What's New in VirusScan for Windows NT v3.0.3 (3008a)
        Copyright 1994-1997 by McAfee, Inc.
               All Rights Reserved.


Thank you for using McAfee's VirusScan for Windows NT.
This What's New file contains important information
regarding the current version of this product. It is
highly recommended that you read the entire document.

McAfee welcomes your comments and suggestions. Please 
use the information provided in this file to contact us.

**NOTE: Do not attempt to install the Intel version of
VirusScan on a DEC Alpha system or vice-versa.

___________________
WHAT'S IN THIS FILE

- New Features
- Known Issues
- Installation             
- Documentation            
- Frequently Asked Questions
- Additional Information
- Contact McAfee

____________
NEW FEATURES              

1. VirusScan for Windows NT now includes ISeamless
   install scripting technology for completely 
   customizable, silent installations.

2. Now is able to scan LHA/LZH compressed files.

3. Now supports Microsoft Windows NT Service Pack 3.

4. Now detects infections in files transferred with
   Microsoft Internet Information Server (IIS). This 
   protects remote users accessing files via HTTP or FTP.

5. Compatible with Windows NT systems running with 3GB
   user memory frames.

6. For added security, the user ID and password recorded 
   for use during silent installations are now stored 
   within the SETUP.ISS file in a scrambled format. Please 
   note that plain-text user ID's and passwords can be 
   manually entered into the SETUP.ISS file with a text 
   editor. The installation program is capable of using 
   scrambled or plain-text.

7. Compatible with Compaq LS-120 (120 MB) floppy drives.


* NEW VIRUSES DETECTED *

This DAT file detects the following 198 new viruses.
Locations that have experienced particular problems 
with specific viruses are also identified.

ABC.A
AL-DITH.1502
ALEX.599
ALFONS.1344
ANDYC.565
ANDYC.565 DROPPER
ANGEL.A
ANT.A:TW
ANT.C:TW
ANT.D:TW
APPDER.G
APPDER.H
APPDER.I
BADSECTOR.3422
BADSECTOR.3428
BAJAB.1024
BANDUNG.AS
BANDUNG.AT
BANDUNG.AU
BANDUNG.AW
BANDUNG.AX
BANDUNG.AY
BANDUNG.AZ
BANDUNG.BA
BARBARO.A:IT
BARROTES.1310.A
