This section contains descriptions of the files that are on Command's F-PROT Professional for Windows NT installation diskettes. There is also another section containing a list of messages that might appear in Windows NT's Event Viewer.
The following alphabetized list contains the names and descriptions of files that are located on Command's F-PROT Professional installation diskettes. File names beginning with "SE_" are self-extracting executables. Compressed files containing additional files within them are denoted by an asterisk. The files located within compressed files are listed immediately after the description of the compressed file itself.The location of the files mentioned below is subject to change at the discretion of Command Software Systems. It is also possible that new or additional files may have been added since this list was compiled. The listing that follows was current at the time this manual was printed.
Setup supplementary file used to assist in the installation.Installation target: During installation this file is copied to a temporary folder on the hard drive. It is removed after the installation completes.
Setup supplementary file used to assist in the installation.Installation target: During installation this file is copied to a temporary folder on the hard drive. It is removed after the installation completes.
This is a dynamic link library used for displaying the initial Command's F-PROT Professional dialog boxes.Installation target: During installation this file is copied to a temporary folder on the hard drive. It is removed after the installation completes.
A setup resource library file. _SETUP.LIB contains several files that are decompressed into a temporary folder on the hard drive. Those files assist in Command's F-PROT Professional setup. They are removed at the end of the installation process.Installation target: During installation this file is copied to a temporary folder on the hard drive. It is removed after the installation completes.
This is a resource dynamic link library file used during installation.Installation target: During installation this file is copied to a temporary folder on the hard drive. It is removed after the installation completes.
This is a resource dynamic link library file used during installation.Installation target: During installation this file is copied to a temporary folder on the hard drive. It is removed after the installation completes.
This is a resource dynamic link library file used during installation.Installation target: During installation this file is copied to a temporary folder on the hard drive. It is removed after the installation completes.
This is a resource dynamic link library file used during installation.Installation target: During installation this file is copied to a temporary folder on the hard drive. It is removed after the installation completes.
This file is an installation and uninstallation support library. Initially, it is a file located within _SETUP.LIB. After the installation completes, CSS_1751.DLL can be found on the hard drive.Installation target: F-PROTNT folder.
FPWCFG.EXE
This is a utility program, located in _SETUP.LIB, used for configuring F-PROT32's main scanner. This executable is designed primarily as an administrative tool and is indirectly accessible only through the SETUP NETADMIN command. Installation target: Stays on installation diskette.
This file does not reside on Command's F-PROT Professional installation diskettes. Rather, it is created on the hard disk during the installation process. DeIsL.ISU is, essentially, a log script that is used by Command's F-PROT Professional's uninstallation routine.Installation target: F-PROTNT folder and Windows NT's System32\Drivers folder.
This is a text file that lists the current Command's F-PROT Professional distributors.Installation target: Stays on installation diskette.
This file provides Command's F-PROT Professional with language information for its English users.Installation target: F-PROTNT folder.
This compressed file contains the following two files:
F-AGENT.EXE
This executable displays current scanning activity and can start Command's F-PROT Professional.Installation target: F-PROTNT folder.
ACTIVITY.DLL
This dynamic link library is used to detect when a scheduled scan should take place given a pre-set amount of keyboard or mouse inactivity.Installation target: F-PROTNT folder.
A 16 bit DOS utility program used to help reconstruct MBR and boot sectors damaged by viruses.Installation target: F-PROTNT folder and rescue disk.
This compressed file contains the following six scanner-related files:
CSS-AVS.EXE
This is the CSS AV Scheduler program. It is used for the execution of scheduled antivirus scans. Normally run from within Windows as a service, this executable can also be run, with parameters, from the command line.Installation target: Windows NT System32 folder.
DUNZIP32.DLL
A dynamic link library used by F-PROT32.EXE for the scanning of zip-compressed files.Installation target: F-PROTNT folder and Windows NT System32 folder.
F-NET.EXE
An executable used by F-PROT32.EXE for getting information from NetWare.Installation target: F-PROTNT folder.
FPROTNT.PDF
A PDF file to be used with Windows NT SMS for the network distribution or uninstallation of Command's F-PROT Professional.Installation target: Stays on disk.
FPSHEXT.DLL
A dynamic link library shell extension that is used to provide rightclick mouse scanning support.Installation target: F-PROTNT folder.
MACRO.DEF
This is the virus signature file for the F-MACRO.EXE anti-virus program.Installation target: F-PROTNT folder and the Windows NT System32/Drivers folder.
MACRO97.DEF
This is the virus signature file for the scanning of MicrosoftOffice 97 documents.Installation target: F-PROTNT folder and the Windows NT System32\Driver folder.
