README FIRST! Command AntiVirus for NT Server

Command Software is proud to introduce Command AntiVirus 
version 4.54 SP1 with our HoloCheck(tm) scanning technology and 
CSS Central for true centralized administration and deployment. 
Our HoloCheck scanning technology provides improved polymorphic 
virus detection and currently detects over 24,300 viruses.
Before installing or running Command AntiVirus for the first time,
please verify that your Command AntiVirus disks are write-protected.
If you suspect your computer has a virus, boot from a floppy disk that
is write-protected, and then scan for viruses.
To insure that your system is completely virus-free, reboot your
computer immediately after installing Command AntiVirus, and perform
a manual scan of your local drives. This is especially important if
you have not been running anti-virus software prior to this.
For a list of international distributors of Command AntiVirus,
see the DISTRIB.TXT file.
The file called FILEINFO.TXT is a list of file descriptions and files
that have changed since the previous release.
Please read the Multi-Platform Quick Start Guide that is included
with the installation files. It provides installation instructions
and an overview of Command AntiVirus for all platforms. The guide
is located in a file named MQCKST.PDF. This file can be read with
the Adobe(r) Acrobat(r) Reader that is included on the Command
AntiVirus CD.
The Command AntiVirus CD contains a folder named ADOBE. In
this folder, there is a README.TXT file that provides instructions
on how to view the Multi-Platform Quick Start Guide.
If you have downloaded Command AntiVirus, you will need Adobe
Acrobat Reader to view the guide. You can download Acrobat
Reader from Adobe Systems Incorporated through our web site
Notes on Command AntiVirus for NT Server (CSAV) 
Version 4.54 SP1 (Service Pack 1)
New virus signatures have been added in this release.
SCR (screen saver) and RTF (Rich Text Format) files are now
scanned by default. SCR files are scanned because they
are susceptible to some Windows 95/98 viruses. RTF files are
scanned because infected DOC files that have had their extensions 
changed to "RTF" can still infect other Word documents and
CSAV now scans for ASCII-based viruses such as BAT viruses, JavaScript 
viruses and malicious applications, and VBScript viruses. CSAV also 
detects mIRC scripts containing malicious code.
Better detection for Excel macro and field viruses has been added.
The scanning of MDB files is improved. 
Disinfection for polymorphic viruses such as W97M/Class that are 
found in the wild is new and improved. Selective disinfection allows
you to remove the macro virus and all traces of the disinfection
process. In password-protected documents, CSAV removes the virus but 
leaves traces of the disinfection process behind. In both instances,
the original document is preserved.
None for this release.
To update Command AntiVirus with this service pack, you must run
the service pack's SETUP.EXE program. Note that only the 
components that require updating will be modified. 
If you plan to update to CSS Central version 1.04, update all
client stations to Command AntiVirus version 4.54 prior to 
performing the CSS Central update. This allows you to avoid 
complications that can arise due to changes that were made to 
the communication port settings in CSS Central version 1.04. 
Notes on Command AntiVirus for NT Server
version 4.54
New virus signatures have been added for this release.
Command AntiVirus for Windows NT Server is Year 2000-compliant. 
For more information regarding the functionality of Command 
Software products with regard to the Year 2000 issue, please 
visit our web site at:
The scan engine has been optimized for faster scanning.
This includes faster scanning of a wider variety of compound
files including Microsoft Word and Excel files.
Command AntiVirus for Windows NT Server now detects Java viruses
and Access 97 viruses. Disinfection ability will be added in an
upcoming release.
Additional support for compressed executable files has been added. 
Specifically, compressed executables are scanned in memory. This
allows for faster of compressed files.
The server-to-workstation communications subsystem has been
updated. As a result, the SETUP.INI file now contains a section
called [PROTOCOLS]. You can use the keys in that section to:
	Install the TCP/IP agent
	Install the IPX/SPX agent
	Change the default IP port
	Change the default SPX port
Also, the default IP port has been changed from 2411 to 2412.
The default SPX port remains 34258.
To provide improved compatibility with a variety of e-mail
systems, CSAV now keeps MAPI sessions open only as long as
needed for individual operations. Prior to this, MAPI sessions
remained open as long as CSAV was running.