BLACK.A
BLIN.1457
CAFE-AX.1516
CAP.I                   
CAP.K
CAP.M
CAP.X
CAP.Y
CEBU.B
CHAOS.B
CHILL.A
COLORS.BL
COLORS.BM
COLORS.BN
COLORS.BO
CONCEPT.AL
CONCEPT.AR
CONCEPT.AW
CONCEPT.AX
CONCEPT.AY
CONCEPT.AZ
CONCEPT.BA
CONCEPT.BB              (US)
CONCEPT.BC
CONCEPT.BD
CONCEPT.BE
CONCEPT.BF
CONCEPT.BG
CONCEPT.BH
DEMON.A
DISHONOR.A:DE
DODGY                   (UK, Europe)
DPOP.1168
DZT.G
ELYTHNIA
EPIDEMIC.B:TW
EPIDEMIC.C:TW
ERASER.F:TW
FIRE.A:DE
FITW_DISK
FOG.1748
FORMATS.A (TROJAN)
FOUR.A
FRIDAY.D:DE
FRIDAY.E:DE
GINGER                  (Australia)
GINGER-PEANUT
GINGER.2774
GLITTER.1462
GOLDSECRET.A            (Internet)
GOLDSECRET.B (INTENDED) (Internet)
HELPER.F
HELPER.G
HELPER.H
HLL.CMP.16052
HLLO.20621
HLLP.21037
HLLT.5850               (Internet)
HLLT.5850C              (Internet)
HYBRID.G
HYBRID.H
ILLITERATE.A
IMPOSTER.E
INCARNAT.A
ISLAND.3551
IVP.1075
IVP.1755
KOH-INSTALL
KOMPU.E
KOMPU.F
LAMOT.744
LILITH
LUCIFER.A
LUNCH.E
MALARIA.A:TW
MDMA.V
MDMA.W
MDMA.X
MDMA.Y
MONDAY.A:TW
MORPHINE.3500
MSHARK.889
MUCK.G
MUCK.H
MULTIANI
MVCK1.B
MVCK1:KIT
NAZI.8600
NJ-WMDLK1.G
NOP.G
NOP.M:DE
NPAD.CE
NPAD.CF
NPAD.CG
NPAD.CH
NPAD.CI
NPAD.CJ
NPAD.CK
NPAD.CL
NPAD.CM
NPAD.CN                   (Canada)
NPAD.CO
NPAD.CP
NPAD.CQ
NPAD.CR
NPAD.CS
NUCLEAR.O
NUCLEAR.P
NUCLEAR.Q
NUCLEAR.R
NUKER.A
OMINOUS.1846
PAYCHECK.E
PEACEKEEPER.A
PEACEKEEPER.B
PERCENT.A:TW
RAPI.AL2
RAZER.A
REHENES.A                (Word6/7)
RELLIK.A:TW
SCHUMANN.B:DE
SETMD.A
SHIN
SHOWOFF.BT
SHOWOFF.BU
SHOWOFF.BV
SHOWOFF.BW
SKIMPOP.1455
SOCKS.A
SOPRON.937
SPOOKY.B:DE
SPOOKY.C:DE
STOOPID.353
SWAPPER.746              (Germany)
SWLABS.E
SWLABS.F
SWLABS.G                 (US Military)
TALON.B
TALON.C
TALON.D
TALON.J
TARGET.B:DE
TEMPLE.C
TMC-LEVEL42
TODAYBOO
TWOLINES.Q
TWOLINES.Q1
VAMPIRE.D:TW
VAMPIRE.D1:TW
VAMPIRE.E:TW
VAMPIRE.F:TW
VANITAS.2048             (Internet)
VICOD.532
VIKING32 (TROJAN)
VOLCANO.A:IT (INTENDED)
WAZZU.CF                 (Canada)
WAZZU.CJ
WAZZU.CK
WIN NUKE (TROJAN)
WPC_ALAEH.2279           (Phillipines)
XM/EMPEROR.B:TW
XM/LAROUX.F
XM/LAROUX.G
XM/YOHIMBE.B
XUTE.1056
XUTE2.1062
XUXA.1656
ZAHAK.960
ZERO.A:DE
ZMB.A:DE                 (Germany)
ZOOLOG.A                 (Russia)


