Chip: Special Survival Kit

home *** CD-ROM | disk | FTP | other *** search

/ Chip: Special Survival Kit / Chip_Special_Survival_Kit_fuer_PC_Anwender.iso / 02schutz / mcafee / vshld116 / vshld116.doc < prev next >

Wrap

Text File | 1994-09-01 | 45.7 KB | 1,157 lines

VSHIELD Version 5.61V116 VSHIELD1 Version 0.2 CHKSHLD Version 0.4 Copyright 1989-1994 by McAfee Associates. All rights reserved. Documentation by Aryeh Goretsky. McAfee Associates (408) 988-3832 office 2710 Walsh Avenue, Suite 200 (408) 970-9727 fax Santa Clara, CA 95051-0963 (408) 988-4004 BBS (25 lines) U.S.A USR HST/v.32/v.42bis/MNP1-5 CompuServe GO MCAFEE Internet support@mcafee.COM America OnLine MCAFEE TABLE OF CONTENTS SYNOPSIS . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 - What is VSHIELD? - System requirements AUTHENTICITY . . . . . . . . . . . . . . . . . . . . . . . . . .3 - Verifying the integrity of VSHIELD WHAT'S NEW . . . . . . . . . . . . . . . . . . . . . . . . . . .4 - New features and viruses added in this release OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . .41 - A note on switches - General description of VSHIELD OPERATION and OPTIONS. . . . . . . . . . . . . . . . . . . . . .7 - How to use VSHIELD, VSHIELD1, and CHKSHLD - Detailed explanation of switches - ERRORLEVEL's for batch file programming EXAMPLES . . . . . . . . . . . . . . . . . . . . . . . . . . . .15 - Samples of frequently-used options INSTALLATION . . . . . . . . . . . . . . . . . . . . . . . . . .16 - How to install VSHIELD on your system - A note on VSHIELD and networks VIRUS REMOVAL. . . . . . . . . . . . . . . . . . . . . . . . . .17 - What to do if a virus is found REGISTRATION . . . . . . . . . . . . . . . . . . . . . . . . . .17 - How to register VSHIELD TECHNICAL SUPPORT. . . . . . . . . . . . . . . . . . . . . . . .18 - Information you should have ready when calling APPENDIX A . . . . . . . . . . . . . . . . . . . . . . . . . . .19 - Creating an exception list for the /CERTIFY option APPENDIX B . . . . . . . . . . . . . . . . . . . . . . . . . . .20 - Sample CHKSHLD program script Page 1 VSHIELD Version 5.61V116 Page 2 SYNOPSIS VSHIELD is a virus prevention program for IBM PC and compatibles. VSHIELD prevents viruses from infecting your system. When VSHIELD first loads it will search memory, the master boot record (partition table), boot sector, system files, and itself for known computer viruses before going into memory as a Terminate-and-Stay-Resident (TSR) program. VSHIELD checks for viruses by scanning programs as they are run for virus signatures and/or validation codes added by VIRUSCAN. Infected programs are prevented from running and a a warning message is displayed by VSHIELD. VSHIELD also stops soft boots from disks infected by boot-sector viruses. VSHIELD optionally checks validation codes added by SCAN to check if a file has been altered or modified. This can be used to detect unknown (new) viruses. VSHIELD optionally check for viruses as files are copied or accessed. VSHIELD optionally provides access control functions to reduce the risk of virus infection from unauthorized software. Two discrete programs are available. The first, VSHIELD.EXE, checks for viruses using virus signatures and validation codes added by SCAN. The second, VSHIELD1.EXE, only checks validation codes added by SCAN. Both programs monitor all program loads from all disks unless otherwise specified. The VSHINST program installs an icon for VSHIELD under Windows 3.x. This icon can be used to toggle VSHIELD on and off. The VSHWIN program allows VSHIELD to display messages while Windows 3.x is running. The CHKSHLD program checks for VSHIELD in memory for use in network login scripts. VSHIELD will run on any PC with 256Kb and DOS 2.10 or above. VSHIELD1 uses 6Kb of memory. VSHIELD uses 46Kb of conventional memory if loaded normally, 25Kb of conventional memory if EMS is present, 5Kb of conventional memory if swapped-to-disk, and 1.5Kb of conventional memory if loaded into upper memory. VSHIELD Version 5.61V116 Page 3 AUTHENTICITY VSHIELD is packaged with VALIDATE, a program to ensure the integrity of the executable program files. The VALIDATE.DOC file describes how to use VALIDATE. The validation results for VSHIELD 5.61V116 should be: FILENAME: SIZE: DATE CHECK METHOD: CHKSHLD.EXE S:8,171 D:08-17-93 M1: 7B3C M2: 1B48 VALIDATE.COM S:12,197 