WINTDIST.EXE and WINT351.EXE are now provided with CSAV for
Windows NT Server. WINTDIST.EXE is used by Windows NT 4+.
WINT351.EXE is used by Windows NT 3.51. These files are
Windows Internet (WinInet) API system files that provide better
FTP functionality. The proper files for your platform
are automatically installed by CSAV for Windows NT Server.
These files also automatically hang-up the connection
established by scheduled FTP downloads made through our
separate CSS Central product. The WinInet files also provide
CSAV with better error reporting.
Under Client32, users without administrator rights were unable
to update DEF files from an automatic update directory located
on a Windows NT server. This is fixed.
It is now possible to enter user names longer than 14
characters in length in the Service Account user name text
box. This allows the use of long names that may include
any necessary domain information.
In some situations, the file exclusion feature was not functioning
properly. This is fixed.
Occasionally, F-AGENT created a blank taskbar button. This is fixed.
If you are updating CSS Central by reinstalling over an existing 
version and you want to retain your existing CSS Central 
information, back up the CSS Central database files prior to 
performing the reinstallation. These files use a .CCA extension, 
and by default, they are located in the CSS Central program 
directory. After the reinstallation, copy the .CCA files back to 
your CSS Central program directory.
If you choose to uninstall CSS Central and perform a clean 
installation and you want to retain your existing CSS Central 
information, back up the CSS Central database files prior to the 
uninstall. These files use a .CCA extension, and by default, they
are located in the CSS Central program directory. We also suggest 
that you back up the following two files:
        CSSFTP.INI   -- Contains the CSS Central FTP connection 
        CSSDWNLD.LOG -- Contains the record of the update files 
                        downloaded by CSS Central.
After the installation is completed, copy the .CCA files, the 
CSSFTP.INI file, and the CSSDWNLD.LOG file back into the CSS Central 
program directory.
Microsoft Access (MDB) database files are now scanned by default. 
If you determine that real-time scans are noticeably slower, remove 
the .MDB extension from the Files To Include list. Then, create a 
scheduled scan task that periodically scans all the files in your 
Microsoft Access folders.
Unless you are reinstalling the same version of Command
AntiVirus, we strongly recommend that you do not modify the
"CopyFile=YES" keys in the SETUP.INI file. Changing the
CopyFile value to "NO" may prevent the proper execution
of the "ModifyCfg" and "MakeIcon" keys. These keys are used
in advanced kinds of installations. If you do not have an 
in-depth knowledge of the product, do NOT alter these keys.
The Automatic Update feature does not update certain CSAV files.
These files are:
Do not place the above-mentioned files in the Automatic Update 
component update directory for CSAV for Windows NT Server.
Command AntiVirus for Windows NT Server has been tested
successfully under Windows NT 4.0 with Service Pack 4.
To provide flexible multi-language support, the following
files are now included in the product:
	FPROTLNG.DLL -- the language file for F-PROT
	FAGENLNG.DLL -- the language file for F-AGENT
	OLEAUT32.DLL -- provides OLE Automation support
	WINTDIST.EXE -- WinInet (Windows Internet API) system
			files for Windows NT 4.0+ in a
                        self-extracting format
	WINT351.EXE  -- WinInet files for Windows NT 3.51
                        in a self-extracting format
CSAV for NT Server no longer uses the ENGLISH.TX0 file.
Notes on Command AntiVirus for NT Server (CSAV) version 4.52
New virus signatures have been added for this release.
On some computers, manually setting the "Files to Exclude"
attributes inside SETUP.INI resulted in those attributes
not being saved. This situation has been fixed.
Conflicts between CSAV for NT Server and various developer
tools such as Microsoft Visual C++ 5.0 have been fixed. The
specific problem involved receiving blue screens when
MS Visual C++ 5.0 either saved or compiled information on
Windows NT 4.0 systems.
Fixes have been implemented for (1) occasional difficulties
experienced in renaming or deleting some files (such as
EXE files) on Novell drives while using Client32 and for
(2) problems with saving Microsoft Excel (.XL?) files on
Novell drives while CSAV for NT is loaded.