* NEW VIRUSES CLEANED *

This DAT file cleans the following 174 new viruses.
Locations that have experienced particular problems 
with specific viruses are also identified.

AL-DITH.1502
ALEX.599
ALFONS.1344
ANDYC.565
ANDYC.565 DROPPER
ANGEL.A
ANT.A:TW
ANT.C:TW
ANT.D:TW
APPDER.G
APPDER.H
APPDER.I
BADSECTOR.3422
BADSECTOR.3428
BAJAB.1024
BANDUNG.AS
BANDUNG.AT
BANDUNG.AU
BANDUNG.AW
BANDUNG.AX
BANDUNG.AY
BANDUNG.AZ
BANDUNG.BA
BARBARO.A:IT
BARROTES.1310.A
BLACK.A
CAFE-AX.1516
CAP.I                   
CAP.K
CAP.M
CAP.X
CAP.Y
CEBU.B
CHAOS.B
CHILL.A
COLORS.BL
COLORS.BM
COLORS.BN
COLORS.BO
CONCEPT.AW
CONCEPT.AX
CONCEPT.AY
CONCEPT.AZ
CONCEPT.BA
CONCEPT.BB              (US)
CONCEPT.BC
CONCEPT.BD
CONCEPT.BE
CONCEPT.BF
CONCEPT.BG
CONCEPT.BH
DEMON.A
DISHONOR.A:DE
DODGY	                  (UK, Europe)
DPOP.1168
DZT.G
ELYTHNIA
EPIDEMIC.B:TW
EPIDEMIC.C:TW
FIRE.A:DE
FITW_DISK
FORMATS.A (TROJAN)
FOUR.A
FRIDAY.D:DE
FRIDAY.E:DE
GINGER                  (Australia)
GINGER-PEANUT
GINGER.2774
GOLDSECRET.A		(Internet)
GOLDSECRET.B (INTENDED)	(Internet)
HELPER.F
HELPER.G
HELPER.H
HLL.CMP.16052
HLLO.20621
HLLP.21037
HLLT.5850               (Internet)
HLLT.5850C              (Internet)
HYBRID.G
HYBRID.H
ILLITERATE.A
IMPOSTER.E
INCARNAT.A
IVP.1075
IVP.1755
KOH-INSTALL
KOMPU.E
KOMPU.F
LAMOT.744
LILITH
LUCIFER.A
LUNCH.E
MALARIA.A:TW
MDMA.V
MDMA.W
MDMA.X
MDMA.Y
MONDAY.A:TW
MSHARK.889
MUCK.G
MUCK.H
MULTIANI
MVCK1.B
MVCK1:KIT
NAZI.8600
NJ-WMDLK1.G
NOP.M:DE
NPAD.CE
NPAD.CF
NPAD.CG
NPAD.CH
NPAD.CI
NPAD.CJ
NPAD.CK
NPAD.CL
NPAD.CM
NPAD.CN                    (Canada)
NPAD.CO
NPAD.CP
NPAD.CQ
NPAD.CR
NPAD.CS
NUCLEAR.O
NUCLEAR.P
NUCLEAR.Q
NUCLEAR.R
NUKER.A
PAYCHECK.E
PERCENT.A:TW
RAPI.AL2
RAZER.A
RELLIK.A:TW
SCHUMANN.B:DE
SETMD.A
SHIN
SHOWOFF.BT
SHOWOFF.BU
SHOWOFF.BV
SHOWOFF.BW
SKIMPOP.1455
SOCKS.A
SOPRON.937
SPOOKY.B:DE
SPOOKY.C:DE
STOOPID.353
SWAPPER.746               (Germany)
SWLABS.E
SWLABS.F
SWLABS.G                  (US Military)
TALON.J
TARGET.B:DE
TMC-LEVEL42
TODAYBOO
TWOLINES.Q
TWOLINES.Q1
VAMPIRE.D:TW
VAMPIRE.D1:TW
VAMPIRE.E:TW
VAMPIRE.F:TW
VANITAS.2048              (Internet)
VICOD.532
VOLCANO.A:IT (INTENDED)
WAZZU.CF                  (Canada)
WAZZU.CJ
WAZZU.CK
WPC_ALAEH.2279            (Phillipines)
XM/EMPEROR.B:TW
XM/LAROUX.F
XM/LAROUX.G
XM/YOHIMBE.B
XUTE.1056
XUTE2.1062
XUXA.1656
ZMB.A:DE                  (Germany)
ZOOLOG.A                  (Russia)

____________
KNOWN ISSUES

1.  The new 3000 series DATs contained in VirusScan for 
    Windows NT v3.0.3 are not backward compatible with 
    the VirusScan v2.x series. The 3000 series DATs should 
    not be used with VirusScan v2.x products.

2.  Reported problem with Microsoft Windows NT 4.0 Service
    Pack 2 and anti-virus software. After installing
    Service Pack 2, you may receive a STOP 0x0000000A error
    message when you try to access your CD-ROM drive or
    floppy disk drive while anti-virus software is running.

    Solution: Apply the fix that is now available through
    Microsoft. For more information regarding this issue,
    please contact Microsoft Technical Support.

3.  When using Windows NT 4.0 and Microsoft Internet
    Information Server with VirusScan, you must install
    Microsoft Service Pack 2 with the Kernel Hot Fix or
    Service Pack 3 to avoid the following error message:
    STOP 0x0000000A.

4.  When using Windows NT 4.0 and Microsoft Distributed 
    File System with VirusScan for Windows NT, you must 
    install Microsoft Service Pack 3, or the following 
    error message may occur: STOP 0x00000035.

5.  When using Microsoft Services for Macintosh with 
    VirusScan for Windows NT, you must install Microsoft 
    Service Pack 3 for Windows NT 4.0 (Servicepack 5 for 
    Windows NT 3.51) plus the SFM Hotfix, which is 
    available through Microsoft. Without these patches 
    installed, you may experience a STOP 0x0000000A error. 
    Please contact Microsoft Technical Support.

6.  If you have manually uninstalled a previous installation 
    of VirusScan for Windows NT, and have not rebooted, a 
    silent installation of VirusScan v3.0.3 will fail.

7.  When using an ISeamless Install Script, and running 
    setup in standard or silent mode without any parameters,
    setup requires that the custom installation file 
    produced by ISeamless be named admin.sis or oem.sis.