D:03-24-92 M1: D5BB M2: 166F VSHIELD.EXE S:52,673 D:06-15-94 M1: B8E4 M2: 00F3 VSHIELD1.EXE S:18,833 D:06-24-93 M1: F414 M2: 13F5 VSHINST.EXE S:9,780 D:08-11-93 M1: 44A6 M2: 1D0F VSHWIN.EXE S:15,927 D:08-17-93 M1: 874E M2: 0CB1 If your copy of VSHIELD differs, it may have options stored to it with the /SAVE switch or been damaged by a virus. Run VSHIELD with just the /SAVE switch to remove any stored options and then re-run VALIDATE. Always obtain VSHIELD from a trusted source such as the McAfee BBS, CompuServe, or your local McAfee Agent. The latest version of VSHIELD and validation codes can always be found on our BBS at +1 (408) 988-4004. PKZIP AUTHENTICATION VERIFICATION All of McAfee Associates' programs are archived with Version 2.04g of PKWare's PKZIP Authentic File Verification. When unzipped with Version 1.10 of PKWare's PKUNZIP program, an "-AV" will be displayed after each file is unzipped and an "Authentic files Verified! # FZW807 McAFEE ASSOCIATES" will appear once all files are unzipped. NOTE: If you do not receive the Authentic File Verification messages, you may be using a different version of PKUNZIP, such as V1.10 or V1.93A. Use PKUNZIP Version 2.04g to unzip files if you wish to have Authenticity Verification displayed as files are unzipped. VSHIELD Version 5.61V116 Page 4 WHAT'S NEW Version 116 of VSHIELD adds detection of viruses added in Version 116 of VIRUSCAN. WHAT'S RECENT Two new options have been added in Version 108 of VSHIELD, the /BOOT and /NOFLOPPY options. The first switch, /BOOT, tells VSHIELD to check the boot sector of floppy disks whenever a diskette is accessed. The second, /NOFLOPPY, disables the boot sector checking of floppy disks, and should only be used when VSHIELD is run with the /ACCESS switch in an OS/2 Virtual DOS Machine (VDM) session to prevent a problem displaying directories. Starting with Version 107 of VSHIELD, support for the Lotus-Intel-Microsoft Expanded Memory Specification (LIM-EMS) version 3.2 has been added. If expanded memory is present, VSHIELD will automatically make use of it to store data in. This will reduce the amount of conventional memory or upper memory used to 25Kb, with the remainder of the program going into EMS. This can be disabled by running VSHIELD with the /NOEMS option. A new program, VSHINST, has been created. This program allows the user to selectively toggle VSHIELD's messages on and off in a Windows environment. The /LOCK switch now displays messages under Windows. For more information on viruses added in this release, please refer to the VIRUSCAN documentation, the accompanying VIRLIST.TXT file, or Patricia Hoffman's Hypertext VSUM. VSHIELD Version 5.61V116 Page 5 OVERVIEW VSHIELD is a memory-resident program that prevents virus infection. VSHIELD does this by checking programs as they are loaded by the computer. VSHIELD will not allow a file to run if a virus is found, a program does not match its validation code, or a file is not on the /CERTIFY list--this prevents the virus from entering your system. VSHIELD also checks for boot sector viruses during reboots and optionally checks for viruses during copy operations or whenever a disk is accessed. When VSHIELD is run from the AUTOEXEC.BAT, it is installed each time the system is turned on or rebooted. VSHIELD checks memory, the partition table, boot sector, system files, and itself for viruses prior to installation as a Terminate-and- Stay-Resident (TSR) program. It monitors all program loads for viruses. When a system is booted from an infected disk, VSHIELD will detect the virus the next time VSHIELD runs since VSHIELD must be in memory to detect the virus. VSHIELD has four user-selectable levels of protection: - Level I protection, provided by VSHIELD1, checks validation codes added by VIRUSCAN's /AV or /AG switches [see VIRUSCAN's documentation for more information]. Programs failing the validation check will not be allowed to run. VSHIELD1 also checks the partition table and boot sector validation codes, if present. Level I provides minimal protection only and is not recommended for normal use, VSHIELD is recommended instead. - Level II protection, provided by VSHIELD, checks programs for virus signatures, the pattern of code unique to each virus. If a virus is found, VSHIELD will not allow the program to run. VSHIELD will also prevent reboots from disks