NWCALLS.DLL
Novell dynamic link library for communicating with NetWare servers.Installation target: F-PROTNT folder.
Command's F-PROT Professional for DOS executable. If run without parameters, this program provides a DOS user interface for manual scanning.Installation target: F-PROTNT folder.
An informational file listing which program files are found on which installation diskettes. FILEINFO.TXT also briefly describes each files function.Installation target: Stays on disk.
This compressed file contains the following files:
CLIENT.INS
A secondary installation script for installing a client version to the hard drive.Installation target: The Setup program folder identified during the execution of SETUP NETADMIN.
F-PROT32.EXE
This executable is Command's F-PROT Professional Windows GUI. From within that interface, scans can be run, scheduled and configured to fit user or administrator needs.Installation target: F-PROTNT folder.
A dynamic link library that supports the FIXDSKNT.EXE program and Setup.Installation target: F-PROTNT folder.
FIXDSKNT creates a file that contains a copy of the MBR and boot sector. The file is then placed on Command's F-PROT Professional rescue disk.Installation target: FIXDSKNT is copied to the F-PROTNT folder.
This compressed file contains Command's F-PROT Professional scanning task files (denoted by an ".FPT" extension) in a long file name format. The following .FPT files are included within this .CSS file:
Scan CD-ROM.FPT
This task scans the local machine's CD-ROM drive D:Installation target: F-PROTNT folder.
Scan Drive A.FPT
This task scans the local machine's Drive A:Installation target: F-PROTNT folder.
Scan Drive B.FPT
This task scans the local machine's Drive B:Installation target: F-PROTNT folder.
Scan Hard Drives.FPT
This task scans the local machine's hard drives.Installation target: F-PROTNT folder.
Scan Network Drives.FPT
This task scans network drives.Installation target: F-PROTNT folder.
This compressed file contains Command's F-PROT Professional task files in a short file name format The following .FPT files are located within this .CSS file:
SCAN_A.FPT
This task scans the local machine's A: drive.Installation target: F-PROTNT folder.
SCAN_B.FPT
This task scans the local machine's B: driveInstallation target: F-PROTNT folder.
SCAN_CD.FPT
This task scans the local machine's CD-ROM D: drive.Installation target: F-PROTNT folder if a short file name drive (Window 3.1, DOS)
Installation target: F-PROTNT folder.
SCANHARD.FPT
This task scans the local machine's hard drives.Installation target: F-PROTNT folder.
SCANNET.FPT
This task scans the network drives.Installation target: F-PROTNT folder.
This executable performs the uninstallation process.Installation target: F-PROTNT folder.
This compressed file contains Command's F-PROT Professional help files. The following three files are contained within HPNT.CSS:
F-PROTNT.CNT
This file contains the contents tab for the F-PROTNT help file.Installation target: F-PROTNT folder.
F-PROTNT.HLP
This is the F-PROTNT help file.Installation target: F-PROTNT folder.
QUICK.HLP
This file contains Command's F-PROT Professional's context-sensitive help information.Installation target: F-PROTNT folder.
This file copies Command's F-PROT Professional files from the installation diskettes to the server's hard drive.Installation target: Stays on the installation diskette.
A compressed file containing the SIGN.DEF signature file.
The virus signature definition file for Command's F-PROT Professional.Installation target: F-PROTNT folder and the Windows NT System32/Drivers folder.
An ASCII documentation file providing information regarding the latest changes or additions to the functionality of Command's F-PROT Professional.Installation target: F-PROTNT folder.
A compressed file containing the following three Windows NT 3.51specific real-time protection system files:
CSS-DVP.SYS
Command's F-PROT Professional anti-virus scanning engine for Windows NT 3.51.Installation target: Windows NT's System32\Drivers folder.
CSS-FLTR.SYS
The file that handles Windows NT 3.51 real-time protection with regard to such events as file opens, closes, and renames.Installation target: Windows NT's System32\Drivers folder.
CSS-REC.SYS
This system file handles real-time protection regarding file systems and media changes under Windows NT 3.51.Installation target: Windows NT's System32\Drivers folder.
A compressed file containing the three following Windows 4.0-specific real-time protection system files:
CSS-DVP.SYS
Command's F-PROT Professional anti-virus scanning engine for Windows NT 4.0.Installation target: Windows NT's System32\Drivers folder.
CSS-FLTR.SYS
The file that handles Windows NT 4.0 real-time protection with regard to such events as file opens, closes, and renames.Installation target: Windows NT's System32\Drivers folder.
