Protecting Your Mac from Viruses and Malware

VirusBarrier X6's anti-malware protection works in several ways. Its Real-Time Scanner constantly watches over your Mac, protecting you from viruses and malware. The Real-Time scanner ensures that your Mac is protected at all times by scanning every file that is created, copied, modified or saved. It does not, however, scan other files. This is why we suggest you run a full scan of all your files when you install VirusBarrier X6 and after each update to the program's virus definitions.

You can also use VirusBarrier X6's On-Demand scanner to check any file, folder, disk, or volume on your Mac.

Running Manual Scans

You can run a manual scan with VirusBarrier X6 whenever you want. You should do this immediately after installation to ensure that you don't have any infected files; the VirusBarrier X6 Setup Assistant offers to do this after you first set up the program. After that, VirusBarrier X6's Real-Time scanner ensures that any new files you add to your Mac are safe.

To quickly scan individual files or folders, simply drag and drop them either onto the program's icon in the Finder or in the Dock, or onto the Orb when VirusBarrier X6 is running.

You have additional scanning options when VirusBarrier X6 is running. First, click the Select button to see all the hard drives, volumes or other storage devices connected to your Mac. If you have an iPhone, iPad, iPod touch or AppleTV connected to your Mac, you will see these devices in the browser, and you can choose to scan them as well.

As in the Finder, you can see and select folders and files inside a volume by double-clicking it. You can also change the view to see your files as a simple list or in a file browser by clicking the view buttons in the window's upper-left corner.

In List view, you can display files inside a folder by clicking on its disclosure triangle, to the left of the folder's name.

Regardless of how you've chosen to view your files, you can select multiple items by holding down the Command key as you click on each one in turn. When you've made your selection, click the Scan button in the bottom-right corner to begin the process.

By default, VirusBarrier X6 will first count the number of files to scan, then during the scan itself will display the number of files scanned and the percentage of the scan completed.

VirusBarrier X6 can scan files contained in compressed archives. When scanning archives, the Orb's display changes to show that it's working on an archive, and gives you an opportunity to skip the scanning of that archive, if it is very large and you are sure it is secure.

Note: When VirusBarrier X6 scans an iPhone, iPod touch, iPad or AppleTV, it scans files added by users, such as music, videos and photos. It also scans files added by third-party file transfer programs. If the device is jailbroken (unlocked using third-party software), VirusBarrier X6 scans all files on the device, including e-mails, personal files, and files added by third-party utilities.

When scanning an iPhone, iPod touch, iPad on AppleTV, VirusBarrier X6 copies all the files contained on the device to your startup volume in order to verify their security. If any malware or infected files are found, VirusBarrier X6 alerts you and offers to repair or delete the infected files.

You can stop a scan at any time by clicking the Stop button. If you wish to pause a scan, hold down the Option key on your keyboard and click this button, which now displays Pause.

To resume scanning, click this button, which now reads Resume.

When you run a manual scan, VirusBarrier X6 informs you if it finds files infected by malware. If any infected files are found, the VirusBarrier X6 Orb will turn red. If VirusBarrier X6 discovers any corrupted files, the Orb will turn orange. If both infected and corrupted files are found, the orb will blink red and orange. VirusBarrier X6 will also alert you according to the alert options you have set in the Preferences. For more on alert options, see VirusBarrier X6 Preferences and Configurations.

Quick Scans

VirusBarrier X6 lets you run quick scans, which scan only those locations where malware is commonly installed. The files and folders scanned may change as new malware appears, and the locations scanned may be different with newer versions of VirusBarrier X6's virus definitions.

To run a quick scan, click the Overview button on the VirusBarrier X6 window, if the Orb is not visible. Hold down the Option key, and you'll see that the Full Scan button changes to Quick Scan. Click this button to launch a quick scan.

Drag and Drop Scanning

You can scan any volume, folder or file by dragging it onto the Orb. You may need to enter an administrator's password if you do not have the appropriate permissions to access files contained in the item you drag onto the Orb.

You can also do this by dragging and dropping the volume, folder or file onto the VirusBarrier X6 program icon in the Finder.

Finally, you can drag and drop items to scan onto VirusBarrier X6's Dock icon.

Once you release the item to be scanned, Intego VirusBarrier X6 will start scanning it, the same as for any other manual scan.

Running Scans from the File Menu

You can launch scans from VirusBarrier X6's File menu. You can choose Scan (or press Command-O) to open the browser and select items to scan. You can also run a full scan by choosing Full Scan, or pressing Command-S, or a quick scan by choosing Quick Scan or pressing Command-Option-S. These scans run the same way as when you launch them manually, as described above.

Using the Mini Scanner

VirusBarrier X6 offers a small Mini Scanner window that you can use to run scans easily. To display this window, click the green button in the VirusBarrier X6 title bar, or choose View > Switch to Mini Scanner.

The Mini Scanner window floats above all other windows, so you can keep it in a corner of your screen and drag files onto the Orb at any time. To return to the normal view, click the green button, or choose File > Switch from Mini Scanner.

Scheduled Scanning

VirusBarrier X6 can also be set to run automatically at pre-arranged times. To do so, click the Schedules button at the top of the screen.

Or, when you're on VirusBarrier X6's Overview screen, click the Schedules button.