Difficulty with releasing Microsoft Excel file handles on
on Novell NetWare 4.10 servers under Client32 has been fixed.
Manually scanning a read-only NetWare directory with the
Command AntiVirus GUI set to "Disinfect" or "Disinfect/Query"
would result in constant rescanning of the first virus-infected
document encountered. That problem has been fixed.
On very rare occasions, Command AntiVirus would shutdown if a
task that included a boot sector scan was launched. That
problem has been fixed.
If you are deploying Command AntiVirus version 4.52 via CSS
Central, we recommend that you first update to the latest
version of CSS Central. This will assure a smooth
deployment process.
Currently, the following files cannot be automatically updated
as components in CSAV for Windows NT:
However, those files can be automatically updated as part of
a FULL update.
During a manual scan of a floppy disk from within the Command
AntiVirus GUI, you may receive the error message, "Error scanning
boot sector". The message appears only during the first scan of
a diskette and, despite it, your system is fully protected. The
cause of the message is under review and the issue will be fixed
in the next release of Command AntiVirus for Windows NT.
Notes on Command AntiVirus for NT Server Version 4.51
Command AntiVirus' HoloCheck(tm) scanning technology has been updated
to provide better detection and disinfection of Excel macro viruses.
We have also added heuristic scanning technology to provide greater
protection against unknown virus threats.
We have added improved flexibility to the installation allowing the
installation of CSS Central to be turned off through the INI file.
We have modified the on-access protection so that system data files
are no longer scanned. This eliminates the possibility of their
attributes being altered.
Scans after inactivity have been modified so that only one such scan
runs at a time, and it stops when activity resumes.
We do not recommend setting scans after inactivity on servers.
Upon completion they require a keystroke to review the report
which resets the inactivity scan.
When scheduling scans or setting up tasks to scan Novell volumes
using the Microsoft Client for NetWare, you must specify path names as
UNC drives rather than mapped drives. If mapped drives are specified under
these conditions, the scans will not run.
Notes on Command AntiVirus for NT Server (CSAV) version 4.50
Command AntiVirus boasts our HoloCheck(tm) scanning technology,
providing the most up-to-date virus protection. The most important
benefits of this technology are:
  *  Simplified updates. You can now update the SIGN.DEF and
     Macro.def files (which contain the most current virus signatures)
     without reinstalling all of the components. This method adds
     speed and efficiency to the new version of Command AntiVirus.
  *  Superior polymorphic virus detection. CSAV now offers
     unparalleled protection and elimination of polymorphic viruses
     including the dreaded Morphine, Anxiety and Spanska.
  *  Scanning of embedded (OLE) documents. Not only do we scan
     documents, but if an infected document is embedded in an Excel
     spreadsheet or PowerPoint document, Command AntiVirus will catch
     it and save you from becoming infected.
  *  Support for nested zip files.
New virus signatures have been added in this release.
F-MACRO.EXE is no longer included as a separate utility since all
of its features are now incorporated into the main scanner.
We have significantly changed our automatic update features. You can
use the full capabilities of CSS Central to automate the download and
deployment of files, or you can download manually and use the automatic
update features to distribute the updates. The directory structure now
utilized is different. We have provided utilities and features to
facilitate this migration. Documents explaining the upgrade process
from CSAV version 4.00 to CSAV version 4.50 as well as first time
installation and set-up are available. They can be found on the web
through a link on the download page or by directly accessing the support
The ability to add user-defined strings is not supported by the
new design of CSAV.  The architecture of our HoloCheck technology makes
this feature obsolete without compromising protection.
The rescue disk will now contain the RESCUE.DAT file. Due to size
limitations, the rescue disk is no longer bootable. You
must have a separate bootable floppy disk for your machine.
SE_UTIL is no longer included in the CSAV for Windows 95 & Windows 98
file set.  However, SE_UTIL can still be downloaded from our FTP site.
Due to the introduction of CSS Central, SE_UTIL will be phased out.
Command will support SE_UTIL through 12/1/98.  After that date,
customers can continue to use the utility though we will no longer
update it.
