: Examples for media types:
– text = for text files
– image = for graphics files
– video = for video files
– audio = for sound files
– application = for files linked to a particular program
Examples: Excluded file and MIME types
– audio/ = All audio media type files are excluded from WebGuard scans
– video/quicktime = All Quicktime sub-type video files (*.qt, *.mov) are
excluded from WebGuard scans
– .pdf = All Adobe PDF files are excluded from WebGuard scans.
Add rule
The button allows you to copy MIME and file types from the input field into the display
window.
Delete
The button deletes a selected entry from the list. This button is inactive if no entry is
selected.
URLs skipped by WebGuard
All URLs in this list are excluded from WebGuard scans.
Input box
In this box you can input URLs (internet addresses) to be excluded from WebGuard
scans, e.g. www.domainname.com. You can specify parts of the URL, using leading or
concluding dots to indicate the domain level: .domainname.de for all pages and all
subdomains of the domain. Indicate websites with any top-level domain (.com or .net)
with a concluding dot: domainname.. If you indicate a string without a leading or
concluding dot, the string is interpreted as a top-level domain, e.g. net for all NET-
Domains (www.domain.net). Avira AntiVir Premium
80
Note
You can also use the wildcard * for any number of characters when specifying URLs. You
can also use leading or concluding dots in combination with wildcards to indicate the
domain level:
.domainname.*
*.domainname.com
.*name*.com (valid but not recommended)
Specifications without dots, like *name*, are interpreted as part of a top-level domain
and are not advisable.
Warning
All websites on the list of excluded URLs are downloaded into the internet browser
without further scanning by the web filter or WebGuard: For all entries in the list of
excluded URLs, the entries in the web filter (see WebGuard::Scan::Blocked access) are
ignored. No scan for viruses and malware is carried out. Only trusted URLs should
therefore be excluded from WebGuard scans.
Add rule
The button allows you to copy the URL entered in the input field (Internet address) to
the viewer window.
Delete
The button deletes a selected entry from the list. This button is inactive if no entry is
selected.
Examples: Skipped URLs
– www.avira.com -OR- www.avira.com/*
= All URLs with the domain 'www.avira.com' are excluded from WebGuard scans:
www.avira.com/en/pages/index.php, www.avira.com/en/support/index.html,
www.avira.com/en/download/index.html,..
URLs with the domain 'www.avira.de' are not excluded from WebGuard scans.
– avira.com -OR- *.avira.com
= All URLs with the second and top-level domain 'avira.com' are excluded from
WebGuard scans: The specification implies all existing subdomains for '.avira.com':
www.avira.com, forum.avira.com,...
– avira. -OR- *.avira.*
= All URLs with the second-level domain 'avira' are excluded from WebGuard scans:
The specification implies all existing top-level domains or subdomains for '.avira':
www.avira.com, www.avira.de, forum.avira.com,...
– .*domain*.*
All URLs containing a second-level domain with the string 'domain' are excluded
from WebGuard scans: www.domain.com, www.new-domain.de, www.sample-
domain1.de, ...
– net -OR- *.net
= All URLs with the top-level domain 'net' are excluded from WebGuard scans:
www.name1.net, www.name2.net,...
Reference: Configuration options
81
Warning
Enter the URLs you want to exclude from the WebGuard scan as precisely as possible.
Avoid specifying an entire top-level domain or parts of a second-level domain because
there is a risk that Internet pages that distribute malware and undesirable programs will
be excluded from the WebGuard scan through global specifications under exclusions.
You are recommended to specify at least the complete second-level domain and the top-
level domain: domainname.com
11.4.1.4. Heuristic
This configuration section contains the settings for the heuristic of the Avira AntiVir
Premium search engine.
Avira AntiVir Premium contains very powerful heuristics that can proactively uncover
unknown malware, i.e. before a special virus signature to combat the damaging element
has been created and before a virus guard update has been sent. Virus detection involves
an extensive analysis and investigation of the affected codes for functions typical of
malware. If the code being scanned exhibits these characteristic features, it is reported as
being suspicious. This does not necessarily mean that the code is in fact malware. False
positives do sometimes occur. The decision on how to handle affected code is to be made
by the user, e.g. based on his or her knowledge of whether the source of the code is
trustworthy or not.
