Frequently Answered Questions Document for Central Point AntiVirus and Microsoft Anti-Virus. FAQ Version 2.0 ------------------------------------------------------------------------------ If these solutions do not work please contact Symantec Electronic Support. An * (Asterisk) denotes a spot where particular attention should be paid. ------------------------------------------------------------------------------ 0.0 What is an FAQ (Frequently Answered Questions)? ----------------- General Questions ----------------- 1.a Where should I install Central Point AntiVirus? 1.b How do I update Central Point or Microsoft AntiVirus? 1.c What is the correct setup for Central Point AntiVirus for Dos? 1.d What is the correct setup for Central Point AntiVirus for Windows? 1.e What Technical Support options are available? 1.f I heard that Symantec is going to drop the Central Point Products. 1.g How can I receive more information about Central Point Products? 1.h What is a virus? --------------- Troubleshooting --------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~ General troubleshooting ~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2.a After following the update instructions in this FAQ the message says I still need to update. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Dos specific troubleshooting ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3.a When I select virus list in Microsoft AntiVirus for Dos it says "Out of Memory". 3.b VSafe says the Teletype virus is present on a floppy disk. 3.c VSafe warns that a virus is present but CPAV doesn't find any viruses. 3.d VSafe reports the Form virus but the AntiVirus program can not clean it. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Windows specific troubleshooting ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 4.a When I try to start Windows I get dropped back to the DOS prompt or the system locks up if VSAFE is loaded. 4.b While CPAV is scanning the drive I get a GPF in Windows or the system locks up. 4.c After updating CPAV for Windows with the latest Virus Signature list I get a GPF in USER.EXE. --------------- Recommendations --------------- 5.a How to make an Emergency Disk and when to use it. 5.b Data security. 5.c Enhanced capabilities of CPAV and their descriptions. -------------------------------------------------------------------- ------------------------ Beginning of the answers ------------------------ 0.0 What's an FAQ? Introduction: An FAQ is a compilation of the most common questions about a subject and their answers. This is an established technique (adopted from its widespread use on USENet) for reducing the repetition of questions and answers from on-line services (such as BBS, CompuServe and America Online). Our intent is to answer as many questions as possible. You don't have to leave a question and call back to get an answer to something that we've already covered a few times before. If the answer to a particular question does not correct the situation please leave a message in the CP AntiVirus forum. We will be aggressively maintaining these to ensure that they always have answers to the most current issues pertaining to a product. Naturally users are encouraged to read the FAQ. Hopefully you'll find your question (and its answer) here (which will save you time and money). Please note that this is not intended to replace the manual or the built-in help. It is prepared and maintained by our electronic support staff so our FAQ's may not have breadth or editorial polish of our official documentation. Hopefully, this will answer some questions that our technical writers couldn't foresee. You may have been referred to this document by one of our technicians or another customer. Please don't take offense to this. We are trying to provide the answers in the best possible way. You are welcome to suggest improvements. ------------------------ ------------------------ ----------------- GENERAL QUESTIONS ----------------- 1.a Where should I install Central Point AntiVirus? If you are upgrading the stand-alone version, install CPAV to the old sub-directory. Installing into that directory will guarantee that all files are updated properly and minimize the amount of disk space needed. If you are installing the stand-alone program of Central Point AntiVirus install it to it's own subdirectory. You should not have two copies of CPAV on the system (this applies if using the PCTools and CPAV stand-alone products together). After installation delete any duplicate files, especially if they are older files, in any other directories. Because the installation for CPAV will over-write certain files in the PCTOOLS or CPS directory (like INSTALL.EXE) it should not be installed directly into C:\PCTOOLS or C:\CPS. Installing to C:\CPS\WNCPAV or C:\PCTOOLS\CPAVW is ok. If you do not have an earlier version, then it can be installed on any drive and to any subdirectory of your choosing. ------------------------ ------------------------ 1.b How do I update Central Point AntiVirus? To download the update for Central Point AntiVirus on America OnLine use the KeyWord Symantec and select Symantec Forums from the World Wide Web page (if you are using the latest version of the AOL online software). If you don't have the latest version of AOL software please contact the AOL Staff and ask them to send it to you. Then select the Virus Control Center and open the Virus Definitions Library. To download the update from CompuServe use the command GO SYMNET and look in File Library 10 for the CPAV Netware update, or GO SYMWIN and look in File Library 12 for the CPAV Windows update, or GO SYMDOS and look in File Library 