What's New in VirusScan for Windows NT v3.0.0 (3000)
        Copyright 1994-1997 by McAfee, Inc.
                All Rights Reserved.


Thank you for using McAfee's VirusScan for Windows NT. 
This What's New file contains important information 
regarding the current version of this product. It is 
highly recommended that you read the entire document.

McAfee welcomes your comments and suggestions. Please 
use the information provided in this file to contact us.

___________________
WHAT'S IN THIS FILE

- New Features
- Known Issues
- Installation  
- Documentation
- Frequently Asked Questions
- Additional Information
- Contact McAfee

____________
NEW FEATURES

1.  VirusScan now offers the highest level of virus
    detection rates in the industry as well as fast
    scanning performance with its new Hunter engine
    technology. The Hunter engine achieves its stellar
    performance through a 32-bit, multithreaded
    implementation designed to utilize the latest
    advances in memory and I/O management.

    Hunter scanning technology achieves its leadership
    position in virus detection by combining several types
    of virus analysis technologies. All virus types
    including Word and Excel macros, boot-sector infections,
    file, multi-partite, stealth, polymorphic and encrypted
    viruses are detected. The Hunter engine even stops
    viruses written in Visual Basic 5.0 and Office97 file
    formats, offering users maximum defense against the
    newest threats to data.

2.  VirusScan supports Microsoft Office97.

3.  VirusScan for Windows NT now offers an Emergency Disk
    creation utility. With this utility, you can create an
    Emergency Disk during and after VirusScan installation
    with your own high density floppy disk. This disk is an
    important part of a complete security program.

4.  New and improved polymorphic detection.

5.  Easy access to the McAfee Virus Information Library on
    the McAfee Web Site. Select Online Virus Info from the
    Help menu to automatically open a web browser to the
    McAfee Virus Information Library.

 
* ENHANCEMENTS *

1.  VirusScan device drivers enhanced to dynamically load
    and unload. Rebooting your system is no longer necessary
    when installing future VirusScan NT upgrades.

2.  VirusScan for Windows NT is now able to run two or more
    scheduled events at the same time.

3.  On-demand tasks now supports UNC code.

4.  Simplified scanning for Microsoft Word97 and Excel97
    documents. You can now scan Word97 and Excel97 documents
    with the Scan for Viruses right mouse click option.


* NEW VIRUSES DETECTED *

This DAT file (3000) detects and removes an additional
2000 viruses.  The Macro viruses listed below are detected
and removed with this DAT file. 

New Macro viruses detected and removed:

ABC.A
ALIEN (.A-.B)
ALLIANCE.A
ANTICONCEPT.A
APPDER.A
ATOM (.A-.H)
BADBOY (.A-.B)
BALU.A
BANDUNG (.A-.J)
BIRTHDAY.A
BOOM.A
BEURO.A
CEEFOUR.A
CHAOS.A
CLOCK (.A-.D)
COLORS (.A-.J)
CONCEPT (.A-.N, .P, .S-.Z)
COUNT10 (.A-.B)
DANIEL (.A-.C)
DARK.A
DATE.A
DIETZEL.A
DIVINA (.A-.D)
DMV (.A-.B)
DOGGIE.A
DZT.A
EASY.A
EPIDEMIC.A
FORMATC TROJAN
FRIDAY.A
FRIENDLY.A
FURY.A
GANGSTERZ.A
GOLDFISH.A
HASSLE.A
HELLGATE.A
HELPER.A
HOT.A
HYBRID.A
IMPOSTER (.A-.B)
IRISH (.A-.C)
ITALIAN.A
JOHNNY (.A-.B)
KILLDLL.A
KILLPROT.A
KOMPU.A
LOOK (.A-.C)
LUNCH (.A-.B)
MADDOG (.A-.B)
MAGNUM.A
MDMA (.A-.E, .G)
MINIMAL (.A-.B)
MVDK1 (Macro Virus Development Kits; .A-.B)
NF.A
NICEDAY (.A-.B)
NIKI.A
NIKITA.A
NJ-CVK2 (Another Development Kit; .A-.B)
NJ-DLK1A (.A-.D)
NOMVIR (.A-.B)
NOP (.A,.B,.D)
NPAD (.A-.O)
NUCLEAR (.A-.E)
OLYMPIC (.A-.B)
OUTLAW (.A-.C)
PAPER.A
PHANTOM.A
PHARDERA (.A-.B)
POLITE.A
RAPI (.A-.H, .A1, .A2, .B1, .B2, ...)
RATS (.A-.C)
REFLEX.A
SATANIC.A
SAVER.A
SHOWOFF (.A-.E)
SMILEY (.A-.B)
SPOOKY.A
STRYX.A
SWITCHES TROJAN
TARGET.B
TEDIOUS.A
TELE.A
THEATRE (.A-.C)
TWISTER.A
TWNO (.A-.F, .H)
TWOLINES.A
WAZZU (over 40)
WEATHER (.A-.C)
WIEDEROFFEN TROJAN
XENIXOS (.A-.B)