8.  If you are upgrading from VirusScan 2.5.3 or 3.0.0 to
    the current version, there are some situations that can
    cause an NT STOP error message. The problem is related
    to the device drivers in the previous product and is
    not related to VirusScan NT 3.0.3. McAfee recommends
    uninstalling previous versions of VirusScan and 
    rebooting before installing this release. 

9.  When installing using the default Windows NT SYSTEM 
    account, some product functionality is not available.
    This includes: alert forwarding to other NT servers, 
    sending alerts to printers, scheduled AutoUpdates 
    from NT file shares, remote event logging, and sched-
    uled scans of network drives.

10.  When specifying a local user account for VirusScan NT 
    service account during installation, please be sure to
    add ".\" before the user name.

11.  When performing a silent install that is upgrading a 
    previous version of VirusScan NT, the destination 
    directory must be the same as the previous install.
    If it is not the same, the silent install will fail.    

12. Automatic uninstallation of VirusScan sometimes does
    not remove all registry items and files associated 
    with VirusScan. See the INSTALLATION section of this
    file for information on manually uninstalling.

13. On-access scanning of write-protected floppies infected
    with a boot-sector virus may return multiple notific-
    ation messages.

14. On-access exclusions only apply to local drives.

15. A McAfee Task Manager session cannot be ended while
    VirusScan is actively scanning. When VirusScan is 
    active, the McAfee Task Manager Stop button in the 
    Sessions window is greyed out. Attempting to end the 
    McAfee Task Manager session from a DOS box will result 
    in an error message. You must close the scanning session 
    or complete the scan before stopping the McAfee Task 
    Manager session.

16. Alert forwarding through a chain of servers may fail.

____________
INSTALLATION

* INSTALLING THE PRODUCT *

To install VirusScan for Windows NT, run SETUP.EXE and
follow the prompts. 

Note: It is not necessary to uninstall VirusScan for 
      Windows NT before upgrading to a newer version. 
      If, however, VirusScan NT is uninstalled before
      applying the upgrade, you must reboot the system
      and then install the upgraded version.
  
If you would like to perform a "silent" installation
of VirusScan NT, you will need to record a setup.iss file,
then run setup.exe with the -s switch to utilize that file.

Network Administrators can customize the silent
installation by following the steps below.

1.  Check in the Windows directory to ensure that a
    file named SETUP.ISS does not already exist. If it
    does, rename it, back it up, or delete it.

2.  To record a setup.iss file, run SETUP.EXE with the 
    -r switch, (i.e. SETUP.EXE -r).

3.  Select the components you would like to be installed
    during the silent installation.  All responses will
    be recorded.

4.  Finish the installation, and locate the file SETUP.ISS
    in the Windows directory.

5.  Locate the section [SdSetupType-0] in the SETUP.ISS
    file and go to the line:

        Result=x

        where x is equal to
        301 (Typical installation)
        302 (Compact installation)
        303 (Custom installation)

6.  Add 100 to the above value, so that the Result
    variable is equal to 401, 402, or 403. Modifying
    this file will allow the installation to copy the
    VirusScan files to the drive where the operating
    system resides instead of defaulting to the C:
    drive.

7.  Copy the new SETUP.ISS from the Windows directory
    to the location of the installation files.

8. Run SETUP.EXE with the -s switch (i.e. SETUP.EXE -s).

   NOTE: If you do not specify a "recorded" answer for
   all dialog boxes during the initial installation, the
   silent installation will fail. 


* PRIMARY PROGRAM FILES FOR VIRUSSCAN NT *

Files located in the Install directory:
=======================================

1.  Installed for the Alert Manager/Console/Server:

                    README.1ST = McAfee information               
                   PACKING.LST = Packing list    
                  VALIDATE.EXE = McAfee file validation
                                 program
                    UPDATE.MSG = Update message file
                    SHIELD.HLP = On-access scanner help
                    SHIELD.CNT = On-access context-sensitive
                                 help
                  MCCONSOL.HLP = Console help
                  VIRUSCAN.HLP = On-demand scanner help
                  VIRUSCAN.CNT = On-demand context-sensitive
                                 help
                     NAMES.DAT = Virus names definition data
                      SCAN.DAT = Virus scan definition data
                     CLEAN.DAT = Virus clean definition data
                   MCALYZE.DAT = Virus definition data    
                                 strings
                  
