Release Notes for McAfee VirusScan* v4.5 Anti-Virus Software for Windows 95, Windows 98, Windows NT Workstation v4.0, and Windows 2000 Professional Service Pack 1 Copyright (c) 2000 Networks Associates Technology, Inc. All Rights Reserved. ////////////////////////////////////////////// Service Pack Release Date: October 9, 2000 VirusScan Version Required for Use: v4.5 Scan Engine Version Included: 4.0.70 DAT File Version Included: 4093 ////////////////////////////////////////////// Thank you for using McAfee VirusScan Anti-Virus software. This file contains important information regarding this Service Pack release. McAfee strongly recommends that you read the entire document. McAfee welcomes your comments and suggestions. Please use the information provided in this file to contact Customer Service or technical support. ___________________ WHAT'S IN THIS FILE - HP1 The Purpose of this Service Pack - WD1 What this Service Pack Does - IR1 Issues Resolved in this Service Pack - IF1 Files Included with this Service Pack - IN1 Installation - IN2 Installation Requirements - IN3 Before You Begin: About the Installer - IN4 Preparing to Run the Installation Utility - IN5 Running the Installation Utility - IN6 Command-Line Options - IN7 Distributing the Service Pack via Network Management Software - IN8 Preparing the Installation Package for Distribution via Management Edition Software - IN9 Preparing the Installation Package for Distribution via ePolicy Orchestrator Software - IN10 Modifying the Installation Package to Work with AutoUpgrade - IN11 Determining When Your Computer Will Restart - IN12 Removing this Service Pack - AD1 Additional Information - KN1 Known Issues - NA1 Contacting McAfee and Network Associates - NA2 Download Support - NA3 For Product Upgrades - NA4 For Reporting Problems - NA5 For On-Site Training Information - NA6 McAfee Beta Site - NA7 AVERT Anti-Virus Research Site - CT1 Copyright and Trademark Attributions - CT2 Trademarks - CT3 License Agreement NOTE: A unique identifying code precedes each heading in this file. To jump to a particular heading within the file, copy the three-character code -- NA1, for example -- from the list above into your text editor's Find dialog box, or equivalent, then search for the identifying code to move directly to that heading. ______________________________________ HP1 - THE PURPOSE OF THIS SERVICE PACK This Service Pack corrects a number of issues that could cause your system to hang or lock up in certain circumstances, that could open a minor vulnerability in AutoUpdate security, that could prevent the VShield scanner from functioning correctly under certain conditions, or that could lead to other unexpected or unwanted behavior in the software or in systems that had the software installed. This Service Pack also adds new functionality to your VirusScan software. The new features include password protection for the VirusScan control panel applet on Windows 95 and Windows 98 systems and the ability to look for viruses in files that do not have filename extensions. To install this Service Pack, you must have VirusScan v4.5 anti-virus software installed and running on your system. _________________________________ WD1 - WHAT THIS SERVICE PACK DOES This Service Pack replaces a number of core VirusScan program files with new versions that correct the issues listed in "IR1 - Issues Resolved in this Service Pack." To see a list of the files that the Service Pack replaces, see "IF1 - Files Included with this Service Pack," later in this file. This Service Pack also includes a full installation utility with flexible deployment options. To learn how to install or deploy this Service Pack, see "IN1 - Installation" and "IN7 - Distributing the Service Pack via Network Management Software." __________________________________________ IR1 - ISSUES RESOLVED IN THIS SERVICE PACK 1. The VShield scanner provides a password security scheme that system administrators can use to lock settings they choose for client VirusScan copies installed on user desktops. In addition, the VShield System Scan property pages provide a checkbox that, when clear, prevents users from disabling the scanner. These two measures help to enforce a consistent anti-virus policy throughout your organization and prevent users from tampering with or disabling that policy enforcement. The VirusScan control panel applet on Windows 95 and Windows 98 systems, however, and a menu item in the VirusScan Console on all Windows systems, can allow desktop users to disable the VShield scanner. To do so, users can simply choose Disable from the Task menu in the Console, or -- on Windows 95 and Windows 98 systems -- click the Stop button on the Services page in the control panel applet. This Service Pack seals these insecure points within the VShield scanner. To do so, it makes the Disable command in the Console's Task menu unavailable when you clear the System Scan Can Be Disabled checkbox in the System Scan Properties dialog box. This Service Pack also requires users on Windows 95 and Windows 98 systems to enter a password before they can change any settings in the VirusScan control panel applet. The Service Pack does not add this capability to the control panel for Windows NT Workstation v4.0 or Windows 2000 Professional systems -- the VirusScan software provides another method for this type of security on those systems. On Windows 95 and Windows 98 systems, the VirusScan software will use the same password you assigned to protect your VShield scanner settings to prevent desktop users from unauthorized access to the control panel. If you have already deployed VirusScan software to your network workstations, you need only install the Service Pack to take advantage of these new features and fixes. You do not need to take any additional steps to remove the Disable menu item from the Task menu in the VirusScan Console. At a MINIMUM, to ensure proper security, you should consider these options for your VirusScan configuration: * The System Scan Can Be Disabled Checkbox. Verify that this checkbox is clear. To do so, follow these steps: A. Right-click the VShield icon in the Windows taskbar, point to Properties, then choose System Scan. B. If the System Scan Can Be Disabled checkbox at the bottom of the Detection property page is not clear, clear it. * VShield scanner security settings. Select the VShield property pages you want to protect, then assign a password in the Security module. IMPORTANT: To ensure that end users cannot disable the VShield scanner, you MUST use a password to protect, at a minimum, the System Scan module's Detection page. If you do not lock this page, users can clear the System Scan Can Be Disabled checkbox themselves. To protect your VShield scanner settings, follow these steps: A. Click the Security icon at the left of the VShield Properties dialog box. B. Select the VShield property pages whose settings you want to lock. You can choose to lock all property pages, or individual pages. McAfee recommends that you protect all pages, but at a minimum, you must choose to protect the Detection page in the System Scan module. For more information, see the VirusScan User's Guide. C. Assign a password to these settings. This same password will protect the VirusScan control panel from tampering. D. Close the VShield Properties dialog box. On Windows 95 and Windows 98 systems, the VirusScan control panel will prompt any desktop user who tries to open it for a password. The control panel prompt will remain open until the user supplies the correct password or cancels the operation. The control panel will not ask for a password on Windows NT Workstation v4.0 or Windows 2000 Professional systems; these systems have an alternative security scheme that provides the same level of protection. To learn more, see Chapter 2 in either the VirusScan Administrator's Guide or the User's Guide. 