New Excel viruses detected and removed:

DELTA (.A-.B)
DMV.A
LAROUX (.A-.B)
LEGEND.A
ROBOCOP.A
SOFA.A
YOHIMBE.A


* ISSUES ADDRESSED IN THIS RELEASE *

1.  Resolved "Unknown" entries listed in the Event Log when
    one of the following situations occured:

    - the initiated task found an infected file
    - an on-demand task cancelled or would not start
    - an alert message that involved the a name of a
      local or remote machine

2.  Alert messages can now be sent to a network printer.

3.  VirusScan for Windows NT now supports long file names
    in dialog boxes.
                                   
____________              
KNOWN ISSUES

1.  Reported problem with Microsoft Windows NT 4.0 Service
    Pack 2 and anti-virus software. After installing
    Service Pack 2, you may receive a STOP S0x0000000A error
    message when you try to access your CD-ROM drive or
    floppy disk drive while anti-virus software is running.

    Solution: Apply the fix that is now available through
    Microsoft. For more information regarding this issue,
    please contact Microsoft Technical Support.


2.  PAGEFILE.SYS is not excluded by default. To exclude
    this file, use the Wizard to create an on-demand task.

3.  When Execute Program is checked from the System Alerts
    configuration menu, the First Time option will not
    enable when selected. You must select Every Time when
    enabling the Execute Program option.    

4.  On-access exclusions only apply to local devices.

____________
INSTALLATION

* INSTALLING THE PRODUCT *

Prior to installation, take the following steps:

1.  Uninstall any previous versions of VirusScan for
    Windows NT.
2.  Ensure you have Administrator rights for the NT
    workstations on which you are installing VirusScan.
3.  Run SETUP.EXE and follow the prompts. 


If you would like to perform a "silent" installation
of VirusScan NT, requiring minimal user interaction and
using all default or "Typical" installation settings, add
-s (i.e. SETUP.EXE -s) to the setup command when you
install the product.

NOTE: If you would like to perform a silent installation
      on machines running NT 4.0, follow the instructions
      outlined below for customizing the silent
      installation.

Network Administrators can customize the silent
installation by following the steps below.

1.  Check in the Windows directory to ensure that a
    file named SETUP.ISS does not already exist. If it
    does, rename it, back it up, or delete it.

2.  Run SETUP.EXE with the -r switch, (i.e. SETUP.EXE -r).

3.  Select the components you would like to be installed
    during the silent installation.  All responses will
    be recorded.

4.  Finish the installation, and locate the file SETUP.ISS
    in the Windows directory.

5.  Locate the section [SdSetupType-0] in the SETUP.ISS
    file and go to the line:

        Result=x

        where x is equal to
        301 (Typical installation)
        302 (Compact installation)
        303 (Custom installation)

6.  Add 100 to the above value, so that the Result 
    variable is equal to 401, 402, or 403. Modifying
    this file will allow the installation to copy the
    VirusScan files to the drive where the operating
    system resides instead of defaulting to the C:
    drive.