15 for the CPAV Dos update. To download the update from the Symantec BBS, dial (503) 484-6669 (for 28.8 modems), or (503) 984-5366 (for 14.4 or slower modems), create or enter a login name, select Get a ile and choose the appropriate product. To order the update on floppy disk call Symantec Customer Service at (800) 441-7234. The file you need to download depends on the version (Dos, Windows, or OS/2) you have. To find out the version number of CPAV, open the program and choose Help and then About, writing down what it says the version is. Look at the following chart to find out what file you need. If you are using MSAV for Windows (MWAV) you will need to download both DOSAV.EXE and WINAV.EXE. Product Updater ---------------------------------- --------- Microsoft Anti-Virus for Dos -------------------------- DOSAV.EXE Microsoft Anti-Virus for Windows ---------------------- WINAV.EXE CPAV for Dos v1.0 - 1.4 (PCTools v8.0 and earlier) ---- V1SIG.EXE CPAV for Dos v1.5 - 2.2 (PCTools v8.0a and later) ----- V2SIG.EXE CPAV for Windows v1.5 and later (PCTools for Windows) - WINSIG.EXE * Before running update start CPAV and choose Delete SmartCheck files for each hard drive on the system. After installing the updated files run CPAV again, select Options and turn off Fast Verify and scan the hard drives. This will create new SMARTCHK.CPS files with the correct information for the updated program. If you have an Emergency Disk copy the new CPAV.EXE, SMARTSIG.CPS, and VIRULIST.CPS files to the floppy disk. * Once you have received the update copy it to a totally new empty (empty - including hidden files) sub-directory on the C: drive (not to a RAM or Network drive) and run it. When it is finished running you will have the actual update files in that directory. There will be a README.TXT file with further instructions on how to proceed. This file will need to be viewed and the instructions followed in order to update the anti-virus program, but, read these instructions first. To view that file type EDIT README.TXT. If the you are using CPAV for Dos and the update program does not make a working CPAV.EXE file you will need to undo any changes made by the update program, boot the system as clean as possible, and run Update again. The update program saves the old CPAV.EXE file as CPAV.OLD. If there is a CPAV.OLD file and the new CPAV.EXE is not working correctly delete the new CPAV.EXE (DEL CPAV.EXE) and rename the old one back to CPAV.EXE (REN CPAV.OLD CPAV.EXE). Boot the system as clean as possible by either pressing the F5 key when you see the words "Starting MS-DOS..." or booting from a floppy system disk. Change to the directory where the Update program is and run it again. ------------------------ ------------------------ 1.c What is the best setup for Central Point AntiVirus for Dos? 1) The CPAV.INI file should be in the same directory as CPAV.EXE, SMARTSIG.CPS, and VIRULIST.CPS. If the CPAV.INI file is not in this directory then please move the CPAV.INI file to this directory and run EDIT C:\AUTOEXEC.BAT. Find the SET CPAV= line and change it to point to the correct location of the CPAV.INI file. 2) Ensure there are no duplicate copies of files that CPAV for Dos and/or Windows uses in any other directories on the drive. There should only be one copy of all files needed for CPAV for Dos in it's directory, the Windows directory (if applicable), and the Windows/System directory (if applicable). These single copies should always be the latest versions regardless of size. Making sure that all of the appropriate Microsoft Windows and Central Point files are the latest versions is recommended. ------------------------ ------------------------ 1.d What is the best setup for Central Point AntiVirus for Windows? 1) Ensure there are no duplicate copies of files that CPAV for Windows uses in any other directories on the drive. There should only be one copy of all files needed for CPAV for Windows in it's directory, the Windows directory (where only the Windows Group file is), and the Windows/System directory. These single copies should always be the latest versions regardless of size. Making sure that all of the Microsoft Windows and Central Point files are the latest versions is recommended. 2) The CPAV.INI file should be in the same directory as WNCPAV.EXE, SMARTSIG.CPS, and WNVIRLST.CPS. If the CPAV.INI file is not in this directory then please move the CPAV.INI file to this directory and run EDIT C:\AUTOEXEC.BAT. Find the SET CPAV= line and change it to point to the correct location of the CPAV.INI file. ------------------------ ------------------------ 1.e What Technical Support options are available? A wide variety of services are available to registered owners of Central Point products. ON-LINE & AUTOMATED SUPPORT SERVICES Technical Support via on-line services is available through the services listed below. Use these services to converse with us and other Central Point customers for helpful dialog, tips and for access to files using your computer. CompuServe Forums: Call your local access number, available in your CompuServe membership kit, and type "GO Symantec" at any exclamation (!) prompt. The AntiVirus Forums for CPAV for Dos and Windows have been moved to one forum under Symantec AntiVirus (GO SYMVIRUS). This was done to cut down on the number of forums that we must attend to. We are improving our abilities to support our customers. On CompuServe forums Section One is for Customer Service issues, not technical questions unless it's related to a sales issue. The other forums are for leaving technical questions related to the product(s) the forum is named after. America Online Industry