Installation Guide

Version 2.7 Includes Windows Vista and 64-bit protection
Proactive protection against Viruses, Spyware, Worms, Trojans, Rootkits, Adware and Phishing
Best Detection Fastest Performance Minimal Resource Utilization

NOD32 Installation Guide

Copyright ESET LLC. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means electronic or mechanical, for any purpose without the express written permission of ESET LLC. Information in this document is subject to change without prior notice. Certain names of program products and company names used in this document might be registered trademarks or trademarks owned by other entities. ESET, NOD32 and AMON are trademarks of ESET. Microsoft and Windows are registered trademarks of Microsoft Corporation. ESET, LLC 610 West Ash Street San Diego California 92101 U.S.A. http://www.eset.com For Sales and Technical Support (US and Canada): Tel: (619) 876-5400 Fax: +1 (619) 876-5845 Online purchase: http://www.eset.com/purchase/index.php Sales email: sales@eset.com Technical Support Worldwide: http://www.eset.com/support/index.php Then by clicking on your countrys name, you can locate the support details closest to you. This guide is frequently updated to reflect changes in the product. The latest version can always be found at http://www.eset.com/download/manual.htm
This guide was prepared for NOD32 for Windows Version 2.7 (January 2007)
Contents Introduction Guidebook Conventions Minimum System Requirements Section 1: Installation Installation instructions Section 2: Configuration Profiles Scanning On-Demand Scanning On-Access Scanning Updating Heuristics Section 3: Dealing with alerts & virus incidents Dealing with an alert Sending a sample to ESET Section 4: Troubleshooting & Information Appendix A: Troubleshooting Appendix B: Installation types Appendix C: Uninstalling Section 5: Glossary
Page to 33 to 42 & & 53

Introduction

Congratulations, you have just purchased NOD32, the most advanced antivirus solution available. NOD32 is very simple to use and you will probably not even need to read through this guide. however, the following information will help you to get a better understanding of the many features of NOD32, so that you get the best protection possible. NOD32 is more than just a virus scanner being able to scan for known viruses is the bare minimum that should be expected from an anti-virus product, so it should be reassuring to know that NOD32 not only does this faster, and more reliably than other products, but that it also has an excellent track record in discovering new threats. In addition, version 2.7 includes detection for adware, spyware and riskware aswell as rootkit detection with its Anti-Stealth technology. With NOD32 you can be sure you have the most advanced and comprehensive virus protection possible.

Guidebook Conventions

To highlight the most important points we have used a set of simple icons which draw attention to key information and settings. Key: The Check Icon indicates a setting that we recommend you use or enable
The Info Icon higlights important facts and information about NOD32, to help you make better use of the program The Hazard Icon highlights areas where potential problems can arise, or misconfigurations occur, to help you avoid damage or loss of data.

You will then see the download progress in a window similar to this:
Once it has downloaded, locate and run the file by double clicking on it.
Whether from a CD or from a download, the installation instructions from this point are the same. You will see this screen:
Click Extract to begin the installation process.
The extraction path can be changed in the "Extract to" box. This will not affect the final installation directory, only where the installation files are put during setup. These files can be removed after NOD32 setup completes. If installing onto a 64-bit operating system, the installer will automatically install a compatible version, but the Extract path will read: C:\Program Files (x86)\ESET\Install
After clicking Extract you will see the files being expanded onto the disk:
.and then you should see the following message:
Once the Setup Wizard has started, you will be presented with the Installation choices.
NOD32 Installation Guide 10
NOD32 Installation choices
Typical installs NOD32 with the correct settings for normal usage, and will make most of the decisions for you about the installation. If you have no particular requirement to install NOD32 with specific settings, it is recommended to choose this route. Typical installation is the default option. Advanced allows some customisation of the installation process, including being able to password protect settings and enable silent messaging. This is useful for users who have a shared computer. Expert allows every part of the installation to be controlled and customised, and offers many configuration options at install time, including setting up SMTP messaging for alerts. If you need to change the installation path from the default C:\Program Files\ESET you must choose either Advanced or Expert Installation modes. This guide shows all the installation options for each route, clearly marked, whether the information applies to Typical, Advanced or Expert, so that you can easily navigate to the relevant information. Whichever installation route is chosen, all the options, apart from a select few, such as installation path, desktop icon and context menu scanning, are configurable after the product is installed, so for most purposes, a typical installation is fastest and simplest. For an At-a-glance chart of installation options see Appendix B: Installation Types