Macrovirus heuristic
Macrovirus heuristic
Avira AntiVir Premium contains a highly powerful macro virus heuristic. If this option is
enabled, all macros in the relevant document are deleted in the event of a repair,
alternatively suspect documents are only reported, i.e. you receive an alert. This option is
enabled as the default setting and is recommended.
Advanced Heuristic Analysis and Detection (AHeAD)
Enable AHeAD
Avira AntiVir Premium contains a very powerful heuristic in the form of AntiVir AheAD
technology, which can also detect unknown (new) malware. If this option is activated,
you can define how "aggressive" this heuristic should be. This option is enabled as the
default setting.
Low detection level
If this option is enabled, Avira AntiVir Premium detects slightly less unknown malware,
the risk of false alerts is low in this case.
Medium detection level
This setting is activated by default if you have selected the use of this heuristic.
High detection level
If this option is enabled, Avira AntiVir Premium detects much more unknown malware,
however false positives can also be expected.
Avira AntiVir Premium
82
11.4.2 Report
WebGuard includes an extensive logging function to provide the user or administrator
with exact notes about the type and manner of a detection.
Logging
This group allows for the content of the report file to be determined.
Off
If this option is enabled, then WebGuard does not create a log.
It is recommended that you should turn off the logging function only in exceptional
cases, such as if you are executing trials with multiple viruses or unwanted programs.
Default
If this option is enabled, WebGuard records important information (concerning
detections, alerts and errors) in the report file, with less important information ignored
for improved clarity. This option is enabled as the default setting.
Extended
If this option is enabled, WebGuard logs less important information to the report file as
well.
Full
If this option is enabled, WebGuard logs all available information in the report file,
including file size, file type, date, etc.
Limit report file
Limit size to n MB
If this option is enabled, the report file can be limited to a certain size; possible values:
Permitted values are between 1 and 100 MB. This option is activated by default with a
value of 1 MB. Up to 50 kilobytes of extra space are allowed to minimise the use of
system resources. If the size of the log file exceeds the indicated size by more than 50
kilobytes, then old entries are then deleted until the indicated size minus 50 kilobytes is
attained.
Write configuration in report file
If this option is enabled, the configuration of the on-access scan is recorded in the report
file.
11.5 General
11.5.1 Configuration :: General
11.5.1.1. Extended threat categories
Selection of extended threat categories
Avira AntiVir Premium protects you against computer viruses. Reference: Configuration options
83
In addition, you can scan according to the following extended threat categories.
– Backdoor Clients (BDC)
– Dialer (DIALER)
– Games (GAMES)
– Jokes (JOKES)
– Security Privacy Risk (SPR)
– Adware/Spyware (ADSPY)
– Unusual runtime packers (PCK)
– Double Extension Files (HEUR-DBLEXT)
– Phishing
– Application (APPL)
By clicking on the relevant box, the selected type is enabled (check mark set) or disabled
(no check mark).
Enable all
If this option is enabled, all types are enabled.
Default values
This button restores the predefined default values.
Note
If a type is disabled, files recognized as being of the relevant program type are no longer
indicated. No entry is made in the report file.
11.5.2 Configuration :: General
11.5.2.1. Password
You can protect Avira AntiVir Premium in different areas with a password. If a password
has been issued, you will be asked for this password every time you want to open the
protected area.
Password
Enter password
Enter your required password here. For security reasons, the actual characters you type
in this space are replaced by asterisks (*). The password can only have a maximum of 20
chars. Once the password has been issued, the program refuses access if an incorrect
password is entered. An empty box means "No password".
Confirm password
Confirm the password entered above by entering again here. For security, the actual
characters you type in this space are replaced by asterisks (*).
Note
The password is case-sensitive!
Areas protected by password Avira AntiVir Premium
84
Avira AntiVir Premium can protect individual errors with a password. By clicking on the
relevant box, the password request can be disabled or reactivated for individual areas as
required.
