6. NETWORK ADMINISTRATION
Table of Contents Index Page Technical Support Introduction Installation Using Command AntiVirus Boot Record Support DOS Recovery Network Administration CSS Central
This chapter covers network administration techniques for installing, upgrading, and operating Command AntiVirus (CSAV). These techniques can be combined to support local workstations as well as off-site users.

For first time installations, Command AntiVirus can be placed on the server and users can install to their local hard drive. This can be done as an interactive procedure as described in the "Installing CSAV from the Server" section.

There are always new viruses surfacing. To provide system protection against new viruses, Command Software Systems provides six to twelve upgrades of Command AntiVirus per year. When you download Command AntiVirus electronically, you will receive a single, large, executable file. Place this file in a temporary directory and execute it. It is a self-extracting file.

Upgrading Command AntiVirus can be accomplished easily by using the Automatic Update feature available with the full product. The use of this feature is described in the section called "Automatic Update". You can also simply reinstall Command AntiVirus when you receive an upgrade.

This chapter will also cover some of the procedures and tools available to the administrator, such as:

  • Restricting users from disinfecting viruses and scanning networks.
  • Preventing users from disabling DVP.
  • Using the batch files supplied with Command AntiVirus.
  • Administrative utility programs.

INSTALLING CSAV FROM THE SERVER

This method allows each workstation to install Command AntiVirus manually without using installation diskettes.

There are two batch files used for simplifying the server-level distribution process. NETDISK.BAT and ONEDISK.BAT both provide an "installation directory" on the server. You would choose NETDISK.BAT if you are working from the installation diskette set you have received from Command Software. You would choose ONEDISK.BAT if you have downloaded the F95_XXXC.EXE (where XXX indicates the version) file from our BBS or FTP site.

USING NETDISK.BAT

NETDISK.BAT is on the installation diskettes that you have received from Command Software.
NOTE: You must run NETDISK.BAT from the server. By doing so, the files needed for server-to-workstation installation can be copied to a shared directory.
To use NETDISK, follow these steps:
  1. Create a shared CSAV directory on the server and then change to that directory.
  2. Insert Command AntiVirus Installation Disk #1 into drive A of your workstation or server.
  3. Copy NETDISK.BAT from drive A to the shared directory that you created in Step 1.
  4. From within the shared directory, type the following command:
    NETDISK A:
  5. Press Enter. The system displays a brief instructional screen.
  6. When you have finished reading the instructions, press Enter to continue.
  7. Insert Command AntiVirus Installation Disk #1 into drive A.
  8. Follow the screen instructions. When the copying is compete, any user with instant access to the shared directory that you created in Step 1 can run INSTALL from DOS or SETUP from Windows to perform a standard installation of Command AntiVirus from the server to the user's local hard drive.

USING ONEDISK.BAT

Although ONEDISK.BAT is similar to NETDISK.BAT, you use ONEDISK.BAT with downloaded versions of Command AntiVirus, not with installation diskettes.

If you download Command AntiVirus, you will receive a large executable file.

To use this file, you need to place it in a separate, temporary directory and run it. When you run the downloaded file, it produces several other files, one of which is ONEDISK.BAT.

The following instructions will help you use ONEDISK.BAT.

You can also find instructions for using ONEDISK.BAT in INSTALL.DOC, which is contained in the downloaded file.

  1. Create a shared directory on the server for Command AntiVirus installation files.
  2. Change to the temporary directory that contains the downloaded files. For example, at the command line type:
    CD C:\DOWNLOAD A:
  3. Press Enter.
  4. Type ONEDISK followed by the drive and path of the shared directory that you created in Step 1. For example, if you created the directory "CSAV" in the "PUBLIC" directory on drive F, at the command line, type:
    ONEDISK F:\PUBLIC\CSAV
  5. Press Enter. When the copying is complete, any user with access to the shared directory that you created in Step 1 can run SETUP from Windows to perform a standard installation of Command AntiVirus to their local hard drive.
For example, from the Start menu in Windows, choose Run. Be sure to specify the path and press Enter. For example:
ONEDISK F:\PUBLIC\CSAV\SETUP