NOD32 Installation Guide 11
End User Licence Agreement
In all installation modes, the next screen will be the End User License Agreement, on which you must choose I accept and click Next> to continue installation. You may also Print the license agreement for future reference. You are advised to read the terms of the license carefully before proceeding with the installation. If you decline the license terms, the installation cannot proceed.
Typical installation: jump to page 13 Advanced installation: continue to next page Expert installation: continue to next page
NOD32 Installation Guide 12
Program Destination Folder
At this point the Advanced and Expert Installations allow you to change the destination folder of NOD32, if you have a specific reason for doing so. During Typical install, this screen will not be shown.
Unless there is a specific need to change the installation path for instance, you want to install NOD32 on a different drive, or already have a folder called ESET on a different drive that you want to use instead, we recommend that the default setting is used. Once you have the correct path, click Next> to proceed.
NOD32 Installation Guide 13
Configuring Automatic Updates
At this point the Typical, Advanced and Expert installations converge. You will now be presented with a screen asking you to choose your update server. We strongly recommend that you use the setting <Choose Automatically> This ensures that updates will be delivered most efficiently. If you do not enter a username and password at this point, the product will not receive automatic updates until you enter them.
You will be prompted to provide a username and password for updates. You should copy and paste these from your license email to ensure that no typing errors are made. (Highlight the text, Ctrl + C to copy and Ctrl + V to paste into the required fields) If you do not have this information to hand, you can choose to set update parameters later, otherwise you will not be able to proceed with the installation without either entering a username and password.
NOD32 Installation Guide 14
Configuration of Internet Settings
You will now be asked about your Internet Connection settings. If you use a dial-up modem (not broadband or networked) then you need to check the I use dial-up (modem) Internet connection option.

This will set NOD32 to update when an internet connection is detected. You will also be asked whether you use a proxy server, if you dont or are unsure, just accept the default setting, as shown, and NOD32 will work it out for you. For all installation routes, if you choose a Proxy Server configuration, continue to the next page. If not:
Typical installation: jump to page 21 Advanced installation: jump to page 16 Expert installation: jump to page 16
NOD32 Installation Guide 15

Proxy Servers

If you know that you use a proxy server, and chose the I use a proxy server option, you will be presented with a screen in which you can fill out your proxy details.
Your network administrator or ISP (Internet Service Provider) should supply you with the username and password for the proxy, if required. Do NOT put your NOD32 username and password into these fields.
When you have finished, click Next> to continue the installation.
NOD32 Installation Guide 16

Configuring Updates

The Advanced and Expert installation routes allow you to configure updating options at this point.
Clicking on the Change button will give control over program and signature options, all of which can be configured after installation. Its recommended that you leave these options as they are. ESET release regular updates to keep NOD32s protection current, we strongly advise that automatic updating is left enabled, to ensure that your computer has the best protection possible.
NOD32 Installation Guide 17

General Setup

Advanced and Expert mode installation now give several other options. The Silent mode option can be set, so that only an administrator (set later) is sent messages that do not require some user intervention. There is also an option to password protect the settings if you work on a shared computer, and you dont want other people to be able to change the NOD32 configuration, you can set a password of your own choosing (NOT the license password that was sent to you by ESET) on the configuration options, so that only you will be able to change the configuration.
NOD32 Installation Guide 18

Disabling ESETs custom graphics & the NOD32 splash screen
At this point, Expert mode will also give you the option to use a standard windows interface rather than the NOD32 default, and to disable the Splash Screen (a banner with NOD32 information on it) that comes up each time you log onto Windows.
NOD32 Installation Guide 19

Warning distribution

If you wish to send a notification message to an administrator for example, this window gives you 2 options: to send a warning message by email and/or by Windows Messenger system. If you are a single-user, there is no need to check these boxes.
In the next window, you will be able to enter the details of the recipients.
NOD32 Installation Guide 20