Connection: Call your local access number, available in your America Online membership kit. The keyword for our industry connection is "Symantec". Technical Support and Customer Service are available from this one screen. To access the Central Point Bulletin Board System: Set your modem to 8 data bits, 1 stop bit and no parity. Dial 503-984-5366 for up to 14,400 baud access. With our automated fax retrieval service you have instant access to up-to-date technical articles and product information 24 hours a day, 7 days a week. Call this easy-to-use system from a touch tone phone to request catalogs or up to four documents to be sent directly to your fax machine. Call 503-984-2490. INTERACTIVE TELEPHONE SUPPORT Technical Support by telephone is available through a variety of programs designed to meet the individual support needs of users of our products. Telephone support is available weekdays from 6:00am to 5:00pm Pacific Standard Time. Following is a summary of our telephone support plans: If you have only an occasional need for technical assistance via telephone, our PriorityCare program gives you immediate access to our experts on a pay-as-you-go basis. You have two options with this program: Call our 800 number to charge the service fee to your credit card, or call our 900 number and the service fee will be charged to your regular phone bill. Dial 800-491-2764 to charge the $25.00 service fee to your Visa, MasterCard or American Express card. Please have your credit card handy when you call. Dial 900-555-7700 to charge the $2.00 per minute fee directly to your regular phone bill. The first minute of your call is free. This option is a good choice for those quick questions. Our QuickStart support program is designed for users who need telephone assistance getting started with their new software. This program is also a great value if you think you may need to make more than one or two calls to technical support. QuickStart gives you 30 days of unlimited telephone access to our technical experts for $30 per person, per product family*. PremiumCare Gold, our annual support plan, is a cost effective solution if you frequently call technical support. This plan offers a full year of unlimited calls to technical support for $149.95 per person, per product family*. Extended plans are also available to organizations in need of additional technical support services. We offer a variety of plans, ranging from toll-free priority telephone support to extended hours and weekend support. Please call customer service at 503-690-8090 for more information, or to order any one of our telephone support plans. Product Families ---------------- ANTI-VIRUS Anti-Virus for DOS, Windows and OS/2 (GO SYMVIRUS) BACKUP CP Backup for DOS, Windows and special manufacturer's bundles MACINTOSH MacTools, MacTools Power PC, Safe & Sound and Anti-Virus for Macintosh PC TOOLS PC Tools Pro (DOS), PC Tools for Windows, E-Disk, Speed Tools, and File Manager XTREE XTree Gold, XTree for Windows and XTree Gold for Windows Please note that support is no longer available for Copy II products or for the Deluxe Option Board. These products have been discontinued. The most common support questions and answers for these products are available via the automated fax retrieval service. Order document 58000 for the Copy II document and 59000 for the Deluxe Option Board document. ------------------------ ------------------------ 1.f I heard that Symantec is going to drop the Central Point Products. Central Point will remain a separate division of Symantec. The Support Policies will continue to be those of Central Point. ------------------------ ------------------------ 1.g How can I receive more information about Central Point Products? Symantec and Central Point both offer several less known ways to gain technical support. Our faxback service is one of them. It contains most of the more prevalent issues regarding Central Point Software. The faxback number is (800) 847-8766. Remember, You'll need a touch tone phone, and a fax machine. ------------------------ ------------------------ 1.h What is a virus? Viruses are made up of machine language capable of altering the way regular programs operate and have the ability to replicate or add their instructions to other programs instructions, sometimes destroying the normal programs original instructions. But, they usually change the regular programs instructions to run their instructions first and then run the original program. Most viruses are normally capable of hiding these changes, hence the word "Stealth". "Stealth" viruses are only capable of hiding these changes when they are "memory-resident" or running. Some viruses will sufficiently change the current operating system so that when the virus is not in memory other complications arise. The majority of viruses do not totally or even partially do what was originally intended for them to do. Some do what was intended and do it quite well. The Michelangelo virus is an example of a virus that does what it is supposed to and that is automatically start formatting the hard drive on March 6th when the system is first started or booted up. Viruses basically come in two varieties: File infecting and boot code infecting. Some are capable of infecting both and these are referred to as "Multi-partite" viruses. Multi-partite viruses are usually more widespread than either just file or boot code infecting types. Boot code infecting viruses can be further broken down into Master Boot Record and Dos Boot Record infecting types. Most boot code infecting types can infect hard drives. Some Dos Boot Record viruses can not infect a hard drive but