What's New in VirusScan for Windows NT v2.5.3a (9612)
        Copyright 1994-1997 by McAfee, Inc.
                All Rights Reserved.


Thank you for using McAfee's VirusScan for Windows NT. 
This What's New file contains important information 
regarding the current version of this product. It is 
highly recommended that you read the entire document.

McAfee welcomes your comments and suggestions. Please 
use the information provided in this file to contact us.

___________________
WHAT'S IN THIS FILE

- New Features
- Known Issues
- Installation  
- Documentation
- Frequently Asked Questions
- Additional Information
- Contact McAfee

____________
NEW FEATURES

* ENHANCEMENTS *

1.  VirusScan NT now detects the LAROUX Excel Macro virus.
    A remover for the LAROUX Macro virus is available as a
    separate component from McAfee via the Internet.

2.  Enhanced custom message settings for on-demand scans.
    Increased character space allowed for custom messages.
    
  
* NEW VIRUSES DETECTED *

This DAT file (9612) detects the following 324 new viruses.
Locations that have experienced particular problems with
specific viruses are also identified.

_359
ALEXE.1287
AMBULANCE.2124
ANDREEW.805
ANOTHERW.706
ANTIARJ.977.B
ANTICOM.142
ANTITRACE.1946
ANTI_DAF
ARCV.1183
ARME.411
ATOM.B
AUSTRALIAN PARASITE.306.A
BABABOO.276
BADLESS.494
BANDUNG.C
BARROTES.1461                (Spain)
BATCOMPI TROJAN
BEAST.K
BELL.286
BERLINHQ.434
BJK.2814
BLIMP3.982
BLOSSOM.1087
BOOTCOM.512 DROPPER
BOOTEXE.444
BOOTEXE.453.A
BOOTEXE.453.B
BOOTEXE.453.C
BOOTEXE.453.D
BOOTSECTOR.TROJAN
BORN2LOOSE.970
BOSO.1037
BOZA.C.INTD
BROWNIE.688
BURGLAR.777
BURGLAR.824
BURGLAR.877
BW.294
BW.304
BW.309
BW.323
BW.649.B
BYTEWARRIOR.1159
CATHERINE.1365
CB.450
CHANG.3584
CHAOS.1241
CIVIL_II.438
CIVIL_II.440.A
CIVIL_II.440.B
CLOUDS.705
CLOUDS.718
CMOSDENSE.807
CMOSMESS.3710
CMPUFON TROJAN
COLORS.E
COLORS.F
COLORS.G
COLORS.H
COMBI.1106
COMPAN.12747
CONCEPT.L
CONCEPT.M
COUNT10                      (US)
CPP.239
CRAZY.1024
CREATE.795
CRIMINAL.1794
CROATIA_II.560
CYBERTECH.668
D-K.559
DANIEL
DESTROYER.264
DIMA.325
DIR-II.AL
DITWET.465
DITWET.466
DIVINA.B
DIVINA.C
DIW.229
DIW.288
DIW.386
DIW.488
DIW.555
DNEPR.377
DOS_1.185
DRUID.337
DUMB.192
EDDY.1316
EDDY.1326
ELVIRA.239
EMHAKA.1596
EUMEL.345
EUMEL.347.A
EUMEL.347.B
EUMEL.363.A
EUMEL.363.B
EUMEL.363.C
EUMEL.381.A
EUMEL.381.B
EUMEL.383.A
EUMEL.383.B
EUMEL.391
EUMEL.406
EVENTIDE.1061
EXE2WIN.116
EXE2WIN.182
EXECF                        (Switzerland)
FALLEN ANGEL.338
FAMILY.1032
FATHER_MAC.794
FIS.736
FORM.N                       (France)
GEOGRY.406
GOODBYE
GROG.216
GROG.765
GROG.1013
GROG.1146
GROG.DELICIOUS
GROG.ENMITY_1_0
GROG.ENMITY_2_0
GROG.ENMITY_2_1
GROG.OUTWIT-C
GROG.OUTWIT-E
HEL666.4255
HI
HLLC.4045
HLLC.4112
HLLC.7508
HLLC.8736
HLLC.21603
HLLO.2783
HLLO.3008
HLLO.3800
HLLO.3816
HLLO.12288
HLLO.OJ.15788
HLLP.3779