Password-protected
area
Function
Control Center
If this option is enabled, a password is required to
start the Control Center.
Guard enable /
disable
If this option is enabled, the pre-defined password is
required to enable or disable the AntiVir Guard.
MailGuard enable /
disable
If this option is enabled, the pre-defined password is
required to enable/disable the MailGuard.
Enable/disable
WebGuard
If this option is enabled, the pre-defined password is
required to enable/disable the WebGuard.
Adding and changing
jobs
If this option is enabled, a password is required
when adding and changing jobs in Scheduler.
Start product
updates
If this option is enabled, a password is required to
start the product update in the update menu.
Quarantine If this option is enabled, all possible areas of the
quarantine manager protected by a password are
enabled. By clicking on the relevant box, the
password enquiry can be disabled or enabled again
on request for individual areas.
Restore affected
objects
If this option is enabled, a password is required to
restore an object.
Repairing affected
objects
If this option is enabled, a password is required to
repair an object.
Properties of affected
objects
If this option is enabled, a password is required to
display the properties of an object.
Deleting affected
objects
If this option is enabled, a password is required for
to delete an object.
Send email to
AntiVir
If this option is enabled, a password is required to
send an object to the Avira Malware Research
Center for examination.
Configuration If this option is enabled, configuration of Avira
AntiVir Premium is only possible after entering the
pre-defined password.
Enable expert mode If this option is enabled, a password is required to
enable expert mode.
Installation /
Uninstallation
If this option is enabled, a password is required for
installation or uninstallation of Avira AntiVir
Premium. Reference: Configuration options
85
11.5.3 Security
Update
Alert if last update older than n day(s)
In this box you can enter the maximum number of days allowed to have passed since the
last update of Avira AntiVir Premium. If this number is exceeded, a warning is displayed
in the Scheduler.
Show notice if the signature database with detection patterns is out of date
If this option is enabled, you will obtain an alert message if the virus definition file is not
up-to date. With the help of the alert option, you can configure the temporal interval for
an alert message if the last update is older than n day(s).
Full system scan
In this area you can configure the status display for the full system scan in Control
Center under Overview:: Status.
‘Yellow’ status if older than n days
Enter an interval in days after which, if exceeded since the last complete system scan, the
status display should switch to yellow. The specified interval must be shorter than the
interval specified for red status. The standard value of seven days is recommended.
‘Red’ status if older than n days
Enter an interval in days after which, if exceeded since the last complete system scan, the
status display should switch to red. The specified interval must be greater than the
interval specified for yellow status. The standard value of 30 days is recommended.
Note
If you specify 0 for both intervals, status monitoring is disabled for the complete system
scan. A green symbol is always displayed. This setting should only be made in exceptional
cases. If only set one interval to 0, the specification is discarded as invalid.
Product protection
Prevent processes from being terminated
If this option is enabled, all AntiVir processes are protected against unwanted
termination by viruses and malware or against 'uncontrolled' termination by a user e.g.
via Task-Manager. This option is enabled as the default setting.
Important
Protection is not yet available for 64-bit systems!
Warning
If process protection is enabled, interaction problems can occur with other software
products. Disable process protection in these cases.
Protect files and registry entries from manipulation Avira AntiVir Premium
86
If this option is enabled, all registry entries of AntiVir Premium and all program files
(binary and configuration files) are protected from manipulation. Protection against
manipulation entails preventing write, delete and, in some cases, read access to the
registry entries or program files by users or external programs.
Note
When this option is activated, changes can only be made to the configuration, including
changes to scan or update requests, can only be made by means of the user interface.
Important
File and registry entry protection is not yet available for 64-bit systems!
11.5.4 WMI
Support for Windows Management Instrumentation
Windows Management Instrumentation is a basic Windows administration technique
that uses script and programming languages to allow read and write access, both local
and remote, to settings on Windows systems. AntiVir Premium supports WMI and
provides data (status information, statistical data, reports, planned requests, etc.) as well
as events at an interface. WMI enables you to download operating data from AntiVir
Premium .