infected with a boot sector viruses. - Level III protection, provided by VSHIELD /CF {filename} or /CV, incorporates both Level I and Level II protection. - Level IV protection, provided by VSHIELD /CERTIFY, incorporates Level III protection with access control, specifying which programs can be run. VSHIELD Version 5.61V116 Page 6 Each level of protection has its advantages and disadvantages. VSHIELD1 (Level I) requires the least system overhead, using 6Kb of memory. It provides only minimal protection. VSHIELD (Levels 2-4) requires as much as 46Kb of conventional memory, this can be reduced to 25Kb by loading VSHIELD into EMS, or 1.5Kb by loading into upper memory. VSHIELD1 will add an average of one second to each program load. VSHIELD adds an average of one second to program loads and six seconds to reboots. Using the /SWAP option adds an additional second since VSHIELD must re-load itself from disk prior to checking another file. VSHIELD will not degrade the performance of the system once programs have been loaded, except for programs which load other programs when the /ACCESS or /COPY options are being used. NOTE: VSHIELD and VSHIELD1 should not be used simultaneously. Either one or the other should be used, but not both. CHKSHLD is run to see if VSHIELD is in memory. CHKSHLD can look for the presence of any version of VSHIELD, or a specific version (a feature that can be used to update a workstation from its file server). INTERNET ACCESS TO McAFEE ASSOCIATES SOFTWARE The latest versions of McAfee Associates' anti-viral software is now available by anonymous ftp (file transfer protocol) over the Internet from the site mcafee.COM. If your domain resolver does not support names, use the IP# 192.187.128.1. Enter "anonymous" for your user I.D. and your own email address for the password. Programs are located in the pub/antivirus directory. If you have any questions, please send email to support@mcafee.COM McAfee Associates' anti-viral software may also be found at the SimTel archive site oak.oakland.edu in the pub/msdos/virus directory and its associated mirror sites WUARCHIVE.WUSTL.EDU (US), NIC.SWITCH.CH (Swiss), NIC.FUNET.FI (Finland), SRC.DOC.IC.AC (UK), and ARCHIE.AU ( (Australia). VSHIELD Version 5.61V116 Page 7 OPERATION and OPTIONS IMPORTANT NOTE: CREATE A BACKUP DISK BY COPYING VSHIELD TO A BLANK FLOPPY AND WRITE-PROTECT IT To provide optimal protection against viruses VSHIELD (or VSHIELD1) should normally be placed at the end of the AUTOEXEC.BAT. However, if a menu program is run from the AUTOEXEC.BAT, VSHIELD should be loaded before it. Popular menu programs include MS-DOS's DOSSHELL, etc. Loading disk cache or network driver programs after VSHIELD may disable it. To prevent this from happening, re-run VSHIELD with the /RECONNECT switch. CHKSHLD should be run from the network login script. An ERRORLEVEL is returned if VSHIELD is in memory. This can be used for creating scripts to check and update VSHIELD. A NOTE ON VSHIELD'S SWITCHES VSHIELD is designed to provide a high degree of protection even when none of the switches below are used. Placing VSHIELD in the AUTOEXEC.BAT file with no options provides sufficient protection for virtually all environments. If available memory is at a premium, the /LH (Load High) or /SWAP (Swap-to-Disk) options can be used to minimize memory usage. Other options should be used only if required due to non- standard systems or special security needs. VSHIELD provides many options for flexibility in meeting the needs of corporate, network, and secure environments but trade-offs in system overhead and user restrictions must be carefully evaluated. EMS USAGE VSHIELD offers support for the Lotus-Intel-Microsoft Expanded Memory Specification (LIM-EMS) version 3.2. If expanded memory is present, VSHIELD will automatically make use of it to store data in. This will reduce the amount of conventional memory or upper memory used to 25Kb, with the remainder of the program going into EMS. EMS usage can be disabled by running VSHIELD with the /NOEMS switch. The /SWAP and /CF {filename} cannot be used with EMS memory. VSHIELD Version 5.61V116 Page 8 Valid options for VSHIELD are listed below: VSHIELD {options} Options are: /ACCESS - Check for virus when files are opened /BOOT - Check floppy boot sector when accessed /CERTIFY {filename} - Enable access control ({filename} is