7.  Rename, back up, or delete SETUP.ISS on the first
    installation disk (floppies only). For CD-ROM versions
    of the product, you must copy the installation files
    onto the hard drive before taking this step.

8.  Copy the new SETUP.ISS from the Windows directory
    to the location of the installation files.

9. Run SETUP.EXE with the -s switch (i.e. SETUP.EXE -s).

    NOTE: If you do not specify a "recorded" answer for
    all dialog boxes during the initial installation, the
    silent installation will fail. Also, the file used
    for the silent installation, SETUP.ISS, may not work
    properly across different operating systems. For
    example, if the silent install is generated for
    Windows 95, it may not work properly in Windows 3.1x
    or Windows NT.


* PRIMARY PROGRAM FILES FOR VIRUSSCAN FOR WINDOWS NT *

Files located in the Install directory:
=======================================

1.  Installed for the Alert Manager/Console/Server:

                    README.1ST = McAfee information
                  WHATSNEW.TXT = What's New document
                   PACKING.LST = Packing list
                    AGENTS.TXT = McAfee authorized agents
                  VALIDATE.EXE = McAfee file validation
                                 program
                    UPDATE.MSG = Update message file
                    SHIELD.HLP = On-access scanner help
                    SHIELD.CNT = On-access context-sensitive
                                 help
                  MCCONSOL.HLP = Console help
                  VIRUSCAN.HLP = On-demand scanner help
                  VIRUSCAN.CNT = On-demand context-sensitive
                                 help
                     NAMES.DAT = Virus names definition data
                      SCAN.DAT = Virus scan definition data
                     CLEAN.DAT = Virus clean definition data
                   MCALYZE.DAT = Virus definition data
    NETSHIELD ACTIVITY LOG.TXT = NetShield activity log
         SCAN ACTIVITY LOG.TXT = Scan activity log
                    MODEMS.TXT = Modem initialization
                                 strings
                   SCANLOG.TXT = Scan log
                    SAMPLE.CMD = Sample alert file
                  MCUPDATE.EXE = Update module
                  AMGRCNFG.EXE = Alert manager configuration
                                 program
                    FTPGET.CMD = Automatic updating script
                    DEISL1.ISU = Uninstall file
                  MCSRVSHL.EXE = Uninstall application
                  MCSERVIC.DLL = Install/uninstall library file
                   MCALERT.MIB = Interpret SMNP traps
                  MCSCAN32.DLL = Library files
                    SHUTIL.DLL = Library files
                   NETSHLD.MIF = SMS Report file 


2.  Installed for Alert Manager:

                     WCMDR.EXE = Uninstall program
                     WCMDR.INI = Uninstall initialization file
                   DEFAULT.VSC = On-demand scanner default
                                 configuration settings
                   IMPTASK.EXE = Task import tool
                   IMPTASK.TXT = Task import text file
                  AMGRSRVC.EXE = Alert manager service
                                 program
                  MCALSNMP.DLL = Alert manager SNMP
                  POWERP32.DLL = Alert manager support
                                 module
                  VIRNOTFY.EXE = Notification utility

3.  Installed for the Console:

                  MCCONSOL.EXE = Console manager 
                    SHSTAT.EXE = Shield status monitor
                                 program
                   SCNSTAT.EXE = Scan status monitor
                                 program
                  SCNCFG32.EXE = Console configuration
                                 module
                   VIRLIST.EXE = Virus list
                   SHCFG32.EXE = Console configuration
                                 module
                  MCKRNLNT.DLL = Library files      
                  MCUTILNT.DLL = Library files
                  MCKRLN95.DLL = Library files
                  MCUTIL95.DLL = Library files
                   MCALYZE.DLL = Library files

Files located in WINNT35\SYSTEM32:
==================================

1.  Installed for the Console/Server/Alert Manager:

                   CTL3D32.DLL = 32-bit 3D Windows
                                 controls library (*)

(*) File will be installed upon installation of
    NetShield if the file does not already exist,
    or if an older version is found.  


