Creating a Portable Scanner

Before creating the Portable Scanner, make sure that there is no running Portable Scanner database update process.

To create a Portable Scanner:

In the notification area, in the context menu of the application icon, select the Open Compact Diagnostic Interface.
In the Compact Diagnostic Interface window that opens, click the Create Portable scanner link.
A New Portable Scanner Wizard window opens at the welcome step.

To proceed to the next step of the wizard, click Next.
If required, import the Portable Scanner settings from a previously created XML file.
1. Click Import.
2. In the window that opens, select the XML file containing the Portable Scanner settings.
3. Click the Open button.
  The settings from the XML file will be displayed at the subsequent wizard steps.
Add the key file required for creating the Portable Scanner.
1. Click Key files (*.key).
2. In the window that opens, select the key file for the Portable Scanner.
3. Click the Open button.
The license information will be displayed in the wizard window.
Enable the actions to be performed by the Portable Scanner when the device starts.
- Scan selected area with antivirus bases. A Portable Scanner scans a selected area for viruses and other threats. A Portable Scanner applies the default security level: Disinfect. Remove if disinfection fails.
- Record traffic from all network interfaces. A Portable Scanner records inbound and outbound traffic from a device being scanned for a specified amount of time.
- Perform security audit. Depending on the settings, a Portable Scanner can scan a device for vulnerabilities, assess device security and operating system compliance, or collect device configuration data using rules written in OVAL and XCCDF.
Set up a scan scope.
1. Click the Add button.
2. In the Scan area window that opens, select the type of object to add:
  - Predefined area, if you want the scan scope to include one of the predefined scopes on the protected device. Then in the drop-down list, select the desired scan scope.
  - Drive or folder, to include a single drive or folder in the scan scope. Then, in the Browse window that opens, select the scope.
  - File, to include a single file in the scan scope. Then, in the Browse window that opens, select the file.
3. Click ОК in the Scan area window.
4. Repeat steps a through c for each scan scope item you add.
5. Enable or disable the scan scope items by selecting or clearing the check box to the left of the scan scope name.
Configure the scan.
1. Click Scan settings.
  The Scan settings window opens.
2. On the General tab, select the appropriate options:
  - Scan objects
    The following options are available:
    
    All objects
    Objects scanned by format
    Objects scanned according to the list of extensions specified in the anti-virus database
    Objects scanned according to the specified list of extensions
    Scan disk boot sectors and MBR
    Scan alternate NTFS streams
  - Scan of compound objects
    The following options are available:
    
    Archives
    SFX archives
    Email databases
    Packed objects
    Plain mail
    Embedded OLE objects
3. On the Advanced tab, select the appropriate options:
  - General settings.
    Restore file attributes after scanning
    If a file is opened during the scan, the last accessed time for the file is updated. As a result, the archivers and cloud storages recalculate file data to transfer it to a cloud or to a backup. To avoid the recalculation process, you can restore the last accessed time after scanning is performed. By default, the option is disabled.
    Limit CPU usage for scanning threads
    This setting is used to avoid making the computer hang during scanning. This option may be crucial for industrial systems, where the main software is not supposed to freeze. By default, the option is disabled.
  - Folder for temporary files created during scanning
    Click the Browse button to specify the Folder for temporary files that will be created during scanning. By default, temporary files are created on the USB drive.
  - Action to perform on detected objects
    Disinfect. Remove, if disinfection fails.
    Quarantine is unavailable for the Portable Scanner, so leaving a probably infected object may be unsafe. Use this option to remove the detected file if disinfection fails. By default, the option is enabled.
    Notify only
    Use this option for a quick scan. The security officers take the security measures when receiving a notification about the detected objects. Use this option for systems, where the workflow is not supposed to be interrupted by removing the industrial software modules. By default, the option is disabled.
  - Actions on unmodifiable compound files
    Select the following option if applicable.
    