an optional exception list) /CF {filename} - Check for viruses using recovery & validation data stored in {filename} /CHKHI - Check memory from 0-1088Kb for viruses /CONTACT {message} - Display {message} when virus is found /COPY - Check for viruses during COPY operations /CV - Check validation codes added by VIRUSCAN /IGNORE {drive(s)} - Ignore program loads from specified drive(s) /LH - Load VSHIELD into upper memory blocks /LOCK - Halt system when a virus is found /M - Scan memory for all viruses during install (see restrictions below) /NB - Disable boot sector check during install and reboot /NI6510 - Fixes Racal Datacomm NI6510 conflict /NOBREAK - Disable Ctrl-C / Ctrl-Brk during install /NOCONT - Prevent running of non-certified programs /NODISK - Disable boot sector check during install only /NOFLOPPY - Disable boot sector check of floppy drives /NOEMS - Disable LIM-EMS 3.2 memory support /NOMEM - Skip memory checking /NOREMOVE - Disable /REMOVE switch /ONLY {drive(s)} - Check program loads from specified drive{s} /RECONNECT - Re-link system interrupts after network drivers are loaded /REMOVE - Unload VSHIELD from memory /SAVE - Save specified switches as new defaults /SWAP {pathname} - Load kernel (5Kb) only; swap rest to disk /F {pathname} - Use with /SWAP for DOS 2.1 systems ONLY /WINDOWS {pathname} - Install VSHWIN Windows compatibility module VSHIELD Version 5.61V116 Page 9 The /ACCESS option tells VSHIELD to check for viruses whenever a program is opened, such as during DOS operations (ATTRIB, COPY, DIR, REN, and so forth) and file manipulation by menu, shell, and utility programs. This option is intended for high risk environments such as open-use computer labs, help desks, and software developers. It will slow down any program file accesses by approximately 15-20%, as such it is not recommended for use with the /CF, /CV, or /CG options for performance reasons. This option will not work with the /BOOT, /COPY, or /SWAP options. NOTE: /ACCESS must be used in place of /COPY for checking COPY operations with 4DOS or the Windows File Manager. The /BOOT option tells VSHIELD to check the boot sector of floppy disks whenever they are accessed. This options does not work from within Windows File Manager. For virus checking within Windows, use the /ACCESS switch instead. This switch does not work with the /ACCESS, /COPY, or /SWAP options. The /CERTIFY option prevents files without validation codes added by VIRUSCAN from being run. For this option to work, the /CF {filename}, /CG, or /CV switches must be used. This option is primarily for system administrators to prevent users from running programs that could introduce a virus. An exception list of "trusted" files can be created to allow use of programs that do not work correctly with validation codes attached. For instructions on creating an exception list, refer to Appendix A. NOTE: Running /CERTIFY without an exception list or validation codes will prevent all programs except for DOS internal commands from running. The /CF option checks recovery and validation data stored by VIRUSCAN's /AF option. If a file or system area has changed, VSHIELD will report that a viral infection may have occurred. The syntax is /CF {filename}, where {filename} is the name of the recovery and validation data file created by VIRUSCAN. The /CF switch cannot be used with EMS memory and must be used with the /NOEMS switch. The /CG option checks recovery and validation data stored by VIRUSCAN's /AG option. If a file or system area has changed, VSHIELD will report that a viral infection may have occurred. The /CHKHI option checks memory above 640Kb on 286/386/486 systems for viruses. This covers the Upper Memory Area from 640 - 1024K, and the High Memory Area from 1024 - 1088K. This option cannot be used with the /NOMEM option. VSHIELD Version 5.61V116 Page 10 The /CONTACT option is used to display a custom message when a virus is found. The message can be up to 50 characters long and contain any character except for a backslash "\". Messages starting with a hyphen "-" or slash "/" must be placed into quotation marks. The /COPY option checks files for viruses during COPY operations and checks the floppy drives for boot sector viruses during COPY and DIR operations. The /COPY option does not work with 4DOS or the Windows File Manager; to check COPY operations done