CSS-REC.SYS
This system file handles real-time protection regarding file systems and media changes under Windows NT 4.0.Installation target: Windows NT's System32\Drivers folder.
This self-extracting file contains test file called EICAR.COM.
EICAR.COM
A test file that can be used to determine if Command's F-PROT Professional's anti-virus capabilities are working properly. This file mimics the behavior of a virus. However, EICAR.COM (from European Institute for Computer Anti-Virus Research) is non-replicating nd completely harmless. EICAR.COM can be used both to verify real-time protection and to demonstrate what Command's F-PROT Professional does when it finds a virus.Installation target: Stays on the installation diskette.
This self-extracting file contains the F-MACRO.EXE anti-virus program.
F-MACRO.EXE
This executable is a DOS-based program that detects and disinfects macro viruses.Installation target: Stays on the installation diskette.
This is the bitmap image file that appears on the SETUP splash screen.Installation target: Stays on the installation diskette.
The main executable used for launching the installation process of Command's F-PROT Professional.Installation target: Stays on the installation diskette.
This file contains setup initialization information for the setup program.Installation target: Stays on the installation diskette.
This file contains the installation instructions for the setup executable file.Installation target: Stays on the installation diskette.
A setup packing file for file disk layouts.Installation target: Stays on the installation diskette.
This executable helps to uninstall Command's F-PROT Professional.Installation target: Stays on the installation diskette.
An Command's F-PROT Professional file containing information regarding the nature of many common viruses.Installation target: F-PROTNT folder.
Compressed with the IShield proprietary compression program.
In the Windows NT Event Viewer, CSS AV Scheduler (CSS-AVS.EXE) logs event messages to the Application Log and CSS DVP (CSS-DVP.SYS) logs events to the System Log. The list below contains the Event ID code numbers and their corresponding message descriptions. The event messages that are logged in Event Viewer may refer to (1) actions taken when a virus is found, (2) systemrelated problems or (3) routine system functions. Event Viewer messages can be viewed by double-clicking your cursor on a message line in either of the above-mentioned log files. You will then be presented with an Event Details information box that contains the Event ID's full message.If, for some reason, the service file (CSS-AVS.EXE) gets deleted or becomes corrupted, the Event Details information box will contain the Event ID code number, but not a description of the message for that code number.
Message: AV Scheduler Service Install Failed.Cause: The most likely cause of this message is that the service is already installed.
Effect: If this message appears because of a prior installation of the service, then there will be no effect.
Solution: None required.
Message: AV Scheduler Service Installation Completed.Cause: This is an informational message notifying the user that the service has successfully been installed on the system
Effect: None.
Solution: None required.
Message: AV Scheduler Service Started.Cause: This is an informational message notifying the user that the service has successfully been started on the system.
Effect: None.
Solution: None required.
Message: AV Scheduler Service Stopped.Cause: This is an informational message notifying the user that the service has stopped. The service, in most instances, would have been terminated manually by the user.
Effect: None.
Solution: None required.
Message: Archive file is corrupted or cannot be accessed. [Filename.zip]Cause: The ZIP file may have been corrupted during a file copy or during the compression process. It may also have been saved to a physically bad section of the disk. Another possible cause is that the zipped file may be password protected.
Effect: The file cannot be successfully unzipped. As such, it cannot be scanned for viruses.
Solution: Use PKZipFix to repair the damaged file. The file in question is shown at the end of the message. If the file cannot be repaired, replace the damaged copy of the file with an uncorrupted copy of the file if possible. If the zipped file was password protected, then use the password to unzip the file and then perform a manual scan of the file.
Message: AV Scheduler Service cannot communicate with Kernel Mode Driver.Cause: The DVP Kernel Mode Driver has either been removed or it was not successfully installed. Another reason for the message may be that the kernel mode driver has been intentionally disabled by a user.
Effect: Dynamic Virus Protection will not function and scheduled scans will not take place.
Solution: Check the folder that should contain the kernel mode driver. If the driver is missing, either re-install Command's F-PROT Professional for Windows NT or manually copy the driver to the proper folder.If the kernel mode driver was found in the proper folder, using ScanDisk or a similar utility, check Command's F-PROT Professional installation diskettes for physical defects. If a defect is found, discard the defective diskette and create a replacement for it. Once a replacement has been made, re-install FPROT Professional for Windows NT.Finally, if it appears that the driver has been intentionally disabled, be sure to enable it once again.
Message: AV Scheduler Service cannot start -- Registration failed.Cause: A problem occurred during installation. The NT registry could be corrupted or another internal NT process failed during the F-PROT Professional installation process. Another possible reason for the message is that the service is already installed and running.