HLLP.4228
HLLP.4320
HLLP.4320 - DROPPER
HLLP.5846
HLLP.6114
HLLP.7000.A
HLLP.7128
HLLP.7720.A
HLLP.10000
HLLP.10217
HLLP.10460
HLLP.DUPALEC.B
HLLP.JOJO.4416               (Philippines)
IMMORTAL.2174.A
INSTALLVIVID TROJAN
INTRUDER.1347
IR&MJ
ITALIAN:IT
IVP.321
IVP.366.B
IVP.582
IVP.693.B
IVP.927                      (Italy,Internet?)
JEFF.812
KATVIR.623
KIEV.1942 
KILLER.TROJAN
KIRTI.2000
LAROUX (*)
LEPROSY.ANARCHY.469
LESBOSEX TROJAN 
LESBOSEX TROJAN DROPPER
LITTLE.159
LK DROPPER
LOOK.C:TW (*)                (Taiwan)
LUCID.699
LUNCH.B
MAGNUM                       (Internet)
MARKUS.5415 (*)
MARKUS.MBR (*)
MAX.347 - GENERATION 1
MDMA.B
MDMA.C                       (Australia)
MDMA.D
MDS.331
MILAN.63
MMIR.282
MORG.841
MORG.948
MORG.1017
MULTI_ANI                    (US/France)
MUTAGEN.1372
NICEDAY.A                    (US)
NIKI:IT                  
NIRVANA
NIRVANA.DROPPER
NLA.333
NOVEMBER_17TH.1007
NPAD.B
NPOX.1584
NPOX.1723
NTMY.1722                    (Europe)
NUT.2900
NUTCRACKER.2725.B
OGWO.446
ONE HALF.3518
OUTLAW.A
OUTLAW.B
OVERDOZE.563
OVERDOZE.578
OVERDOZE.580.A
OVERDOZE.580.C
OVERDOZE.584
OVERDOZE.587
OVERDOZE.590
OVERDOZE.600.A
OVERDOZE.600.B
PAPER
PESTER.OVERLAY
PHALCON.1116                 (Romania)
PIT.611
PIT.611.B
PLOVE.327
PRINCEPTOR.987
PS-MPC.204
PS-MPC.272
PS-MPC.312.A
PS-MPC.331.A
PS-MPC.331.C
PS-MPC.333
PS-MPC.335.B
PS-MPC.397.A
PS-MPC.399.B
PS-MPC.401
PS-MPC.424.A
PS-MPC.437
PS-MPC.440
PS-MPC.443
PS-MPC.444.C
PS-MPC.455.A
PS-MPC.460
PS-MPC.480
PS-MPC.481.B
PS-MPC.482.A
PS-MPC.496.B
PS-MPC.504
PS-MPC.510
PS-MPC.515.A
PS-MPC.519.A
PS-MPC.524.A
PS-MPC.533.B
PS-MPC.598
PS-MPC.627
PS-MPC.658
PS-MPC.676
PS-MPC.691.B
PS-MPC.934
QUARK.1600                   (Philippines)
RAPI                         (US)
RYCHO.1536.A
SCRAPPY.416
SCROLL.600
SEVILLA.2002                 (Spain)
SHADOWBYTE
SILLYC.110
SILLYC.191
SILLYC.213
SILLYC.215.C
SILLYC.226.B
SILLYCOMP.116
SPLIT.4300
SPY104.1089                  (Romania)
TARGET.B
TELECO.1000 
TENTACLE.10504
THEATRE.A:TW (*)             (Taiwan)
TRACER.722
TRACER.762
TRIVIAL.30.INTENDED
TRIVIAL.42.L
TRIVIAL.42.M
TRIVIAL.45.L
TRIVIAL.51
TRIVIAL.60.C
TRIVIAL.64.D
TRIVIAL.94
TRIVIAL.156
TROJAN TROJAN
TWNO.A:TW (*)                (Taiwan)
TWNO.B:TW (INTENDED) (*)     (Taiwan)
TWNO.C:TW (*)                (Taiwan)
TWNO.D:TW (*)                (Taiwan)
UPS.1155
VCC.594
VCC.1045
VCL.1725                     (Denmark)
VCL.BRUTUS.296
VIENNA.559
VIENNA.604
VIENNA.923
VIENNA.1278
VIVIAN.1183
WALHALA.1283
WALLY.981
WAZZU.I                      (US)
WAZZU.K
WAZZU.L
WAZZU.M
WAZZU.Q
WAZZU.R
WAZZU.S
WAZZU.T
WAZZU.U
WAZZU.X                      (US)
WAZZU.Z
WAZZU.AA
WEATHER.A:TW (*)             (Taiwan)
WEATHER.B:TW (*)             (Taiwan)
WEATHER.C:TW (*)             (Taiwan)
X-RAY.2050
XUXA.1984
YOUTH.991
ZAP.469 TROJAN
ZIPHACK TROJAN
(*)  Requires 2.5.4 scan engine for detection.
 