SMTP / Messaging Options

If your SMTP server requires authentication you may configure that once the NOD32 installation has completed. At this point, you will only be able to enter the addressing information. Expert mode now allows you to configure alerting and messaging options. NOD32 has several configurable messaging options, which are particularly useful for networked computers, where an administrator looks after several machines. To configure the options at this point, you will require the following details: Note: The example information in this screenshot has been added to illustrate the options - the options will be blank when the screen is presented to you.
SMTP Server address Default sender address and recipient email address(es)
Windows Messenger recipients
You will need to ascertain the computer names, domain names or IP addresses from the systems administrator in your network. If you did not check one or other of the boxes on the previous screen, then the unchecked option will be greyed out in this screen. If you chose neither option on the previous dialogue, this screen will not be shown.
NOD32 Installation Guide 21
ThreatSense.Net Early Warning System
At this point the Typical, Advanced and Expert installations converge. This is a system for automatic evaluation of files requiring further analysis in ESETs labs and enables their automatic submission. If you choose to enable ThreatSense.Net, it will also collect and submit anonymous, statistical data about detected infiltrations, which enables ESET to watch and evaluate the progress and severity of specific spreading threats.

By clicking the Advanced setup button, you can amend the default settings.
NOD32 Installation Guide 22
Detection of potentially unwanted applications
Some advertising and activity tracking companies complain about detection that terms their software as Adware or explicitly calls it Spyware. NOD32 2.7 includes the detection of potentially unwanted applications. This setting includes some Adware and other not necessarily malicious applications. Though not always malicious, some Adware will often fill a computer with a larger amount of file and memory baggage. This overhead, though not necessarily a security risk, is extremely irritating and troublesome to many users.
NOD32 Installation Guide 23
Access MONitor (AMON) Configuration
AMON (Access MONitor) is a memory-resident (always running when computer is on) file scanning program. Automatic starting of AMON after computer restart is a fundamental defense against malicious code. Quitting AMON is not recommended and should only be done under special circumstances. Execution of two different antivirus monitors (from different products or companies) is not recommended since it may make your computer slower and/or cause a system crash, especially on Windows NT systems, might lead to serious problems. AMON is the most important line of antivirus defense. It is critically important to keep it running at all times using the most current version of the virus signature databases and NOD32 program upgrades. AMON monitors all potentially threatening actions on protected computers such as opening, executing, creating or renaming files.
IMPORTANT: Do not enable another resident scanner from a 2nd anti-virus program, otherwise your system could become unstable.
Typical installation: jump to page 30 Advanced installation: continue to next page Expert installation: continue to next page
NOD32 Installation Guide 24
Options for On-Demand Scanner
Configuration of On-demand scanning integration is available in the Expert and Advanced routes at this point. To allow easy access to the NOD32 On-Demand scanner, an icon can be placed on the desktop during installation, if this is not desirable, this action can be prevented here.
Context menu scanning (Enable on-demand scanner using mouse) allows the user to right click on a file or folder in Windows, and choose to scan it with NOD32. This integration into the context menu can be disabled here. Neither of these options can be enabled after installation. If they have been disabled here, the program will require re-installation to enable these options. We recommend these options are left checked.
NOD32 Installation Guide 25
Document MONitor (DMON) Configuration
Microsoft Office documents (Word, Excel, etc.) can sometimes contain viruses which infect other files when the document is opened. Document MONitor (DMON) provides protection against this sort of threat. Later versions of Internet Explorer allow Microsoft Office documents to be opened within the browser, directly from the internet. DMON will monitor these documents and prevent infiltration of a virus should an infected document be opened.

DMON is enabled by default in all installation modes, but can be disabled if desired in Advanced and Expert modes.
NOD32 Installation Guide 26
Internet MONitor (IMON) Configuration
While the role of AMON is to provide real-time, resident, anti-virus monitoring of a system and user actions, the IMON module protects your computer from email and internet threats. To allow scanning of POP3 email and while also using the internet, we recommend having IMON enabled. IMON is enabled by default in all installation modes, but can be disabled if desired in Advanced and Expert modes.
IMONs primary role is to monitor incoming email. The key advantage of IMON is its ease of use. There is virtually no setup necessary since this module works with all email programs. IMON works on the winsock level (operating system level). If IMON is not enabled, the AMON module will still prevent the opening of infected attachments saved from email and the internet. However, it is strongly recommended that IMON be enabled while using email or the internet.
NOD32 Installation Guide 27
IMON Configuration (email)
IMON will work correctly with most POP3 email clients, however there may be cases where some incompatibility occurs, in which case, you can reduce the efficiency of IMON, to ensure that it works correctly. Notifications of checking can be added to email, and this option can be configured here (in Advanced and Expert routes)
Reducing the efficiency of IMON may mean that some features are disabled, or that the performance may be affected.
Generally, it is not recommended to enable IMON when installing NOD32 onto a server, as some system instability may occur.
NOD32 Installation Guide 28
IMON Configuration (HTTP)
IMON can also check for infiltrations coming through the internet browser. The default option is to offer a choice of actions to the user when an undesirable object is detected. IMON can also be configured to automatically deny the download of the infected file. HTTP checking is enabled by default, but can be disabled during Advanced and Expert installations.
NOD32 Installation Guide 29
Email MONitor (EMON) Configuration
EMON (Email MONitor), a complementary resident module, scans emails incoming via MAPI interface. The MAPI interface hooks into the different interfaces of Microsoft Outlook. MAPI interface is used also when receiving emails from the Microsoft Exchange Mail Server via the Exchange protocol.
Even if the MAPI Interface is not used on the computer, EMON will still be installed. E-mails incoming via the POP3 protocol will be checked by IMON.