                    SAMPLE.CMD = Sample alert file
                  MCUPDATE.EXE = Update module
                  AMGRCNFG.EXE = Alert manager configuration
                                 program
                    FTPGET.CMD = Automatic updating script
                    DEISL1.ISU = Uninstall file
                  MCSCAN32.DLL = Library files
                  MCSRVSHL.EXE = Uninstall application
                  MCSERVIC.DLL = Install/uninstall library
                                 file
                    SHUTIL.DLL = Library files
                    SVCPWD.EXE = Service account
                                 configuration program
                      
                    MODEMS.TXT = Modem initialization
    VIRUSSCAN ACTIVITY LOG.TXT = VirusScan activity log
                  RESELLER.TXT = McAfee authorized resellers
         SCAN ACTIVITY LOG.TXT = Scan activity log 
                   SCANLOG.TXT = Scan log
                  WHATSNEW.TXT = What's New document

2.  Installed for Alert Manager:

                     WCMDR.EXE = Uninstall program
                     WCMDR.INI = Uninstall initialization
                                 file
                   DEFAULT.VSC = On-demand scanner default
                                 configuration settings                   
                  AMGRSRVC.EXE = Alert manager service
                                 program
                  MCALSNMP.DLL = Alert manager SNMP
                  POWERP32.DLL = Alert manager support
                                 module
                  VIRNOTFY.EXE = Notification utility

3.  Installed for the Console:

                  MCCONSOL.EXE = Console manager 
                    SHSTAT.EXE = Shield status monitor
                                 program
                   SCNSTAT.EXE = Scan status monitor
                                 program
                  SCNCFG32.EXE = Console configuration
                                 module
                   VIRLIST.EXE = Virus list
                   SHCFG32.EXE = Console configuration
                                 module
                  MCKRNL32.DLL = Library files      
                  MCUTIL32.DLL = Library files                  
                   MCALYZE.DLL = Library files

4.  Installed for the Workstation:

                    SCAN32.EXE = On-demand scanner
                   TASKMRG.EXE = Task managing service  
                   MCCOD32.DLL = Library files                  


Files located in %SYSTEMROOT%\SYSTEM32:
=======================================

1.  Installed for the Console/Server/Alert Manager:

                   CTL3D32.DLL = 32-bit 3D Windows
                                 controls library (*)

(*) File will be installed upon installation of
    VirusScan if the file does not already exist,
    or if an older version is found.  


Files located in %SYSTEMROOT%\SYSTEM32\DRIVERS:
=============================================== 

1.  Installed for the Workstation:

                  MCFILTER.SYS = System files
                   MCFSREC.SYS = System files
                    MCKRNL.SYS = System files
                    MCSCAN.SYS = System files
                    MCUTIL.SYS = System files
                  MCSHIELD.SYS = System files


* TESTING YOUR INSTALLATION *
                              
The Eicar Standard AntiVirus Test File is a combined effort
by anti-virus vendors throughout the world to come up with
one standard by which customers can verify their anti-virus
installation.
To test your installation, copy the following line
into its own file and name it EICAR.COM.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

When done, you will have a 69- or 70-byte file.

When VirusScan for Windows NT is applied to this file,
Scan will report finding the EICAR-STANDARD-AV-TEST-FILE
virus.

It is important to know that THIS IS NOT A VIRUS. However,
users often have the need to test that their installations
function correctly. The anti-virus industry, through the
European Institute for Computer Antivirus Research, has 
adopted this standard to facilitate this need.

Please delete the file when installation testing is
completed so unsuspecting users are not unnecessarily
alarmed.


* MANUALLY UNINSTALLING THE PRODUCT *

1.  Stop the McAfee TaskManager service and the AlertManager
    service in Control Panel/Services.

2.  Stop the VirusScan console if running.

3.  Using the NT Taskmanager, end the SHSTAT process.

4.  If you use SNMP, stop the SNMP service in 
    Control Panel/Services.

5.  Delete the VirusScan installation directory (the 
    directory that contains the VirusScan executables).

6.  Delete the following device driver files from 
    %SYSTEMROOT%\SYSTEM32\DRIVERS:
    MCFSREC.SYS
    MCSCAN.SYS
    MCUTIL.SYS
    MCKRNL.SYS
    MCFILTER.SYS
    MCSHIELD.SYS

7.  If VirusScan was set to load at startup, remove
    the following registry key:
    HKLM\software\microsoft\windows\CurrentVersion\Run\
    Shstatexe