* NEW VIRUSES REMOVED *

This DAT file (9612) removes the following 96 new viruses.
Locations that have experienced particular problems with
specific viruses are also identified.

AB6A.3500
AB6B.3500
AB6C.3500
APOCALIPSE.1685
ATOM.B
BABABOO.276
BANDUNG.C
BARROTES.849                 (Spain)
BARROTES.1194                (Spain)
BARROTES.1303                (Spain)
BARROTES.1461                (Spain)
BARROTES.1874                (Spain)
BURGLAR.777
BW.294
CMOSMESS.3710
COFFEESHOP.1568.TPE
COLORS.E
COLORS.F
COLORS.G
COLORS.H
COMPAN.12747
CORDOBA.2209 
COUNT10                      (US)
DANIEL
DIALOGOS.1350
DIALOGOS.1522
DITWET.466
DIVINA.B
DIVINA.C
EDDY.1309
EMHAKA.1596
FORM.N                       (France)
GIJON
GOODBYE
GROG.1013
GROG.1146
GROG.765
GROG.DELICIOUS
GROG.OUTWIT-C
HAMME.1203 
HI
INT78.947                    (Europe)
IR&MJ
ITALIAN:IT
IVP.927                      (Italy,Internet?)
JULY_13TH     
KIEV.1942
LOOK.C:TW                    (Taiwan)
LUNCH.B
MAGNUM                       (Internet)
MALAGA.2389
MALARIA.849
MARKUS.MBR (*)
MAX.347
MDMA.B
MDMA.C                       (Australia)
MDMA.D
MMIR.282
NICEDAY.A                    (US)
NIKI:IT
NO_FRILL.843                 (Australia)
NPAD.B
NPOX.1723
NTMY.1722                    (Europe)
OUTLAW.A
OUTLAW.B
PAPER
PS-MPC.934
RAPI                         (US)
SEVILLA.2002                 (Spain)
STARDOT.789.A
TARGET.B
TELECO.1000
THEATRE.A:TW (*)             (Taiwan)
TRACER.722
TRACER.762
TWNO.A:TW (*)                (Taiwan)
TWNO.B:TW (INTENDED) (*)     (Taiwan)
TWNO.C:TW (*)                (Taiwan)
TWNO.D:TW (*)                (Taiwan)
VCL.1725                     (Denmark)
VIENNA.604
WAZZU.I                      (US)
WAZZU.K
WAZZU.L
WAZZU.M
WAZZU.R
WAZZU.S
WAZZU.T
WAZZU.U
WAZZU.X                      (US)
WAZZU.Z
WAZZU.AA
WEATHER.A:TW (*)             (Taiwan)
WEATHER.B:TW (*)             (Taiwan)
WEATHER.C:TW (*)             (Taiwan)
XUXA.1984
(*)  Requires 2.5.4 scan engine for removal. 