NOD32 Installation Guide 30
Completion of Setup Configuration
At this point all installation tracks reconverge, and the configuration phase is complete. This is the last point at which changes can be made to the selected installation options, before the files are copied and the configuration completed.
If you wish to change any configuration parameters, use the Back button now. If you have enabled the AMON module, you should particularly ensure that you have no other resident (on-access) anti-virus scanner active before proceeding. To complete the installation with the selected configuration, click Next>
During the setup, you will see this message:
NOD32 Installation Guide 31
After installation has completed you will be required to restart your machine. You should ensure that no other anti-virus scanner will load at restart, save any active work, and click Finish to restart the machine.
If you do not wish to restart immediately, choose Restart later. NOD32 may not function correctly, and your computer may not be protected from viruses until you have restarted your computer.
Once your PC has re-started, open the NOD32 Control Center by clicking this icon once, in the bottom right hand corner of your screen, look in the Update section and press the Update now button to ensure you are up to date with ESETs virus definitions. After that, go to the Threat Protection Modules section and click once on NOD32. In the right hand screen, click the button for an In-depth analysis. This will give your machine an immediate and thorough scan.
NOD32 Installation Guide 32
Configuration.after installation
NOD32 Installation Guide 33
Configuring Profiles for manual or On-Demand scanning
The first thing you might want to do is review the default profiles so that NOD32 is scanning exactly what you want, when you want. Open the Control Centre by clicking this icon in the bottom right hand corner of your screen (in the system tray near the clock). Then under the section Threat Protection Modules click NOD32 and in the resulting right hand window, click Run NOD32.

NOD32 Installation Guide 34

Scanning Targets

After a few seconds, you will be presented with the Scanning Targets window where you can choose which drives are scanned (the ones selected will have a red check mark through their icon).
NOD32 Installation Guide 35
Next, move to the Setup tab where you can alter the default settings to suit your personal preferences of what is scanned when running NOD32 for an On-demand scan. You can add or exclude certain file types if desired and you can send messages of warnings to another machine or an administrator.
Details for the latter need to be entered in the NOD32 System Setup > Notifications area.
NOD32 Installation Guide 36

Actions

Then move to the Actions tab where you can change the default settings if you wish. You can select: Files Boot sectors Archives Self-extracting archives Runtime packers Email Email folders Operating memory (depending on your selections in the next section: Setup) and choose what actions you would like NOD32 to perform if an infiltration is detected. You can choose to Quarantine a suspicious file for most of the types of objects just mentioned, which means that a copy of the malware will be placed in the ESET folder (C:\All Programs\ESET\infected). This can then be sent to ESET for analysis if absolutely necessary. If you choose Clean as the action to take If a virus is found and it is not possible for technical reasons to clean a particular file, there are some secondary actions that can be activated in the right hand column in this window. (Refer to Dealing with alerts and virus incidents on page 46, for more information)
NOD32 Installation Guide 37