most can. The Form virus is an example of a virus that can infect both hard drive and floppy drive Dos Boot code instructions. Trojan horses are not viruses because they do not replicate their own instructions, or, rather, infect other files. Games and utilities are common disguises for a Trojan Horse. They can be used to infect normal programs with a viruses code or do damage to the system or it's files. The later is usually the case and normally they cause great damage. Junkie is an example of a real virus that was spread as a Trojan file in May of 94. It was supposed to be a utility that allowed pirating the game Pacific Strike by allowing you to make copies directly from a hard disk rather than the original floppies. People loved the thought of easily copying or pirating a game and got the zip file, unzipped it, ran the resulting "pspatch.com" file and ended up spreading a virus named Junkie. Note that the Trojan horse itself was not a virus but contained a virus - very much fitting of the name "Trojan Horse". Boot sector type viruses cannot possibly spread over a network, unless they are "Multi-partite" types, and can _not_ be obtained by attaching to or using a network. Note that multipartite viruses can spread this way. They infect files and when the infected file is run will usually infect the dos boot code or the Master Boot Record of a hard drive. A Trojan Horse may also contain boot viruses, although it's not as common it is possible to write a Trojan program that will install a boot virus on a drive. Most Trojan Horses are simply destructive and are not used to infect anything. A virus can be "polymorphic". That is, they can modify their own code and change their appearance with each replication, or, rather, each time they reproduce. Some even have "generation counters" built in that track how many times the virus has changed or what generation it currently is in. You can NOT get a virus by reading data, text, or email. A virus must be run, or somehow executed in proper sequence as with any program. E-mail viruses are myth and do not really exist. You also cannot get a virus by running internal DOS commands such as DIR but you can spread or activate a virus this way. There are a few viruses that will reside in memory and become active when they detect the DIR command - they then infect other exe or com files. You cannot get a virus this way, you have to have already had it on your system, or must have run an already infected file for this to happen. DIR is an internal DOS command and cannot be infected. Turning a PC off will always remove a virus from memory. If the virus is there the next time you boot then it got there from an infected file being run, or infected hard drive or floppy disk. ------------------------ ------------------------ --------------- TROUBLESHOOTING --------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~ General troubleshooting ~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2.a After following the update instructions in this FAQ the message says I still need to update. If you haven't read the section covering updating the virus signatures please do. This procedure is not recommended unless you are certain the signature files have been updated correctly. If the anti-virus signatures have not been updated correctly and this procedure is completed the anti-virus program will not alert you when the signature files need to be updated. Change to the directory containing the CPAV.INI file and type EDIT CPAV.INI. Find the line that says "Havetoupdate=" and remove any numbers from the end of this line. CAUTION: This will disable the programs ability of warning you when it's time for an update. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Dos specific troubleshooting ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3.a When I select virus list in Microsoft AntiVirus for Dos it says "Out of Memory". The virus signature updates size has grown beyond the virus listing ability of the MSAV Dos program. There is nothing we can do at this time to correct this. If you desire specific virus information please consider one of the support options mentioned above and we will be glad to give you the appropriate information. ------------------------ ------------------------ 3.b VSafe says the Teletype virus is present on a floppy disk. The Teletype virus is a false positive virus alarm. The Teletype virus does not exist. The floppy disk needs to be reformatted with a later version of Dos than is on it now. The only time this message will appear is when a floppy disk was formatted with a very early version of Dos is accessed while VSafe is loaded. Simply copy the files on the floppy disk to a directory on the hard drive and type FORMAT A: or B: and press . After the format is done copy the files back to the floppy disk. ------------------------ ------------------------ 3.c VSafe warns that a virus is present but CPAV doesn't find any viruses. If this occurs after updating the AntiVirus signature file simply delete the SmartCheck file in the directory where the supposedly infected file is and run CPAV to create a new SmartCheck file. If this occurs after changing or updating the file that is supposedly infected then delete the SmartCheck file in the directory where the supposedly infected file is and run CPAV to create a new SmartCheck file. When this occurs and neither of the criteria above are valid make a copy of the file(s) and send it(them) via regular mail to our AntiVirus Lab at the address below or call the Central Point BBS at (503)984-5366, leave an e-mail message to username VSend, and at the end of the message attach the file(s). Symantec