2. If you used the McAfee Installation Designer to set a security password for desktop copies of VirusScan v4.5 software, or if you set the security password at the desktop, then installed the ePolicy Orchestrator agent and downloaded a new policy, the policy would overwrite your password so that the software would no longer require a password for access to configuration options. This Service Pack, in conjunction with an updated version of the VirusScan v4.5 .NAP file, will now apply whichever password you set in the ePolicy Orchestrator console to the desktop copy, instead of overwriting existing passwords with a blank password. Note that the policy will still overwrite the existing password on the desktop copy, but it will do so with the password you supply. If you want to avoid changing a password you've set, be sure to use the same password when you configure VirusScan v4.5 software through ePolicy Orchestrator. 3. Without the Service Pack, VirusScan v4.5 software does not, by default, scan files without filename extensions unless you select the All Files checkbox in the Where & What or the Detection tab in each component's configuration interface. This Service Pack adds extensionless files to the default Program File Extensions list, and to any custom list you've created. It also gives you a method you can use to add extensionless files to a Program Extensions List you create for an on-demand scan task whose settings you've saved as a .VSC file. If you have created a scan task that includes a custom Program Extensions list, and you have saved the settings for that task as a .VSC file, you can add extensionless files to that task. To do so, follow these steps: A. Locate the .VSC file you saved in Windows Explorer, right-click that file, then choose Properties from the shortcut menu to open the Task Properties dialog box. B. Click the Detection tab in the Properties dialog box. C. Click the Extensions button next to the Program Files Only checkbox in the Detection page. D. Click Add to open the Add Program File Extension dialog box. E. Click OK. The VirusScan software will ask you whether you want to scan extensionless files. Click OK to continue. F. The new "filename extension" will appear in the file extensions list as (NoExtension). G. To remove the new extension from the list, select NoExtension, then click Delete. Otherwise, click OK to close the Program File Extensions dialog box and add the extension to the list. The VirusScan components will now look for viruses in extensionless files during each of its scan operations. If you want to save these settings so that the VirusScan application uses them for all scan tasks you create, choose Save As Default from the File menu in the application window. 4. A product identification, or "splash," screen appears whenever you start a computer that has VirusScan software installed on it and the VShield scanner set to load at startup. The splash screen also appears if you start the VShield scanner yourself, or if you update the VShield software. Some system administrators and users would prefer that this splash screen not appear in these circumstances. This Service Pack creates a registry setting that allows you to decide whether you want to enable or disable the splash screen. To do so, follow these steps: A. Install this VirusScan v4.5 Service Pack. To learn how to do so, see "IN1 - Installation," later in this file. B. Start the Windows registry editor. C. Locate this registry key: HKLM SOFTWARE Network Associates TVD Shared Components On Access Scanner Vshield System Scan General D. Set the value for the dword variable bSkipSplash, which you'll find in this registry key, to reflect your preferences. You can use either of these values: 1 - Disables the splash screen 0 - Enables the splash screen The Service Pack sets the value at 0 by default. E. Close the Windows registry editor. 5. If you have the VShield scanner set to scan floppy disks for viruses, and if you then insert a locked floppy disk that contains a virus into your floppy drive, the VShield scanner will cause a Dr. Watson error when it tries to clean the infection. This occurs because the VirusScan engine tries to write an uninfected version of the file back to the locked floppy disk. When it cannot do so after trying for a given timeout period, it fails with a Dr. Watson error. This Service Pack corrects this situation so that VirusScan properly detects the locked status of the floppy disk and tells you that it cannot clean the file because the disk that contains it is write-protected. 6. If you have enabled the Download Scanning module, opening a file associated with Internet Explorer or Netscape Navigator -- an .HTM or .JPG file, for example -- causes either browser to issue a fatal exception error when you quit the application. This Service Pack resolves this issue. 7. A blue-screen fatal error can occur when the VShield scanner starts on Windows 95 and Windows 98 systems, whether at system startup, or when users start the scanner from the VirusScan control panel. This issue occurs primarily, but not exclusively, on older-generation hardware, such as systems with Intel Pentium II or earlier processors, running at a clock speed of 233 MHz or slower. The issue does not occur on Windows NT Workstation v4.0 or Windows 2000 Professional systems. The issue occurs on these systems if Windows interrupts the operation of the VShield scanner as it initializes in order to respond to requests from other system components or other application software. If this occurs, the system cannot reliably resume operations at the point it would normally, had the VShield scanner not intercepted the operation. This Service Pack causes the VShield scanner to save state information about any operations the scanner intercepts so that Windows can recover properly in case it interrupts the scanner to respond to other requests. 8. VirusScan v4.5 software has an option that allows you to set a delay period after system startup, at which time it can run a scan or AutoUpgrade/AutoUpdate task you've configured. A timing issue with the operating system, however, causes those VirusScan v4.5 installations without the Service Pack not to use the configured delay value for the task. Instead, VirusScan software runs the configured scan task as soon as possible after the system has started and the VirusScan Console has launched. This Service Pack modifies the VirusScan Console so that it waits for the correct number of minutes before it starts a scheduled task. With this modification, you can choose to delay the start of your scan task for up to 59 minutes after system startup. IMPORTANT: If you have a scan task scheduled to run after startup, you should not have an AutoUpdate or AutoUpgrade task also configured to run after startup. The AutoUpdate or AutoUpgrade task will stop the scan task in order to perform its update or upgrade. 