Antivirus

Installing EgoSecure Antivirus on Agent remotely

• Under Computer management | Antivirus, right-click a computer and select Activate.
• -OR-
• In Computer management | Control, right-click a directory object (computer or group) and select Activate/deactivate products | EgoSecure Antivirus from the context menu.
• The license is activated. The installation on online computers starts. Installation on offline computers will be performed once they become online.

Installing EgoSecure Antivirus via MSI package 

• Activate the EgoSecure Antivirus product for a computer under Computer management | EgoSecure Antivirus. For details, see also: Activating products
• Enable the Export EgoSecure Antivirus settings option under Installation | EgoSecure agents | Create MSI package.
• If proxy server settings are defined and the Use proxy server option is enabled, the proxy server settings will be used for signature update on the Agent side via the Internet (if update from the EgoSecure Server is not possible).

• Near Selection of objects, click  to select the computers where the EgoSecure Antivirus product is already activated in step 1.
• The Users/computers selection dialog appears.
• Select the computers via a double-click and click OK to confirm.
• Click Generate.
• On the right, in the Create MSI package area, the information about the location and status of the MSI package generation displays.
• Copy the MSI folder to removable storage or a network share.
• On a network share/removable storage, create the following subfolders inside the MSI package:
  • ATC
  • AVDB_64 (or any name, which contains AVDB and 64)
  • AVDB_32 (or any name, which contains AVDB and 32)
• Copy the following files to the ATC folder from the computer with the installed EgoSecure Server:
  •  All files (except the Plugins folder) from the directory: C:\ProgramData\EgoSecure\EgoSecureServer\AVDIR\Db\repository
  • ® The files versions.dat and versions.id from the directory: C:\ProgramData\EgoSecure\EgoSecureServer\AVDIR\Db\atc-sig-busi
• Copy the following files to the AVDB_64 folder from the computer with the installed EgoSecure Server:
  • All files from the directory C:\ProgramData\EgoSecure\EgoSecureServer\AVDIR\Db\repository
  • The files versions.dat and versions.id from the directory C:\ProgramData\EgoSecure\EgoSecureServer\AVDIR\Db\64
• Copy the following files to the AVDB_32 folder from the computer with the installed EgoSecure Server:
  • All files from the directory C:\ProgramData\EgoSecure\EgoSecureServer\AVDIR\Db\repository
  • The files versions.dat and versions.id from the directory C:\ProgramData\EgoSecure\EgoSecureServer\AVDIR\Db\32
• Run the ESAgentSetup.exe file on the computer where you want to install the EgoSecure Antivirus.

Uninstalling EgoSecure Antivirus

• Go to Computer management | Antivirus.
• Right-click a computer and select Deactivate from the context menu.
• The license is now deactivated and the uninstallation of EgoSecure Antivirus starts once the Agent is online.

Configuring and performing updates

• Go to Product settings | Antivirus | Update settings.
• In the Server settings area, in the URL field, enter the URL from where the EgoSecure Server downloads signatures.
• In the Update interval field, define how often the Server checks for new signatures on the Internet.
• In the Simultaneous downloads field, define the number of Agents which can download signatures from the Server simultaneously.

• In the Client settings area under Update mode, select the option:
  • Manually, so that the EgoSecure Antivirus is not updated till the moment an administrator or a user initiates this process.
  • Automatically to update each time when new signatures appear on the Server.
• Under Update sources, select the option:
  • Server only to allow the download of signatures only from the EgoSecure Server.
  • Internet only to allow the download of signatures only from the URL specified in the Server settings work area.
  • Server and Internet (in offline mode) to allow the download of signatures from the URL specified in the Server settings work area when Agent cannot update signatures from the EgoSecure Server.
• For automatic updates: in the Update interval field, set the frequency of checking for signatures on the Internet when Agent becomes offline.
• Enable Use proxy server check box to use proxy server when updating signatures from the Internet on the Agent side.
• Define proxy server settings under Administration | Servers | Mail, proxy and others.

• Click Save.
• To perform a manual update via the Console, do one of the following steps:
  • Right-click a computer under Computer management | Antivirus and select Update signatures DB from the context menu.
  • OR
  • Under Computer management | Antivirus, in the Protection status tab, click the Update now button.

Performing updates on Agents offline

When Agent works in the offline mode, the Agent tries to perform automatic updates via the Internet. For details, see: Configuring and performing updates. If updates via the Internet are not allowed or there is no Internet connection, the update can be performed manually on the Client.