by them use the /ACCESS option instead. This option cannot be used with the /ACCESS, /BOOT, or /SWAP options. The /CV option checks validation codes added by SCAN to .COM and .EXE files. If a file has changed it will no longer match its validation code and VSHIELD will report the file has been modified and a viral infection may have occurred. For instructions on adding validation codes, refer to VIRUSCAN's documentation. The /F option is required for using /SWAP under DOS 2.0. The /F option tells VSHIELD what path to swap from. The complete path must be specified after the /F. The /IGNORE option tells VSHIELD to ignore program loads from specified drives. Ignored drives will NOT be checked for viruses. Up to 26 drives may be ignored. /IGNORE is designed for use with LAN's that have virus protection and is not recommended for PC's or networks with no anti-viral software. The /LH option loads VSHIELD into upper memory. For /LH to work, an expanded memory manager such as Microsoft's EMM386, Quarterdeck's QEMM, Helix' NetRoom, or Qualitas' 386^MAX should be used. This option cannot be used with /SWAP. The /LOCK option halts the system if a virus is found so that infection cannot occur. It is recommend that the /CONTACT switch be used to tell the user what to do when the system halts. The /M option checks base memory for all known memory- resident viruses before VSHIELD installs in memory. By default, VSHIELD only checks memory for critical (stealth) viruses. If a critical virus is found during installation, VSHIELD will stop and advise the user to turn off the PC, boot from a clean (virus-free) DOS system disk and scan the system for viruses. For a listing of critical viruses, please refer to the VIRUSCAN documentation. This option cannot be used with the /NOMEM option. VSHIELD Version 5.61V116 Page 11 The /NB option tells VSHIELD to skip the partition table and boot sector check during installation and reboots. This option can be used to load VSHIELD from a network server. The /NI6510 option prevents a conflict between VSHIELD Racal-Datacomm NI6510 network interface cards: when a PC was rebooted, a stream of corrupted packets would be sent across the network. The problem and solution is specific the NI6510 and does not apply to any other product. The /NOBREAK option prevents Ctrl-C and Ctrl-Brk from stopping VSHIELD during the installation process. The /NOCONT option prevents the user from proceeding after the "Proceed Anyway? Y/N" message when running non-certified programs. The /NODISK option disables the boot sector and partition table check during installation. This option can be used to load VSHIELD from a network server. The /NOFLOPPY option disables checking the boot sector of floppy disks from the A: and B: drives. The /NOEMS option prevents VSHIELD from using expanded memory. It must be used with the /CF and /SWAP switches. The /NOMEM option skips the memory check for viruses during installation. It should only be used when a PC is known to be virus-free. This option cannot be used with the /CHKHI or /M options. The /NOREMOVE option prevents VSHIELD from being unloaded with the /REMOVE option. This option cannot be used with the /REMOVE option. The /ONLY option tells VSHIELD to check program loads only from the specified drives. All other drives will be ignored. This option cannot be used with the /IGNORE option. The /RECONNECT option is used to restore VSHIELD's link into DOS after another program has disabled it, such as a network driver or disk cache. This eliminates the need to continually load and unload VSHIELD when logging on to a network. The /REMOVE option unloads VSHIELD from memory. If other memory resident programs are loaded after VSHIELD, then VSHIELD cannot be unloaded. This option can be disabled by installing VSHIELD with the /NOREMOVE option. VSHIELD Version 5.61V116 Page 12 The /SAVE option is used to store VSHIELD options for subsequent executions of VSHIELD. Options are stored by modifying the VSHIELD.EXE executable file. For example: VSHIELD /LH /M /NOBREAK /SAVE will set the VSHIELD defaults to /LH, /M, and /NOBREAK. If VSHIELD is run with just the /SAVE switch, then all options are removed and VSHIELD executes with its original default settings. The /SWAP option tells VSHIELD to install a small (3Kb) kernel in memory and load itself on demand. If a path is specified