Effect: The service cannot start as it could not be registered in the NT Control Panel "Services" applet.
Solution: Boot from an emergency disk and instruct it to repair the registry.
Message: AV Scheduler Service cannot report to Service Control Manager.Cause: The Service-related entries in the registry may not be correct. Also, the Service's executable may be corrupted. Further, the Service Control Manager (SCM) may have been too busy dealing with another service for a successful report to take place. Another possible cause would be that the SCM component in Windows NT has failed.
Effect: The user will not be able to start, stop, pause or continue AV Scheduler as necessary.
Solution: Check the registry to make sure that AV Scheduler's settings are correct. Also, make sure that the executable, CSS-AVS.EXE, is not corrupt. If those two areas reveal no problems, then reboot the system and see if that reboot solves the AV Scheduler-related problem. If you still encounter problems after the reboot, the SCM component may be damaged. If this appears to be the case, contact the Microsoft Corporation for assistance.
Message: AV Scheduler Service has been terminated normally.Cause: This is an informational message informing the user that the service has been successfully shut down.
Effect: None.
Solution: None required.
Message: AV Scheduler Service cannot find Application Location path in registry, "Location" key Missing.Cause: The Application Location path in the Windows NT registry is either corrupted or it has been removed. The problem could have been caused either by a problem that was encountered during F-PROT Professional's installation or by a later corruption of the registry.
Effect: The scheduler service will not run.
Solution: Restore the missing path in the Windows NT registry. To restore the path, in the registry follow "HKEY_Local_Machine\Software\Command Software\F-PROT32". Then for the "Location" value, enter the proper value. In this case, the value will simply be the folder into which the program was installed.
Message: AV Scheduler Service cannot find any task to schedule.Cause: The service does not have read/write access to profiles or tasks that should be available to it. Two possible causes include (1) all the FPT files were deleted or (2) the profiles or tasks could not be read, perhaps due to a security program or some other such application or utility.
Effect: The service will run. However, although it is running, no tasks will be executed.
Solution: Change the access attributes to the profiles and/or tasks in question so that the service can read and write to them. If the FPT files were deleted, then they will need to be re-created. If another program is denying read/write access to the profiles or tasks, then that program will need to be modified so that such access is possible.
Message: AV Scheduler Service is Out of Memory.Cause: There are several reasons why this message may occur. For instance, too many programs may be open at once. Second, the machine may not have enough RAM. Also, some programs that have been closed may, nonetheless, still be occupying some RAM (this is known as RAM "leakage").
Effect: The effected program will not run.
Solution: To start, free up some memory by shutting down the most nonessential programs. If any unnecessary programs or utilities are being loaded in the StartUp folder, consider removing them. Also, be certain that the system has sufficient RAM to run all necessary programs.
Message: AV Scheduler Service has failed running a scan task because of low resources.Cause: The causes for this message are very similar to those for the "Out of Memory" message. Too many programs may be open at once. That is, the system may not have enough RAM to run more than a certain number of programs. Another possible cause could be that some programs, despite their being having been closed, may still be occupying some parts of memory, thus reducing the amount of available system resources.
Effect: The effected program will not run.
Solution: Terminate the most non-essential programs to free up some memory. If any unnecessary programs or utilities are being loaded in the StartUp folder, consider removing them. Also, be certain that the system has sufficient RAM to run all necessary programs.
Message: AV Scheduler Service has been Suspended.Cause: This is an informational message indicating that the service has been successfully paused.
Effect: None.
Solution: None required.
Message: AV Scheduler Service has been resumed and is running.Cause: This is an informational message indicating that the service has been successfully resumed after a pause or other interruption.
Effect: None.
Solution: None required.
Message: AV Scheduler Service has failed to get a scan thread from kernel mode driver.Cause: Too many applications are trying to communicate with the kernel-mode driver at the same time.
Effect: The service cannot ask the kernel-mode driver to perform a scan or other tasks.
Solution: Retry the operation at a later time.
Message: The AV Scheduler Service has been Stopped while Running a Task.Cause: This is an informational message informing the user that the scheduler has stopped during the execution of a task. The task itself will be terminated as well.
Effect: None.
Solution: None required.
Message: Error Terminating Thread.Cause: This is an informational message informing the user that the scan thread could not be terminated manually. The thread will continue to task until it terminates automatically.
Effect: None.
Solution: None required.
Message: Error Communicating with Service Control Manager.Cause: The SCM may have trapped or abended. Alternatively, the SCM may have been too busy to respond to messages.
Effect: The SCM information panel information would not be updated with the current status of the service.