Performing manual updates on Agents in offline mode

• Copy the MSI package that you generated during the installation of EgoSecure Antivirus to an external storage medium or network share, or generate a new MSI package, if necessary. For details, see: Installing EgoSecure Antivirus via MSI package (steps 1-4)
• On a network share/removable storage, create the following subfolders inside the MSI package:
  • ATC
  • AVDB
• Copy the following objects to the ATC folder from the computer with the installed EgoSecure Server:
  • All files (except the Plugins folder) from the directory C:\ProgramData\EgoSecure\EgoSecureServer\AVDIR\Db\repository
  • The files versions.dat and versions.id from the directory C:\ProgramData\EgoSecure\EgoSecureServer\AVDIR\Db\atc-sig-busi
• Copy the following files to the AVDB folder from the computer with the installed EgoSecure Server:
  • All files from the directory C:\ProgramData\EgoSecure\EgoSecureServer\AVDIR\Db\repository
  • By using 32-bit operating systems: the files versions.dat and versions.id from the directory C:\ProgramData\EgoSecure\EgoSecureServer\AVDIR\Db\32
  • By using 64-bit operating systems: the files versions.dat and versions.id from the directory C:\ProgramData\EgoSecure\EgoSecureServer\AVDIR\Db\64
• On the Agent, under C:\ProgramData\EgoSecure\EgoSecureAgent,
  • Replace existing AVBD and ATC folders with the folders from a network share/removable storage (if AVDB and ATC folders WITHOUT a timestamp existed before in this location on the Agent).
  • OR
  • Copy AVBD and ATC folders from a network share/removable storage to this location (if there are no AVDB and ATC folders WITHOUT a timestamp in this location on the Agent).
• Update virus signatures on Agents. For details, see the EgoSecure Agent – User guide.

Creating a scan profile 

• Go to Product settings | Antivirus | Scan profiles.
• In the Scan profiles area, click Add.
• A new entry appears in the list.
• In the Name column, enter a scan profile name.

• In the Scan options area, define the settings for the scan profile:
  • On-access: scans objects on access, e.g., when opening or copying (real-time protection).
  • On-demand: starts the scan manually either via the context menu of the object or by initiating a scan (quick, complete or user-defined).
  • Actions: Defines actions for infected or suspicious objects.
    • Automatic for infected objects means that Antivirus first tries to disinfect a file and then to move to quarantine. If it fails, the file is deleted.
    • Try to disinfect else delete for infected objects means that the Antivirus tries to disinfect the object. If the object cannot be disinfected, the file is deleted.
    • ! The action result successfully disinfected informs that the file has been disinfected. This also means that the file was deleted, as some disinfection includes deletion.
    • Active Threat Control: Monitors all active processes and identifies potential threats.
• Click Save.

Assigning a scan profile

• Under Computer management | Antivirus, select a computer.
• In the Scan profile tab, enable Activate inheritance settings.
• The inheritance is now disabled for the selected computer and you can now assign individual scan profiles.
• Select a scan profile from the drop-down menu.

• Click Save.

Creating a task

• Go to Product settings | Antivirus | Scheduler.
• Click Add.
• A new entry appears in the list.
• In the Name column, enter a name for a task.
• Enable the check box in the Global column to assign the task to all computers of the directory service.

• In the Settings area, select a scan mode and scan frequency (once or weekly). The following scan modes are available:
  • Quick: system directories and system memory are scanned.
  • Full: internal and external memory are scanned.
  • Custom: objects defined by administrator are scanned.
• Add objects that must be scanned (in case of custom scanning).
• Click Save.

Assigning a task to a directory object

• Go to Computer management and select a computer.
• Under Antivirus | Scheduler, enable the Activate individual settings check box to disable inheritance.
• The previously inherited tasks remain enabled, uncheck them, if necessary.
• Select a task from the list. Global tasks will always be additionally applied no matter whether they are enabled or disabled in the first column and whether inheritance is enabled or not.   
• Click Save.
• To initiate the scanning now not waiting for a scan start:
  • In the Computer management – Antivirus area, right-click a computer.
  • To multi-select, hold down Ctrl and select the computers.
  • Select Scan now | [scan type] from the context menu.
• Once the scan starts, its progress is shown on the Scans tab. To cancel a running scan, right-click it and select Stop.

Actions with quarantined objects

• In Computer management\Reports | Antivirus | Quarantine, right-click a quarantined object.
• Select one of the following options:
  • Restore to move the object from the quarantine list to the place where it was stored before.
  • Restore and exclude from scanning to remove the object from the quarantine list, place it to its original location and exclude from scanning on this computer.
  • Restore and add to global exclusion list to add the object to Product settings | Antivirus | Exclusions. This object will be excluded from scanning on all computers of a directory.
  • Delete to remove the object from the quarantine list and from a user computer.

Adding objects to exclusions

You can add objects to the list of exclusions in two different ways: either via the list of quarantined objects on a computer or by manually inserting a file or folder name.

Hiding the Exclusion tab on the Agent side

For the reasons of security, you can hide the list of defined exclusions on Agent so that nobody can see them.

• Go to Product settings | Antivirus | Exclusions.
• Enable the Hide the Exclusions tab on Agents option.
• Click Save.

Specifying EgoSecure Antivirus rights for a user

• Go to User management and select a user.
• In the Settings tab, enable the options available for the user.

• Enable Pause/Stop scheduled scans and Delay scheduled scans options to allow a user to pause/stop/delay scheduled scans assigned by administrator. User-owned scheduled tasks can be stopped independently of the options state.
• Enable the Change EgoSecure Antivirus options option to grant the following permissions to the user:
  • Create and edit planned scans
  • Manage exclusions
  • Move objects from the quarantine to a location other than the original one
• A user is not allowed to edit administrator exclusions and scheduled tasks  no matter whether the Change Antivirus options check box is enabled or disabled.
• Click Save.