Central Point Division ATTN: Virus Lab 15220 NW Greenbrier Parkway, Suite 150 Beaverton, OR 97006-5798 ------------------------ ------------------------ 3.d VSafe reports the Form virus but the AntiVirus program can not clean it. The virus has apparently been cleaned from the hard disk, but a non-active remnant of the virus code remains in the system areas of the hard disk. Boot from a known clean floppy disk with the same version of Dos that the hard drive has, run SYS C:, and reboot the computer. Since the virus infects only the Dos Boot Record of the hard disk and not the Master Boot Record, this will correct the problem. ------------------------ ------------------------ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Windows specific troubleshooting ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 4.a When I try to start Windows I get dropped back to the DOS prompt or the system locks up if VSAFE is loaded. 1) This is most likely due to an incorrect Network specific entry in the CPAV.INI file. Change to the directory containing the CPAV.INI file and type EDIT CPAV.INI. Look for a line that says "VSAFE_REHOOK=?". The ? stands for a setting that corresponds with whether or not you have the NETX.EXE shell loaded. The ? should be set to "1" if you have NETX.EXE loaded and "0" if not. If this is set to "1" and you don't have NETX.EXE loaded Windows you will get dropped back to the Dos prompt on the first try but subsequent attempts to run Windows will be successful until the next system restart. 2) The only other cause of this would be a VSAFE verification alert and in this case you should here a beep before being dropped out of Windows. Changing a Windows library, overlay, or driver file could cause this to happen under certain conditions. If you have _not_ changed any Windows programs or added new ones it would be wise to perform a full scan for viruses and run a file diagnostic utility (ie. ScanDisk or ChkDsk). If you have an Emergency Disk that you know is up-to-date use it now. If you _have_ changed or added programs recently and there are no problems with the file structure simply delete the SMARTCHK.CPS files in the Windows and Windows/System directories. Change to the Windows directory (C:, CD \WINDOWS) and type DEL SMARTCHK.CPS, then CD SYSTEM and again type DEL SMARTCHK.CPS. ------------------------ ------------------------ 4.b While CPAV is scanning the drive I get a GPF in Windows or the system locks up. Start CPAV and delete all of the SmartCheck files (pull-down from the Scan menu) on your hard drives. Select options and turn off Fast Verify and scan the hard drives. This will create new SMARTCHK.CPS files with the correct information from the new CPAVSCAN.DLL file. ------------------------ ------------------------ 4.c After updating CPAV for Windows with the latest Virus Signature list I get a GPF in USER.EXE. The following procedure has yet to fail. 1) Completely remove your Central Point programs. Run INSTALL.EXE from the directory of the program you want to uninstall. 2) Run ChkDsk or ScanDisk and correct any problems encountered. Perform a Defrag and choose Full Optimization. 3) Run Setup from the original Windows diskettes and choose the "Express" installation option. Choose the same directory where Windows is currently installed and press . When the Setup program asks what Windows applications and utilities to install de-select all of them and continue. This will retain all of the previous settings of the Windows initialization (INI) files and ensure that all of the files Windows needs in order to run correctly will be updated. 4) Reinstall the Central Point product. Last, follow the instructions described in this FAQ and the signature update file to properly update the antivirus signatures. ------------------------ ------------------------ --------------- Recommendations --------------- 5.a How to make an Emergency Disk for CPAV and when to use it. To make an Emergency Disk for Central Point AntiVirus for Dos or Windows run INSTALL.EXE and select "Create Emergency Disk". If you have PCTools for Dos or Windows run EDISK.EXE. Select CPAV, CMOS, and Partition Tables. This will save needed information baring a disaster. Run this program after making changes to the operating system or the hard disk drives in order to keep the Emergency Disk up-to-date. If a virus is suspected or if the system starts behaving abnormally use this disk to detect changes to the system and, if needed, repair any errors. The BOOTSAFE.EXE program can be used to update the Emergency Disk with Partition Table and Boot Sector changes after changes to the operating system with BOOTSAFE.EXE /M. ------------------------ ------------------------ 5.b Data security Keep current backups of your system. The importance of this can not be stressed enough. One day you will need it and not having a current backup will cost you. If you don't have a tape drive or a network then save copies of files that you create on a floppy disk for small files, and on a network for larger files. When a full backup is performed don't backup programs that you have installation disks for. Only files that you create or change have to be backed up. Run a diagnostic utility such as ChkDsk, ScanDisk, DiskFix, or DiskDoctor at least once per day and keep current copies of your configuration files in case they are altered inappropriately by a program or file allocation problem. Regularly run an AntiVirus TSR and scan files for viruses. This is especially true when connected to a network. Certain viruses can spread very rapidly on a network. Keep important files on the first hard drive (C:) if using additional logical or physical drives. Extended partitions and additional drives are harder to recover in case of disaster to any partition table information. If you are regularly connecting to a network drive make a system disk containing the appropriate network configuration and driver files. This will enable connecting to the network baring complications with your first local hard drive. ------------------------ ------------------------ 5.c Enhanced capabilities of CPAV and their descriptions. CPAV has certain built-in features that make it stick out from the rest of the crowd. It's important that you understand these features and use them appropriately. 