Concerning to Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition MP2 (build 6.0.2.XXX)
You can use the following methods to increase productivity of Kaspersky Anti-Virus:
- Restrict scan area (for the tasks of Real-time files protection and On-demand scan)
For each Anti-Virus task you can exclude from scan any files or folders. You can also select which file types should be scanned by the Anti-Virus in the set areas (scan all files, by content or by masks/ extensions)
- Protection mode (for the Real-time file protection task)
Using this setting you can determine when an object will be scanned by Anti-Virus (the Real-time file protection task > Properties > the Protection mode tab).
- Scan only new and changed files
- Do not monitor file activity of the specified processes (for the Real-time file protection task)
List of trusted processes can be created in the trusted zone of Kaspersky Anti-Virus.
- Increase number of the Anti-Virus working processes, in which the application performs tasks of anti-virus protection of the server.
- Consider Microsoft recommendations
In the automatic mode you can enable this option when installing Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition.
- Restrict scanned objects by size (only for compound objects) and by scan time (for the tasks Real-time file protection and On-demand scan)
- Consider Microsoft recommendations when using Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition on a mail server.
If you use Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition and a third-party anti-virus application to protect your mail server, in Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition exclude from scan (for the tasks Real-time file protection and On-demand scan):
- virtual disc M: (for Microsoft Exchange Server 2000 only),
- temporary directory that is used by the anti-virus for mail servers;
- the quarantine directory to which anti-virus mail servers will quarantine infected objects (if the mail anti-virus has such option).
- Use iChecker technology (for the tasks Real-time file protection and On-demand scan)
The operating principle of the iChecker technology is based on the counting and comparing cyclic redundancy check (CRC). Before each scan the current Check sum of the file is compared to the previously calculated Check sum. Check sum changes every time the object is modified. This information is saved in a special table. During the next scan of an object the previous and current check sums are compared. If the check sum is different it means the object was changed and it should be scanned for a malicious code once again, if the check sum is the same, the object was not changed and therefore it is not scanned.
Once the Anti-Virus is installed the data in the table are erased at each database update for the next tow weeks. Not modified files are scanned anyway during this period. Data of check sums can be erased occasionally if the file still remains unmodified, but less often in the course of time. If the file was not modified for year since the Anti-Virus installation then the file’s check sum will never be deleted from the table.
The table of check sums is common for all anti-virus scan tasks.
Advantages of iChecker technology:
- Copy of the previously scanned object is recognized in any other folder, message or archive.
- iChecker technology allows working with objects on removable drivers, start-up objects, mail attachments, etc.
- Uses resources of Windows OS to optimize and accelerate the speed during the first scan of start-up objects and first full scan.
Restrictions of iChecker technology:
- The technology does not work with big files as in this case it is faster to scan the file then to calculate its check sum.
- The technology works with limited number of formats (such as exe, dll, lnk, ttf, inf, sys, com, chm, zip, rar).
By default the usage of iChecker technology is enabled. The technology can be disabled for each task separately – in the Settings of the selected task on the Performance tab.
(for the tasks Real-time file protection
and On-demand scan
The technology has been developed for NTFS file system. In this system NTFS-identifier is given to each object. This NTFS-identifier is compared with the values in the special iSwift database. If the values do not coincide with the NTFS-identifier then the object is scanned or rescanned, if it has been changed.
This algorithm considers the previous scan date and decides whether the object should be re-scanned or not. The decision is based on a geometric series with some random elements: for example if from the moment of the first scan to the last scan the same period or more passed then the object will be re-scanned. The algorithm does not consider intermediate object scans and their number, only the time period between the first and the last scan is considered. The object will be also scanned in the case of the object settings being changed to stricter ones.
Advantages of iSwift technology:
- iSwift is quicker than iChecker, as it does not calculate check sums of scanned objects.
- It works with objects of any formats, sizes and types.
Restricitions of iSwift technology:
- The technology is connected to a definite file location in the file system. If the file was copied/ relocated then it is scanned again.
- The technology can be used for NTFS file system only. That is why it does not function in Microsoft Windows 98SE/ME/XP64 OS.
By default the use of iSwift technology is enabled. The technology can be disabled for each task separately – in the Settings of the selected task on the Performance tab.
- Use iNetSwift technology (for the tasks Real-time file protection and On-demand scan)
This technology allows excluding from scan files which are stored on other computers with Kaspersky Anti-Virus installed and iNetSwift technology enabled. To such products refer:
- Kaspersky Anti-Virus 6.0 for Windows Workstations
- Kaspersky Anti-Virus 6.0 fro Windows Servers
- Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
- Kaspersky Anti-Virus 6.0 / 7.0
- Kaspersky Internet Security 6.0 / 7.0
Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition is installed on the server. When scanning the file Price.doc the Anti-Virus on the protected server gives the verdict that the file is not infected because of enabled iSwift technology (Object not infected. Reason: object scanned using iSwift database).
Kaspersky Anti-Virus 6.0 for Windows Workstations is installed on a workstation. You are trying to open (not to copy) the file Price.doc from this workstation on the server.
As a result Kaspersky Anti-Virus 6.0 for Windows Workstations will not scan this file but will give the file the not infected status.
Such behaviour of the Anti-Virus is possible only if at the same time the Anti-Virus installed on the server finds the file not infected because of iSwift!
Being directly connected to the technology iSwift the technologies iNetSwift and iSwift are enabled\disabled simultaneously – be checking\clearing the box Use iSwift technology in the Settings of the selected task on the Performance tab. it is also possible to disable iNetSwift technology only (without iSwift) For it add to the system registry the following parameter:
If Novell Client For Windows XP/2003 version 4.71 or above is installed on the server, the iNetSwift technology does not function! This parameter is added to the registry during the installation of Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition.