[. . . ] KASPERSKY LAB Kaspersky Anti-Virus® 5. 6 for Microsoft ISA Server 2000 Enterprise Edition Administrator's Guide KASPERSKY ANTI-VIRUS® 5. 6 FOR MICROSOFT ISA SERVER 2000 ENTERPRISE EDITION Administrator's Guide © Kaspersky Lab http://www. kaspersky. com Edition date: August 2005 Contents CHAPTER 1. KASPERSKY ANTI-VIRUS® FOR MICROSOFT ISA SERVER 2000 ENTERPRISE EDITION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . What's new in Kaspersky Anti-Virus® 5. 6 for Microsoft ISA Server 2000 Enterprise Edition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Hardware and software requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [. . . ] 39) and select Use local computer counters if ISA Server is managed from an ISA Server computer, or Select counters from computer if ISA Server is managed from a remote administrator's workstation. From the Performance Object drop-down list, select the KAV for ISA object. A list of parameters currently logged appears in the lower left field: · · Select All counters if you want to view statistics of all the parameters of Kaspersky Anti-Virus® performance, and click Add. Choose Select counters from list if you want to view information only on specified parameters of the application performance. Then, select a necessary counter from the list and click Add. 2. 55 Kaspersky Anti-Virus 5. 6 for MS ISA Server 2000 Enterprise Edition Figure 39. Customizing statistics settings The following settings are required to view counters from a remote computer!To view statistics from a remote computer, you must be granted the ® following permissions on the computer where Kaspersky Anti-Virus for Microsoft ISA Server is installed: · Read access to the following files: %windir%\System32\PERFCxxx. DAT %windir%\system32\PERFHxxx. DAT · Read access to the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT \CurrentVersion\Perflib HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Con trol\SecurePipeServers\Winreg · Read and write access to the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Ser vices\Anti-Virus KL for Microsoft ISA · System privileges (assigned from Control Panel -> Administrative tools -> Local Security Policy -> Security settings -> Local Policies -> User permissions): o Profile System Performance. Using Kaspersky Anti-Virus® for ISA Server 56 o Profile Single Process. The above list of permissions is described in Microsoft Knowledge Base Article Q158438 at http://support. microsoft. com/default. aspx?kbid=158438 By default, these permissions are granted to users from the Ad® ministrators group on the computer where Kaspersky Anti-Virus for Microsoft ISA Server is installed. To view statistics on a server with Kaspersky Anti-Virus® for Microsoft ISA Server from a remote computer, the following services must be enabled: o o Remote Registry Administration. NetBIOS access (check the File and Printer Sharing for Microsoft Networks checkbox in My Network Places -> Properties -> LAN -> Properties). 4. 6. 2. Notifying the administrator using ISA Server Alerts Using ISA Server Alerts system tools, you can notify administrator upon critical events that might occur during performance of applications installed on ISA Server. The administrator can be informed by various means, such as logging events to system log, sending notifications by e-mail, etc. The administrator must immediately response to some critical events related to ® Kaspersky Anti-Virus performance. For example, a critical event is Your license is about to expire (see Figure 40). Kaspersky Anti-Virus critical events are added to the existing list of critical events after the application is installed on the server. You can customize how you will be notified upon such events. 57 Kaspersky Anti-Virus 5. 6 for MS ISA Server 2000 Enterprise Edition Figure 40. Configuring diagnostics options for the application Kaspersky Anti-Virus® allows you to monitor the application performance on each Microsoft ISA Server and record results in the following log files: kavisaDATE. log ­ Kaspersky Anti-Virus® log that stores the customizable amount of information about application performance during the designated time period. In the file name, DATE is the date of creation of this file in the format YearMonthDate, for example, kavisa20040410. log. If the program is trying to add report to the file while you are currently editing the file, Kaspersky Anti-Virus® will create a new file with a slightly modified name, for example, kavisa20040410_1. log. ® virusDATE. log ­ Kaspersky Anti-Virus log file that stores information about malicious objects detected during scans. You can custom the report detail level on the Diagnostics tab of the Server Properties dialog box (see Figure 41). Using Kaspersky Anti-Virus® for ISA Server 58 The time of events, written to the above-listed event logs, is displayed in Universal Coordinated Time (UTC) format Figure 41. Diagnostics options for Kaspersky Anti-Virus ® All critical events related to Kaspersky Anti-Virus® performance are also saved to the Windows system log. In the left pane of the tab, you can select tasks, such as Updating anti-virus database, Licensing, etc. The right pane shows types of messages generated by ® Kaspersky Anti-Virus for the selected task and their detail level. For any type of messages, you can select one of the following detail levels: · · · None ­ Do not log any information. [. . . ] (i) Kaspersky Lab will provide you with the support services ("Support Services") as defined below for a period of one year following: (a) Payment of its then current support charge, and: (b) Successful completion of the Support Services Subscription Form as provided to you with this Agreement or as available on the Kaspersky Lab website, which will require you to produce the Key Identification File which will have been provided to you by Kaspersky Lab with this Agreement. It shall be at 101 Kaspersky Anti-Virus 5. 6 for MS ISA Server 2000 Enterprise Edition the absolute discretion of Kaspersky Lab whether or not you have satisfied this condition for the provision of Support Services. (ii) Support Services will terminate unless renewed annually by payment of the then-current annual support charge and by successful completion of the Support Services Subscription Form again. (iii) By completion of the Support Services Subscription Form you consent to the terms of the Kaspersky Lab Privacy Policy, which is deposited on ww. kaspersky. com/privacy, and you explicitly consent to the transfer of data to other countries outside your own as set out in the Privacy Policy. [. . . ]