after /SWAP, VSHIELD will swap from that path instead of the path from which it is being executed. The /SWAP option cannot be used with the /COPY or /ACCESS options. The /NOEMS switch must be used if /SWAP is used. NOTE: The /SWAP parameter should only be used if limited amounts of memory are available for programs. It is recommended that VSHIELD be used without the /SWAP option whenever memory permits for performance reasons. The /WINDOWS option allows VSHIELD to display messages under Windows 3.X in a Windows dialogue box. It does this by copying VSHWIN.EXE file into the Windows directory and adding it to the WIN.INI file to run when Windows is started. By default, VSHIELD searches for a directory named \WINDOWS on the currently-logged drive. If Windows is not on the current drive, then a {pathname} may be specified telling VSHIELD where to install VSHWIN.EXE (and WIN.INI). NOTE: This option now installs the Windows display program and needs to be run once. NOTE: For the VSHWIN program to display messages under Windows, VSHIELD must be run with the /ACCESS switch. ERROR LEVELS After VSHIELD has installed itself in memory, it will set the DOS ERRORLEVEL. ERRORLEVEL's are used in batch files to pass along the results of a programs's actions. The ERRORLEVEL's returned by VSHIELD are: ERRORLEVEL │ DESCRIPTION ═══════════╪═══════════════════════════════════════════════ 0 │ No viruses found 1 │ One or more viruses found 2 │ Abnormal termination (program error) VSHIELD Version 5.61V116 Page 13 VSHIELD1 Valid options for VSHIELD1 are listed below: VSHIELD1 /NB /REMOVE Options are: /NB - Disable boot sector checking during install and reboot. /REMOVE - Unload VSHIELD1 from memory The /NB option tells VSHIELD1 to skip the partition table and boot sector check during installation and reboots. The /REMOVE option unloads VSHIELD1 from memory. If other memory resident programs are loaded after VSHIELD1, then VSHIELD1 cannot be unloaded. VSHINST VSHINST allows VSHIELD to display a status icon on the Windows Desktop which can be used to toggle VSHIELD on and off. To run VSHINST, choose the Run command from the Windows File Manager and enter the full path name of VSHINST. The VSHINST program creates a Group named MCAFEE in the Windows directory and then adds an icon for VSHIELD to the group. For VSHINST to be installed and work correctly the Windows Program Manager must be the default shell; VSHWIN has been installed with the VSHIELD /WINDOWS; and Windows must be running in protected mode. VSHIELD Version 5.61V116 Page 14 Valid options for CHKSHLD are listed below: CHKSHLD /DEBUG /Q /V "xxxxx" /? /H /HELP Options are: /DEBUG - Display version and ERRORLEVEL /Q - Quiet mode (no messages displayed) /V "xxxxx" - Check for version "xxxxx" of VSHIELD in memory /? /H /HELP - Display help screen The /DEBUG option displays the version of VSHIELD resident in memory and the DOS ERRORLEVEL on the screen. The /Q option stops CHKSHLD from displaying any messages. The /V option tells CHKSHLD to look for a specific version of VSHIELD in memory. For example, "5.4 V104" for VSHIELD 5.4 V104. NOTE: Double quotes must be used if a space appears between the release and version numbers. The /?, /H, and /HELP options display a help screen. CHKSHLD's ERRORLEVELS CHKSHLD sets the DOS ERRORLEVEL to the following values: ERRORLEVEL │ DESCRIPTION ═══════════╪═══════════════════════════════════════════════ 0 │ VSHIELD is resident, or if /V is used, the │ version specified is resident in memory. 1 │ VSHIELD is resident but does not match /V 2 │ VSHIELD is NOT resident in memory 3 │ Abnormal termination (program error) OPERATION CHKSHLD allows network administrators to check workstations for VSHIELD before allowing them to log on to a network. CHKSHLD is not recommended for home or non-network users. A sample login script for Novell NetWare is included in Appendix B. VSHIELD Version 5.61V116 Page 15 EXAMPLES The following examples show different option settings: VSHIELD Installs VSHIELD (Level II protection) VSHIELD /CV Installs VSHIELD (Level III protection) VSHIELD /CERTIFY EXCPTN.LST Installs VSHIELD (Level IV protection) with an exception list named EXCPTN.LST. VSHIELD /SWAP Installs VSHIELD kernel in memory and swaps from root directory of disk with DOS 3.0 and above. VSHIELD /SWAP /F C:\ Installs VSHIELD kernel resident and swaps from