Profile saving

The last tab in this section is for Profiles. By default, the program will use the Control Center Profile. If youve made some changes on the previous tabs, you can now save them to Control Center Profile, or to My Profile if you wish. There are also some pre-set Profile headings for Floppy Disk, In-Depth Analysis and Local Disk scanning, so there are numerable variations for On-Demand Scanning options. The Context Menu Profile refers to scanning an individual file or folder by right-clicking on it. When you do so, a drop down panel will give you various system options; one of them is to get NOD32 to scan the file or folder for infections. This is a very useful quick check before opening any file. Some users might want to set up another profile for some specific scanning of certain media. You can create a new name for it here by clicking the Profiles button in the lower part of the window. Then you can setup some new parameters and save them under this profile.
Its also possible to use Password Protection to stop other users changing profile settings. First, you must setup Password Protection. You may have already selected this during installation. In the main Control Center window, enter the NOD32 System Tools section and then look in the NOD32 System Setup area. Then click Setup and you will see the area for setting your password. The password is totally of your invention and should NOT be confused with the username and password that ESET send you with your license email. Make sure the password is easy for you to remember, but if you did forget it, you can unlock NOD32 again by getting this unlocking utility from our website: http://www.eset.com/files/unlock.exe

Internet traffic scanning (IMON)
IMON will also continually work in the background on your machine, checking your incoming email and also any websites that you visit and download from.
For more information on AMON, DMON, EMON & IMON or the NOD32 scanner, please check the Help button in the NOD32 Control Centre (there is a 2nd button in the righthand window too for specific module help) and/or have a look through the Frequently Asked Questions (FAQs) on the ESET website: http://www.ESET.com/support/faq.php On access scanners load into system memory, and intercept all the calls made by the operating system to the file system. In this way they ensure that a file has been scanned before it is passed to the system for opening, thus preventing a virus from infecting the sytem.
NOD32 Installation Guide 42

Updating

By default, NOD32 will check for Virus Signature Database updates automatically. These are the descriptions that our analysers have created, of the many viruses, worms and trojans. You can also manually check for updates, if you wish, by clicking the Update now button in the Update section. The upper right hand window will give you information on the last time you received an update and the version number of the VSD (Virus Signature Database). If you were in any doubt as to whether your VSD was current or not, you can go the Support page on the ESET website (http://www.eset.com/support/index.php) where the latest version number is shown. To make any changes to the updating procedure, click the Setup button.

NOD32 version

To find out which version of NOD32 you have installed, you can look in the NOD32 System Tools under Information. In the right hand window, about half way down, you will see the details of the components you have installed. At the top of the window is information about which VSD you currently have: the version number and the date you received it.
New updates are released every day, on average, although there is no guaranteed rule. In addition, Program Component Upgrades are also sometimes sent out. This occurs when a major change has been implemented in the NOD32 application. When only minor changes are made, a newer version is made available on the website for free download to all registered users.
NOD32 Installation Guide 43
Updating with a dial-up connection
If you have a dial-up connection to the internet, NOD32 will check for updates as soon as you connect and will keep checking every hour, assuming you stay online for a long while of course. You will see this in the Scheduler/Planner section, also under NOD32 System Tools

The 1st item will be checked if you have an always online connection (eg: DSL, T1) and both the 1st and 2nd items will be checked if you have a Dialup connection and have entered the correct details when installing.
NOD32 Installation Guide 44

ThreatSense Heuristics

This is something that NOD32 is particularly good at: scanning for possible malware, enabling detection of new malicious software without having to wait for updates. The heuristic capability contains sophisticated algorithms which allow proactive detections, meaning that protection against new malware is available immediately. Although we try our utmost to keep up with the perpetual torrent of new malware, its not possible to produce virus signatures in the blink of an eye, so this is where the use of Heuristics is a distinct advantage.

Advanced Heuristics

This extends the standard heuristic capabilities of NOD32 and allows detection of a high number of new threats, etc. However, we recommend that you use Advanced Heuristics carefully when setting up these preferences for an Ondemand scan as it can slow the scanning time quite dramatically and can occasionally produce a False Positive, hence it is not enabled by default. (A False Positive is when NOD32 suspects a file or folder is containing something malicious but which turns out to be harmless).

