McAfee VirusScan Enterprise 8.5i configuration settings
The following lists the settings of an unconfigured (default settings) version of McAfee VirusScan Enterprise 8.5i and the settings of the configured version by the Computing Service Technical User Support Group. As you will probably notice the settings of the configured version are not too restrictive and reasonably liberal. If you wish to be more restrictive within your College or Department you should download an unconfigured version of VirusScan Enterprise 8.5i and a version of McAfee Installation Designer 8.5 and modify the settings yourself.
On-Access Scanner (General)
| Default Settings | Configured (if different) | |
|---|---|---|
| Boot Sectors | On | |
| Floppy during shutdown | On | |
| General: | ||
| Enable on-access scanning at startup | On | |
| Scantime: | ||
| Max archive scan time (seconds) | 15 | |
| Enforce max scan for all files (seconds) | On (45) |
| Default Settings | Configured (if different) | |
|---|---|---|
| Enable ScriptScan | On |
| Default Settings | Configured (if different) | |
|---|---|---|
| Message: | ||
| Send a message | Off | |
| Block: | ||
| Block the connection | On | |
| Unblock connection after | 10 minutes | |
| Block if unwanted program is detected | Off |
| Default Settings | Configured (if different) | |
|---|---|---|
| Messages for local users: | ||
| Show messages dialog when virus detected | On | |
| Text to display in message | VirusScan Alert! | |
| Non-administrator user actions: | ||
| Remove messages from list | On | |
| Clean files | On | |
| Delete files | Off |
| Default Settings | Configured (if different) | |
|---|---|---|
| Log to file | On (default file) | |
| Limit size of log file | 1 MB | |
| Format | Unicode (UTF8) | |
| What to log in addition to virus activity: | ||
| Session settings | Off | |
| Session summary | On | |
| Failure to scan encrypted files | On |
On-Access Scanner (All Processes)
| Default Settings | Configured (if different) | |
|---|---|---|
| Use the settings on these tabs for all processes | On | |
| Use different settings for high-risk and low-risk processes | Off |
| Default Settings | Configured (if different) | |
|---|---|---|
| Scan files: | ||
| When writing to disk | On | |
| When reading from disk | On | |
| On network drives | Off | |
| What to scan: | ||
| All files | On | |
| Default + additional file types (0) | Off | |
| Specified file types (0) | Off | |
| What not to scan: | ||
| Exclude disk, files, folders (7) | Edited to exclude: \quarantine\ also see Note 1 below | |
| Edit Windows File Protection: | ||
| Files protected by Windows File Protection | Off | |
| What to exclude: | ||
| On read | On | |
| On write | On |
Note 1: The following exclusions are also configured by default (and can be used for computers running Windows 2000, XP, Vista and Windows Server 2003):
- %windir%\SoftwareDistribution\Datastore\Datastore.edb
- %windir%\SoftwareDistribution\Datastore\Logs\Edb*.log
- %windir%\SoftwareDistribution\Datastore\Logs\Edb.chk
- %windir%\SoftwareDistribution\Datastore\Logs\Res1.log
- %windir%\SoftwareDistribution\Datastore\Logs\Res2.log
- %windir%\SoftwareDistribution\Datastore\Logs\Tmp.edb
For VirusScan settings on Windows Server 2003 domain controllers and Windows 2000 domain controllers (including other useful tips on running VirusScan on Windows servers) please see the document http://www-tus.csx.cam.ac.uk/virus/server.html and the Microsoft Knowledgebase Article at http://support.microsoft.com/kb/822158.