Name changes:
849 -> BARROTES.849
BANDUNG.B -> RAPI.*
BARROTE5 -> BARROTES.1194
CHANDI -> ALIEN
DOT -> STARDAT.789.A
GUESS -> WM/PHANTOM
LBYNJ:DE -> TELE:DE
PARVIR1 -> MAX.347
PCW:DE -> BIRTHDAY:DE
SHOWOFXX -> SHOWOFF
TECLA -> BARROTES.1303 

____________              
KNOWN ISSUES

1.  On-access exclusions only apply to local devices.

2.  Files with the "-" (dash) character in the filename
    that are compressed in zipped files will not be
    scanned by the on-demand scanner.

3.  VirusScan appears to continue scanning after
    clicking STOP. If this occurs, move the VirusScan
    window to reveal the DynaZip UnZip Error window. 
    Then click OK. Respond to the dialog box.

____________
INSTALLATION

* INSTALLING THE PRODUCT *

Prior to installation, take the following steps:

1.  Uninstall any previous versions of VirusScan for
    Windows NT.
2.  Ensure you have Administrator rights for the NT
    workstations on which you are installing VirusScan.
3.  Run SETUP.EXE and follow the prompts. 


If you would like to perform a "silent" installation
of VirusScan NT, requiring minimal user interaction and
using all default or "Typical" installation settings, add
-s (i.e. SETUP.EXE -s) to the setup command when you
install the product.

NOTE: If you would like to perform a silent installation
      on machines running NT 4.0, follow the instructions
      outlined below for customizing the silent
      installation.

Network Administrators can customize the silent
installation by following the steps below.

1.  Check in the Windows directory to ensure that a
    file named SETUP.ISS does not already exist. If it
    does, rename it, back it up, or delete it.

2.  Run SETUP.EXE with the -r switch, (i.e. SETUP.EXE -r).

3.  Select the components you would like to be installed
    during the silent installation.  All responses will
    be recorded.

4.  Finish the installation, and locate the file SETUP.ISS
    in the Windows directory.

5.  Open the file using any ASCII editor (e.g., NOTEPAD.EXE)
    and delete the section titled  APPLICATION.

6.  Locate the section [SdSetupType-0] in the SETUP.ISS
    file and go to the line:

        Result=x

        where x is equal to
        301 (Typical installation)
        302 (Compact installation)
        303 (Custom installation)

7.  Add 100 to the above value, so that the Result
    variable is equal to 401, 402, or 403. Modifying
    this file will allow the installation to copy the
    VirusScan files to the drive where the operating
    system resides instead of defaulting to the C:
    drive.

8.  Rename, back up, or delete SETUP.ISS on the first
    installation disk (floppies only). For CD-ROM versions
    of the product, you must copy the installation files
    onto the hard drive before taking this step.

9.  Copy the new SETUP.ISS from the Windows directory
    to the location of the installation files.

10. Run SETUP.EXE with the -s switch (i.e. SETUP.EXE -s).

11. When the silent installation is complete, you should
    reboot the machine manually.

    NOTE: If you do not specify a "recorded" answer for
    all dialog boxes during the initial installation, the
    silent installation will fail. Also, the file used
    for the silent installation, SETUP.ISS, may not work
    properly across different operating systems. For
    example, if the silent install is generated for
    Windows 95, it may not work properly in Windows 3.1x
    or Windows NT.