AUTOMATIC UPDATE

If you have several workstations, each with a different operating system, you can perform a partial or full-product update of Command AntiVirus on each station directly from a server by using our Automatic Update feature. This feature provides system administrators with the ability to distribute and update the program quickly on multiple workstations in a multi-platform environment with no user interaction.
You can obtain a current copy of CSAV from our web site, BBS or FTP. The Help file in Command AntiVirus contains a link directly to the update page on our web site. To use this, select "Access our web site" from the Help Index.
Automatic Update operates by placing Command AntiVirus files in a unique parent directory in a shared location on the network. When the user starts the computer, the Automatic Updates process compares the dates of the files on the workstation with those on the server. If the server dates are newer, the server responds by automatically updating the workstations with the newer program files.
For example, if only the definition (*.DEF ) files have changed since the last update, then only those files will be updated. If a new version is available, then the program begins a complete SETUP.
Component updates are not visible to the user. At most, the user may notice that the system is a bit slower. With full-product updates, the system displays the SETUP screens, but no action is required.
NOTE: To use the Automatic Update feature, Command AntiVirus must be installed on each workstation. For new installations, you must run SETUP manually from the workstation or use CSS Central to deploy new product.
The following instructions will help you use the Automatic Update feature:
  1. In a shared location on the network, create a unique parent directory to store the update files. This directory is referred to as the remote setup location. For example:
    \NEWFPROT
  2. Download and extract the latest definition files and copy them to the remote setup location.
  3. Create a subdirectory for each platform to be updated. For example:
    \NEWFPROT\CSAV95
  4. Copy ALL of the product files into their respective subdirectories. Although it is not necessary, it is helpful to create subdirectories under each platform directory to contain full product, component updates, and signature files. For example, you may want to create the following directory structure:
    \NewFPROT

    \NewFPROT\CSAV95

    \NewFPROT\CSAV95\FULL

    \NewFPROT\CSAV95\COMP

    \NewFPROT\CSAV95\PROD

  5. Using Notepad or any text editor, create a file named CSSFILES.INI. For each platform specified in the automatic update directory structure, create a section in this .ini file. An example, CSSFILES.INI file follows:
    [Win95-ANTIVIR]

    BaseDir=S:\NewFPROT\CSAV95

    FULLPROD=full\

    COMPONT=comp\

    DEFFILES=sign\

    [NT40_S-ANTIVIR]

    BaseDir=S:\NewFPROT\CSAVNTS

    FULLPROD=full\

    COMPONT=comp\

    DEFFILES=sign

UNC paths can be substituted for mapped drives if desired.
  1. If you have not yet installed CSAV throughout your enterprise, follow Steps 7 through 12; otherwise, skip to Step 12.
  2. Locate the SETUP.INI file and search for: AutoUpdateDir=
  3. Type in the location of the remote setup location after the equal sign. For example:
    AUTOUPDATEDIR=S:\NEWFPROT
  4. Locate [UserFiles].
  5. Type in the location of the CSSFILES.INI file that you created.
  6. Save the changes.
  7. CSAV is now ready to be installed throughout the enterprise. With the modifications just made, CSAV will be configured to check the NewFPROT directory at each login to search for new files to update. If CSAV is already installed and you want to modify workstations manually, follow Steps 13 through 17.
  8. Open Command AntiVirus.
  9. Click "Preferences".
  10. Click "Advances". Click the "Automatic Update" dialog tab.
  11. Click "Browse". The system displays the "Browse Open "dialog box.
  12. Select the drive\path of the remote setup location. For example:
S:\NEWFPROT
The directory path must point to the remote setup location which contains the CSSFILES.INI regardless of whether you are performing partial or full-product updates.
NOTE: When the drive\path selected is a network drive, the selection is converted to a Universal Naming Convention (UNC) path.
  1. Click OK. The "Browse Open" dialog box closes.
  2. Click OK. The update occurs automatically when the user restarts the computer or if the user leaves the computer on, between 4 a.m. and 5 a.m.
NOTE: Once you complete this process, workstations are updated automatically each time you place updated files in the remote setup location and setup subdirectory.
Component updates are not visible. At most, the user may notice that the system is a bit slower. With full-product updates, the system displays the SETUP screens, but the user does not need to take any action.
NOTE: If the updated files require that you restart your system for the changes to take effect, the system displays the following message:
"We have updated some files in this release. These files and some settings will not take effect until a reboot is performed. In the interim your system remains fully protected."
As soon as an update takes place, the program does not automatically update again for at least 24 hours. The Update Now button allows the user to update the individual workstation immediately.
There are no restrictions to prevent the user from changing the path of the remote setup location. If the user changes the path, the updates will be made from the path specified.
NOTE: To turn off the Automatic Update feature, leave the remote setup location blank.
For more information about the Automatic Update dialog boxes and the Update Now button, refer to Using Automatic Update located in the Using Command AntiVirus chapter.