Enable WMI support
When this option is enabled, you can download operating data from AntiVir Premium
via WMI.
11.5.5 Directories
Temporary path
In this input box you enter the temporary path with which Avira AntiVir Premium
works.
Use default system settings
If this option is enabled, the settings of the system are used for handling temporary files.
Note
You can see where your system saves temporary files - for example with Windows XP -
under: Start | Settings | Control Panel | System | Index card "Advanced" | Button
"Environment Variables". The temporary variables (TEMP, TMP) for the currently
registered user and for system variables (TEMP, TMP) are shown here with their
relevant values.
Use following directory
If this option is enabled, the path displayed in the input box is used.
The button opens a window in which you can select the required temporary path.
Default Reference: Configuration options
87
The button restores the pre-defined directory for the temporary path.
11.5.6 Update
The section Update of the Avira AntiVir Premium Configuration is responsible for the
configuration of the Updater .
Product updates
Download and automatically install product updates
If this option is enabled, product updates are downloaded and automatically installed by
AntiVir Updater as soon as updates become available.. Updates to the virus definition
file and search engine are carried out independently of this setting. The conditions for
this option are: complete configuration of the update and an open connection to a
download server.
Notification when new product updates are available
If this option is enabled, you will be notified by email when new product updates become
available. Updates to the virus definition file and search engine are carried out
independently of this setting. The conditions for this option are: complete configuration
of the update and an open connection to a download server. You will receive
notifications via a desktop popup window and via a warning message from AntiVir
Updater in the Control Center under Overview ::Events.
Do not download product updates
If this option is enabled, no automatic product updates or notifications of available
product updates by AntiVir Updater are carried out. Updates to the virus definition file
and search engine are carried out independently of this setting.
Important
An update of the virus definition file and of the search engine is carried out during every
update process independent of the settings for the product update (see chapter
Updates).
11.5.6.1. Web server
The update can be performed directly via a web server on the Internet.
Web server connection
Use existing connection (network)
This setting is displayed if your connection is used via a network.
Use the following connection:
This setting is displayed if you define your connection individually.
The Avira AntiVir Premium Updater automatically detects which connection options are
available. Connection options which are not available are grayed out and cannot be
activated. A dial-up connection can be established manually via a phone book entry in
Windows, for example.
– User: Enter the user name of the selected account. Avira AntiVir Premium
88
– Password: Enter the password for this account. For security, the actual
characters you type in this space are replaced by asterisks (*).
Note
If you have forgotten an existing Internet account name or password, contact your
Internet Service Provider.
Note
The automatic dial-up of the updater through so called dial-up tools (e.g. SmartSurfer,
Oleco, ...) is currently not available in Avira AntiVir Premium.
Terminate a dial-up connection that was set up for the update
If this option is enabled, the RDT connection made for the update is automatically
interrupted again as soon as the download has been successfully carried out.
Note
This option is not available under Vista. Under Vista the dial-up connection opened for
the update is always terminated as soon as the download has been carried out.
Proxy
Proxy server
Do not use a proxy server
If this option is enabled, your connection to the web server is not carried out via a proxy
server.
Use Windows system settings
When the option is enabled, the current Windows system settings are used for the
connection to the web server via a proxy server.
Use the following proxy server
If your web server connection is set up via a proxy server, you can enter the relevant
information here.
Address
Please enter the URL or the IP address of the proxy server you should use to connect to
the web server.
Port
Please enter the port number of the proxy server you should use to connect to the web
server.
Login name
Enter your login name on the proxy server here.
Login password
Enter the relevant password for logging in on the proxy server here. For security, the
actual characters you type in this space are replaced by asterisks (*).
Examples:
Address: proyx.domain.com Port: 8080
Address: 192.168.1.100 Port: 3128
Reference: Configuration options
89
11.5.7 Warnings
11.5.7.1. Acoustic alerts
Acoustic alert
When a virus or malware is detected by Scanner or Guard an acoustic alert is sounded in
interactive action mode. You can deactivate or activate the acoustic alert and select an
alternative WAVE file as the acoustic alert.