8.  Remove VirusScan installation registry keys:
    HKLM\software\mcafee\alertmanager 
    HKLM\software\mcafee\mcalsnmp 
    HKLM\software\mcafee\virusscan

9.  Remove VirusScan device driver and service registry
    keys:
    HKLM\system\CurrentControlSet\Services\Alertmanager 
    HKLM\system\CurrentControlSet\Services\McFilter 
    HKLM\system\CurrentControlSet\Services\McFsrec 
    HKLM\system\CurrentControlSet\Services\McKrnl 
    HKLM\system\CurrentControlSet\Services\McScan 
    HKLM\system\CurrentControlSet\Services\McUtil 
    HKLM\system\CurrentControlSet\Services\McShield
    HKLM\system\CurrentControlSet\Services\McTaskManager

10. If the context-sensitive scanning option was installed, 
    remove the following registry keys:
    HKLM\software\classes\comfile\shell\virusscan 
    HKLM\software\classes\directory\shell\virusscan 
    HKLM\software\classes\drive\shell\virusscan 
    HKLM\software\classes\exefile\shell\virusscan
    HKLM\software\classes\word.document.6\shell\virusscan 
    HKLM\software\classes\word.document.8\shell\virusscan
    HKLM\software\classes\word.template\shell\virusscan

11. To remove the Scan for Viruses right-click option,
    remove the following registry keys:
    HKCR\comfile\shell\VirusScan
    HKCR\Directory\shell\VirusScan
    HKCR\Drive\shell\VirusScan
    HKCR\exefile\shell\VirusScan 
    HKCR\Excel.Addin\shell\VirusScan
    HKCR\Excel.Chart.5\shell\VirusScan
    HKCR\Excel.Macrosheet\shell\VirusScan 
    HKCR\Excel.Sheet.5\shell\VirusScan 
    HKCR\Excel.Template\shell\VirusScan
    HKCR\Excel.Workspace\shell\VirusScan
    HKCR\Excel.XLL\shell\VirusScan
    HKCR\exefile\shell\VirusScan
    HKCR\WinZip\shell\VirusScan
    HKCR\Word.Document.6\shell\VirusScan
    HKCR\Word.Template\shell\VirusScan 

12. To remove SNMP extension agent, remove the following 
    registry key:
    HKLM\system\CurrentControlSet\services\SNMP\parameters\
    ExtensionAgent\McAlSNMP

13. Since entries in HkeyClassesRoot are not derived
    from a hive, it is unneccessary to delete these keys
    manually. When you reboot, VirusScan-specific keys
    under HkeyClassesRoot will be removed.

14. Reboot the system.

_____________
DOCUMENTATION

For more information, refer to the VirusScan's User's
Guide, included on the CD-ROM versions of this program
or available from McAfee's BBS and FTP site. This file
is in Adobe Acrobat Portable Document Format (.PDF)
and can be viewed using Adobe Acrobat Reader. This form
of electronic documentation includes hypertext links
and easy navigation to assist you in finding answers
to questions about your McAfee product.

Adobe Acrobat Reader is available on CD-ROM in the
ACROREAD subdirectory. Adobe Acrobat Reader also can be
downloaded from the World Wide Web at:

http://www.adobe.com/Acrobat/readstep.html

VirusScan documentation can be downloaded from McAfee's
BBS or the World Wide Web at:

http://www.McAfee.com 

For more information on viruses and virus prevention,
see the McAfee Virus Information Library, MCAFEE.HLP,
included on the CD-ROM version of this product or
available from McAfee's BBS or FTP site. 

Documentation feedback is welcome. Send e-mail to
documentation@cc.mcafee.com.

__________________________
FREQUENTLY ASKED QUESTIONS

Regularly updated lists of frequently asked questions 
about McAfee products also are available on McAfee's 
BBS, website, and CompuServe and AOL forums.
 

Q:  How do I enable Centralized Alerting and Reporting?

A:  McAfee's VirusScan now supports Centralized Alerting
    and Reporting to a remote Windows NT server running
    NetShield for Windows NT v2.5.3 or later.

    Centralized Alerting and Reporting and be configured
    by an administrator through the anti-virus console.
    To set up this option on your server, check the Enable
    Centralized Alerting checkbox on the Tools/Alerts menu.
    Set up a directory for Centralized Alerting and point 
    your workstations to this directory.
     