CSS CENTRAL

CSS Central provides system administrators with an easy-to-use interface for distributing, updating and modifying Command AntiVirus from one location. From this central location, you can change your Preferences settings as well as create and modify individual scanning tasks. Now it is easier than ever to install and update your Command AntiVirus software.

For more information, refer to the Using CSS Central chapter.

RESTRICTING USERS

FPWCFG.EXE is a utility that allows Administrators to control some of the key functions of Command AntiVirus for Windows 95. FPWCFG.EXE allows the administrator to prevent a user from turning off the real-time protection provided by DVP, restrict a user from scanning network drives, and disable a users' ability to disinfect a virus.

LOCATING FPWCFG.EXE

If you have received Command AntiVirus for Windows 95 on diskette, the FPWCFG.EXE file can be located on one of your installation diskettes. If you have downloaded a copy of Command AntiVirus for Windows 95, the FPWCFG.EXE file will be in the download directory after you have unzipped all files. Keep in mind, however, FPWCFG.EXE will never be installed as part of the setup routine.

USING FPWCFG.EXE

FPWCFG.EXE can be used by system administrators after installation to modify the Command AntiVirus for Windows 95 file, F-PROT32.EXE. You can use it to modify F-PROT32.EXE as many times as necessary. If you will be implementing any of the control features offered by FPWCFG.EXE, do not provide a copy of FPWCFG.EXE to your users.

Creating new distribution diskettes

If you distribute Command AntiVirus for Windows 95 on diskette, you will discover how easy it is to create a new substitute for disk #2 using our installation program. Before beginning this process, have a clean formatted diskette ready.

Install Command AntiVirus to a local workstation using the diskettes you received. However, when you run SETUP, add the word ADMIN. For example, from Start/Run type: A:Setup Admin

The installation will proceed as normal. When prompted, you will be able to modify Command AntiVirus (for details see the following section Configuring Command AntiVirus), and a new disk #2 will be created automatically, with your configuration. The new disk can then be substituted for the one we shipped, but it will not contain FPWCFG.EXE.

Creating a new setup for network distribution

If you have downloaded Command AntiVirus for Windows 95, and have the files inflated in a directory on a hard drive (which would be the case if you used our ONEDISK batch file), we provide a similar method whereby the files needed for setup are saved with your modifications. The sequence to accomplish this is as follows.

First, create a unique directory to download your copy of Command AntiVirus for Windows 95. For demonstration purposes, we will name the directory FPWTEST and we will assume the Command AntiVirus program was downloaded to C: drive. Execute or unzip the file so its contents are extracted.

Next, select Start/Run from Windows 95. In the "Run" line type:

C:\FPWTEST\ONEDISK.BAT C:\FPWTEST


The ONEDISK batch file will run, and a setup file located on C: drive will be created for Command AntiVirus in the FPWTEST directory.

From Start/Run enter the following:

C:\FPWTEST\SETUP ADMIN


Setup will begin as usual. The easiest way to continue is to select the default settings. When prompted, you will be able to modify Command AntiVirus (for details see Configuring Command AntiVirus). Configure Command AntiVirus and then save. After saving, the file FP95.CSS will include your changes. In the scenario presented above, the contents of the FPWTEST directory could then be copied to a network drive where users could run Setup.

When setup is run by the user, a modified version of Command AntiVirus, reflecting your changes, will be installed.

CONFIGURING COMMAND ANTIVIRUS


FPWCFG.EXE Opening Dialog box
Before attempting to make any changes to F-PROT32.EXE, be sure to close Command AntiVirus.

To begin making your changes, either copy FPWCFG.EXE to the hard drive or run it from the diskette. One way to execute the FPWCFG file is to find it from Explorer and double-click it. When FPWCFG.EXE is run, the dialog box shown above will display. The browse button allows you to locate F-PROT32. EXE, the file you need to modify. Once the path to F-PROT32.EXE is displayed in the "Configure" text field, you can modify the "User name" and the "Organization" field or choose "Options"/images/wdmanual/IMG00027.