Solution: Shutdown the scheduling service (CSS-AVS.EXE) and then restart it. Another solution would be to reboot the system.
Message: AV Scheduler Service Uninstall Failed.Cause: The Service Control Manager would not allow the service to be uninstalled. This could be caused by some problem in the registry. Another possible cause could be a previously failed uninstallation that left remnants of the service on the system. Also, this message can appear if the service has already been uninstalled. In other words, if the service is already uninstalled and you mistakenly try to uninstall the service, this message could appear.
Effect: The scheduling service will not execute as desired.
Solution: As the service may still be partially installed, a manual uninstallation is required. If you re-install the service after having manually uninstalled it, be sure to reboot the system so that all necessary files will be properly updated.
Message: Unable to get status of AV Service.Cause: This is an informational message informing the user that the main process thread of the service was unable to get information regarding the status of a sub-process, if any.
Effect: None.
Solution: None required.
Message: An error occurred while stopping the AV service.Cause: A process interfered with the proper termination of the service. This error message may also appear if the service was not running when the user attempted to "stop" the service.
Effect: The service will continue to run. However, it is unlikely that scheduled scans will continue.
Solution: The Service Control Manager (SCM) will contain information regarding the cause of the error. Use the information from the SCM to locate and troubleshoot the cause of the problem. In the short-term, simply restarting the system will often correct the problem.
Message: AV Scheduler Service has been removed.Cause: This is an informational message informing the user that the service has been successfully removed from the system.
Effect: None.
Solution: None required.
Message: While scanning a File, AV Driver reports: [Item Scanned] Action=[Action Taken on the Item Scanned], Result=[Optional Information on the Action Taken].Cause: This is an informational message informing the user that, when a particular file was scanned, an action was performed on the file. Optional information regarding the action that was taken is also reported.
Effect: None.
Solution: None required.
Message: While scanning the MBR, AV Driver reports: [Item Scanned] Action=[Action Taken on the Item Scanned], Result=[Optional Information on the Action Taken].Cause: This is an informational message informing the user that, when the Master Boot Record (MBR) was scanned, an action was performed on the MBR. Optional information regarding the action that was taken is also reported.
Effect: None.
Solution: None required.
Message: While scanning Memory AV Driver reports: [Item Scanned] Action=[Action Taken on the Item Scanned], Result=[Optional Information on the Action Taken].Cause: This is an informational message informing the user that, when memory was scanned, an action was performed upon it. Optional information regarding the action that was taken is also reported.
Effect: None.
Solution: None required.
Message: AV Scheduler Service cannot find Additional tasks path in registry, "Additional Tasks" Key Missing.Cause: This is an informational message informing the user that the "Additional Tasks" key has been removed from the registry.
Effect: None.
Solution: None required. F-Agent will recreate this missing key automatically when the next inactivity scan takes place. However, if this message appears persistently in the Windows NT Event Viewer, call Command Software Systems Technical Support for assistance.
Message: AV Scheduler Service cannot find User Profiles path in registry. 'ProfilePath' Key Missing.Cause: The "ProfilePath" key has been removed from the registry or its entry in the registry has been corrupted. This may have been caused by either an improper disk write or by a faulty installation.
Effect: The user's scheduled tasks cannot run.
Solution: Restore the "ProfilePath" key in the registry by adding the following key to the NT registry:HKEY_LOCAL_MACHINE/SOFTWARE/Command Software/F-PROT32Then, for the "Profile Path" item, enter the value of: C:\WINNT40\Profiles\%s\Command Software\F-PROTNT\Tasks
Message: Scheduled Scan of [Task Name] Started.Cause: This is an informational message informing the user that a particular scheduled scanning task has started.
Effect: None.
Solution: None required.
Message: Schedule Scan of [Task Name] Completed.Cause: This is an informational message informing the user that a particular scanning task has been completed.Effect: None.
Solution: None required.
Message: Scheduled Scan Task Information has been reloaded.Cause: This is an information message informing the user that task information regarding a scanning task has been successfully reloaded.
Effect: None.
Solution: None required.
Message: Scheduled Scan Task Information has been updated by Command's F-PROT Professional.Cause: This is an informational message informing the user that the Scheduled Scan Task information was revised by Command's F-PROT Professional.
Effect: None.
Solution: None required.
Message: F-Agent has requested an Inactivity Task Scan.Cause: This is an informational message informing the user that Command's F-PROT Professional requested a scan after "x" number of minutes of keyboard or mouse inactivity.Effect: None.
Solution: None required.
