2.2 Marco Teórico Referencial
2.2.1 Aspectos históricos del producto: La Cerveza
Follow these procedures to Add, Remove, or Edit items in the Item name list of the
On-Demand Scan Properties. Adding items
Removing items Editing items
Adding items
1 Open the On-Demand Scan Properties dialog box for the task you are configuring.
2 On the Where tab, click Add to open the Add Scan Item dialog box.
3 Click to select a scan item from the list. Choose from these options:
4 Click OK to save your changes and return to the On-Demand Scan Properties
dialog box.
5 Click Apply to save your changes.
My computer. This option is selected by default. Scans all local and mapped drives.
All local drives. Scans all of the drives on your computer and all of the subfolders they contain.
All fixed disks. Scans hard drives physically connected to your computer.
All removable media. Scans only floppy disks, CD-ROM discs, Iomega ZIP disks, or similar storage devices physically attached to your computer.
All network drives. Scans network drives logically mapped to a drive letter on your computer.
Memory of running processes. Scans the memory of all running processes. This scan occurs before all other scans.
User’s home folder. Scans the home folder of the user who starts the scan.
User’s profile folder. Scans the profile of the user who starts the scan. This includes the My Documents folder.
Drive or folder. Scans a specific drive or folder. Type the path to the drive or folder in the Location text box, or click Browse to locate and select a drive or folder.When you have finished browsing, click OK to return to the Add Scan Item dialog box.
File. Scan a specific file. Type the path to the file in the Location text box, or click Browse to open the Select Item To Scan dialog box where you can locate and select a file.When you have selected an item, click Open to return to the Add Scan Item dialog box.
Removing items
1 Open the On-Demand Scan Properties dialog box for the task you are configuring.
2 On the Where tab, select one or more items that you want to delete in the Item name list, then click Remove.
3 Click Yes to confirm that you want to remove the item. 4 Click Apply to save your changes.
Editing items
1 Open the On-Demand Scan Properties dialog box for the task you are configuring.
2 On the Where tab, select an item in the Item name list, then click Edit to open the
Edit Scan Item dialog box.
3 Click to select a scan item from the Item to scan list. All local drives is selected by default.
NOTE
The options you have here are the same as the options in
Adding items. See Step 3 on page 92 for a complete list and description of available options.
4 Click OK to return to the On-Demand Scan Properties dialog box. 5 Click Apply to save your changes.
Detection properties
Use the options on the Detection tab to specify what types of files you want the on-demand scanner to examine, and when you want to scan them.
1 Open the On-Demand Scan Properties dialog box for the task you are configuring.
2 Select the Detection tab.
3 Under What to scan, select from these options:
All files. This option is selected by default. Scan all files regardless of extension.
Default + additional file types. Scan the default list of extensions plus anyadditions you specify. The default list of file type extensions is defined by the current DAT file. You can add or remove user-specified file type extensions, but you cannot delete any file type extensions from the default list. You can, however, exclude extensions that appear in the default list. See Excluding files, folders, and driveson page 70 for more information.
Specified file types. Scan only the extensions you specify.4 Under What not to scan, click Exclusions to specify the files, folders, and drives to exclude from scanning. See Excluding files, folders, and driveson page 70 for detailed instructions.
Additions. If you selected Default + additional file types, click Additionsto add or remove user-specified file type extensions. See Adding file type extensionson page 68 for detailed instructions.
The maximum number of additional extensions that the on-demand scanner can list is 1,000.
Also scan for macro viruses in all files. Scan all files, regardless of extension, for macro viruses. This option is only available when theDefault + additional file types option is selected. NOTE
Scanning for macro viruses in all files could affect performance.
Specified. If you selected Specified file types, click Specified to add or remove user-specified file type extensions. You can also set the list of file type extensions to the default list. See Adding user-specified file type extensionson page 69 for detailed instructions.The maximum number of specified extensions that the on-demand scanner can list is 1,000.
5 Under Compressed files, specify which types of compressed files you want the scanner to examine. You have these options:
Scan inside packed executables. This option is selected by default. Examine compressed files that contain executable files. A packed executable is a file that, when run, extracts itself into memory only. Packed executable files are never extracted to disk.
Scan inside archives. Examine archive files and their contents. An archive file is a compressed file that must be extracted prior to accessing the files within it. Files contained inside archives are scanned when they are written to disk.