Anti-Stealth Technology

Rootkits are now frequently used to hide malicious processes and files. Enabling the use of Anti-Stealth technology will allow Rootkits to be detected, even if they are installed and active, and they are hiding files from the operating system. NOD32 can then use signatures and heuristics to detect and remove these threats. We recommend periodically running an In-depth analysis scan of your machine, for example, which has Advanced Heuristics enabled. In fact, this type of scan has everything set to maximum, hence its a sensible habit to run it now and again. You may wish to setup a Scheduled Task to run an In-depth analysis scan once a week, or once a month. In NOD32 Control Center, look in NOD32 System Tools section and click on Scheduler/ Planner. Then click on the [+] Add button and follow the setup instructions. We strongly recommend leaving Advanced Heuristics enabled in the AMON, DMON, EMON & IMON modules. For more information please check the Help button in the NOD32 Control Centre and/or have a look through the Frequently Asked Questions (FAQs) on the ESET website: http://www.ESET.com/support/nodfaq.htm
NOD32 Installation Guide 45
Dealing with alerts & virus incidents
NOD32 Installation Guide 46
Dealing with alerts and virus incidents
Basic rules to follow if a virus is detected: Trojans can only be deleted as they do not infect other files and contain only their own code Worms in email attachments should be deleted as they contain only the viral code If the IMONs HTTP scanner detects a virus, choose to terminate the connection to prevent it from saving to the disk. If you are unsure whether it is safe to delete the particular file without any side effect on your systems functionality, we suggest you tick the Copy to quarantine checkbox before you choose to delete it. Please bear in mind that many viruses copy themselves to system folders such as WINDOWS or WINDOWS\system32 to confuse the user. Should you have any concerns about deleting the file and were unable to find any description of it, either on our website or on the web, please send the suspicious file to samples@eset.com for analysis. Note: Occasionally, you may get a virus alert where the name of the infection is unknown or probable. This is because one of the NOD32 modules has detected virus-like characteristics in a file but doesnt have a matching signature to verify the virus name. This is most common with very new infections which have not yet been identified. NOD32 has an impressive record of catching still-unknown, new viruses and worms because of the sensitivity and power of these characteristic scanning techniques, also known as heuristics. Since these are very often as-yet-unknown malware (bad software), we are very interested in receiving samples of these files for analysis.

Boot Sectors

Broadband

C: Cache

Dial-up connection DMON Download False Positive
IMON Installer IP address

ISP MAPI

NOD32 Installation Guide 53
Operating Memory The area of memory used by the system to run itself and any loaded programs. Some Operating memory (also called System Memory) on the disk in a swapfile, which is a type of Cache, and the rest in the RAM chips on the computer. Viruses try to load themselves into Operating Memory so that they remain active while the computer is switched on. Your password, secret word or code used to access information. For instance, your personal password assigned by ESET to access the ESET servers for updates, upgrades and downloads. (You may also set your own password to protect your settings from other users on your computer. This is set by you and should not be confused with ESETs password). Version 3 of the Post Office Protocol. POP3 allows a client computer to retrieve electronic mail from a POP3 server via a (temporary) TCP/IP or other connection. It does not provide for sending mail, which is assumed to be done via SMTP or some other method. IMAP and POP3 are the most common methods for email retrieval. A computer specifically designed to reduce the amount of bandwidth used, or to control access to the internet. A proxy will be either a caching meaning it stores a copy of the content downloaded through it for faster future access or pass through meaning it will simply provide a gateway to other services, for instance websites. Usually home users will not be using a proxy. Random Access Memory Used for the operating memory which can be used by programs to perform necessary tasks while the computer is on; an integrated circuit memory chip which allows information to be stored and accessed far faster than from the hard disk. Read Only Memory - memory whose contents can be accessed and read but cannot be changed used mainly for the system BIOS and CMOS chips. (These tell the machine how to start up and find the disks) Packers do simply as their name suggests, they pack or compress a program much the same way a compressor like Pkzip does, packers then attach their own decryption / loading stub which unpacks the program before running it. Packers are often used by virus writers to try to confuse anti-virus scanners. Simple Mail Transfer Protocol. Allows electronic mail to be sent from an email account. The SMTP dialog usually happens in the background under the control of the message transfer agent, e.g. sendmail or outlook express. Software that secretly collects personal information and delivers it to an unauthorised 3rd party. Some Spyware can significantly slow the machine, or cause system crashes. The ThreatSense.Net Early Warning System assists in submitting new malware threats to ESETs lab and therefore provides valuable information to help protect the users PC. A Trojan Horse is a program intended to perform some covert and usually malicious act which the victim did not expect or want. It differs from a virus in that it doesnt replicate, although some viruses can contain Trojans. Uniform Resource Locator - The structure of a web address. ie: the HTTP part (HyperText Transfer Protocol), the domain name or IP address and the final section (top level domain): [.com] [.uk] [.org] [.net] [.gov].etc. For example: http://www.ESET.com Your personal username assigned by ESET to access the ESET servers to download updates and upgrades. A computer virus is a self-replicating program that copies itself and that can infect other programs by modifying them or their environment such that a call to an infected program implies a call to a possibly evolved copy of the virus. Virus Signature Database - The collective, known signatures of viruses, released by ESET, on average, every day, to keep your computer up to date with protection. A subset of viruses which replicate as above but without requiring a host file (The worm file contains everything necessary for the virus to replicate itself). Worms require a networked system to reproduce. Email is one method a worm can use to spread.