9. VirusScan v4.5 software, without this Service Pack, includes a dynamic link library -- SYNCUTIL.DLL -- that can consume excess system resources, such as system memory, during some operations. Such resource "leaks" can cause VirusScan components to crash in some circumstances. This Service Pack alters the VirusScan library file so that it properly ends each software operation and releases system resources for use elsewhere. 10. In VirusScan v4.5 software you can configure the AutoUpdate module to run any executable file immediately after the module downloads and installs new .DAT files. On Windows NT and Windows 2000 systems, the module will run the executable file with the same account rights granted to the user currently logged in to the local workstation. If no user is logged in to the local workstation, the existing version of the AutoUpdate module will run the executable file with local system-level rights. Therefore, if unauthorized users can get access to the system and can edit the local computer's registry, those users can, in some cases, exploit this AutoUpdate feature to run hostile or damaging executable files of their own. This Service Pack changes this feature so that it will no longer run an executable file after a .DAT file update unless a user is logged into the workstation from the local console. In that case, AutoUpdate uses the same account rights granted to that user. This change means that no executable file will run after a .DAT file update if: * No user is logged in to the local workstation; or * An administrator logs in to the local workstation from a remote system to run AutoUpdate. Here, the VirusScan software detects that the login is not local, and will refuse to run the executable file. AutoUpdate operations will proceed normally, however. NOTE: If you have an executable file set to run after a .DAT file update in either of these two circumstances, the AutoUpdate operation will complete normally, but the log file will report that the operation failed. In fact, only the executable file will have failed to start normally. The log file will also report that the executable file did not run. This Service Pack does NOT alter how the AutoUpdate module functions in any other way, nor does it introduce any changes into the AutoUpdate user interface. IMPORTANT: If you rely on the AutoUpdate's built-in system account privileges to run executable files after .DAT updates -- on unattended workstations, for example -- this Service Pack file will prevent you from doing so. You might instead want to secure the workstation's registry, install VirusScan v4.5 software in its Maximum Security mode, or take other security measures. "AD1 - Additional Information," lists other suggestions for ensuring workstation security. 11. VirusScan v4.5 software caused a general protection fault when it tried to scan files on systems that used the Encrypted File System format available with Windows 2000. This Service Pack now correctly supports the Windows 2000 Encrypted File System. 12. If you set the path for the Temp directory that Windows uses for temporary files -- where it stores temporary copies of files that it extracts from archives, for example -- so that it uses long filenames, existing VShield versions will hang, then crash. This Service Pack enables VShield to correctly interpret long filenames for the Temp directory path. 13. VirusScan v4.5, without the Service Pack, would occasionally try to scan files that some Windows utilities -- Defrag, Scandisk or Windows Optimizer, for example -- would mark as off-limits. This could cause Windows to lock up. This Service Pack now allows these Windows utilities to complete their tasks uninterrupted. 14. If you install VirusScan v4.5 with the Maximum Security option on Windows NT or Windows 2000 systems, then modify the path for Windows Explorer in the registry, you cannot use the VirusScan control panel to start or stop any VirusScan component. This Service Pack modifies the VirusScan software so that it uses a different method to determine the state of each component, which allows you to use the control panel to enable or disable VirusScan components. 15. VirusScan v4.5 software for use in corporate environments currently reminds users about old .DAT and engine files. The Service Pack will change this function so that these reminders do not occur by default. You can, however, enable the reminders by modifying the registry. To do so, follow these steps: A. Install this VirusScan v4.5 Service Pack. To learn how to do so, see "IN1 - Installation," later in this file. B. Start the Windows registry editor. C. Locate this registry key: HKLM SOFTWARE Network Associates TVD VirusScan D. Change the value for the dword variable bNotifyOneMonth. You can use either of these two values: 1 - Enables the reminder 0 - Disables the reminder E. Close the Windows registry editor. 16. With VirusScan v4.5, systems that run Windows 2000 and the Microsoft NetWare client will crash if you try to copy a file from the local hard disk to a disk on a NetWare server. This occurs if you have the VShield System Scan module enabled and set to scan inbound files and network drives. This Service Pack corrects this issue. 17. If you have VirusScan v4.5 installed on a system that runs Windows 95 or Windows 98, and you start that system but leave it at the login prompt for more than 24 hours, the AVSync Manager will report an error and will crash your system. This Service Pack resolves this issue. 18. If you insert a CD-ROM into your drive on a Windows 2000 system when that system is busy with other tasks, the VShield scanner can prevent Windows Explorer from responding as it tries to resolve conflicting requests for information about the CD-ROM file system and requests from the VShield scanner to examine those files for viruses. This Service Pack resolves this issue. 19. If the VShield scanner finds an infected file and you try to open, move, or modify that file from a command prompt using the DOS standard naming convention for the file, the VShield scanner will cause a Dr. Watson error when it reports the infection. This issue occurred primarily on German-language Windows versions. This Service Pack resolves this issue. 20. If you started to run a scan operation from the VirusScan application, then a scheduled AutoUpdate operation began, the AutoUpdate operation could not update your .DAT or scan engine files because the scan task kept them busy for its use. This issue did not occur with scheduled scan tasks, as the AutoUpdate utility could ask the scheduled task to terminate. This Service Pack now allows the AutoUpdate utility to ask the VirusScan application to terminate any running scan task in order to install a .DAT file update. 