* PRIMARY PROGRAM FILES FOR VIRUSSCAN FOR WINDOWS NT *

Files located in the Install directory:
=======================================

1.  Installed for the Alert Manager/VirusScan:

                  MCKRNLNT.DLL = Library files
                  MCSCAN32.DLL = Library files
                  MCUTILNT.DLL = Library files
                    SHUTIL.DLL = Library files
                    README.1ST = McAfee information
                  WHATSNEW.TXT = What's New document
                   PACKING.LST = Packing list
                    AGENTS.TXT = McAfee authorized agents
                  VALIDATE.EXE = McAfee file validation
                                 program
                    UPDATE.MSG = Update message file
                    SHIELD.HLP = On-access help
                    SHIELD.CNT = On-access context-sensitive
                                 help
                  MCCONSOL.HLP = Console help
                  VIRUSCAN.HLP = On-demand help
                  VIRUSCAN.CNT = On-demand context-sensitive
                                 help
                     NAMES.DAT = Virus names definition data
                      SCAN.DAT = Virus scan definition data
                     CLEAN.DAT = Virus clean definition data
    VirusScan Activity Log.TXT = VirusScan NT activity log
         Scan Activity Log.TXT = Scan activity log
                    MODEMS.TXT = Modem initialization
                                 strings
                    SAMPLE.CMD = Sample alert file
                  MCUPDATE.EXE = Update module
                  AMGRCNFG.EXE = Alert manager configuration
                                 program
                    FTPGET.CMD = Automatic updating script
                    DEISL1.ISU = Uninstall file
                  MCSRVSHL.EXE = Uninstall application
                  MCSERVIC.DLL = Install/uninstall library
                                 file
                   MCALERT.MIB = Interpret SMNP traps

2.  Installed for Alert Manager:

                     WCMDR.EXE = Uninstall program
                     WCMDR.INI = Uninstall initialization
                                 file
                   DEFAULT.VSC = On-demand scanner default
                                 configuration settings
                   NETSHLD.MIF = MIF file
                   IMPTASK.EXE = Task import tool
                   IMPTASK.TXT = Task import text file
                  AMGRSRVC.EXE = Alert manager service
                                 program
                  MCALSNMP.DLL = Alert manager SNMP
                  POWERP32.DLL = Alert manager support
                                 module
                  VIRNOTFY.EXE = Notification utility

3.  Installed for VirusScan:

                  MCCONSOL.EXE = Console manager 
                    SHSTAT.EXE = Shield status monitor
                                 program
                   SCNSTAT.EXE = Scan status monitor
                                 program
                  SCNCFG32.EXE = Console configuration
                                 module
                   VIRLIST.EXE = Virus list
                   SHCFG32.EXE = Console configuration
                                 module
                    DPMI16.DLL = 16-bit DOS protected
                                 mode interface library
                    DPMI32.DLL = 32-bit DOS protected
                                 mode interface library
                  MCKRNL95.DLL = Library files      
                  MCUTIL95.DLL = Library files
                  DUNZIP32.DLL = File decompression
                                 library
                    DZIP32.DLL = File decompression
                                 library
                   TASKMRG.EXE = Task managing service
                    SCAN32.EXE = On-demand scanner


Files located in WINNT35\SYSTEM32:
==================================

1.  Installed for VirusScan/Alert Manager:

                   CTL3D32.DLL = 32-bit 3D Windows
                                 controls library (*)

(*) File will be installed upon installation of
    VirusScan if the file does not already exist,
    or if an older version is found.  


Files located in WINNT35\SYSTEM32\DRIVERS:
========================================== 

1.  Installed for VirusScan:

                  MCFILTER.SYS = File system filter files
                   MCFSREC.SYS = File system filter files
                    MCKRNL.SYS = Library files
                    MCSCAN.SYS = Scan files
                    MCUTIL.SYS = Library files
                  MCSHIELD.SYS = On-access scan files

          
* TESTING YOUR INSTALLATION *

The Eicar Standard AntiVirus Test File is a combined
effort by anti-virus vendors throughout the world to come
up with one standard by which customers can verify their
anti-virus installations.

To test your installation, copy the following line into
its own file and name it EICAR.COM.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

When done, you will have a 69- or 70-byte file.

When VirusScan is applied to this file, Scan will report 
finding the EICAR-STANDARD-AV-TEST-FILE virus.

It is important to know that THIS IS NOT A VIRUS. However,
users often have the need to test that their installations 
function correctly. The anti-virus industry, through the 
European Institute for Computer Antivirus Research, has 
adopted this standard to facilitate this need.

