Kaspersky Anti-Virus: Extra Database Options

Discussion in 'other anti-virus software' started by Smokey, May 21, 2004.

Thread Status:
Not open for further replies.
  1. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Only a few people know about the KAV extra databasa options.

    Therefore more info about it.

    KAV standard antivirus solutions protect you from all viruses, Internet worms, Trojans and other malicious programs. However, there are other means for hackers, spammers and other cyber criminals to harm users.

    Kaspersky Labs provides additional antivirus databases for special usage. They do recommend that you contact their technical support specialists before using these databases.

    Additional databases
    1. Extended database option
    2. SuperSecure database option (not available yet, will be integrated in KAV-Pro v5)
    These options are primarily for use by network administrators and experienced users. Kaspersky do not recommend these options to beginners or inexperienced users. However, some of these databases are already included in Kaspersky Anti-Virus Personal V5 .

    These options include databases for detecting programs that are not malware but could potentially cause damage and are additions to the standard antivirus databases.

    3. Cih-trac.avc

    The Cih-trac.avc antivirus database is used for fixing Trojan.Flashkiller (the remains of the Win95.CIH virus), which could be found by the Scanner only in the mode of thorough scanning. Use it only in this case.



    The Extended database option includes the following databases:
    1. Riskware.avc
      This database detects malware that initiates remote observation and control over the victim PC. For example:
      • programs for remote administation
      • keyboard espionage
      • password detection
      • automatic dial-up to paid sites
      System adminstrators should remember that this database may generate warnings from exisiting information security software, for instance software providing remote control and not having its own installers and icons.
    2. Pornware.avc



      This database contains texts identifying various pornographic sites:

      • programs that auto-dial porn sites
      • programs for auto downloads of files containing explicit materials
    3. Adware.avc



      This database identifies several types of ads and related programs.

      Warning! Kaspersky advise utmost caution in removing such programs, since removal of the ad can cause the original program where it was attached to fail.
    Including the Extended databases in the auto-downloads


    To include the Extended database option in your auto-download change the ending of all links from "updates" to "updates_ext".

    For example:

    http://downloads1.kaspersky-labs.com/updates


    Changes to:

    http://downloads1.kaspersky-labs.com/updates_ext


    Please remember that if the auto-download is not completed from this server, then the auto-downloading module will automatically download databases from other available servers named in the register. Whereupon the Extended database option will be deleted. Therefore we recommend that you change all references in the register of your auto-downloading module to "updates_ext".



    The SuperSecure database option includes the following databases:
    1. Riskware.avc
      This database detects malware that initiates remote observation and control over the victim PC such as:
      • programs for remote administation
      • keyboard espionage
      • password detection
      • automatic dial-up to paid sites
      System adminstrators should remember that this database may generate warnings from exisiting information security software, for instance software providing remote control and not having it's own installers and icons.
    2. Pornware.avc



      This database contains texts identifying various pornographic sites:

      • programs that auto-dial porn sites
      • programs for auto downloads of files containing explicit materials
    3. Adware.avc



      This database identifies several types of ads and related programs.

      Warning! Kaspersky advise utmost caution in removing such programs, since removal of the ad can cause the original program where it was attached to fail.
    4. X-files.avc



      This database contains detection tools for:

      • hacker programs attacking licensed software, key generators, credit card number generators
      • Java classes
      • joke programs
      • Internet utilities (scanners and so on)
      • programs causing system problems
      • programs generating unexpected video and audio effects
      • virus simulators
      • security data collectors (installed anti-virus, firewalls and so on)
      • any programs that are unusual in form and content that may be malware
    Including the SuperSecure databases in the auto-downloads


    To include the SuperSecure database option in your auto-download change the ending of all links form "updates" to "updates_x": For example:



    http://downloads1.kaspersky-labs.com/updates
    Changes to:





    http://downloads1.kaspersky-labs.com/updates_x
    Please remember that if the auto-download is not completed from this server, then the auto-downloading module will automatically download databases from other available servers named in the register. As a result the SuperSecure database option will be deleted.



    Therefore Kaspersky recommend that you change all references in the register of your auto-downloading module to "updates_x".



    The Cih-trac.avc antivirus database is used for fixing Trojan.Flashkiller (the remains of the Win95.CIH virus), which could be found by the Scanner only in the mode of thorough scanning. Use it only in this case.
    1. Save this database into the same directory where the file avp.set is stored.
    2. Open avp.set using any text processor which doesn't leave special codes (e.g. Notepad) and write in the end of the list of databases (before the digital signature) the string cih-trac.avc. Close avp.set saving all changes.
    3. Launch Scanner (choose "Yes" when the window message appears saying that the file avp.set is corrupted) to fix.
    After the next upgrade this database will be erased.