21. If users disable the VShield System Scan or Internet Filter modules from the desktop, you cannot use the ePolicy Orchestrator Console to re-enable these modules until after you have installed this Service Pack. Once you install this Service Pack and the latest version of the VirusScan .NAP file, you can re-enable those modules that users shut down. A better solution would be to secure your VShield settings with a password to prevent users from tampering with them. You can do so from each desktop, or you can use the latest available version of the VirusScan v4.5 .NAP file to set a password for those settings from the ePolicy Orchestrator Console. ___________________________________________ IF1 - FILES INCLUDED WITH THIS SERVICE PACK This Service Pack consists of a package called VSC45SP1.EXE, which contains these new files: AVCONSOL.EXE = VirusScan Console executable AVPARAM.DLL = Scan engine support library AVSMCPA.CPL = VirusScan control panel applet BOOTSCAN.EXE = Command-line scanner CCM_SCAN.EXE = cc:Mail scan utility CFGCOM32.DLL = VirusScan application configuration utility CLEAN.DAT = Virus definitions file LICENSE.DAT = Virus definitions file MCSCAN32.DLL = Library file for on-access scanner. Allows scanner to intercept file-system requests on Windows NT and Windows 2000 systems MCSCAN32.VXD = Virtual device driver for on-access scanner. Allows scanner to intercept file-system requests on Windows 95 and Windows 98 systems MCSHIELD.EXE = On-access scanner for Windows NT and Windows 2000 systems MCSTVBI.EXE = VirusScan component launcher. The VirusScan software uses this executable internally MCTOOL.EXE = Support file for command-line scanner MCUPDATE.EXE = AutoUpdate and AutoUpgrade executable MESSAGES.DAT = Virus definitions support file NAIANN.DLL = Support library that provides an interface between the VShield on-access scanner and the rest of the VirusScan components on Windows NT and Windows 2000 systems only NAIFILTR.SYS = VirusScan filter driver NAMES.DAT = Virus definitions file NTCLIENT.DLL = Support library that provides an interface between the VShield on-access scanner and the rest of the VirusScan components on Windows NT and Windows 2000 systems only PSAPI.DLL = System support library for Windows NT and Windows 2000 systems RESDLL.DLL = VirusScan resource library RWABS16.DLL = Scan engine support file RWABS32.DLL = Scan engine support file SCAN.DAT = Virus definitions file SCAN.EXE = Command-line scanner SCAN32.EXE = VirusScan application SCAN86.EXE = Command-line scanner SCANEMAL.DLL = E-mail Scan module on-access and on-demand scanner SCANPM.EXE = Command-line scanner SCRSCAN.EXE = ScreenScan background scanner SCRSCANP.DLL = Support library for ScreenScan scanner SP1PACK.LST = Packing list for Service Pack SRVPACK1.TXT = This text file SYNCUTIL.DLL = Support library for all VirusScan components VSCFGDLL.DLL = Support library for VShield configuration utility VSHIELD.VXD = VShield scanner. Functions as a device driver on Windows 95 and Windows 98 systems VSHWIN32.EXE = Control utility for on-access scanner. Starts and stops VShield scanner, displays icon in system tray VSUTIL.DLL = VirusScan internal utilities support library WBHOOK32.DLL = Support library for VShield scanner. Allows scanner to intercept e-mail and Internet traffic The .ZIP file that contains VSC45SP1.EXE also contains the files shown below, which you can use to distribute this Service Pack via Management Edition software or via the VirusScan AutoUpgrade utility. A VirusScan .NAP file allows you to configure the software from the ePolicy Orchestrator Console. MCSCRIPT.INI = Script file for use with Management Edition software PKGDESC.INI = Package description file for use with the VirusScan AutoUpgrade utility SETUP.ISS = Script file for use with VirusScan AutoUpgrade utility VSC_95.INI = Script file for use with Management Edition software to distribute this Service Pack to Windows 95 and Windows 98 workstations VSC_NT.INI = Script file for use with Management Edition software to distribute this Service Pack to Windows NT and Windows 2000 workstations __________________ IN1 - INSTALLATION * IN2 - INSTALLATION REQUIREMENTS * To use this Service Pack, you must have VirusScan v4.5 anti-virus software installed on the target computer. This Service Pack will not work with earlier VirusScan versions. * IN3 - BEFORE YOU BEGIN: ABOUT THE INSTALLER * The Service Pack installation utility is a standard application that you can double-click to start from within Windows. The Windows 95, Windows 98, Windows NT, and Windows 2000 versions of the utility include a graphical user interface that consists of a series of wizard panels -- you can follow the instructions shown in the panels to install the Service Pack. You can also run the utility from a command line. See "IN4 - Running the Installation Utility" later in this file for details. NOTE: When the installation utility has finished updating your VirusScan software, you may delete it from your hard disk, unless you want to keep a copy available for further update or upgrade operations. IMPORTANT: In order to install this Service Pack on computers that run Windows NT or Windows 2000, you MUST log on to the target computer with Administrator-level rights. If you cannot log on to the target computer as an Administrator directly, you can instead use the AutoUpgrade utility included with VirusScan software to schedule an upgrade task. The AutoUpgrade utility uses Administrator rights when it runs a scheduled update task, but will not use Administrator rights if you click the Update Now button. See "IN10 - Modifying the Installation Package to Work with AutoUpgrade" later in this file for more information. * IN4 - PREPARING TO RUN THE INSTALLATION UTILITY * To prepare the installation utility to run, create a temporary directory on your hard disk, then download VSC45SP1.EXE from the Network Associates website to this directory. You do not need to uncompress the file or take any other action to prepare it to run. * IN5 - RUNNING THE INSTALLATION UTILITY * Locate the program icon for the installation utility in the temporary directory you created, then double-click it to start the installation wizard. To update your files, follow the instructions shown. NOTE: When the utility has finished updating your VirusScan software, you may delete it from your hard disk, unless you want to keep a copy available for further update or upgrade operations. You can also run the utility from a command prompt window, along with any of eight options. See "IN6 - Command-Line Options" later in this file to learn what each option does. To run the installation utility from a command prompt, follow these steps: 1. Click Start in the Windows taskbar, then choose Run. 2. Type X:\VSC45SP1.EXE in the Run dialog box, along with any options you want to use. Here, X: represents the drive and the path to the location where you stored the VSC45SP1.EXE file. 3. Click OK. 4. The utility will run with the options you specify. NOTE: Some of the options will not run the application itself; rather they will provide information about the package, provide online help, or extract package files. See "IN6 - Command-Line Options" for details. * IN6 - COMMAND-LINE OPTIONS * You can use any of eight options to specify different installation methods or to get information about the utility or the file package included with it. These options are: /logfile This option tells the installation utility to save a log file with the filename