Please delete the file when installation testing is 
completed so unsuspecting users are not unnecessarily 
alarmed.

_____________
DOCUMENTATION

For more information, refer to the VirusScan User's
Guide, included on the CD-ROM versions of this program
or available from McAfee's BBS and FTP site. This file
is in Adobe Acrobat Portable Document Format (.PDF) and
can be viewed using Adobe Acrobat Reader. This form of
electronic documentation includes hypertext links and
easy navigation to assist you in finding answers to
questions about your McAfee product.

Adobe Acrobat Reader is available on CD-ROM in the
ACROREAD subdirectory. Adobe Acrobat Reader also can
be downloaded from the World Wide Web at:

http://www.adobe.com/Acrobat/readstep.html

VirusScan documentation can be downloaded from McAfee's
BBS or the World Wide Web at:

http://www.McAfee.com or http://205.227.129.97 

For more information on viruses and virus prevention,
see the McAfee Virus Information Library, MCAFEE.HLP,
included on the CD-ROM version of this product or
available from McAfee's BBS and FTP site. A ViaGrafix
Interactive Anti-virus Training program also is available
on the CD-ROM version, or can be purchased from the
McAfee Web Site.

__________________________
FREQUENTLY ASKED QUESTIONS

Regularly updated lists of frequently asked questions 
about McAfee products also are available on McAfee's 
BBS, website, and CompuServe and AOL forums.
 
Q:  How do I enable McAfee's Centralized Alerting and
    Reporting?

A:  VirusScan now supports Centralized Alerting and
    Reporting to a remote NetWare or Windows NT server
    running NetShield for Windows NT v2.5.3 or NetShield
    for NetWare v2.3.3.

    To set up this option on your VirusScan client, modify
    the AlertOptions section in ScanNT's DEFAULT.VSH and
    DEFAULT.VSC files and/or your custom settings file to
    read the following:

      Note: Administrators will need to configure both the
      .VSH and .VSC files for complete Centralized Alerting
      & Reporting.

           szNetworkAlertPath=<directory name>
           bNetworkAlert=1
   
    Where the <directory name> is the path to the remote
    NetWare volume or NT directory (can use UNC format
    where supported). From this directory, NetShield can
    broadcast or compile the alerts and reports according
    to its established configuration.

    NOTE: The client must have write access to this
    <directory> location and the directory must contain
    the NetShield-supplied CENTALRT.TXT file.
   
    To send a complete alerting file identifying the
    system and user, establish the following environment
    variables or add them to the AUTOEXEC.BAT file.

           Set COMPUTERNAME=<name of computer>
           Set USERNAME=<user name>

    The alert file sent to the server is an .alr text
    file. Upon receipt of the alert file, NetShield NT or
    NetShield for NetWare sends an alert message to an
    administrator and/or appropriate personnel.


Q:  How can I display a custom message during an on-demand
    scan?

A:  You can customize your messages during an on-demand
    scan by modifying ScanNT's DEFAULT.VSC file. Under
    AlertOptions, add the following setting:
   
    szSuggestMessage=<text>

    Add your customized text message where <text> is.


Q:  How do I manually uninstall VirusScan for Windows
    NT?

A:  To uninstall, take the following steps:

    1. Close the product dialog windows.

    2. Delete the installation directory.

    3. Launch REGEDIT.EXE.

    4. Delete the "MCAFEE" subkey under
       the HKEY_LOCAL_MACHINE\SOFTWARE key

    5. Under the HKEY_CLASS_ROOT key, delete the
       "VirusScan" subkey from the following keys listed
       below.

         - Comfile
         - Directory
         - Drive
         - Exefile
         - Word.Document.6
         - Word.Template

         Note: Each "VirusScan" subkey is located under a key
               called "Shell".

         Example: Delete "VirusScan" from
                  HKEY_CLASS_ROOT/Comfile/Shell/VirusScan.