ESET NOD32 Antivirus for IBM Lotus Domino

Installation

Copyright ESET, spol. s r. o. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means electronic or mechanical, for any purpose without the express written permission of ESET,spol.sr.o. Information in this document is subject to change without prior notice. Certain names of program products and company names used in this document might be registered trademarks or trademarks owned by other entities. ESET, NOD32 and AMON are trademarks of ESET, spol. s r. o. Microsoft and Windows are registered trademarks of Microsoft Corporation.
ESET, spol. s r. o. Einsteinova 24, Bratislava, Slovak Republic http://www.eset.eu Customer Care Worldwide: www.eset.eu/support Customer Care North America: www.eset.com/support REV.20101130-007

1. Introduction

ESET NOD32 Antivirus for Lotus Domino (AMFE) is a Lotus Domino server addin, built upon the state-of-theart NOD32 scanning engine. It was designed to protect email communication from virus infiltrations propagating by e-mail, and to lower the e-mail traffic by filtering out undesired e-mail attachments. ESET NOD32 Antivirus for Lotus Domino utilizes the same engine as NOD32 2.7, including archive scanning, advanced heuristics, adware/spyware/riskware detection, etc.
Before you install The installation package contains all necessary files to optimally set up the ESET NOD32 Antivirus for Lotus Domino server - ESET NOD32 Antivirus v2.7 (ndntenst.exe), the ESET NOD32 Antivirus for Lotus Domino addin (nod32domen.exe) and this manual. ESET NOD32 Antivirus for Lotus Domino works as an addin for the Lotus Domino server, that utilizes the ESET NOD32 Antivirus version 2.7 (NOD32 v2.7) scanning engine. Before starting the installation of ESET NOD32 Antivirus for Lotus Domino we recommend you make sure NOD32 v2.7 is installed on the Lotus Domino server. Please note, that NOD32 version 2.7 must be installed on the server before you can continue with the installation. In your installed NOD32 v2.7 on the server go to the Extensions editor in the AMON module and set up an exclusion for files with the TMP extension from scanning. You must stop the Lotus Domino Server service, before you can install (uninstall) ESET NOD32 Antivirus for Lotus Domino. Installing ESET NOD32 Antivirus for Lotus Domino Installation process: 1. extract the nod32domen.exe installation package 2. navigate to the temporary folder, and run the appropriate setup file for your oper. system: setup2k.exe for Windows 2000 / 2003 server setupnt.exe for Windows NT server 3. the installer will search for the current Lotus Domino notes.ini file and will offer to use the first file found. After the file has been found, confirm it by typing y and pressing ENTER to go ahead with the installation (img. 1) 4. if the found notes.ini file is not the right file, then type n and press ENTER to continue

2. Quick Installation

System requirements Supported operating systems Microsoft Windows NT 4.0 Microsoft Windows Server 2000 Microsoft Windows Server 2003 Supported versions of IBM Lotus Domino: IBM Lotus Domino R5 (5.0.9a & higher) IBM Lotus Domino R6 IBM Lotus Domino R6.5 IBM Lotus Domino R7 IBM Lotus Domino R8 IBM Lotus Domino R8.5 Supported ESET product: ESET NOD32 for Windows version 2.7 NOTE: ESET NOD32 Antivirus 2.7 does not support 64-bit installations of IBM Lotus Domino. (img. 1) (img. 2)

(img. 3)

(img. 4)

(img. 5)

(img. 6)
5. type the path to the correct notes.ini and press ENTER (img. 2) 6. enter the name of a new subdirectory in the Lotus Domino data folder where you want the file to be created, and where the ESET NOD32 Antivirus for Lotus Domino databases will be copied to, and press ENTER (img. 3) 7. wait for the installation to complete 8. after the installation has completed, press any key to exit the installation dialog (img. 4) After installation, before Lotus Domino server startup, enter a license key for ESET NOD32 Antivirus for Lotus Domino product to NOD32 Control Center (NOD32 Control Center > NOD32 system tools > Settings > License Keys). The license key is sent to your contact address together with authorization data by ESET spol. s r. o. After entering the license key, start Lotus Domino server. At the server startup, ESET NOD32 Antivirus for Lotus Domino (AMFE) will be loaded. (img. 6) After a successful installation, the following files will be created in the specified folder (i.e. in the Lotus Domino data subfolder): AMFE help.nsf AMFE log.nsf