Decode MIME encoded files. Detect Multipurpose Internet Mail Extensions (MIME) encoded files, decode them, then scan them.6 Click Apply to save your changes.
Advanced properties
Use the options on the Advanced tab to specify advanced scanning properties, such as scanning for unknown program viruses and potentially unwanted programs, setting the CPU utilization level, and miscellaneous options.
1 Open the On-Demand Scan Properties dialog box for the task you are configuring.
2 Select the Advanced tab.
3 Under Heuristics, specify whether you want the scanner to evaluate the probability that an unknown piece of code or a Microsoft Office macro is a virus. When this feature is enabled, the scanner analyzes the likelihood that it is a variant of a known virus. Select any combination of these options:
Find unknown program viruses. This option is selected by default. Treatexecutable files that have code resembling a virus as if they were infected. The scanner applies the action you choose on the Actions tab.
Find unknown macro viruses. This option is selected by default. Treat embedded macros that have code resembling a virus as if they were infected. The scanner applies the action you choose on the Actions tab to those files.NOTE
This option is not the same as Also scan for macro viruses in all files on the Detection tab, which instructs the scanner to find all known macro viruses. This option instructs the scanner to assess the probability that an unknown macro is a virus.
4 Under Non-viruses, specify whether you want the scanner to find non-virus programs that are potentially unwanted.
Find potentially unwanted programs. Detect programs that are potentially unwanted.WARNING
VirusScan Enterprise does not take any action on potentially unwanted program files or joke programs that it detects. Detections are logged in the log file.
If you want to take action on a detected potentially unwanted program file or joke program, you must take action manually. For example, if you want to remove a detected joke program, you must remove it manually.
Find joke programs. If you selected Find potentially unwanted programs, you can also scan for joke programs that are potentially unwanted.5 Under CPU utilization, use the slider to set the utilization level for the scan task in relation to the other tasks running on your computer. 100% is selected by default. This ensures that other running software does not slow down during a scan operation, but the scan takes longer. Set the scan task to a lower scanning level if you plan to run it at a time when the CPU is in heavy use with other essential operations.
NOTE
The CPU limitation you specify does not work when scanning encrypted files. The decryption is done by LSASS.EXE, not by the SCAN32 process. Scanning encrypted files is CPU intensive, therefore even if the CPU limit on the scanning thread is low, it is still scanning files fast enough that LSASS.EXE must keep busy to supply the decrypted data.
6 Under Miscellaneous, select from these options:
Scan files that have been migrated to storage. Scan files that have been moved to offline storage.NOTE
If you are using Remote Storage to extend disk space on your server, the on-demand scanner can scan the cached files. Remote Storage data storage is hierarchical, with two defined levels. The upper level, called local storage, includes the NTFS disk volumes of the computer running Remote Storage on Windows 2000 Server. The lower level, called remote storage, is located on the robotic tape library or stand-alone tape drive that is connected to the server computer.
Remote Storage automatically copies eligible files on your local volumes to a tape library, then monitors space available on the local volumes. File data is cached locally so that it can be accessed quickly as needed. When necessary, Remote Storage moves data from the local storage to remote storage. When you need to access a file on a volume managed by Remote Storage, open the file as usual. If the data for the file is no longer cached on your local volume, Remote Storage recalls the data from a tape library.
Rescan all files when DAT files are updated. Re-examine all files when new DAT files are installed or updated. This is best used for scheduled, resumable scans. Using this feature reduces the risk of infection by re-examining files for new viruses.
Scan window. Normal is selected by default. Click to specify how you want the scan window to appear during on-demand scans. The options are:NOTE
Although the scan window can be configured to be normal, minimized, or hidden, the scheduled and remote task windows are always hidden regardless of the configured mode.
7 Click Apply to save your changes.
Action properties
Use the options on the Actions tab to specify the primary and secondary actions you want the scanner to take when it detects a virus.
1 Open the On-Demand Scan Properties dialog box for the task you are configuring.
2 Select the Actions tab.
Normal
Minimized
Hidden3 Under When a virus is found, select the primary action you want the scanner to take when a virus is detected.
NOTE
The default primary action is Clean infected files. Click to select one of these actions:
Prompt for action. Prompt the user for action when a virus is detected. If you select this option, you can also select what actions are allowed in addition to Stop and Continue. The additional choices are:No secondary action is allowed for this option.