    6. Delete the six McAfee device drivers (MC*.*)
       in %SYSTEMROOT%\SYSTEM32\DRIVERS.

    7. Reboot.

              
Q:  Why do I get errors in my event viewer after
    installing Service Pack 3 or Service Pack 4?

A:  Service Pack 3 and Service Pack 4 involved a
    change to the HAL.DLL file that is used by McAfee's
    device drivers. If you are using VirusScan for
    Windows NT Version 2.5.0, uninstall, then install
    Version 2.5.3 or higher.
                     

Q:  Why do I get an error in MCINST32.DLL when I
    attempt to install VirusScan for Windows NT?

A:  VirusScan for Windows NT was designed for an i386
    processor only. This error is usually caused by an
    attempt to install to a non-i386 machine.
  

Q:  Is there a conflict with the Novell written client
    for NT?

A:  No. However, there are some timing issues that
    arise when VirusScan for Windows NT is installed.
    If it is necessary for you to use the Novell client,
    change the account that both the McAfee Task
    Manager and the Alert Manager use to a "System"
    account.


Q:  As an administrator, how can I scan private directories
    that are accessible only to individual users?

A:  The on-access scanner will detect infected files as they
    are copied into the users' personal directories.

    On-demand (scheduled) scans are launched by the 
    McTaskManager Service. If you specify a user name 
    and password for the Service, then the scheduled 
    scan will only scan directories for which the user 
    name has privileges. If no user name was specified, 
    then the Service has SYSTEM privileges. 
    
    To perform an on-demand, or scheduled, scan of 
    private directories, the McTaskManager Service must 
    have access to these private areas. Following are 
    two ways to address this issue:

    Solution A:
    1. Do not associate a user name to the Service.
    2. Give SYSTEM privileges to access the private spaces.

       Considerations with Solution B:
       Someone could create or use a Service to access your 
       information.

    Solution B:
    1. Create a custom user name to be used by the Service.  
    2. Give this user name privileges to access the private 
       spaces.

       Considerations with Solution A:
       The administrator will need to know the user names 
       and passwords.  

    McAfee recommends Solution A as a more secure solution. 


Q:  VirusScan will not perform an on-demand (scheduled)
    scan of some networked devices. Why?
  
A:  It is possible that the user name you are using for
    the Taskmanager Service does not have sufficient
    rights to scan the devices in question. To verify
    whether this is the issue, log in to each device using
    the user name and password used by the Taskmanager
    Service. Confirm that this user name has rights on
    the device by manually running an on-demand scan. If
    you can scan the device while you're logged in, then
    the Service should also be able to do it as a scheduled
    scan.


Q:  When performing an on-demand (scheduled) scan of a
    networked device, the system locks up. How can I
    solve this problem?

A:  Log on to the device in question and manually run
    an on-demand scan with the Compressed Files option
    turned off. If the scanner locks up, note where it
    locks. Attempt to determine which file VirusScan locks
    on and send the information to McAfee. If the scan
    succeeds, select the Compressed Files option and scan
    the device again. If it locks this time, chances are
    you have a ZIP file that is corrupted or large, and
    it takes time to scan. If scanning works in both
    scenarios, then give the Taskmanager Service the same
    user name and password currently logged in as and try
    a scheduled scan again. If this now works, then the
    old user name didn't have sufficient rights to scan
    the device in question.


Q:  Can I update VirusScan's data files to detect
    new viruses?

A:  Yes. If you have Internet access, you can download
    updated McAfee data files from the McAfee Web 
    Site, BBS, or other online resources. To download 
    from the McAfee Web Site, follow these steps:
    
    1.  Go to the McAfee Web Site (http://www.mcafee.com
        or http://205.227.129.97).

    2.  Click on the Download McAfee button in the upper
        left hand column or frame.

    3.  Click on Update Your DAT File to update DAT files. 

    4.  View the information provided on new DAT files
        and downloading.

    5.  Click on Download This Month's DAT.
   
    6.  Data file updates are stored in a compressed form 
        to reduce transmission time. Unzip the files into
        a temporary directory, then copy the files to the
        appropriate directory, replacing your old files.    