Message: AV Scheduler Service Received a Device IOCTL Error while scanning the MBR.Cause: The CSS-DVP.SYS and CSS-AVS.EXE files may be from two different releases. If this is the case, then service probably sent bad parameters to the kernel-mode driver.
Effect: The parameters passed to the kernel-mode driver will not take effect.
Solution: Make sure that CSS-DVP.SYS and CSS-AVS.EXE are from the same release.
Message: AV Scheduler Service Received a Device IOCTL Error while scanning Memory.Cause: As with Event ID 243, the CSS-DVP.SYS and CSS-AVS.EXE files may be from two different releases. If this is the case, then service probably sent bad parameters to the kernel-mode driver.
Effect: The parameters passed to the kernel-mode driver will not take effect.
Solution: Make sure that CSS-DVP.SYS and CSS-AVS.EXE are from the same release.
Message: AV Scheduler Service Received a Device IOCTL Error while scanning a File.Cause: There was an error communicating with the dynamic virus protection driver (DVP). The CSS-DVP.SYS and CSS-AVS.EXE files may be from two different releases. If this is the case, then service probably sent bad parameters to the kernel-mode driver. Another possible cause could be that the driver, CSS-DVP, could be either stopped or disabled in Control Panel's Device applet.
Effect: The parameters passed to the kernel-mode driver will not take effect.
Solution: Make sure that CSS-DVP.SYS and CSS-AVS.EXE are from the same release. Also check to make sure that CSS-DVP is neither stopped or disabled in Control Panel's Device applet.
Message: Inactivity Scan of [Task Name] Started.Cause:. This is an informational message indicating that a particular scanning task has started. Its purpose is to inform the user that the scan that starts after a specified period of inactivity (selected in the Schedule dialog box) has begun.
Effect: None.
Solution: None required.
Message: Inactivity Scan of [Task Name] Completed.Cause: This is an informational message indicating that a particular scanning task has finished. Its purpose is to inform the user that the scan that begins after a specified period of inactivity (selected in the Schedule dialog box) is now finished.
Effect: None.
Solution: None required.
Message: [Task Name (command line parameter[s])] Scan StartedCause: This is an informational message indicating that a scanning task was started from the command line. If the scanning task used any command line parameters, those parameters will appear in the message.
Effect: None.
Solution: None required.
Message: [Task Name] Scan CompletedCause: This is an informational message indicating that a scanning task that was started from the command line has ended.
Effect: None.
Solution: None required.
Message: An Error Occurred while Quarantining [Filename] into [Quarantine Directory].Cause: The drive containing the quarantine directory may be full, preventing the process from taking place. A second cause could be that the service does not have read-write authority within that directory.
Effect: The file that was to be quarantined remains on the drive. As long as the file resides on the drive, there is a risk of further infection.
Solution: Check the amount of free disk space available. If the drive is full, free additional space so that infected files can be quarantined. Also, be sure that the service has read-write authority to the Quarantine directory.
Message: While Scanning a File, AV Driver Reports [Filename]: Action =[Action taken on the Item Scanned], Result = [Optional Information on the Action Taken].Cause: This is an informational message informing the user that a specific file has been successfully quarantined.
Effect: None.
Solution: None required.
Message: While Scanning a File, AV Driver Reports: [Item Scanned] [Action Taken on the Item Scanned] Action=[Optional Information on Action Taken], Result=[File/Infection Information].Cause: This is an informational message informing the user of which file was scanned and what action was taken on that file. Additionally, optional information regarding that action may be given. The final line in the message provides information on the nature of the infection.
Effect: None.
Solution: None required.
Message: While Scanning Memory, AV Driver Reports: [Item Scanned] [Action Taken on the Item Scanned] Action=[Optional Information on Action Taken], Result=[File/Infection Information].Cause: This is an informational message informing the user of the results of a memory scan. Information reported includes which memory item was scanned and what action was taken on that item. Additionally, optional information regarding that action may be given. The final line in the message provides information on the nature of the infection.
Effect: None.
Solution: None required.
Message: While Scanning the Master Boot Record (MBR), AV Driver Reports: [Item Scanned] [Action Taken on the Item Scanned] Action=[Optional Information on Action Taken], Result=[File/Infection Information].Cause: This is an informational message informing the user of the results of a MBR scan. Information reported includes the identity of the item scanned and what action was taken on that item. Additionally, optional information regarding that action may be given. The final line in the message provides information on the nature of the infection.
Effect: None.
Solution: None required.