| Default Settings | Configured (if different) | |
|---|---|---|
| Heuristics: | ||
| Find unknown unwanted programs and trojans | On | |
| Find unknown macro viruses | On | |
| Compressed Files: | ||
| Scan inside archives (e.g. Zip) | Off | On |
| Decode MIME encoded files | Off | |
| Miscellaneous: | ||
| Scan files opended for Backup | On |
| Default Settings | Configured (if different) | |
|---|---|---|
| When a virus is found: | ||
| Primary action | Clean files automatically | |
| Secondary action | Delete files automatically |
| Default Settings | Configured (if different) | |
|---|---|---|
| Detection: | ||
| Detect unwanted programs | On | |
| When an unwanted program is found: | ||
| Primary action | Clean files automatically | |
| Secondary action | Delete files automatically |
Access Protection
| Default Settings | Configured (if different) | |
|---|---|---|
| Access Protection Rules: | ||
| Enable Access Protection | On |
| Categories | Block | Report | Rules | ||
|---|---|---|---|---|---|
| Default | Configured | Default | Configured | ||
| Anti-virus Standard Protection | Prevent registry editor and Task Manager from being disabled | ||||
| Prevent user rights policies from being altered | |||||
| Prevent remote creation/modification of executable and configuration files | |||||
| √ | Prevent remote creation of autorun files | ||||
| Prevent hijacking of .EXE and other executable extensions | |||||
| Prevent Windows Process spoofing | |||||
| √ | √ | Prevent mass mailing worms from sending mail | |||
| √ | Prevent IRC communication | ||||
| Prevent use of tftp | |||||
| Anti-virus Maximum Protection | Prevent svchost executing non-Windows executables | ||||
| Protect phonebook files from password and email address stealers | |||||
| Prevent alteration of all file extension registrations | |||||
| Protect cached files from password and email address stealers | |||||
| Anti-virus Outbreak Control | Make all shares read-only | ||||
| Block read and write access to all shares | |||||
| Common Standard Protection | √ | √ | Prevent modification of McAfee files and settings | ||
| √ | √ | Prevent modification of McAfee Common Management Agent files and settings | |||
| √ | √ | Prevent modification of McAfee Scan Engine files and settings | |||
| Protect Mozilla & Firefox files and settings | |||||
| Protect Internet Explorer settings | |||||
| Prevent installation of Browser Helper Objects and Shell Extensions | |||||
| Protect Network Settings | |||||
| √ | Prevent common programs from running files from the Temp folder | ||||
| √ | √ | Prevent termination of McAfee processes | |||
| Common Maximum Protection | Prevent programs registering to autorun | ||||
| Prevent programs registering as a service | |||||
| Prevent creation of new executable files in the Windows folder | |||||
| Prevent creation of new executable files in the Program Files folder | |||||
| √ | Prevent launching of files from the Downloaded Programs Files folder | ||||
| Prevent FTP communication | |||||
| Prevent HTTP communication | |||||
| User-defined Rules | None set by default | ||||
| Default Settings | Configured (if different) | |
|---|---|---|
| Prevent McAfee services from being stopped | On |
| Default Settings | Configured (if different) | |
|---|---|---|
| Log file | On (default file) | |
| Limit size of log file | 1 MB | |
| Format | Unicode (UTF8) |
Buffer Overflow Protection
| Default Settings | Configured (if different) | |
|---|---|---|
| Enable buffer overflow protection | On | |
| Warning mode | Off | |
| Protection mode | On | |
| Show the messages dialog box when a buffer overflow is detected | On |
| Default Settings | Configured (if different) | |
|---|---|---|
| Log file | On (default file) | |
| Limit size of log file | 1 MB | |
| Format | Unicode (UTF8) |
On-Delivery E-mail Scanner
| Default Settings | Configured (if different) | |
|---|---|---|
| Attachments to scan: | ||
| All file types | On | |
| Default + additional files | Off | |
| Specified file types | Off |
| Default Settings | Configured (if different) | |
|---|---|---|
| Heuristics: | ||