    7.  Before performing any scans, shut down your
        computer, wait a few seconds, and turn it on again.

    If you need additional assistance with downloading, 
    contact McAfee Download Support at (408) 988-3832.


Q:  I have an on-demand (scheduled) scan that doesn't
    seem to run. What am I doing wrong?

A:  Scheduled scans should not overlap one another. If
    you have more than one drive, folder, or item that
    you would like to have scanned, add additional items
    for scanning to the Detections page of the Task's
    properties. After making the changes, restart the
    computer and scheduled scans should function as
    designed.

______________________
ADDITIONAL INFORMATION

VirusScan NT includes an external utility,
VIRNOTFY.EXE, that will notify you in the event that
McAfee's Alertmanager is not installed. To use this
utility, open McConsole, and select Tools/Alerts. Add
the path and utility to the Program To Execute line.

______________
CONTACT McAFEE

* FOR QUESTIONS, ORDERS, PROBLEMS, OR COMMENTS *

Contact McAfee's Customer Care department: 

1.  Call (408) 988-3832
    Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time

2.  Fax (408) 970-9727
    24-hour, Group III Fax 
		
3.  Fax-back automated response system (408) 988-3034
    24-hour fax

Send correspondence to any of the following McAfee
locations:
	
    McAfee Corporate Headquarters		
    2710 Walsh Avenue			
    Santa Clara, CA 95051-0963		
	
    McAfee East Coast Office					
    Jerral West Center
    766 Shrewsbury Avenue
    Tinton Falls, NJ 07724-3298

    McAfee Central Office			
    5944 Luther Lane, Suite 117		
    Dallas, TX 75225				
						
    McAfee Canada
    178 Main Street
    Unionville, Ontario
    Canada L2R 2G9

    McAfee Europe B.V.			
    Orlyplein 81 - Busitel 1		
    1043 DS Amsterdam				
    The Netherlands	 		

    McAfee (UK) Ltd.
    Hayley House, London Road
    Bracknell, Berkshire  RG12 2TH
    United Kingdom  
                                           
    McAfee France S.A.			
    50 rue de Londres				
    75008 Paris					
    France					
				
    McAfee Deutschland GmbH
    Industriestrasse 1
    D-82110 Germering
    Germany

Or, you can receive online assistance through any of the 
following resources:

1.  Bulletin Board System: (408) 988-4004
    24-hour US Robotics HST DS

2.  Internet e-mail: support@mcafee.com

3.  Internet FTP: ftp.mcafee.com or 205.227.129.134

4.  World Wide Web: http://www.mcafee.com or
    http://205.227.129.97

5.  America Online: keyword MCAFEE

6.  CompuServe: GO MCAFEE

7.  The Microsoft Network: GO MCAFEE

Before contacting McAfee, please make note of the following 
information. When sending correspondence, please include 
the same details.
                   
- Program name and version number
- Type and brand of your computer, hard drive, and any 
  peripherals
- Operating system type and version
- Network name, operating system, and version
- Contents of your AUTOEXEC.BAT, CONFIG.SYS, and 
  system LOGIN script
- Microsoft service pack, where applicable
- Network card installed, where applicable
- Modem manufacturer, model, and baud, where 
  applicable
- Relevant browsers/applications and version number,
  where applicable

- Problem
- Specific scenario where problem occurs
- Conditions required to reproduce problem
- Statement of whether problem is reproducible on demand

- Your contact information: voice, fax, and e-mail

Other general feedback is also appreciated.


* FOR ON-SITE TRAINING INFORMATION *
 
Contact McAfee Customer Service at (800) 338-8754.


* FOR PRODUCT UPGRADES *

To make it easier for you to receive and use McAfee's
products, we have established an Agents program to 
provide service, sales, and support for our products 
worldwide. For a listing of agents, see the file 
AGENTS.TXT, where applicable, or contact McAfee 
Customer Service for agents near you.