Message: While [Scanning an Item], AV Driver Reports: Action=[Action Taken on the Item Scanned], [Optional Information on Action Taken] Result=[File/Infection Information].Cause: This is an informational message informing the user that the service has scanned a particular item (a file, memory, etc...) and is reporting what specific action was taken on that item. Optional information regarding the action may also be included. The final line provides information regarding the nature of the infection.
Effect: None.
Solution: None required.
Message: While [Scanning an Item], AV Driver Reports: Action=[Action Taken on the Item Scanned], [Optional Information on Action Taken] Result=[File/Infection Information] within [Zip Filename].Cause: This is an informational message informing the user that the service has scanned a particular zip-compressed file and is reporting what specific action was taken on that file. Optional information regarding the action may also be included. Also reported is the nature of the infection along with the name of the effected file.
Effect: None.
Solution: None required.
Message: While [Scanning an Item], AV Driver Reports: Action=[Action taken on the Item Scanned], [Additional Information (when available)] [Information on Action Taken] Result=[File/Infection Information].Cause: This is an informational message informing the user that the service has scanned a particular item (a file, memory, etc...) and is reporting what specific action was taken on that item. Additional Information regarding the event is provided when available. Further, specific information regarding the action taken the action may also be included. The final line provides details regarding the nature of the infection.
Effect: None.
Solution: None required.
Message: Task Statistics: [Number] Files Scanned [Number of Infected Files], [Number] of Zip Files [Number of Infected Zip Files] [Name of scanning task executed].Cause: This is an informational message informing the user that the service has scanned files that previously were not scanned due either to system security or a setup error. The number of total files scanned is reported as is the number of zipped files scanned. Note that the number of zipped files scanned is included in the "Files Scanned" total. Additionally, the total number of infected files is reported as is the number of infected zipped files. The message also provides the name of the scanning task that was executed.
Effect: None.
Solution: None required.
Message: AV Scheduler does not have the authority to Scan [Directory Name].Cause: This is an informational message informing the user that Windows NT has denied the service access to a directory that was to be included in a scheduled scan.
Effect: The files located in the directory or directories mentioned in the message will not be scanned.
Solution: If you wish to scan the directories, reconfigure the service so that it has access rights to those directories.
Message: AV Scheduler Service could not switch to scanning account to [Account Name], [Error Description].Cause: This is a message reporting a security/audit event. The service could not sign on using the account name specified in the error message. A description of the error follows the account name. Possible causes include a deleted account or a changed password. Additionally, the configuration settings within Command's F-PROT Professional may have been updated with inaccurate or wrong information.
Effect: Scans that require the account's security privileges will not take place; typically, this will be a network drive/directory. However, it could also be a local drive or directory to which the service does not have access.
Solution: Check to see if the account has been deleted. If so, add it to the system again. If the account exists, check its password to make sure that it is correct. Likewise, make sure that the settings are accurate in Command's FPROT Professional Service Account dialog box.
Message: AV Scheduler Service does not have the authority to access Task Directory [Directory Name].Cause: Access information in Windows NT could be incorrect. Also, the server could be down or the access rights on the server could have changed. Another possible cause is that the security privileges of the account may have been changed. Similarly, the information in Command's F-PROT Professional Service Account dialog box may be incorrect.
Effect: No system tasks will be executed as scheduled scans.
Solution: Check the access information in Windows NT and make sure that the access settings are correct. Also, make sure that the server is not down, as could be the case when maintenance is being performed on the server. Additionally, check the security privileges of the account and change them accordingly if necessary. Another possible solution is to make sure that the Domain, Username and Password entries in Command's F-PROT Professional Service Account dialog box are accurate.
Message: AV Scheduler Service switched to scanning account to [Account Name].Cause: This is a informational security message indicating that the service successfully switched accounts to perform the requested scan. The message also indicates that the scheduler is scanning directories to which the default account (the local system account) does not necessarily have access.
Effect: None.
Solution: None needed.
Message: F-Agent Requested an Inactivity Scan of [Task name].Cause: This informational message is generated if detailed logging is enabled. The message indicates that F-Agent was monitoring for the system for certain types of inactivity (typically, mouse or keyboard inactivity). When the inactivity threshold was reached, F-Agent then requested the scheduler to perform a scan in the background.
Effect: None.
Solution: None needed.
Message: Exception Occurred during Scheduling a Task.Cause: This message was generated either by Command's F-PROT Professional or Windows NT itself. As the task was being scheduled, an exception occurred. Rather than crashing, CSS AV Scheduler intercepted the exception/error and logged it accordingly.
Effect: The scheduled scanning task may not be launched. In rare cases, no further scheduled scans may take place. Unless corrected, the error could recur.
Solution: Report the error to Command Software Systems' Technical Support Department.