While it is not necessary to do so, administrators can use the "User name" and "Organization" fields to indicate that Command AntiVirus has been modified to their specifications. Simply type name and organization in the available text field. The entries will then become part of the F-PROT32.EXE file. Thereafter, any time FPWCFG.EXE is executed, the information will display. Any alpha-numeric entry will be accepted, so if you prefer to enter a date or other reference in these fields you can do so.

When you select "Options" the "Options" dialog box will open. When we ship Command AntiVirus, all options are enabled. Therefore, the first time you view the F-PROT32.EXE file, all items are shown as selected, i.e. with an "X" in the checkbox. Configure Command AntiVirus to your needs and choose "OK"/images/wdmanual/IMG00027. After choosing "OK" you are returned to the "Command AntiVirus Config" dialog box. To finalize your changes, select "Save"/images/wdmanual/IMG00027. The dialog box will close and you will now have a customized configuration for Command AntiVirus for Windows 95.


FPWCFG Configuration Options

Command AntiVirus Capabilities

To prevent users from scanning network drives, the "Scan Network" checkbox should be cleared. This will eliminate unnecessary network traffic. If a user has an existing scan task for scanning network drives, then that task will no longer execute. In the report window, a message will display which says "This version is unable to scan network drives." Additionally, if a new task is created, the checkbox for "Select all network drives" in the "Properties" dialog box, is grayed out.

The "Allow Disinfection" checkbox can be cleared if you prefer to monitor and perform all disinfection yourself. When you configure F-PROT32.EXE so that disinfection cannot be performed, the "Action to take" drop down list box will be grayed out and it will have "Report only" status. Existing scans will no longer be able to disinfect, and new scan tasks will not have a choice.

F-PROT32 Options

The "Active Protection" menu item, located under the "Preferences" menu, allows you to configure the real-time protection provided by DVP (the Dynamic Virus Protection) and Memory Scanning. With DVP active, administrators can rest assured that diskettes, CD-ROMS and other new files introduced to the workstation/network environment, are scanned for viruses. DVP provides an important layer of protection against viruses. If a user disables DVP, however, that layer of protection is lost. For this reason, many administrators do not want the users to have this ability. By clearing the checkbox for "Active Protection", the user will be unable to access the "Active Protection" menu item.

BATCH FILES

The following batch file provides options that can simplify the administrator's distribution tasks.

XDISK.BAT

After downloading Command AntiVirus update file, you can use the XDISK.BAT file to create a set of high-density (1.44Mb) installation diskettes. The letter "X" represents the number of diskettes which is different for each platform.

Use the following instructions to create the diskettes:

  1. Format the appropriate number of 3.5 inch, high-density diskettes and label them Installation Disk #1, #2, #3, etc.
  2. Run XDISK.BAT with the destination drive as its only parameter.
  3. In a DOS window, change to the folder that contains the installation files (make sure XDISK.BAT is there) and at the command line type:
    XDISK A:
    Or from the Start menu, you can use the "Run" dialog box if you specify a path.
  4. Press Enter. The system prompts you to insert a blank 3.5 inch high-density diskette.
  5. Insert Installation Disk #1 and follow the on-screen instructions. The system prompts you for the remaining diskettes.
  6. After copying the installation files, write-protect the diskettes.
You can use these diskettes to install Command AntiVirus. To install the program:
  1. Insert Installation Disk #1 into Drive A.
  2. From the Start menu choose "Run" and type: A:\SETUP
  3. Press Enter.
  4. Follow the screen instructions to complete the installation of the program.

TEST UTILITIES

There is a self-extracting file provided on the distribution diskettes called SE_EICAR.EXE that contains a file called EICAR.COM. The purpose of the EICAR (European Institute for Antivirus Research) test file is to provide an industry standard solution to test antivirus products. The EICAR test file is the result of a cooperative effort between various antivirus researchers. You may use this file in a variety of ways. For example, you can safely verify real-time protection is active and demonstrate what happens when a virus is found.



Test
Drives
Year
2000
Site
Map
Customer
Service
Press
Room
Awards/
Reviews
Global
Resellers

 Home


Command Software, Inc. Command Software Systems, Inc.
1061 East Indiantown Road · Suite 500
Jupiter · FL   33477
Phone: (561) 575-3200