    Don't switch it on constantly, as it can cause false identifications.


    General antivirus databases here: http://www.kaspersky.com/avupdates

    Cih-trac.avc antivirus database here: ftp://ftp.kaspersky.com/utils/special_bases/cih-trac/



    Ciao,



    Smokey
     
    Last edited: May 21, 2004
  2. tahoma

    tahoma Registered Member

    Joined:
    May 31, 2003
    Posts:
    228
    any idea how to use the x-files in kav5?
     
  3. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Just received this email from Kaspersky Labs:

    "Unfortunately there is no way you could do this.
    This option will be available in version 5.0 Personal Pro.


    Sincerely,


    Igor Kurzin.

    International Support Center

    Kaspersky Labs":oops:


    Ciao,

    Smokey
     
  4. Kobra

    Kobra Registered Member

    Joined:
    May 11, 2004
    Posts:
    129
    Wow nice, so is this available now or not quiet yet??

    I'm confused.
     
  5. Lisa

    Lisa AV Expert

    Joined:
    Feb 10, 2003
    Posts:
    38
    Location:
    Cambridge UK
    Hi Kobra,
    In version 5.0 Personal - which is currently the only released version of 5.0, you can only choose the extended but not the X-File or paranoid updates as they were also known ;)

    Personal Pro 5.0 which will have this option, is not due for release yet - in fact we don't have a date for this yet.

    We only advise advanced users to use the special x-files as there is more of a chance of false positives.

    Regards
    Lisa
    KL UK
     
  6. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Hi Lisa!

    Nice to see you back here!;)

    I would appreciate it, if Kaspersky is willing to change his webpages and informs the customer that the x-file update is yet not available, and in the future it only will be available in KAV-Pro V5.

    When Kaspersky this is doing it in the same fast reaction time they answered my email (within 5 minutes!!!) that wouldn't be bad at all!:D

    I agree with you that the extended update is maybe a better choice then the paranoid x-file update.

    Ciao,

    Smokey
     
  7. Kobra

    Kobra Registered Member

    Joined:
    May 11, 2004
    Posts:
    129
    I wish KAV5-Pro was available sooner, I really want to test out these Extended definitions, and see if for once, KAV is the total-protection-choice.

    I'm kinda tiredof using an AV, AT, Adware, Keylogger/Spyware seperate programs, and would love an all-in-one super solution.
     
  8. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    I guess you mean the SuperSecure database option instead of the Extended Database?

    The extended Database is already available in Kaspersky Antivirus Personal v5, together with the Standard Database.

    IMO the Extended DB is the best option, finds a lot more then the Standard DB, see my first thread.
    The SuperSecure DB is a little killer, finds to much, is only an option for users who exactly understands what they are doing.

    KAV v5 is almost an all-in-one solution, but don't forget, even Kaspersky is like all other AV's not perfect.

    And: a layered defence is the best defence.......

    From my personal experiences I can advice you KAV together with TDS, both top-notch products, but there are other good brands too.

    Ciao,

    Smokey
     
  9. tazdevl

    tazdevl Registered Member

    Joined:
    May 17, 2004
    Posts:
    837
    Location:
    AZ, USA
    I'll have to try out the extended DB. My main complaint with KAV 5.0 is the ridiculously long scan times. Over a period of two weeks, there was little or no variance ~1:30 versus 40-50 mins for the alternatives.

    The other issue I have is that as a laptop user, I wish there was an option available that integrates the executable into Windows XP's Scheduled Tasks. That way I can set a wide variety of conditions where I would like KAV to start scanning, hold off or stop. IMO what KAV 5.0 has in place ATM is a cop out.
     
  10. tahoma

    tahoma Registered Member

    Joined:
    May 31, 2003
    Posts:
    228
    thanks for reply. looking forward to kav5 pro :)
     
  11. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    using the x-bases will significantly increase scan times

    i use v 4.5 personal pro with x-bases(i update once a week from an x-base server)
     
  12. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    I have been running the _x base defs since I've had KAV and yes, it does extend scan times compared to other AV have used, but I don't mind one little bit.

    So far, I have not had a single FP, only alerts on the known test virri/trojans I have packed, dbl/triple packed just to keep KAV on it's toes and to hear the pig squeel, lol.

    TAS
     
Loading...
Thread Status:
Not open for further replies.