Files located in WINNT35\SYSTEM32\DRIVERS:
========================================== 

1.  Installed for the Server:

                  MCFILTER.SYS = System files
                   MCFSREC.SYS = System files
                    MCKRNL.SYS = System files
                    MCSCAN.SYS = System files
                    MCUTIL.SYS = System files
                  MCSHIELD.SYS = System files


          
* TESTING YOUR INSTALLATION *

The Eicar Standard AntiVirus Test File is a combined
effort by anti-virus vendors throughout the world to come
up with one standard by which customers can verify their
anti-virus installations.

To test your installation, copy the following line into
its own file and name it EICAR.COM.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

When done, you will have a 69- or 70-byte file.

When VirusScan is applied to this file, Scan will report 
finding the EICAR-STANDARD-AV-TEST-FILE virus.

It is important to know that THIS IS NOT A VIRUS. However,
users often have the need to test that their installations 
function correctly. The anti-virus industry, through the 
European Institute for Computer Antivirus Research, has 
adopted this standard to facilitate this need.

Please delete the file when installation testing is 
completed so unsuspecting users are not unnecessarily 
alarmed.

_____________
DOCUMENTATION

For more information, refer to the VirusScan User's
Guide, included on the CD-ROM versions of this program
or available from McAfee's BBS and FTP site. This file
is in Adobe Acrobat Portable Document Format (.PDF) and
can be viewed using Adobe Acrobat Reader. This form of
electronic documentation includes hypertext links and
easy navigation to assist you in finding answers to
questions about your McAfee product.

Adobe Acrobat Reader is available on CD-ROM in the
ACROREAD subdirectory. Adobe Acrobat Reader also can
be downloaded from the World Wide Web at:

http://www.adobe.com/Acrobat/readstep.html

VirusScan documentation can be downloaded from McAfee's
BBS or the World Wide Web at:

http://www.McAfee.com or http://205.227.129.164 

For more information on viruses and virus prevention,
see the McAfee Virus Information Library, MCAFEE.HLP,
included on the CD-ROM version of this product or
available from McAfee's BBS and FTP site. A ViaGrafix
Interactive Anti-virus Training program also is available
on the CD-ROM version, or can be purchased from the
McAfee Web Site.

__________________________
FREQUENTLY ASKED QUESTIONS

Regularly updated lists of frequently asked questions 
about McAfee products also are available on McAfee's 
BBS, website, and CompuServe and AOL forums.
 

Q:  How do I enable McAfee's Centralized Alerting and
    Reporting?

A:  VirusScan now supports Centralized Alerting and
    Reporting to a remote Windows NT server running
    NetShield for Windows NT v2.5.3 or later.

    To set up this option on your VirusScan client, modify
    the AlertOptions section in ScanNT's DEFAULT.VSC files
    and/or your custom settings file to read the following:

    Note: Administrators will need to configure the .VSC
    files for complete Centralized Alerting & Reporting.

           szNetworkAlertPath=<directory name>
           bNetworkAlert=1
   
    Where the <directory name> is the path to the remote
    NT directory (can use UNC format where supported). From
    this directory, NetShield can broadcast or compile the
    alerts and reports according to its established
    configuration.

    NOTE: The client must have write access to this
    <directory> location and the directory must contain
    the NetShield-supplied CENTALRT.TXT file.
   
    To send a complete alerting file identifying the
    system and user, establish the following environment
    variables or add them to the AUTOEXEC.BAT file.

           Set COMPUTERNAME=<name of computer>
           Set USERNAME=<user name>

    The alert file sent to the server is an .alr text file.
    Upon receipt of the alert file, NetShield NT sends an
    alert message to an administrator and/or appropriate
    personnel.


Q:  How can I display a custom message during an on-demand
    scan?

A:  You can customize your messages during an on-demand
    scan by modifying ScanNT's DEFAULT.VSC file. Under
    AlertOptions, add the following setting:
   
    szSuggestMessage=<text>

    Add your customized text message where <text> is.