    To set up this option on your VirusScan client, add the
    following two lines to the AlertOptions section in
    VirusScan NT's DEFAULT.VSC, and/or your custom settings
    file: 

           szNetworkAlertPath=<directory name>
           bNetworkAlert=1

    Note: Administrators will need to configure the .VSC
    file for complete Centralized Alerting & Reporting.
   
    Where the <directory name> is the path (can use UNC
    format where supported)to the remote NT directory.
    From this directory, NetShield can broadcast or
    compile the alerts and reports according to its
    established configuration.

    NOTE: The client must have write access to this
    <directory> location and the directory must contain
    the NetShield-supplied CENTALRT.TXT file.
   
    The alert file sent to the server is an .alr text
    file. Upon receipt of the alert file, NetShield NT 
    sends an alert message to an administrator and/or
    appropriate personnel.


Q:  How can I scan mapped Novell drives with scheduled
    on-demand scans?

A:  If you want to scan any Novell-server drives 
    (mapped or via UNC) from scheduled tasks, you must
    create the same account/password on the Novell server
    as configured under McAfee services on the Windows NT
    system.


Q:  As an administrator, how can I scan private
    directories that are accessible only to 
    individual users?

A:  The on-access scanner will detect infected files 
    as they are copied into the users' personal 
    directories. 

    On-demand (scheduled) scans are launched by the 
    McTaskManager Service. If you specify a user name 
    and password for the Service, then the scheduled 
    scan will only scan directories for which the user 
    name has privileges. If no user name was specified, 
    then the Service has SYSTEM privileges. 
    
    To perform an on-demand, or scheduled, scan of 
    private directories, the McTaskManager Service must 
    have access to these private areas. Following are 
    two ways to address this issue:

    Solution A:

    1. Create a custom user name to be used by the Service.  
    2. Give this user name privileges to access the private 
       spaces.

       Considerations with Solution A:
       The administrator will need to know the user names 
       and passwords.  

    Solution B:
    1. Do not associate a user name to the Service.
    2. Give SYSTEM privileges to access the private spaces.

       Considerations with Solution B:
       Someone could create or use a Service to access your 
       information.

    McAfee recommends Solution B as a more secure solution. 
  

Q:  VirusScan will not perform an on-demand (scheduled)
    scan of some networked devices. Why?
  
A:  It is possible that the user name you are using for
    the Taskmanager Service does not have sufficient
    rights to scan the devices in question. To verify
    whether this is the issue, log in to each device using
    the user name and password used by the Taskmanager
    Service. Confirm that this user name has rights on
    the device by manually running an on-demand scan. If
    you can scan the device while you're logged in, then
    the Service should also be able to do it as a scheduled
    scan.


Q:  When performing an on-demand (scheduled) scan of a
    networked device, the system locks up. How can I
    solve this problem?

A:  Log on to the device in question and manually run
    an on-demand scan with the Compressed Files option
    turned off. If the scanner locks up, note where it
    locks. Attempt to determine which file VirusScan
    locks on and send the information to McAfee. If the 
    scan succeeds, select the Compressed Files option 
    and scan the device again. If it locks this time, 
    chances are you have a ZIP file that is corrupted 
    or large, and it takes time to scan. If scanning
    works in both scenarios, then give the Taskmanager
    Service the same user name and password currently 
    logged in as and try a scheduled scan again. If 
    this now works, then the old user name didn't have
    sufficient rights to scan the device in question.

Q:  Can I update VirusScan's data files to detect
    new viruses?

A:  Yes. If you have Internet access, you can download
    updated VirusScan data files from the McAfee Web 
    Site, BBS, or other online resources. To download 
    from the McAfee Web Site, follow these steps:
 
    1.  Go to the McAfee Web Site (http://www.mcafee.com).

    2.  Select Update DAT File in the left hand column
        or frame.

    3.  Scroll down, and click Update Your DAT Files to
        update your virus definition files.

    4.  Data file updates are stored in a compressed form 
        to reduce transmission time. Unzip the files into
        a temporary directory, then copy the files to the
        appropriate directory, replacing your old files.    

    5.  Before performing any scans, shut down your
        computer, wait a few seconds, and turn it on again.

    If you need additional assistance with downloading, 
    contact McAfee Download Support at (408) 988-3832.

______________________
ADDITIONAL INFORMATION

1.  VirusScan NT includes an external utility,
    VIRNOTFY.EXE, that will notify you in the event that
    McAfee's AlertManager service is not installed. To use 
    this utility, open the VirusScan Console, and select 
    Tools/Alerts. Add the path and utility to the Program 
    To Execute line.