Continue scanning. Continue scanning when an infected file is found. No secondary action is allowed for this option.Move infected files to a folder. The scanner moves infected files to a
quarantinefolder. You can accept the default location of the folder in the
Folder text box, or click Browse to navigate to the location where the folder is located.
The default location and name for the quarantine folder is: <drive>:\quarantine
NOTE
The quarantine folder should not be located on a floppy drive or CD drive. It must be located on a hard drive.
Clean infected files. This option is selected by default. The scanner tries to remove the virus from the infected file. If the scanner cannot, or if the virus has damaged the file beyond repair, the scanner performs the secondary action. See Step 4 for more information.
Clean file. Allow the infected file to be cleaned.
Delete file. Allow the infected file to be deleted.
Move file. Allow the infected file to be moved.
Delete infected files. The scanner deletes infected files as soon as it detects them. Be sure to enable Log to file on the Reports tab, so that you have a record of which files are infected.If you select this option, you are required to confirm your selection. Click
Yes to confirm your selection, or click No to deselect this option. WARNING
If you selected Find unknown macro viruses on the Advanced
tab, the action you select here applies to any macro that has code resembling a virus. If you select Delete infected files, any file that has code resembling a macro virus is deleted, and any archive that contains an infected file is deleted. If that is not your intention, be certain that your choice of action
corresponds with your choice of action for macros.
4 Under If the above Action fails, select the secondary action you want the scanner to take if the first action fails.
NOTE
The default secondary action is Move infected files to a folder. Click to select one of these actions:
Prompt for action. If you select this option, you can also select what actions are allowed in addition to Stop and Continue. The additional choices are:
Continue scanning. Continue scanning when an infected file is found.
Clean file. Allow the infected file to be cleaned. This option isdisabled if you selected Clean file as the primary action.
Delete file. Allow the infected file to be deleted. This option isdisabled if you selected Delete file as the primary action.
Move file. Allow the infected file to be moved. This option is
Move infected files to a folder. This option is selected by default. The scanner moves infected files to a quarantinefolder. You can accept the default location of the folder in the Folder text box, or click Browse to navigate to the location where the folder is located.The default location and name for the quarantine folder is: <drive>:\quarantine
NOTE
The quarantine folder should not be located on a floppy drive or CD drive. It must be located on a hard drive.
Delete infected files. The scanner deletes infected files as soon as it detects them. Be sure to enable Log to file on the Reports tab, so that you have a record of which files are infected.5 Click Apply to save your changes.
Report properties
Use the options on the Reports tab to configure logging activity. Specify the log file location and size, and what information to capture for each log entry.
NOTE
The log file can serve as an important management tool for tracking virus activity on your network and to note which settings you used to detect and respond to any virus that the scanner found. The incident reports recorded in the file can help you determine which files you need to replace from backup copies, examine in quarantine, or delete from your computer. See Viewing the activity logon page 111 for more information.
2 Select the Reports tab.
3 Under Log file, select from these options:
Log to file. This option is selected by default. Record on-demand scanning virus activity in a log file.
In the text box, accept the default log file name and location, type a different log file name and location, or click Browse to locate a suitable file elsewhere on your computer or network.NOTE
By default, the scanner writes log information to the ONDEMANDSCANLOG.TXT file in this folder:
<drive>:Winnt\Profiles\All Users\Application Data\Network Associates\VirusScan.
Limit size of log file to. This option is selected by default. The default log file size is 1MB.Accept the default log size or set a different size for the log. If you select this option, type a value between 1MB and 999MB.NOTE
If the data in the log file exceeds the file size you set, the oldest 20 percent of the log file entries are deleted and new data is
4 Under What to log in addition to virus activity, select the additional information to record in the log file:
Session settings. Record the properties that you chose for each scanning session in the log file.
Session summary.This option is selected by default. Summarize the scanner’s actions during each scanning session and add the information to the log file. Summary information includes the number of files scanned, the number and type of viruses detected, the number of files moved, cleaned, or deleted, and other information.
Failure to scan encrypted files.This option is selected by default. Record the name of encrypted files that the scanner failed to scan in the log file.
User name.This option is selected by default. Record the name of the userlogged on to the computer at the time the scanner records each log entry in the log file.