    Entirely remove compound file that cannot be modified by the application in case of embedded object detection.
4. On the Performance tab, select the appropriate options:
  - Exclusions.
    Exclude files
    Use this option to exclude the files from scan scope and not remove them if detected. You can both specify a full path and use a mask. By default, the option is disabled.
    Do not detect
    Use this option to avoid detection and subsequent removal of the objects. You can both specify a full path and use a mask. By default, the option is disabled.
  - Advanced settings
    Stop scanning if it takes longer than (sec)
    Use this option for scanning large files and the network when scanning takes a long time to complete. If it takes too long to scan an object, the timeout terminates the frozen process and the scanner proceeds with the scan scope examination. By default, the option is disabled.
    Do not scan compound objects larger than (MB)
    Use this option to accelerate scanning. For example, you may want to skip the 100 GB database archives and exclude them from the scan scope. By default, the option is disabled.
    Use iChecker technology
    For more information about iChecker technology, please refer to this article. By default, the option is enabled.
If required, under Network traffic recording, change the period for the Portable Scanner to record inbound and outbound traffic from the device being scanned. The default is 300 seconds.
Under Source of rules for performing security audit, select the rule source that the Portable Scanner will use to audit device security.
- Kaspersky ICS CERT vulnerabilities database for SCADA. If this source is selected, the Portable Scanner scans the device for all vulnerabilities described in the OVAL rules, in the Kaspersky ICS CERT for ICS vulnerability database.
- Rules for collecting host configuration data. When this source is selected, the Portable Scanner collects configuration data from the host.
  Rules collect the following host data:
  - running services
  - Installed drivers
  - Scheduled tasks
  - Installed applications and patches
  - Names of shared network resources
  - Startup items
  - Host information (IP address, DNS name)
  - Local users and groups
  - Host hardware.
- Compliance and security configuratons for operating systems. If this source is selected, the Portable Scanner checks the device operating system settings for compliance with the security standards described in the OVAL and XCCDF rules.
Kaspersky ICS CERT vulnerabilities database for SCADA, Rules for collecting host configuration data, and Compliance and security configuratons for operating systems are provided with the Portable Scanner databases. Therefore, before starting the Portable Scanner with at least one of the listed rule sources selected, make sure that the Portable Scanner databases are up to date.
- Custom rule base. If this source is selected, the Portable Scanner checks the device for vulnerabilities described in custom OVAL and XCCDF rules.
Select the removable drive where the Portable Scanner will be created:
- Removable drive. Removable USB drive. Select the removable drive from the drop-down list.
- Secure removable drive. Rutoken removable USB drive protected from reading, copying, and writing by the administrator password. If you have selected this option, select a secure removable drive at the next wizard step.
If required, enable Check the data of the Portable scanner after it is created.
This feature verifies the Portable Scanner data. For example, if you are planning to create several Portable Scanners in a row with the same settings, verifying data for the very first Portable Scanner and discovering the discrepancies at an early stage saves time.
If you selected Secure Removable Drive, select from the drop-down list the connected Rutoken removable drive where to set up the Portable Scanner.
Under Security settings, in the Enter the current password of administrator field, enter the administrator password set on the Rutoken removable drive to protect its contents from being read, copied, or written by potential intruders.
Change current administrator password if required.
1. Select the Change the current password of administrator. Only digits and latin characters are allowed check box.
2. Enter a new password in the appropriate field.
3. Retype the password in the appropriate field.
Click the Next button.
A wizard window opens containing a description of the Portable Scanner configuration.
If required, export the current Portable Scanner settings to an XML file.
1. Click Export.
2. In the window that opens, select the path where you want to save the XML file containing the Portable Scanner settings.
3. Enter a name for the XML file.
4. Click the Save button.
Click Create to create a Portable Scanner with the specified settings.

The portable scanner will be written to the selected removable drive. A Kavscan folder will appear on the removable drive, containing the files and folders required for the Portable Scanner to work.

If there is already a Portable Scanner on the removable drive, the wizard overwrites its files, except for reports.

If you decide to abort writing, the installation wizard terminates write operation without rolling back the changes made.

After you complete the setup, the wizard prompts you to create another Portable Scanner.

Page top