Message: Exception Occurred while performing Scheduled or Inactivity Scan Task.Cause: This message was generated either by Command's F-PROT Professional or Windows NT itself. After the scheduled scan or the inactivity scan was launched, an exception occurred. The scan was unable to complete successfully. Rather than crashing, CSS AV Scheduler intercepted the exception/error and logged it accordingly. Unless corrected, the error could recur.
Effect: Some items that were supposed to be scanned were not scanned. Unless corrected, the error could recur.
Solution: Report the error to Command Software Systems' Technical Support Department.
Message: Exception Occurred during Directory Traversal.Cause: This message was generated either by Command's F-PROT Professional or Windows NT itself. While scanning through directories specified in a scheduled scan task, an exception occurred. Rather than crashing, CSS AV Scheduler intercepted the exception/error and logged it accordingly.
Effect: Directories that were not scanned prior to the error will not be scanned for viruses. Unless corrected, the error could recur.
Solution: Report the error to Command Software Systems' Technical Support Department.
Message: Exception Occurred while accessing a .ZIP file.Cause: This message was generated either by Command's F-PROT Professional or Windows NT itself. While attempting to access a zipcompressed file for scanning, an exception occurred. Rather than crashing, CSS AV Scheduler intercepted the exception/error and logged it accordingly.
Effect: The zip-compressed file may not have been successfully scanned for viruses. Unless corrected, the error could recur.
Solution: Report the error to Command Software Systems' Technical Support Department.
Message: Exception Occurred during Command Line Execution.Cause: This message was generated either by Command's F-PROT Professional or Windows NT itself. While attempting to run the scheduler from the command line, an exception occurred. Rather than crashing, CSS AV Scheduler intercepted the exception/error and logged it accordingly.
Effect: The scan that was requested from the command line was not completed either in whole or in part. Unless corrected, the error could recur.
Solution: Report the error to Command Software Systems' Technical Support Department.
Message: Exception Occurred during Service Scheduler Execution.Cause: This message was generated either by Command's F-PROT Professional or Windows NT itself. While attempting to execute the service scheduler, an exception occurred. Rather than crashing, CSS AV Scheduler intercepted the exception/error and logged it accordingly.
Effect: The service scheduler was not executed. Unless corrected, the error could recur.
Solution: Report the error to Command Software Systems' Technical Support Department.
Message: Exception Occurred during Service Scan Thread Execution.Cause: This message was generated either by Command's F-PROT Professional or Windows NT itself. While attempting to execute a service scanning thread (a scan started in its own thread or task space), an exception occurred. Rather than crashing, CSS AV Scheduler intercepted the exception/error and logged it accordingly.
Effect: All or part of the scheduled scan was not completed. Unless corrected, the error could recur.
Solution: Report the error to Command Software Systems' Technical Support Department.
Within the Windows NT Event Viewer, the Application log collects events from CSS AV Scheduler. To modify the type of event items that are entered into the Application log, you can run the Windows NT Registry Editor (REGEDT32.EXE) and change the values accordingly.The key in the registry containing the values is called DetailedLog. That key is located in the "HKEY_LOCAL_MACHINE\SOFTWARE\Command Software\F-PROT32\Preferences" path in the Windows NT registry. The default value for DetailedLog is "2".
The following list shows the available values that you can use in DetailedLog (Note: Use only the numerals as values. If you change a value, do not enter the text into the DetailedLog dialog box).
LogAlways = 0
LogVirus = 1
LogError = 2
LogImportant = 3
LogDetail = 10
The reporting function of each numerical value is cumulative; that is, any given numeral contains the functions of all the lower numerals that precede it . So, the higher the numeral, the greater its reporting ability. For example, a value of "2" will write LogError, LogVirus and LogAlways messages to the Application log in Event Viewer. As a second example, a value of "10" will write the LogDetail, LogImportant, LogError, LogVirus, and LogAlways messages to the Application log. As the DetailedLog values are cumulative, only a single numerical value at a time can be used in DetailedLog.
The table below shows the tasks that are available to both Users and Administrators as well as those tasks that can be performed only by Administrators. An "X" indicates that the task can be performed and an "N/A" means the ability to perform that task is unavailable.
USER TASKS AND ADMINISTRATOR TASKS
| Task | ||
| Install Command's F-PROT Professional | ||
| Change name of User Tasks | ||
| Create the Specific Task Called R-Mouse.fpt | ||
| Create the Specific Task Called DragDrop.fpt | ||
| Scanning quarantined files | ||
| Deleting quarantined files | ||
| Creating User Tasks | ||
| Creating Administrator tasks |