Release Notes: DynaComm i:scan Release Number: 6.0.0.0 REFRESH Release Date: March 24, 2006 =========================================================================== REFRESH History SB #1 - Fixed: Hooking of partitions and network drive share lockup issue. Fixed: Error and null ptr checks. Fixed: Filter status in spy filter. SB #2 - Fixed: Blocking of .EXE files in RTM sessions could not be turned off. SB #3 - Fixed: Definition elements using "%HOMEPATH%" were not processed. Modified: Removed dependency on lanmanservice (File & Print sharing). Fixed: Sluggishness noted during start up of clients that had RTTP alerting and blocking set to OFF. Fixed: Deleted definitions were not being removed from the database. ======================================================================== Please review this document carefully before installing or running DynaComm i:scan. These notes contain last-minute product information that may affect your use of the product. ======================================================================== Contents This document contains the following sections: 1.0 What's New 2.0 System Requirements 3.0 Notes 4.0 Technical Support ======================================================================== 1.0 What's New in DynaComm i:scan, Release 6.0.0.0: * New: Adware/Spyware Scanning Engine New feature uses a targeted database of adware, spyware and hacker components organized into "infection definitions". Definitions are used to identify existing infections or to block real-time infection attempts on selected systems. New configuration topic: Spyware Tools. Sub-topics include: - "Spyware Scans" allows for performing standard or deep scans on selected systems with the option of cleaning detected infections. - "Definitions" allows for selecting those infections that are used in spyware scans and for real-time threat protection. - "Real-time Threat Protection" allows for alerting, blocking or using both actions when an infection attempts to place itself on the selected client system. * Updated: Client Communications Updating the client configuration is now performed by the client polling the server. In prior versions, the server polled the client to determine when updates were needed. The client checks with the server for: - Configuration udpates - New scheduled jobs - Provides status updates to the server for scan status and client management information * Updated: Quarantine Management (new configuration topic) Quarantined items (files, cookies and registry entries) are now stored in a compressed archive file on the client machine for each file or spyware scan. Quarantined data can be shown by summary statistics or by detailed information (complete file path where infected item was found, type of scan that found infection item, etc.) New option (Tools > Options > Settings) sets the lifetime for items placed in a quarantine file. Default - 168 hours/7 days * New: Options - Turn on/off automatic push of new installations to clients (Tools > Options > Settings) - Turn on/off real-time threat protection for new clients (Tools > Options > Settings) - Turn on/off automatic spyware threat alerts (Tools > Options > Settings) - Set client polling interval (Tools > Options > Settings) - Set quarantine life (default = 168 hours/7 days) (Tools > Options > Settings) - Set database maintenance and update times (Tools > Options > Settings) - Set scan abort time limit (Tools > Options > Settings) - Specify server path for internal and external clients (Tools > Options > Settings) - Specify processes that spyware scans or file scans cannot terminate (Tools > Options > Process White list) - Set connection to be used for web updates (Tools > Options > Web Update Proxy Settings) * Performance Improvements: . ======================================================================== 2.0 System Requirements 2.1 Server Component * Microsoft Windows 2000 with SP2 (or higher) with IIS 5.0, or Microsoft Windows XP with SP 1 (or higher) with IIS 5.1, or Microsoft Windows 2003 Server with IIS 6.0 * Microsoft Internet Explorer (IE) 5.01 or higher Hardware * Microsoft .NET Framework 1.1 * 1.0 GHz or faster processor * 512 MB total RAM * 10 GB free hard drive space * CD-ROM drive Note 1: The server component cannot be installed on a Windows NT 4.0 system. However, file scans can be run against a Windows NT system by using remote processing. See the DynaComm i:scan Administrator Guide for an overview on remote processing. Note 2: DynaComm i:scan Scheduling requires mstask.exe which is available with Internet Explorer 5.01 (or higher), Windows 2000, Windows 2003 Server or Windows XP. 2.2 Client Component * Microsoft Windows 2000 with SP2 (or higher), or Microsoft Windows XP with SP 1 (or higher), or Microsoft Windows 2003 Server * Microsoft Internet Explorer (IE) 5.01 or higher Hardware * 500 MHz or faster processor * 128 MB total RAM * 100 MB free hard drive space * CD-ROM drive Note 1: File scans can only be run on NT client systems. Spyware and Real-time Threat Protection is not supported on NT clients. ======================================================================== 3.0 Notes 3.1 Upgrading to DynaComm i:scan 6.0 3.1.1 Upgrading Console System Version 6.0 of DynaComm i:scan can be installed over either version 5.0 or 5.1. Version 6.0 of DyanComm i:scan cannot be installed over version 4.0 or any prior version of DynaComm i:scan. A new install of DynaComm i:scan 6.0 is required in installations of version 4.0 or earlier. 3.1.2 Upgrading Client Service After upgrading the console system, each client system is automatically upgraded. NO manual upgrade process is required. NOTE: If desired, "Update" can be used through a Monitored Computers group to push new udpates to a client rather than waiting for a client to poll the server/console system. 3.1.3 Upgrading Quarantine files Removal of version 5.1 (and earlier) quarantine files is recommended. In version 5.1 (and earlier), quarantine files are placed on the console system. Version 6.0 quarantine files on the client system. During install-over of version 6.1 existing quarantine files are left as is on the server system and can be seen through the console. However, the 6.0 console cannot perform any actions on these files. 3.1.4 Upgrading File and Registry Scans and Real-time Monitor Session Configurations Neither File and Registry scans nor Real-time Monitor Session configurations are modified during install-over and can be started with no changes required. 3.1.5 Upgrading Categories Version 6.0 removes the following categories: Adware Adware Cookies Layered Service Provider (LSP) Malicious Software Spyware The items in these categories are now included in infection definitions. Definitions are accessed through the Spyware Tools topic. 