you specify and in the location you specify. By default, the utility creates a log file in the current working directory. Use this option to create a log file elsewhere on your hard disk. /prompt This option tells the installation utility to display only the Shut Down Windows dialog box when it has updated or upgraded your software. Use this option in conjunction with /silent. /silent This option runs the update silently. No dialog boxes appear. /reboot If you use this option with the /silent option, the installation utility will restart the target computer, but only if the utility must do so in order to complete all file replacements. If you do not use this option from the command line, or do not include a similar command in your update script, the utility will NOT restart your computer. NOTE: VirusScan versions that run on Windows NT or Windows 2000 will require you to reboot the target computer in order to replace filter drivers used with the software if you install the VShield scanner. You can continue to run the software without rebooting immediately, but the software will not use the replacement files you installed immediately. To activate the replacement files for use, you must reboot your computer. This does not affect computers that run Windows 95 or Windows 98. /e This option tells the installation utility to extract the files archived in the VSC45SP1.EXE package to the directory you specify in . Use this option to validate the files from the package. This option does NOT run the installation utility or cause it to update your software. If you do not specify a , the installation utility will extract its contents to the current working directory. /v This option displays validation information for the installation package on all current Windows platforms. This information includes file version information and time stamps drawn from the files themselves, along with cyclical redundancy check (CRC) validation codes. You can compare this data with that shown in the SRVPACK1.LST file that comes with the Service Pack package. This option does NOT run the installation utility or cause it to update your software. /f This option tells the installation utility to use the files that come with its current package to update and upgrade your software, regardless of which file versions you have already installed. Use this option to "force" an update to the current file versions in order to overwrite corrupted files or enforce your anti-virus security policies. /? This option displays an online description of the command-line options available for the installation utility. It does NOT run the utility or cause it to update your software. * IN7 - DISTRIBUTING THE SERVICE PACK VIA NETWORK MANAGEMENT SOFTWARE * If you use the McAfee AutoUpgrade utility or McAfee Management Edition software to distribute updates and upgrades, you can find package description files or script files necessary to distribute this Service Pack in the installation package itself. See "IN8 - Preparing the Installation Package for Distribution via Management Edition Software" and "In10 - Modifying the Installation Package to Work with AutoUpgrade" to learn how to use each method to distribute this Service Pack. * IN8 - PREPARING THE INSTALLATION PACKAGE FOR DISTRIBUTION VIA MANAGEMENT EDITION SOFTWARE * To distribute this Service Pack via Management Edition software, follow these steps: 1. Create a temporary directory on your hard disk, then download the installation package VSC45SP1.ZIP to that folder. 2. Use WinZip, PKZip or a similar utility to extract these files from the archive: MCSCRIPT.INI VSC_95.INI VSC_NT.INI 3. Copy VSC45SP1.EXE to the same directory into which you extracted the script files in Step 2. To learn how to locate and download that package, see "Preparing to Run the Installation Utility," earlier in this file. 4. Start the Management Edition software, then open the software repository from the Management Edition console. 5. Click Install at the bottom of the software repository dialog box. Next, click Product in the dialog box that appears. A standard Browse for File dialog box will appear. 6. Locate the directory you created in Step 1, then click OK to load its contents into the software repository. 7. Proceed with your installation task as you would normally. To learn more about how to install software via the Management Edition software, see the Management Edition Administrator's Guide included with the product. * IN9 - PREPARING THE INSTALLATION PACKAGE FOR DISTRIBUTION VIA E-POLICY ORCHESTRATOR SOFTWARE * To use ePolicy Orchestrator to deploy this Service Pack, you need to create and schedule an AutoUpgrade task for each target workstation to which you want to distribute the installation package. To learn how to create and schedule AutoUpgrade tasks for a computer, user, or group, consult the ePolicy Orchestrator Administrator's Guide. You will also need to modify the Service Pack installation package to work with the VirusScan AutoUpgrade module. To learn how to do so, see "IN10 - Modifying the Installation Package to Work with AutoUpgrade," later in this file. After you have configured and saved an AutoUpgrade task for each computer you plan to update, and after you have modified the installation package so that it works with AutoUpgrade, you need only copy the modified package to the server you ordinarily use to store files you want to install via AutoUpgrade. Verify that you have copied all of the files you need along with the installation package itself. The next section lists those files. * IN10 - MODIFYING THE INSTALLATION PACKAGE TO WORK WITH AUTOUPGRADE * To use the Service Pack installation utility with the AutoUpgrade component that comes with VirusScan software, follow these steps: 1. Rename VSC45SP1.EXE to SETUP.EXE. 2. Download the file AUTOUPG.ZIP, which you will find on the Network Associates FTP site in this location: ftp://:@ftp.nai.com /licensed/antivirus/superdat/tools/ NOTE: Here, is your Network Associates corporate site access user name, and is your corporate site access password. To download these files, you must have access to the site as a licensed McAfee customer. The installation package archive contains the file PKGDESC.INI. Extract PKGDESC.INI from the .ZIP archive, then copy both the extracted file and the now-renamed SETUP.EXE to the server from which you want other computers on your network to download updated files. Both PKGDESC.INI and SETUP.EXE must be present for AutoUpgrade to download update files correctly. NOTE: If your upgrade server runs UNIX or another case-sensitive operating system, verify that you have named the PKGDESC.INI file correctly. The AutoUpdate version included with VirusScan anti-virus software expects to find a lower-case filename: pkgdesc.ini. 3. The installation package also has a "dummy" SETUP.ISS file you can use to set installation options for this Service Pack, if you want them. Copy the file from the installation .ZIP archive into the directory from which you tell AutoUpgrade to download new files, if you want to specify some installation options for this Service Pack. NOTE: AutoUpgrade versions that come with the v4.5 product series do not require a SETUP.ISS file to run. You can, however, use one to specify