1) Verify Integrity This option enables the capability of checking a program files checksum to a database of what the files checksum was before. Any changes to this result could be an indication of a new virus infection. Make sure this option is turned on. 2) Create New SmartChecks This option should be turned on at all times. When this is turned on new SMARTCHK.CPS files will be created if they have not been created already. This file contains related information about each program file in the directory it's contained in. This information is each program files size, attribute, date, time, and checksum (the checksum is a unique number generated by a special anti-virus algorithm). This file is automatically updated only when you remove or add programs to a directory (not when a file has been modified by an updated program). 3) Anti-Stealth This option allows use of a special, low-level (through BIOS calls instead of regular DOS calls) checking routine to detect unknown stealth viruses. This option is only enabled when Verify Integrity is turned on. For the best protection from viruses that are not in the virus signature file make sure Anti-Stealth and Verify Integrity are turned on. 4) Analyze While Detect Uses a special virus analyzer during a scan to look for virus code in the internal structure of program files. This method does not use the virus signature file and provides a very good defense against any type of new virus. Make sure this option is turned on. (*NOTE: This option is not related to the Prompt While Detect option at all. Prompt While Detect simply makes a message box display during the scan (instead of waiting until after the scan) if CPAV finds something you should know about.) 5) Fast Verify Enables CPAV to check the files size first and if it has not changed CPAV will skip checking everything else about a program file. This enables CPAV to scan files very quickly but is not as accurate when this option is selected. If very accurate scans are needed do not select this option. 6) BootSafe Looks for any existing boot sector viruses by comparing the boot sector and partition table information to their images that were created during the installation of CPAV. This is not a TSR, it simply checks this information and if it checks out BootSafe lets the computer go on it's merry way of running programs. Because of the way that BootSafe checks the MBR (Master Boot Record) it will find any changes to this code and alert you if something has changed. A change could be related to an operating system upgrade, a new virus, or a few other things. BootSafe can be used to save and restore the partition table, master boot record, dos boot record, and CMOS information. 7) VSafe Should be used for maximum protection against known and unknown (or new) viruses. The options in VSafe are: HD Formatting - Warns before changes to the hard drive are written to the disk. It may appear that the disk can be formatted when this option is selected but that is not the case. This option should be turned on continuously. Resident - Warns when any program tries to use standard Dos methods of staying resident in memory. This warns when any program tries to stay in memory and is useful if you must run a program that might be infected. If the program does not try to stay in memory it may not be infected (because some viruses do not stay in memory, while most do). So if a program does try to stay in memory it very well may be infected. General Write Protect - Prevents any writing to the drive. This is useful if you must run a program you think is infected. If the program does try to write to the disk it may be infected (but will definitely not be infected if it doesn't try to write to the hard drive). Check Executable Files - Checks any file that is opened by Dos for any reason (such as printing or copying) by comparing the file to the checksum database (SMARTCHK.CPS). When this option is turned off VSafe still checks executable (program) files, but only when they are executed. This option should be turned on continuously. Boot Sector Viruses - Checks any disk inserted in a floppy disk drive for boot sector viruses. This finds known viruses only because floppy disk boot sectors (since there are so many floppy disks) do not get their previous images stored anywhere. This option should be turned on continuously. Protect HD Boot Sector - Warns of any attempt by any program to write to the boot sector or partition table of the hard drive. This option should be turned on continuously. Protect Floppy Boot Sector - Warns of any attempt by any program to write to the boot sector of a floppy drive. This option should be turned on if you must run a program that may be infected. Protect Executable Files - Warns of any attempt by any program that tries to modify any program file. This option should be turned on if a virus is suspected. -------------------------------------------------------------------- --------------------------------------------------------------------