Our CSS Central module allows the addition of on-site or remote
computers or workgroups to your system.  Remote computers may be identified
by IP address (numerical) or by name.
Due to changes in the functionality of the scan engine, the tab for
Memory Scanning under Preferences|Active Protection now only shows
one option. When enabled, the first 640k of memory will be scanned.
Media such as Jazz drives are reported by different operating systems
as either Fixed or Removable media. Because of this, they cannot be
classified by Command AntiVirus as one or the other.  Jazz drives will be
scanned when Scan All Drives is selected or by installation of specific
Platform specific command line scanners, referred to as console
versions, are new to this release.  These are designed to coordinate
with the on-access scanners of their respective operating systems,
providing seamless integration and interaction.
Based on your system configuration and scheduled scans, you may
encounter low memory situations when scanning large drives or file
sets. If you encounter this situation, increase your pagefile.sys
by 20 mb.  Other remedies include scanning smaller file sets,
deselecting zip files or deselecting "Show All Files Scanned".
We recommend that you do not enable Scan All Network Drives from
any of our workstation products. Performance on busy servers
may be adversely affected by the additional network traffic.
Adding long names, whether filename or extension, in the Files to
Exclude list (through Preferences|Files to Include/Exclude) will result
in the files not actually being scanned because of truncation of the
CSS Central is included as part of the server installation.
CSS Central cannot deploy full product updates to computers that were
installed through a shared installation (setup netadmin).  If you want to
maintain this type of installation, you need to run setup netadmin
with version 4.5x of Command AntiVirus.  Task files, preferences and
component updates can be deployed through CSS Central.
Command AntiVirus for NT Server must be installed to an
NT Server installation, not a workstation. The workstation product
cannot be installed to a server.
For former DataFellows customers only: If you use the silent
installation method, you must uninstall the DataFellows version
of anti-virus protection. This is because in the interactive
installation we ask you if you want to uninstall the DataFellows
product. Since we cannot do this for the silent installation, you
need to remove it manually.
Notes on Command AntiVirus for Windows NT (CSAV) v.4.00
Using Automatic Update
Automatic updates via the Update Now button occur silently
regardless of the InstallSilent and UnattendMode settings
CSAV 4.00's Automatic Update will install properly only
if you are updating from Command F-PROT Professional for
Windows NT version 3.01/2.27a.
Special notes for System Administrators:
1. In a shared location on the network, create a unique parent
   directory to store the .DEF and .FPT files.
        For example:  \\SERVER\SYS\NewFPROT
2. Download and extract the latest definition files and copy them
   to the unique directory.
3. Below the unique directory, create a subdirectory called SETUP.
        For example:  \\SERVER\SYS\NewFPROT\Setup
4. Copy all of the product files into this subdirectory.
   (Note: Copy the files from the product diskettes or from a
   downloaded copy. Do not use the files that are already installed
   in the installation directory.)
5. Make these changes to SETUP.INI
    A. If F-NET is currently installed, F-NET will be removed unless, prior to
    the update, you set the new version's SETUP.INI's "InstallFnet="
    value to "Yes"
       (For example: InstallFnet=Yes).
    B. Locate  AutoUpdateDir=   and type in the location of the unique
    directory (For example: AutoUpdateDir=\\SERVER\SYS\NewFPROT)
6. Save the changes.
7. Open Command AntiVirus and choose Preferences|Advanced and then
   click on the Automatic Update tab.
8. Verify that the path is correct in the text box.
9. Choose either "OK" or "Update Now".
If you select "OK", the update occurs automatically when the user
restarts the computer. Otherwise, if the user leaves the computer
on, the update will occur between 4 a.m. and 5 a.m.
If F-PROT Professional is already installed with a service
account and you want to re-install it or install CSAV 4.00
by using either the "setup silent -fClient.ins" or the "LSilent.bat"
option in order to preserve the previous service account, you need to
modify the section called [Network Install]. That section is located
in the SETUP.INI file. Please note that the [Network Install] section
does not exist until "SETUP NETADMIN" is run. Therefore, after you have
run SETUP NETADMIN, you can perform the following two steps to
preserve the previous service account:
  1. Set "EnableNetworkScans" to "0". For instance:
	                - or -
     During "setup netadmin", you can say that you do not
     want your users to be able to run scheduled network scans.