how the AutoUpgrade utility will run the Service Pack installation. SETUP.ISS is a simple text file that you can edit with any standard text editor. If you do not want to specify any configuration options for the installation, you can simply create a zero-byte SETUP.ISS file or not use a file at all. To specify configuration options in your SETUP.ISS file, use the example shown below to learn which options you may use. You can cut and paste this example directly into a text file, then edit and save the file as SETUP.ISS. [SuperDATOptions] bReboot=1 bPrompt=1 szLogFile=C:\temp\mylog.txt Here's a description of what each statement in the file does: * bReboot=1 This statement tells the installation utility to restart the target computer if it must do so in order to finish updating your VirusScan software. If you do not want the target computer to restart after it updates your files, set the value of bReboot= to zero, or remove the statement from SETUP.ISS. NOTE: VirusScan versions that run on Windows NT or Windows 2000 will usually require you to reboot the target computer in order to replace filter drivers used with the software. You can continue to run the software without rebooting immediately, but the software will not use the replacement files you installed immediately. To activate the replacement files for use, you must reboot your computer. This does not affect computers that run Windows 95 or Windows 98. * bPrompt=1 This tells the installation utility to display only the Shut Down Windows dialog box when it has updated or upgraded your software. * szLogFile= This option tells the installation utility to save a log file with the filename you specify and in the location you specify. By default, the installation utility creates a log file in the current working directory. * IN11 - DETERMINING WHEN YOUR COMPUTER WILL RESTART * Installing this Service Pack will cause your computer to reboot in these circumstances: * If you have the VShield scanner installed and enabled on Windows NT or Windows 2000 systems, the Service Pack installer will request the system to reboot in order to replace the VShield scanner executable and some of its support files. If you do not have the VShield scanner installed, the installer will not request a reboot. * If you have the VShield Download Scan, E-Mail Scan or Internet Filter modules installed and enabled on Windows 95 or Windows 98 systems, or if you choose a Force Install option for AutoUpgrade or another distribution utility, the Service Pack installer will request a system reboot to replace the scan engine and some related support files. If you do not reboot the system, the VShield modules will continue to function until you do so, but these modules will not incorporate any fixes supplied with the Service Pack. * IN12 - REMOVING THIS SERVICE PACK * To remove this Service Pack from your computer, you must remove the entire VirusScan product from your computer. See the VirusScan Administrator's Guide or the VirusScan User's Guide for instructions. NOTE: McAfee recommends that you do NOT remove the Service Pack files from your VirusScan product directory once you install them. If you reinstall your VirusScan v4.5 software, McAfee recommends that you also reinstall the Service Pack files. ____________________________ AD1 - ADDITIONAL INFORMATION Although this Service Pack eliminates a potential security concern in the AutoUpdate module, it does so by limiting a small amount of the module's capability. You can also secure each workstation in such a way as to prevent the exploitation of the AutoUpdate feature described in this file. To do so, you can take one or more of these steps: * Give full access to the registry key that controls which executable file runs only to administrators, to the system, or to the key owner or creator. All others should have only read access to the key. To do so, locate this key in the registry: HKLM\Software\Network Associates\TVD Next, set access permissions for this key and all subkeys to: Administrator Full Access Creator/Owner Full Access System Full Access Everyone Read Only NOTE: Windows 2000 systems come with these settings by default. Windows NT 4.0 Workstation systems do not. To learn more about how to lock down your registry, see your Microsoft Windows NT documentation. * Use the NT File System to set specific permissions for the executable file you plan to run after a .DAT file update. To do so, locate the executable file you want to run, then follow these steps: 1. Right-click the file, then choose Properties from the shortcut menu that appears. 2. Click the Security tab in the Properties dialog box. 3. Click the Permissions button in the Security property page. 4. Choose Special File Access from the Type of Access menu at the bottom of the dialog box. 5. Set these rights for the file you plan to run: Administrator Full Access Creator/Owner Full Access System Full Access Everyone Read/Execute * Install or reinstall VirusScan v4.5 in its Maximum Security mode. This prevents all users, except those with administrative rights to the workstation, from configuring any aspect of the VirusScan interface, including the AutoUpdate module. Alternatively, you can use standard security, but set password protection for the AutoUpdate task from the VirusScan Console. To learn how to install VirusScan v4.5 software in Maximum Security mode or to learn how to set password protection for the AutoUpdate task, see the VirusScan User's Guide. * Use the Windows Policy Editor to set a policy for each vulnerable workstation that disables all registry editing tools. __________________ KN1 - KNOWN ISSUES 1. The Service Pack installation utility creates several new directories and populates them with temporary files. The utility does not delete these files after installation, nor does the uninstallation utility remove them. If you install the Service Pack again, however, it will overwrite these files, rather than creating new copies of them. You do not need these files for your software to function correctly, nor will leaving these files intact interfere with any software functions. To save disk space, however, you can locate and delete the files in these directories: C:\Program Files\Common Files\Network Associates\ VirusScan Engine\olddats C:\Program Files\Common Files\Network Associates\ VirusScan Engine\oldengine On Windows 95 and Windows 98 systems: C:\Program Files\Common Files\Network Associates\ VirusScan Engine\oldvxds C:\Program Files\Network Associates\VirusScan\oldfiles NOTE: In all cases, C:\ represents the directory into which you installed your software. 