              
Q:  Why do I get errors in my event viewer after
    installing Service Pack 3 or Service Pack 4?

A:  Service Pack 3 and Service Pack 4 involved a
    change to the HAL.DLL file that is used by McAfee's
    device drivers. If you are using VirusScan for
    Windows NT Version 2.5.0, uninstall, then install
    Version 2.5.3 or higher.
                     

Q:  Why do I get an error in MCINST32.DLL when I
    attempt to install VirusScan for Windows NT?

A:  VirusScan for Windows NT was designed for an i386
    processor only. This error is usually caused by an
    attempt to install to a non-i386 machine.
  

Q:  Is there a conflict with the Novell written client
    for NT?

A:  No. However, there are some timing issues that
    arise when VirusScan for Windows NT is installed.
    If it is necessary for you to use the Novell client,
    change the account that both the McAfee Task
    Manager and the Alert Manager use to a "System"
    account.


Q:  As an administrator, how can I scan private directories
    that are accessible only to individual users?

A:  The on-access scanner will detect infected files as they
    are copied into the users' personal directories.

    On-demand (scheduled) scans are launched by the 
    McTaskManager Service. If you specify a user name 
    and password for the Service, then the scheduled 
    scan will only scan directories for which the user 
    name has privileges. If no user name was specified, 
    then the Service has SYSTEM privileges. 
    
    To perform an on-demand, or scheduled, scan of 
    private directories, the McTaskManager Service must 
    have access to these private areas. Following are 
    two ways to address this issue:

    Solution A:
    1. Do not associate a user name to the Service.
    2. Give SYSTEM privileges to access the private spaces.

       Considerations with Solution B:
       Someone could create or use a Service to access your 
       information.

    Solution B:
    1. Create a custom user name to be used by the Service.  
    2. Give this user name privileges to access the private 
       spaces.

       Considerations with Solution A:
       The administrator will need to know the user names 
       and passwords.  

    McAfee recommends Solution A as a more secure solution. 


Q:  VirusScan will not perform an on-demand (scheduled)
    scan of some networked devices. Why?
  
A:  It is possible that the user name you are using for
    the Taskmanager Service does not have sufficient
    rights to scan the devices in question. To verify
    whether this is the issue, log in to each device using
    the user name and password used by the Taskmanager
    Service. Confirm that this user name has rights on
    the device by manually running an on-demand scan. If
    you can scan the device while you're logged in, then
    the Service should also be able to do it as a scheduled
    scan.


Q:  When performing an on-demand (scheduled) scan of a
    networked device, the system locks up. How can I
    solve this problem?

A:  Log on to the device in question and manually run
    an on-demand scan with the Compressed Files option
    turned off. If the scanner locks up, note where it
    locks. Attempt to determine which file VirusScan locks
    on and send the information to McAfee. If the scan
    succeeds, select the Compressed Files option and scan
    the device again. If it locks this time, chances are
    you have a ZIP file that is corrupted or large, and
    it takes time to scan. If scanning works in both
    scenarios, then give the Taskmanager Service the same
    user name and password currently logged in as and try
    a scheduled scan again. If this now works, then the
    old user name didn't have sufficient rights to scan
    the device in question.


Q:  Can I update VirusScan's data files to detect
    new viruses?

A:  Yes. If you have Internet access, you can download
    updated VirusScan data files from the McAfee Web 
    Site, BBS, or other online resources. To download 
    from the McAfee Web Site, follow these steps:
 
    1.  Go to the McAfee Web Site (http://www.mcafee.com
        or 205.227.129.164).

    2.  Select Update DAT File in the left hand column
        or frame.

    3.  Scroll down, and click Update Your DAT Files to
        update your virus definition files.

    4.  Data file updates are stored in a compressed form 
        to reduce transmission time. Unzip the files into
        a temporary directory, then copy the files to the
        appropriate directory, replacing your old files.    