2.  SVCPWD.EXE is a utility for setting and/or changing
    usernames and passwords used in the McAfee services.
    
    SVCPWD requests one command-line parameter which is a
    filename (i.e computers.txt). Use SVCPWD/? to get 
    additional command-line information. This file (i.e. 
    computers.txt) should contain a list of all the 
    computers that you want to modify the service accounts
    (username and password)for.

    Example:

    \\COMPUTER1
    \\COMPUTER2
    \\SERVER

    Start the SVCPWD utility by entering the file as
    command-line (i.e. SVCPWD computers.txt). This utility
    contacts all the computers via the network and changes
    the username and password originally given to McAfee-
    services. The username and password are changed to the
    value that the user is asked to set upon starting the
    utility. All service accounts need to be set to user
    "LocalSystem". If a domain\username is entered, then 
    the SVCPWD utility will require a password for the
    domain\username.

    When this is completed, the utility contacts all the
    computers and changes the settings. 

    Note 1: The domain\username that is used by the services
            needs to be an administrative account.

    Note 2: The person running this utility must have an 
            administrative account for all the computers
            that require such changes.

    Note 3: Do not run this utility during an on-demand
            scan.


______________
CONTACT McAFEE

* FOR QUESTIONS, ORDERS, PROBLEMS, OR COMMENTS *

Contact McAfee's Customer Care department: 

1.  Corporate-licensed customers, call (408) 988-3832
    Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time

    Retail-licensed customers, call (972) 278-6100
    Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time

2.  Fax (408) 970-9727
    24-hour, Group III fax 
		
3.  Fax-back automated response system (408) 988-3034
    24-hour fax

Send correspondence to any of the following McAfee
locations.
    	
    McAfee Corporate Headquarters        
    2805 Bowers Avenue			
    Santa Clara, CA 95051-0963		
	
    McAfee East Coast Office					
    Jerral Center West
    766 Shrewsbury Avenue
    Tinton Falls, NJ 07724-3298

    McAfee Central Office			
    4099 McEwen
    Suites 500 and 700
    Dallas, TX 75244		
						
    McAfee Canada
    139 Main Street
    Suite 201
    Unionville, Ontario
    Canada L3R2G6

    McAfee Europe B.V.			
    Gatwickstraat 25	
    1043 DL Amsterdam				
    The Netherlands	 		

    McAfee (UK) Ltd.
    Hayley House, London Road
    Bracknell, Berkshire  RG12 2TH
    United Kingdom 

    McAfee France S.A.			
    50 rue de Londres				
    75008 Paris					
    France					
				
    McAfee Deutschland GmbH
    Industriestrasse 1
    D-82110 Germering
    Germany

Or, you can receive online assistance through any of the 
following resources:

1.  Bulletin Board System: (408) 988-4004
    24-hour US Robotics HST DS

2.  Internet e-mail: support@mcafee.com

3.  Internet FTP: ftp.mcafee.com 

4.  World Wide Web: http://www.mcafee.com

5.  America Online: keyword MCAFEE

6.  CompuServe: GO MCAFEE

7.  The Microsoft Network: GO MCAFEE

Before contacting McAfee, please make note of the following 
information. When sending correspondence, please include 
the same details.

- Program name and version number
- Type and brand of your computer, hard drive, and any 
  peripherals
- Operating system type and version
- Network name, operating system, and version
- Contents of your AUTOEXEC.BAT, CONFIG.SYS, and 
  system LOGIN script
- Microsoft service pack, where applicable
- Network card installed, where applicable
- Modem manufacturer, model, and baud, where 
  applicable
- Relevant browsers/applications and version number,
  where applicable
- Problem
- Specific scenario where problem occurs
- Conditions required to reproduce problem
- Statement of whether problem is reproducible on demand
- Your contact information: voice, fax, and e-mail

Other general feedback is also appreciated.


* FOR ON-SITE TRAINING INFORMATION *
 
Contact McAfee Customer Service at (800) 338-8754.


* FOR PRODUCT UPGRADES *

To make it easier for you to receive and use McAfee's
products, we have established a Reseller program to 
provide service, sales, and support for our products 
worldwide. For a listing of McAfee agents near you, click
Contact McAfee under the Information section on the
McAfee website.