2. As item 3 in "IR1 - Issues Resolved in This Service Pack" describes, the Service Pack adds (NoExtension) to the default Program File Extension list by default so that VirusScan software can detect viruses in files that have no filename extension. To do so, the Service Pack replaces the VirusScan registry variable that contains the default Program Extension list with a new default list. For custom lists of filename extensions, however, the Service Pack simply appends the NoExtension setting in the registry variable that contains that setting, which preserves your custom extension list as is, apart from the NoExtension addition. You can remove this addition in the same way you would remove any other program file extension from your list. For scan tasks that you've created and saved in .VSC files, however, the Service Pack does NOT append NoExtension to the program file list for that task, nor does it replace that list. It does not do so because the installer has no way to determine the .VSC filename or its location on your system. If you want to include extensionless files in that scan operation, therefore, you must add them to the task yourself. Follow the instructions outlined in item 3 in "IR1 - Issues Resolved in This Service Pack" earlier in this file. 3. If you use ePolicy Orchestrator to install VirusScan v4.5 software to a target workstation that runs Windows 95A, then: A. Use the Service Pack installer to update your software; B. Use ePolicy Orchestrator again to remove the VirusScan v4.5 software; and finally C. Use ePolicy Orchestrator to reinstall the VirusScan v4.5 software the ePolicy Orchestrator agent will continuously try to update and reinstall the VirusScan software with every other application-to-server communication interval. To work around this issue, remove the VirusScan v4.5 software and its Service Pack from the target workstation, then reinstall the software via the ePolicy Orchestrator Console. 4. The Service Pack installation utility does not currently support the @ symbol used in the Novell NetWare login script. McAfee does not create, supply, or support login scripts for individual environments. 5. The installation utility works within your system's existing security structures. For Windows NT and Windows 2000 systems, this usually means that you must have certain administrative rights to upgrade the scan engine for your anti-virus software, because this Service Pack installs an updated engine version. Logging on to the system with the same identity you used to install your anti-virus software should give you sufficient rights. 6. You cannot use the ePolicy Orchestrator Console to prevent the VShield icon from appearing in the Windows system tray on desktop systems. To hide the icon, you can: * Clear the Show Icon in the Taskbar checkbox in the System Scan Properties dialog box; * Install VirusScan v4.5 software on Windows NT or Windows 2000 workstations with the Maximum Security option; or * Use the McAfee Installation Designer to create a custom Microsoft Installer (.MSI) file with a setting that hides the icon. 7. If you use VirusScan v4.5 software in conjunction with ePolicy Orchestrator software, you cannot tell VirusScan software to exclude boot sector scanning using the ePolicy Orchestrator Console. 8. If you use the VirusScan v4.5 software in conjunction with ePolicy Orchestrator software, and you use the latest available .NAP file, the Recycle Bin item that appears by default in the Exclusions property page in the System Scan dialog box for the VShield scanner will NOT appear in the corresponding page in the ePolicy Orchestrator Console. You must add the Recycle Bin item to your exclusions list yourself. This item does not appear by default in the ePolicy Orchestrator Console because to have it do so would require you to remove, rather than simply update, your existing .NAP file and all of the task and configuration settings you created with it. ______________________________________________ NA1 - CONTACTING MCAFEE AND NETWORK ASSOCIATES On December 1, 1997, McAfee Associates merged with Network General Corporation, Pretty Good Privacy, Inc., and Helix Software, Inc. to form Network Associates, Inc. The combined Company subsequently acquired Dr Solomon's Software, Trusted Information Systems, Magic Solutions, and CyberMedia, Inc. A January 2000 company reorganization formed four independent business units, each concerned with a particular product line. These are: * Magic Solutions. This division supplies the Total Service desk product line and related products * McAfee. This division provides the Active Virus Defense product suite and related anti-virus software solutions to corporate and retail customers. * PGP Security. This division provides award-winning encryption and security solutions, including the PGP data security and encryption product line, the Gauntlet firewall product line, the WebShield E-ppliance hardware line, and the CyberCop Scanner and Monitor product series. * Sniffer Technologies. This division supplies the industry-leading Sniffer network monitoring, reporting, and analysis utility and related software. Network Associates continues to market and support the product lines from each of the new independent business units. You may direct all questions, comments, or requests concerning the software you purchased, your registration status, or similar issues to the Network Associates Customer Service department at the addresses or phone numbers listed below. Contact the Network Associates Customer Service department between 8:00 a.m. and 8:00 p.m. Central Time, Monday through Friday, at: Network Associates Customer Service 4099 McEwen, Suite 500 Dallas, Texas 75244 Contact information for McAfee corporate- licensed customers: Phone: (888) VIRUS NO or (888) 847-8766 Fax: (972) 619-7485 (24-hour, Group III fax) E-Mail: services_corporate_division@nai.com Web: http://www.nai.com Contact information for retail licensed customers: Phone: (972) 308-9960 Fax: (972) 619-7485 (24-hour, Group III fax) E-Mail: cust_care@nai.com Web: http://www.mcafee.com Send correspondence to any of the following Network Associates locations: Network Associates Corporate Headquarters 3965 Freedom Circle McCandless Towers Santa Clara, CA 95054 Network Associates offices outside the United States: Network Associates Australia Level 1, 500 Pacific Highway St. Leonards, NSW Sydney, Australia 2065 Phone: 61-2-8425-4200 Fax: 61-2-9439-5166 Network Associates Austria Pulvermuehlstrasse 17 Linz, Austria Postal Code A-4040 Phone: 43-732-757-244 Fax: 43-732-757-244-20 Network Associates Belgique BDC Heyzel Esplanade, boîte 43 1020 Bruxelles Belgique Phone: 0032-2-478.10.29 Fax: 0032-2-478.66.21 Network Associates do Brasil Rua Geraldo Flausino Gomez 78 Cj. - 51 Brooklin Novo - São Paulo SP - 04575-060 - Brasil Phone: (55 11) 5505 1009 Fax: (55 11) 5505 1006 Network Associates Canada 139 Main Street, Suite 201 Unionville, Ontario Canada L3R 2G6 Phone: (905) 479-4189 Fax: (905) 479-4540 Network Associates People's Republic of China Room 913, Tower B Full Link Plaza No. 18 Chao Yang Men Wai Avenue Beijing People's Republic of China 100020 Phone: 86 10 6538-3399 Fax: 86 10 6588-5601 Network Associates Denmark Lautruphoej 1-3 2750 Ballerup Danmark Phone: 45 70 277 277 Fax: 45 44 209 910 NA Network Associates Oy Mikonkatu 9, 5. krs. 00100 Helsinki Finland Phone: 358 9 5270 70 Fax: 358 9 5270 7100 Network Associates France S.A. 50 Rue de Londres 75008 Paris France Phone: 33 1 44 908 737 Fax: 33 1 45 227 554 Network Associates GmbH Ohmstraße 1 D-85716 Unterschleißheim Deutschland Phone: 49 (0)89/3707-0 Fax: 49 (0)89/3707-1199 Network Associates Hong Kong 14th Floor, Plaza 2000 2-4 Russell Street Causeway Bay, Hong Kong Phone: 852-2892-9500 Fax: 852-2832-9530 Network Associates Srl Centro Direzionale Summit Palazzo D/1 Via Brescia, 28 20063 - Cernusco sul Naviglio (MI) ITALY Phone: 39 02 92 65 01 Fax: 