root directory of disk with DOS 2.0 system. VSHIELD /CV /CONTACT "Please Contact the PC Help Desk" Installs VSHIELD (Level III protection) and display a message if virus is found. VSHIELD /M /CHKHI /CV /LH Installs VSHIELD (Level III protection) checking for all memory resident viruses in base and high memory prior to install, load VSHIELD high VSHIELD /RECONNECT Re-enable VSHIELD after it has been disconnected by network device drivers. VSHIELD /CF C:\MCAFEE\SCANCRC.CRC Install VSHIELD with Level III protection checking recovery & validation data file created by VIRUSCAN's /AF option. VSHIELD /WINDOWS D:\WINDOWS Installs VSHIELD's VSHWIN.EXE display driver in Windows directory on drive D:. CHKSHLD /V "5.50 V107" /Q Checks for VSHIELD 5.50 V107 in memory, no messages displayed. VSHIELD Version 5.61V116 Page 16 INSTALLATION For optimum protection, place VSHIELD as the last line in your AUTOEXEC.BAT file. If you are using a menu program, place VSHIELD before it in the AUTOEXEC.BAT. A NOTE ON VSHIELD AND NETWORKS If network drivers are loaded after VSHIELD, VSHIELD *MUST* be run again with the /RECONNECT option AFTER the network drivers are loaded. This is because network drivers replace the normal DOS system interrupts so VSHIELD no longer recognizes program loads. It is recommended that VSHIELD be used in non-swap mode if free memory permits. Use of the /SWAP option will slow down the system and may cause conflicts with programs that fail to allocate memory properly from the system. If conflicts occur, remove the /SWAP option and reboot the system. If there is not enough memory to load VSHIELD in non-swap mode, then VSHIELD1 should be used instead. Networks other than Microsoft LAN Manager with workstations running Windows 3.0 and printing to an HPLJ II (or compatible) printer over the network occasionally have problems with random blocks of memory being sent to the printer when VSHIELD is installed. This is because other network operating systems may not redirect the printer correctly. This can be fixed by changing all occurrences of the text "LPT1:" to "LPT1.PRN:" while leaving the "LPT1.OS2:" text alone in WIN.INI or upgrading to Windows 3.1. If VSHIELD is to be run from a network drive, it should be flagged as EXECUTE ONLY, READ ONLY, and SHAREABLE. If the PC is booted from a local drive, the /NODISK option should be used. If the PC is booted from a boot ROM on a NIC, the /NB switch should be used. VSHIELD Version 5.61V116 Page 17 VIRUS REMOVAL What do you do if a virus is found? You can contact McAfee Associates for help by BBS, FAX, telephone, Internet, or CompuServe. There is no charge for support calls to McAfee Associates. The CLEAN-UP universal virus disinfection program can disinfect virtually all reported computer viruses. It is updated with each release of the SCAN program to remove new viruses. CLEAN-UP can be downloaded from McAfee Associates' BBS, the mcafee.COM site on the Internet, the McAfee Virus Help Forum on CompuServe, or from any of the agents listed in the enclosed AGENTS.TXT file. It is strongly recommended that you get experienced help in dealing with viruses if you are unfamiliar with anti-virus software and methods. This is especially true for 'critical' viruses and partition table/boot sector infecting viruses as improper removal of these viruses can result in the loss of all data and use of the infected disk(s). [For a listing of critical viruses, please refer to the VIRUSCAN documentation.] For qualified assistance in removing a virus, please contact McAfee Associates directly or any of the Authorized McAfee Associates Agents in your area. Agents may charge McAfee Associates normal support rates for their services. If you wish to remove a file-infecting virus manually, you can run SCAN with the /A and /D switches to erase all infected files. Before removing a boot sector and partition table-infecting virus, it is recommended that you cold boot the infected PC from a clean DOS disk and backup any critical data. REGISTRATION A registration fee of US$25.00 is required for the use of VSHIELD by individual home users. Registration entitles the holder to unlimited free upgrades from McAfee Associates' BBS or the Computer Virus Help Forum on CompuServe and technical support for one year. When registering, a disk containing the latest version may be requested for an additional