| Find unknown program viruses | On | |
| Find unknown macro viruses | On | |
| Find attachments with multiple extensions | Off | On |
| Compressed Files: | ||
| Scan inside archives (e.g. Zip) | On | |
| Decode MIME encoded files | On | |
| E-mail message body: | ||
| Scan e-mail message body | On |
| Default Settings | Configured (if different) | |
|---|---|---|
| When an infected attachment is found: | ||
| Primary action | Clean attachments | |
| Secondary action | Move attachments to a folder | |
| Move to folder | Quarantine | |
| Allowed Actions in Prompt dialog box: | ||
| Clean attachment | On | |
| Delete attachment | On | |
| Move attachment | On | |
| Delete Mail (for Outlook Scan only) | On |
| Default Settings | Configured (if different) | |
|---|---|---|
| E-mail Alert: | ||
| Send alert mail to user | Off |
| Default Settings | Configured (if different) | |
|---|---|---|
| Detection: | ||
| Detect unwanted programs | On | |
| When an unwanted attachment is found: | ||
| Primary action | Clean attachments | |
| Secondary action | Move attachments to a folder |
| Default Settings | Configured (if different) | |
|---|---|---|
| Log file: | ||
| Log to file | On (default log file) | |
| Limit size of log file | 1 MB | |
| Format | Unicode (UTF8) | |
| What to log in addition to virus activity: | ||
| Session settings | Off | |
| Session summary | On | |
| Failure to scan encrypted files | On |
| Default Settings | Configured (if different) | |
|---|---|---|
| Server Scanner Settings: | ||
| Scan all server databases | Off | |
| Scan server mailboxes | On | |
| Mailbox root folder | !!mail\ | |
| Advanced Options : | ||
| Leave as default settings! |
Unwanted Programs Policy
| Default Settings | Configured (if different) | |
|---|---|---|
| Detection for DAT's: | ||
| Spyware | Off | On |
| Adware | Off | On |
| Remote Administration Tools | Off | |
| Dialers | Off | On |
| Password Crackers | Off | On |
| Jokes | Off | |
| Key Loggers | Off | On |
| Other Potential Unwanted Programs | Off |
| Default Settings | Configured (if different) | |
|---|---|---|
| User-defined detections: | Nothing set! |
AutoUpdate
Schedule Button:
| Default Settings | Configured (if different) | |
|---|---|---|
| Schedule Settings: | ||
| Enable (schedule task etc.) | On | |
| Stop the task if it runs for | Off | |
| User Account Settings: | None |
| Default Settings | Configured (if different) | |
| Schedule: | ||
|---|---|---|
| Schedule Task | Daily | |
| Start Time | 17.00 (Local Time) | 14.00 (Local Time) |
| Enable Randomisation | On (1 hour) | |
| Run missed task | On (5 minutes) | |
| Schedule Daily Task Every | 1 day | |
| Log File: | (default log file) | |
| Format | Unicode (UTF8) | |
| Update Options: | ||
| Get newer detection definition files if available | On | |
| Get newer detection engines if available | On | |
| Get other available updates (SP's, upgrades etc.) | On | |
| Update Options: | None set |
Tools Menu, Edit AutoUpdate Repository List...
| Default Settings | Configured (if different) | |
|---|---|---|
| NAIHttp | On (Enabled) | |
| NAIFtp | On (Enabled) | |
| Added the following repositories (and move to top of the list): | ||
| Primary | Computing Service FTP (moved to top position | |
| Secondary | Computing Service HTTP (moved to second position) |
| Default Settings | Configured (if different) | |
| Don't use a proxy | Off | |
| Use Internet Explorer proxy settings | On | |
| Manually configure the proxy settings | Off | |
| Use authentication for HTTP | Off | |
| Use authentication for FTP | Off |
Quarantine Manager
| Default Settings | Configured (if different) | |
|---|---|---|
| Quarantine Folder | C:\QUARANTINE\ | |
| Automatically delete quarantined data | On | |
| Number of days to keep backed-up data in the quarantine folder | 28 |
It should be noted that the 'Scan all fixed disks' option under the VirusScan console has been left in it's default state - not scheduled.
The title of this document is:
McAfee VirusScan Enterprise 8.5i configuration settings
URL:
http://www-tus.csx.cam.ac.uk/virus/VSE85config.html