39 02 92 14 16 44 Network Associates Japan, Inc. Shibuya Mark City West 20F 1-12-1 Dougenzaka, Shibuya-ku Tokyo 150-0043, Japan Phone: 81 3 5428 1100 Fax: 81 3 5428 1480 Network Associates Latin America 1200 South Pine Island Road, Suite 375 Plantation, Florida 33324 United States Phone: (954) 577-4290 Fax: (954) 236-8031 Network Associates México Andrés Bello No. 10 4o. Piso Col. Polanco México D.F. C.P. 11560 Phone: 52 (5) 282-9180 Fax: 52 (5) 282-9183 Network Associates International B.V. Gatwickstraat 25 1043 GL Amsterdam The Netherlands Phone: 31 20 586 6100 Fax: 31 20 586 6101 Network Associates Portugal Av. da Liberdade, 114 1269-046 Lisboa Portugal Phone: 351 1 340 4543 Fax: 351 1 340 4575 Net Tools Network Associates South Africa Hawthorne House St. Andrews Business Park Meadowbrook Lane Bryanston, Johannesburg South Africa 2021 Phone: 27 11 700-8200 Fax: 27 11 706-1569 Network Associates South East Asia 78 Shenton Way #29-02 Singapore 079120 Phone: 65 222-7555 Fax: 65 222-7555 Network Associates Spain Orense 4, 4a Planta. Edificio Trieste 28020 Madrid Spain Phone: 34 9141 88 500 Fax: 34 9155 61 404 Network Associates Sweden Datavägen 3A Box 596 S-175 26 Järfälla Sweden Phone: 46 (0) 8 580 88 400 Fax: 46 (0) 8 580 88 405 Network Associates AG Baeulerwisenstrasse 3 8152 Glattbrugg Switzerland Phone: 0041 1 808 99 66 Fax: 0041 1 808 99 77 Network Associates Taiwan Suite 6, 11F No. 188, Sec. 5 Nan King E. Rd. Taipei, Taiwan, Republic of China Phone: 886-2-27-474-8800 Fax: 886-2-27-635-5864 Network Associates International Ltd. 227 Bath Road Slough, Berkshire SL1 5PP United Kingdom Phone: 44 (0)1753 217 500 Fax: 44 (0)1753 217 520 Or, you can receive online assistance through any of the following resources: 1. Internet E-mail: techsupport@mcafee.com 2. Telephone technical support Corporate-licensed customers: Contact Network Associates Customer Service for information about technical support subscription plans Retail-licensed customers: (972) 855-7044 3. Internet FTP: ftp://ftp.nai.com 4. World Wide Web: http://www.nai.com/asp_set/support/technical/intro.asp 5. America Online: keyword MCAFEE 6. CompuServe: GO NAI To provide the answers you need quickly and efficiently, the Network Associates technical support staff needs some information about your computer and your software. Please have this information ready when you call: - Program name and version number - Computer brand and model - Any additional hardware or peripherals connected to your computer - Operating system type and version numbers - Network name, operating system, and version - Network card installed, where applicable - Modem manufacturer, model, and bits-per- second rate, where applicable - Relevant browsers or applications and their version numbers, where applicable - How to reproduce your problem: when it occurs, whether you can reproduce it regularly, and under what conditions - Information needed to contact you by voice, fax, or e-mail * NA2 - DOWNLOAD SUPPORT * To get help with navigating or downloading files from the Network Associates website or FTP site, call: Corporate customers (801) 492-2650 Retail customers (801) 492-2600 * NA3 - FOR PRODUCT UPGRADES * McAfee has a worldwide range of partnerships and reseller relationships with hundreds of independent vendors, each of which can provide you with consulting services, sales advice, and product support for McAfee and Network Associates software. To find a reseller near your location, see the RESELLER.TXT file located on your product CD-ROM or installed on your hard disk. For assistance in locating a local reseller, you can also contact McAfee Customer Service at (888) VIRUS NO or (888) 847-8766. * NA4 - FOR REPORTING PROBLEMS * McAfee prides itself on delivering a high-quality product. If you find any problems, please take a moment to review the contents of this file. If the problem you've encountered appears in the Known Issues section of this README.TXT file, McAfee is already aware of the problem, and you need not report it. If you find any feature that does not appear to function properly on your system, or if you believe an application would benefit greatly from enhancement, please contact Network Associates or one of its resellers with your suggestions or concerns. * NA5 - FOR ON-SITE TRAINING INFORMATION * Contact McAfee Customer Service at (888) VIRUS NO or (888) 847-8766. * NA6 - MCAFEE BETA SITE * To test pre-release software and obtain update files, including virus definition (.DAT) files, visit the McAfee beta site at: http://www.mcafeeb2b.com/beta/ You will have access to Public Beta and External Test Areas. Your feedback will make a difference. * NA7 - AVERT ANTI-VIRUS RESEARCH SITE * To see the latest information about emerging virus threats, submit samples of potentially infected files, and download updated scanning engine files, EXTRA.DAT files, and similar anti-virus software for testing, visit the AVERT research site at: http://www.avertlabs.com McAfee also seeks and appreciates general feedback. __________________________________________ CT1 - COPYRIGHT AND TRADEMARK ATTRIBUTIONS Copyright (c) 1999-2000 Networks Associates Technology, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Networks Associates Technology, Inc., or its suppliers or affiliate companies. * CT2 - TRADEMARKS * * ActiveHelp, Bomb Shelter, Building a World of Trust, CipherLink, Clean-Up, Cloaking, CNX, Compass 7, CyberCop, CyberMedia, Data Security Letter, Discover, Distributed Sniffer System, Dr Solomon's, Enterprise Secure Cast, First Aid, ForceField, Gauntlet, GMT, GroupShield, HelpDesk, Hunter, ISDN Tel/Scope, LM 1, LANGuru, LeadingHelp Desk Technology, Magic Solutions, MagicSpy, MagicTree, Magic University, MagicWin, MagicWord, McAfee, McAfee Associates, MoneyMagic, More Power To You, Multimedia Cloaking, NetCrypto, NetOctopus, NetRoom, NetScan, Net Shield, NetShield, NetStalker, Net Tools, Network Associates, Network General, Network Uptime!, NetXRay, Nuts & Bolts, PC Medic, PCNotary, PGP, PGP (Pretty Good Privacy), PocketScope, Pop-Up, PowerTelnet, Pretty Good Privacy, PrimeSupport, RecoverKey, RecoverKey- International, ReportMagic, RingFence, Router PM, Safe & Sound, SalesMagic, SecureCast, Service Level Manager, ServiceMagic, Site Meter, Sniffer, SniffMaster, SniffNet, Stalker, Statistical Information Retrieval (SIR), SupportMagic, Switch PM, TeleSniffer, TIS, TMach, TMeg, Total Network Security, Total Network Visibility, Total Service Desk, Total Virus Defense, T-POD, Trusted Mach, Trusted Mail, Uninstaller, Virex, Virex-PC, Virus Forum, ViruScan, VirusScan, VShield, WebScan, WebShield, WebSniffer, WebStalker, WebWall, and ZAC 2000 are registered trademarks of Network Associates and/or its affiliates in the US and/or other countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. * CT3 - LICENSE AGREEMENT * NOTICE TO ALL USERS: FOR THE SPECIFIC TERMS OF YOUR LICENSE TO USE THE SOFTWARE THAT THIS DOCUMENTATION DESCRIBES, CONSULT THE LICENSE.TXT, README.1ST, OR OTHER LICENSE DOCUMENT THAT ACCOMPANIES YOUR SOFTWARE, EITHER AS A TEXT FILE OR AS PART OF THE SOFTWARE PACKAGING. IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH THEREIN, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO THE PLACE OF PURCHASE FOR A FULL REFUND.