    5.  Before performing any scans, shut down your
        computer, wait a few seconds, and turn it on again.

    If you need additional assistance with downloading, 
    contact McAfee Download Support at (408) 988-3832.

______________________
ADDITIONAL INFORMATION

VirusScan NT includes an external utility,
VIRNOTFY.EXE, that will notify you in the event that
McAfee's Alertmanager is not installed. To use this
utility, open McConsole, and select Tools/Alerts. Add
the path and utility to the Program To Execute line.

______________
CONTACT McAFEE

* FOR QUESTIONS, ORDERS, PROBLEMS, OR COMMENTS *

Contact McAfee's Customer Care department: 

1.  Corporate-licensed customers, call (408) 988-3832
    Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time

    Retail-licensed customers, call (972) 278-6100
    Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time

2.  Fax (408) 970-9727
    24-hour, Group III fax 
		
3.  Fax-back automated response system (408) 988-3034
    24-hour fax

Send correspondence to any of the following McAfee
locations.

    McAfee Corporate Headquarters
    2710 Walsh Avenue			
    Santa Clara, CA 95051-0963		
	
    McAfee East Coast Office					
    Jerral Center West
    766 Shrewsbury Avenue
    Tinton Falls, NJ 07724-3298

    McAfee Central Office			
    4099 McEwen
    Suites 500 and 700
    Dallas, TX 75244		
						
    McAfee Canada
    139 Main Street
    Suite 201
    Unionville, Ontario
    Canada L3R2G6

    McAfee Europe B.V.			
    Gatwickstraat 25	
    1043 DL Amsterdam				
    The Netherlands	 		

    McAfee (UK) Ltd.
    Hayley House, London Road
    Bracknell, Berkshire  RG12 2TH
    United Kingdom 

    McAfee France S.A.			
    50 rue de Londres				
    75008 Paris					
    France					
				
    McAfee Deutschland GmbH
    Industriestrasse 1
    D-82110 Germering
    Germany

    McAfee Japan KK
    4F Toranomon Mori bldg. 33
    3-8-21 Toranomon
    Minato-Ku
    Tokyo, 105
    Japan
    	
Or, you can receive online assistance through any of the 
following resources:

1.  Bulletin Board System: (408) 988-4004
    24-hour US Robotics HST DS

2.  Internet e-mail: support@mcafee.com

3.  Internet FTP: ftp.mcafee.com or 205.227.129.168

4.  World Wide Web: http://www.mcafee.com
    or http://205.227.129.164

5.  America Online: keyword MCAFEE

6.  CompuServe: GO MCAFEE

7.  The Microsoft Network: GO MCAFEE

Before contacting McAfee, please make note of the
following information. When sending correspondence,
please include the same details.

- Program name and version number
- Type and brand of your computer, hard drive, and any 
  peripherals
- Operating system type and version
- Network name, operating system, and version
- Contents of your AUTOEXEC.BAT, CONFIG.SYS, and 
  system LOGIN script
- Microsoft service pack, where applicable
- Network card installed, where applicable
- Modem manufacturer, model, and baud, where 
  applicable
- Relevant browsers/applications and version number,
  where applicable

- Problem
- Specific scenario where problem occurs
- Conditions required to reproduce problem
- Statement of whether problem is reproducible on demand

- Your contact information: voice, fax, and e-mail

Other general feedback is also appreciated.

Documentation feedback is welcome. Send e-mail to
documentation@cc.mcafee.com.


* FOR ON-SITE TRAINING INFORMATION *
 
Contact McAfee Customer Service at (800) 338-8754.


* FOR PRODUCT UPGRADES *

To make it easier for you to receive and use McAfee's
products, we have established an Agents program to 
provide service, sales, and support for our products 
worldwide. For a listing of McAfee agents near you, click
Contact McAfee under the Information section on the
McAfee website.

* MCAFEE BETA SITE *

Get pre-release software, including DAT files, through
http://beta.mcafee.com/public/datafiles. You will have
access to Public Beta and External Test Areas. Your
feedback CAN make a difference.

 