     This will automatically set the EnableNetworkScans
     value to "0".
  2. In the [Network Install] section, create a variable called
     "UsePrevServiceAccount" and set it to equal a value of "1".
     For instance:
     (Caution: "UsePrevServiceAccount" does not exist: it must be
     created in [Network Install].)
New virus signatures have been added in this release.
DVP can now perform real-time scans of NetWare drives under
NetWare Client 32.
A problem involving filenames with accented characters being
duplicated as zero-byte files after a scan has been corrected.
DVP now correctly releases file handles on .DOC and .XLS files.
Prior to this fix, those file types would be renamed and the
files would be reported as being open. The user then had to
rename the file to access it.
A problem with F-AGENT loading the LANGUAGE.DLL has been corrected.
R-Mouse now appears properly on the drop-down menu when CLIENT.BAT
is used.
CSAV is an acronym for "Command AntiVirus" -- the new name of
our anti-virus product line. Prior to the name change, the product
line was referred to as "Command's F-PROT Professional."
If you are using a MAPI mail system then, in the Command AntiVirus
SETUP.INI file, it is required that e-mail addresses
used for CSAV's messaging function have information in front of
the "@" symbol. For instance, "[email protected]" is a legitimate
address form. However, "" is an invalid address form.
If you wish to copy additional files during the installation process,
be sure that the files are located in the installation directory.
Then, in SETUP.INI, place the names of those files in the [UserFiles]
section.  To add files, you need to supply each file name with its
own "UserFile=" line.  For example, if you were adding files called
"file1.txt" and "file2.txt" the UserFile lines in the [UserFiles]
section would appear as:
If you choose to place an additional file (or files) in a
different directory and the [UserFile] section in SETUP.INI
has a "UserFile=" statements for that file
(for example, UserFile03=file3.txt), a "Browse" option appears
during the installation process. That option allows you to enter
the path leading to that file.
If you launch a task scan from the shared read-only network drive,
the error message "Could not write to Scan Network Drives" informs
you that the system could not write to the task directory file.
This is an operating system rights limitation that occurs on NT,
NetWare or local drives when the shared folder is set to read-only.
To eliminate this error message, you can set the task files attribute
to read-only.
If one of your options in "Preference|Network" is set to mail infected
files, infected files detected by a scheduled scan will not be mailed.
This limitation effects only scheduled scans. Notification will still
be written to the Event Viewer.
Users without administrator rights will not be able update Command
AntiVirus for Windows NT on their systems if the system administrator
does not include the update path in SETUP.INI prior to deployment.
If you have computers in a workgroup that you would like to modify
via Command's Account Manager (CSS-AMGR.EXE), perform the
following steps:
	1) Make sure that all the workgroup's computers are
           turned on.
	2) Log onto the administrator's computer or server
	   using an administrator account that is also an
           administrator's account on the workgroup computers.
	3) Launch the CSS-AMGR.EXE program and perform the option
	   of your choice (either Option 1 or Option 3).
The second step mentioned above is required as the utility will
display only domain computers for CSS-AMGR modification despite
checking all the computers located in the network/domain including
those in the workgroup.
Command Software Systems has greatly expanded its technical support to
include a variety of electronic services. You may contact us at any one
of the following:
Command Software Systems, Inc.
1061 E. Indiantown Rd., Suite 500
Jupiter, FL  33477
     Voice: 561/575-3200 8:00 am to 8:00 pm EST.
     Fax: 561/575-3026
     BBS: 561/575-1281
     CIS: 75300,3645 (Type GO PCVENF at any CIS ! prompt. We're in section 9.)
Internet: [email protected], [email protected]
World Wide Web:
In Europe contact:
Command Software Systems, Inc.
UK Branch
Ground Floor
Millbank Tower
London SW1P 4QP
   Voice: +44 171 931-9301
     Fax: +44 171 931-9302
     BBS: +44 171 931-9303
Internet: [email protected]
          [email protected]
          [email protected]









1061 East Indiantown Road · Suite 500
Jupiter · FL   33477