3.2 Install/Setup/Uninstall Refer to the DynaComm i:scan Admininstrator Guide for installation details and procedures. 3.2.1 Install: User Selector & Run As Dialogs During installation the Account Authorized to Access DynaComm i:scan Console dialog is displayed. This dialog is informational only and alerts you to the fact that the current logon has been added to the user group that can access the DynaComm i:scan console. However, you must log off and log on again to do so. The Listening Service Account dialog is displayed after the Account Authorized dialog. The user account entered through this dialog is the account that deploys the client service and runs file scans and real-time monitor sessions. This account must have: 1) access to the machine(s) to be scanned/monitored, and 2) full administrator rights on every machine(s) to be scanned/monitored. 3.2.2 Install/Uninstall: Client Service Component Logging off/on is recommended when the install or maintenance program displays the option to do so. Logging off/on after installation ensures that all install or uninstall functions have been successfully completed. Logging off/on after removal ensures that the client service is removed from memory. 3.2.3 Uninstall: Removing Scheduled Jobs. After removing DynaComm i:scan, i:scan scheduled jobs must be removed from the Windows SCHEDULED TASKS area. These jobs/tasks are identified by the naming convention, ndynacomm iscan, where the "n" is a numeric value (i.e., 1dynacomm iscan). 3.3 Exceeding Server I/O Resources Running multiple, concurrent file scans on a server system may result in the situation where the request to process network I/O items to the hard disk exceeds available system resources. The system typically presents one of several event messages and may automatically reboot. Resolution could include limiting the number of file scans and/or a variety of actions taken with the server operating system. If you should experience this situation, see Microsoft Knowledge Base article QQ317249 on the Microsoft Product Support Services website (http://support.microsoft.com/) for background information and troubleshooting procedures. 3.4 Scanning/Monitoring Windows NT 4.0/Windows NT 4.0 Server The server component cannot be installed on a Windows NT 4.0 or Windows 4.0 Server system. However, file scans can be performed on these systems by using remote scanning processes. Remote scanning processes for Adware/Spyware scans are not supported. All Adware/Spyware scans use distributed scanning processes. 3.5 Scanning a Windows XP Professional Machine When a Windows XP Professional Machine is not part of a domain, the simple file sharing model is fundamentally different than other versions of Windows. This means that an incoming connection, even if a user name and password is provided, is forced to use the Guest account and has only Guest level access to the share. To allow DynaComm i:scan to connect and perform remote scanning (scanning is performed on the server/console) the shared drives on a Windows XP Professional machine that is not part of the domain, the following steps must be performed on each Windows XP machine: 1 Disable the "use simple file sharing" option by: a On the taskbar, right-click Start and select Explore. b On the Tools menu, select Folder Options. c In the Folder Options dialog, click the View tab. d Clear Use simple file sharing (Recommended). e In the Folder Options dialog, click OK. f Close Explorer. 2 Disable the Internet Connection Firewall by: a On the Start menu, select Control Panel. b In Control Panel, double-click Network Connections. c In Network Connections, select Local Area Connection. d In the Local Area Connection Status dialog on the General tab, click Properties. e In the Local Area Connection Properties dialog, select the Advanced tab. f Clear the "Protect my computer and network by limiting or preventing access to this computer from the Internet" option. g Click OK. h Close Local Area Connection Status dialog. i Close the Network Connections dialog. j Close Explorer. 3 Re-boot the machine. 6.6 Database Update Service The console must be closed before a scheduled task to update the database can be performed. 3.7 Viewing changed permissions on NT system File permissions can be changed through a file scan to all "ALLOWED", all "DENIED" or permissions can be mixed. If permissions are changed to either all ALLOWED or DENIED, permissions are displayed correctly in all operating systems. An error message appears when display of mixed permissions is requested on a Windows NT system. 3.8 Display of System Scan status Occasionally, scan status data does not display in the System Scan window for a system scan included in a scheduled job. This occurs when the scheduled job starts when the console is open. To correct, close and reopen the console. 3.9 Documentation The DynaComm i:scan reference library consists of electronic material that includes: * DyanComm i:scan Readme (readme.txt file) * DynaComm i:scan Administrator Guide (AG_iscan.pdf) * DynaComm i:scan Online Reference (appshell.hlp and appshell.cnt) * DynaComm i:scan Report Viewer Online Reference (isViewer.hlp) All above items are provided on the installation CD-ROM in the /Documentation folder. The most current copy of reference materials is available for download 24 hours a day, 7 days a week from the FutureSoft web site at: http://www.dciseries.com/products/iscan/document.asp. Send questions and comments about the documentation to: docs@futuresoft.com. ============================================================================ 4.0 Technical Support When requesting support services, please provide your company name, address, phone number and product name and version number. 4.1 North America, South America, Asia and Pacific Rim * E-mail: support@futuresoft.com * Telephone: Monday through Friday between 08:00 and 17:00 Central Standard Time (CST) 1.281.588.6868 * FAX: 1.281.496.1090 * Ground Mail: Technical Support Services 12012 Wickchester Lane, Suite 600 Houston, Texas 77079-1222 4.2 United Kingdom, Europe, Africa and Middle East * E-mail: support@futuresoftuk.com * Telephone: Monday through Friday between 09:00 and 17:30 Greenwich Mean Time (GMT) +44 (0) 1260 292219 * FAX: +44 (0) 1260 292224 * Ground Mail: Technical Support Services Shepherds Mill, Worrall Stree Congleton, Cheshire CW12 1DT UK 4.3 Send files via FTP to ftp.futuresoft.com. ============================== END ========================================= Copyright 2006 FutureSoft, Inc. readme.txt DynaComm i:scan 6000 March 24,2006 sac