Note
The action mode of Scanner is set in the configuration under Scanner::Scan:: Action for
concerning files. The action mode of Guard is set in the configuration under
Guard::Scan:: Action for concerning files.
No warning
If this option is enabled, there is no acoustic alert when a virus is detected by Scanner or
Guard.
Play on PC speakers (interactive mode only)
If this option is enabled, there is an acoustic alert with the default signal when a virus is
detected by Scanner or Guard. The acoustic alert is sounded on the PC’s internal speaker.
Use the following WAV file (interactive mode only)
If this option is enabled, there is an acoustic alert with the selected WAV file when a
virus is detected by Scanner or Guard. The selected WAV file is played over a connected
external speaker.
Wave file
In this input box you can enter the name and the associated path of an audio file of your
choice. The default acoustic signal of AntiVir Premium is entered as standard.
The button opens a window in which you can select the required file with the aid of the
file explorer.
Test
This button is used to test the selected wave file.
11.5.8 Events
Limit size of event database
Limit maximum number of events to n entries
If this option is enabled, the maximum number of events listed in the event database can
be limited to a certain size; possible values: 100 to 10 000 entries. If the number of
entered entries is exceeded, the oldest entries are deleted.
Delete events older than n day(s)
If this option is enabled, events listed in the event database are deleted after a certain
period of time; possible values: 1 to 90 days. This option is enabled as the default setting,
with a value of 30 days. Avira AntiVir Premium
90
Do not limit size of event database (delete events manually)
When this option has been activated, the size of the event database is not limited.
However, in Control Center under Events a maximum of 20,000 entries are displayed.
11.5.9 Limit reports
Limit number of reports
Limit the number to n units
When this option is enabled, the maximum number of reports can be limited to a specific
amount. Values between 1 and 300 are permissible. If the specified number is exceeded,
then the oldest report at that time is deleted.
Delete all reports more than n day(s) old
If this option is enabled, reports are automatically deleted after a specific number of
days. Permissible values are: 1 to 90 days. This option is enabled by default with a value
of 30 days.
Do not limit number of reports (manually delete reports)
If this option is enabled, the number of reports is not restricted.
11.5.10 Acoustic alerts
Acoustic alert
When a virus or malware is detected by Scanner or Guard an acoustic alert is sounded in
interactive action mode. You can deactivate or activate the acoustic alert and select an
alternative WAVE file as the acoustic alert.
Note
The action mode of Scanner is set in the configuration under Scanner::Scan:: Action for
concerning files. The action mode of Guard is set in the configuration under
Guard::Scan:: Action for concerning files.
No warning
If this option is enabled, there is no acoustic alert when a virus is detected by Scanner or
Guard.
Play on PC speakers (interactive mode only)
If this option is enabled, there is an acoustic alert with the default signal when a virus is
detected by Scanner or Guard. The acoustic alert is sounded on the PC’s internal speaker.
Use the following WAV file (interactive mode only)
If this option is enabled, there is an acoustic alert with the selected WAV file when a
virus is detected by Scanner or Guard. The selected WAV file is played over a connected
external speaker.
Wave file
In this input box you can enter the name and the associated path of an audio file of your
choice. The default acoustic signal of AntiVir Premium is entered as standard.
The button opens a window in which you can select the required file with the aid of the
file explorer. Reference: Configuration options
91
Test
This button is used to test the selected wave file.
Avira AntiVir Premium
© Avira GmbH. All rights reserved.
This manual was created with great care. However, errors in design and contents cannot be exclu-
ded. The reproduction of this publication or parts thereof in any form is prohibited without previous
written consent from Avira GmbH.
Errors and technical subject to change.
Issued Q1-2009
AntiVir® is a registered trademark of the Avira GmbH.
All other brand and product names are trademarks or registered trademarks of their respective
owners. Protected trademarks are not marked as such in this manual. However, this does not
mean that they may be used freely.
Avira GmbH
Lindauer Str. 21
88069 Tettnang
Germany
Telephone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10
Internet: http://www.avira.com
www.avira.com
Tidak ada komentar:
Posting Komentar