AMFE Mail Review.nsf AMFE Quarantine.nsf AMFE Setup.nsf Uninstalling ESET NOD32 Antivirus for Lotus Domino The steps 1 to 5 are identical with those for installation. 6. after the installer has recognized a previous installation of ESET NOD32 Antivirus for Lotus Domino, it will offer you to uninstall it from the computer. Type y and press ENTER (img. 5) 7. wait for the uninstallation to complete
8. after the uninstallation has completed, press any key to close the installation dialog
Settings: Status (Enabled/Disabled) toggles the checking on/off Text to append to bottom of message: - the text message appended at the end of infected e-mails. Setting up actions that are applied after successful or unsuccessful cleaning: Replace file in message cleans infected files (cleanable) Delete file from message deletes infected files (regardless of whether they are cleanable or non-cleanable) Place text into file body replaces the body of infected files with a text message (the text of the e-mail will be replaced with the text you enter here) Make log entry enables logging Append virus info to message adds information about detected threat to email Place infected file into quarantine database moves infected files to quarantine (img. 8). Mail Filter Setup: ESET NOD32 Antivirus for Lotus Domino enables email filtering based on specified criteria. The filtering can be accomplished by applying various rules. By adjusting the filters the proper way, it is possible to filter out spam effectively. To create a new filter, click the New Mail Filter button. To assign different priorities to the filters, move them up and down using the arrow keys. The higher a filter is lis-

3. Setup

ESET NOD32 Antivirus for Lotus Domino Setup (AMFE Setup)
To configure ESET NOD32 Antivirus for Lotus Domino, open Domino Administrator or your Lotus Notes client (Workspace). To launch ESET NOD32 Antivirus for Lotus Domino, click the Enable button in the upper part of the AMFE Setup (Service status:). After ESET NOD32 Antivirus for Lotus Domino starts, Lotus Domino Server must be restarted (img. 7). The settings are divided into two groups: Antiviral Engine Setup: To display the Engine settings, double click on the setup document. By default, the settings are displayed in view mode. To edit the settings, click the Edit button. (img. 7)

(img. 8)

ted, the higher priority it has. To switch a filter on/off, select a filter and click the Enable / Disable button. The Filter Settings are displayed after double-clicking the filter. By default, the settings are displayed in view mode. To edit them, click the Edit Button. Settings Status (Enabled/Disabled) enables/disables the filter Description name of the filter. Filter settings From contains filters by sender To contains filters by addressee Subject contains filters by subject Body contains filters by text in the e-mail body Attachments size filters by the size of attachment Action to take actions applicable to e-mail messages Delete (reject) message deletes filtered messages
Move message to mail review database moves messages to the review database Log Message to mail review database and deliver the message delivers messages to their addressees and places a copy of the messages to the review database Remove attachments and deliver deletes attachments and delivers messages subsequently. Strings used for filtering email must commence and end with an asterisk (e.g. *viagra*). Wildcards can also be used. A question mark (?) substitutes any one character, while an asterisk (*) substitutes zero or more arbitrary characters. Use a semicolon (;) to delimit multiple strings, if necessary. Example: To filter out email from the hotmail.com and yahoo.com domains, enter **@hotmail.com*;**@yahoo.com* to the From contains field.
4. Log, Mail Review and Quarantine database maintenance

AMFE Log Database

contains a review of all infected e-mails detected. The database also provides information about the time an incident occurred, the name of the threat as well as the recipient. The information in the database can be sorted by date or the name of the threats. To enable database logging, select Make log entry, which is located in the Mail Filter setup. Quarantine Database
the Quarantine database keeps track of all infected files detected. If needed, the files can be recovered. As in the previous case, items in quarantine can be arranged by date or name of infiltration. To store infected files in quarantine, select Place infected file into quarantine database, found in the Mail Filter Setup. Mail Review Database

contains all e-mails that have been filtered. Messages are divided into delivered and undelivered. E-mail messages delivered to their respective addressees are indicated by this icon (when displaying all messages). Undelivered e-mails can be sent back to their addressees to do so, select messages and click on the Deliver button.