US$9.00 Only one diskette mailing will be made. Registration is for home users only and does not apply to businesses, corporations, organizations, government agencies, or schools, who must obtain a license for use. Contact McAfee Associates directly or an Authorized Agent for information on licensing. VSHIELD Version 5.61V116 Page 18 TECHNICAL SUPPORT For fast and accurate help, please have the following information ready when you contact McAfee Associates: · Program name and version number. · Type and brand of computer, hard disk, plus any peripherals. · Version of DOS plus any TSRs or device drivers in use. · Printouts of your AUTOEXEC.BAT and CONFIG.SYS files. · A printout of what is in memory from the MEM command (DOS 4 and above users only) or a similar utility. · The exact problem you are having. Please be as specific as possible. Having a printout of the screen and/or being at your computer will be helpful. McAfee Associates can be contacted by BBS, CompuServe, FAX, or InterNet 24 hours a day, or by telephone at (408) 988-3832, Monday through Friday, 7:00AM to 5:30PM Pacific Time. McAfee Associates, Inc. (408) 988-3832 office 2710 Walsh Avenue, Suite 200 (408) 970-9727 fax Santa Clara, CA 95051-0963 (408) 988-4004 BBS (25 lines) U.S.A USR HST/v.32/v.42bis/MNP1-5 CompuServe GO MCAFEE InterNet support@mcafee.COM America OnLine MCAFEE VSHIELD Version 5.61V116 Page 19 APPENDIX A: Creating an Exception List for the /CERTIFY Option NOTE: The /CERTIFY option is for use in environments where a significant risk of virus infection from unauthorized software exists. It is not for environments where new software is introduced on a continuous basis. Exception List data files created with an editor or word processor must be saved as ASCII text files. Be sure each line ends with a CR/LF pair. When VSHIELD is used with the /CERTIFY option only files that have been validated by SCAN are allowed to run. If /CERTIFY with an Exception List is used on a system with no files validated by SCAN then only the files listed in the Exception List will be allowed to run. The Exception List uses the following format: d:\pathnam1\filenam1.ext *comment . . d:\pathnam1\filenam2.ext *more comments Where "d:" is the name of the drive, "\pathnam1\" is the name of the path, and "filename.ext" is the name of the file, including the extension. An Exception List can be up to 1,000 characters long. Comment lines are preceded with an asterisk "*" and are ignored by VSHIELD. Running /CERTIFY without an exception list will prevent all programs other than DOS internal commands from being run. VSHIELD 5.61V116 Page 20 APPENDIX B: Miscellaneous Application Notes SAMPLE NOVELL LOGIN SCRIPT AND .BAT FILE FOR VSHIELD AND CHKSHLD The following is a sample system login script for use by Novell NetWare system administrators. The login script gets the ERRORLEVEL from Novell NetWare and then displays the error messages on the users' screens. The script exits the user to a .BAT file that performs a logout if there is an internal error with CHKSHLD, VSHIELD has not been installed, or an older version of VSHIELD is present when a PC logs on to a network. __________ START OF SAMPLE NOVELL SYSTEM LOGIN SCRIPT __________ CHKSHLD /V "5.4 V104" IF ERROR_LEVEL = "3" THEN FIRE PHASERS 5 TIMES WRITE "A CHKSHLD internal error has occurred." WRITE "Please contact the Help Desk." #COMMAND /C NOLOGIN.BAT EXIT ELSE IF ERROR_LEVEL = "2" THEN FIRE PHASERS 5 TIMES WRITE "VSHIELD has not been installed on your PC." WRITE "Access Denied. Please contact the Help Desk." #COMMAND /C NOLOGIN.BAT EXIT ELSE IF ERROR_LEVEL = "1" THEN FIRE PHASERS 5 TIMES WRITE "An old version of VSHIELD has been installed." WRITE "Access to the network has been denied. Please" WRITE "contact the Help Desk to have a new version WRITE "installed." #COMMAND /C NOLOGIN.BAT EXIT END END END ___________ END OF SAMPLE NOVELL SYSTEM LOGIN SCRIPT ___________ _______________ START OF SAMPLE nologin.bat FILE _______________ ECHO OFF REM Log the user off of the network LOGOUT ________________ END OF SAMPLE nologin.bat FILE ________________ More complex login scripts can be created to send a message to the supervisor if an error has occurred, update the user's VSHIELD.EXE as he logs in to the network, etc. For security purposes, the NOLOGIN.BAT file should be placed on the user's local hard disk.