In either case, the Schedules window appears. There are three sections: Display, Events and Schedules

The Display section has only one checkbox: Display automatic scans in Task Manager. When checked, you'll see a small window appear whenever your Mac executes scheduled scans; when unchecked, such scans will occur without notification (unless malware is found).

The Events section lets you direct VirusBarrier X6 to automatically run a scan, do repairs, or do nothing when certain events occur.

The first event, When volumes are mounted:, is triggered whenever you mount a new storage device, whether local (such as a hard drive) or remote (such as a network drive). If the Except read-only volumes checkbox is checked, VirusBarrier X6 will perform the action only on those volumes where it could change the drive being scanned (for example, to repair an infected file on a disk).

The second event, After virus definition updates:, lets you tell VirusBarrier X6 what to do after the program downloads and installs new virus definitions and filters. Virus definitions and filters are updated regularly, and especially when new malware is discovered to offer protection against that threat. Therefore, you should perform a new scan at those times to check for the new malware, either manually or (by checking this checkbox) automatically.

The Schedule section lets you determine when VirusBarrier X6 will run automated scans.

To turn on scheduling, click the Enable schedules checkbox.

Below these settings is a scheduling selector, where you can say which folder should be examined, and when.

You can create multi-part schedules, for example to scan your Documents folder every night, and your entire computer once a week. To do so, click the + button to the right of the schedule item: another schedule item will appear beneath it. Make changes in that schedule item as you like. You can add as many schedule items as you like this way; to remove one of them, click the - button next to it.

The order of schedule items is not important; if you've scheduled two scans to run at the same time, they will occur simultaneously.

When you're done, the number of pending schedule items appears in the Schedules area on VirusBarrier X6's Overview window. To turn off all pending schedules, return to the Schedules and Events Preferences screen and uncheck the Enable schedules button.

Deactivating and Activating the Real-Time Scanner

There may be times when you want to deactivate VirusBarrier X6's Real-Time scanner. If, for example, you want to copy a large number of files from one disk to another, and you know the files are malware-free, turning off the Real-Time scanner may make your copy proceed a bit faster. To deactivate the Real-Time scanner, choose the Intego menu, which is in your menubar, then choose VirusBarrier X6 > Real-Time Scanner; you'll see that this menu item becomes unchecked. To turn the Real-Time scanner on again, choose the same option in the Intego menu.

Malware Alerts

While VirusBarrier X6 can be used to run manual scans, as seen above, it is most effective when set to work in the background. VirusBarrier X6 has several ways of alerting you if it finds infected or corrupted files. This depends on how you scan the files, and what settings you have chosen in the Scan Settings pane for how the Real-Time scanner deals with infected files.

First, if you download an infected file from the Internet, or copy it from a hard disk or other storage device, and you have the Real-Time scanner active, and you have set it to ask what to do when infected files are found, VirusBarrier X6 will spot the malware and display an alert.

Depending on the type of alert, and the options you have set, you will have a number of choices. Clicking Reveal In Finder will show the file on your hard disk. If you want VirusBarrier X6 to repair the file, click Repair; to put it in the Quarantine Zone, click Put in Quarantine. (See the Quarantine section later in this chapter for more details.) If you don't want to do anything, click Ignore, and the file will not be repaired.

WARNING: Ignoring virus warnings can be dangerous! Only select to not repair files if you are sure of what you're doing.

If you have set VirusBarrier X6 to put infected files in the Quarantine Zone, or repair the files, a small alert displays.

If you scan items by dragging them on the VirusBarrier X6 Orb, the alert displays in a dialog in front of the VirusBarrier X6 window:

If you don't respond to a Real-Time scanner alert within one minute, VirusBarrier X6 places the file in the Quarantine Zone. (This doesn't apply to manual scans; when you scan files manually, the alert will remain displayed until you act.) You can check files that are in the Quarantine Zone later to decide what to do with them. See the Quarantine section later in this chapter.

For more on setting Alert preferences, see VirusBarrier X6 Preferences and Configurations.

Scan Settings

VirusBarrier X6 gives you a number of options that you can define to tell the program how it should scan your Mac, what types of files it should scan, and what types of malware it should look for. To access these settings, click the Scan Settings button.

The Scan Settings pane contains three tabs: Real-Time Scanner, which controls how VirusBarrier X6 runs scans in the background; Archives, which tells VirusBarrier X6 whether to scan archives and what types of archives to scan; and Advanced, which provides additional settings for both the Real-Time and On-Demand scanners.

Real-Time Scanner Settings

To turn off the Real-Time Scanner, move the Real-Time Scanner slider to OFF; you can turn it back on by moving the slider to ON. In normal operation, you will not need to disable the Real-Time Scanner; this is only useful for troubleshooting when you have a problem with your Mac. Note that you can also disable or enable the Real-Time Scanner from the Intego menu, by selecting VirusBarrier X6 > Real-Time Scanner.

The next settings let you indicate what VirusBarrier X6 should do when it finds malware. Your options are:

In addition, you can choose to have VirusBarrier X6 send you an e-mail whenever it discovers a virus. To set this up, check the Send an e-mail checkbox, then click the Configure e-mail... button next to it. The Mail Settings window displays.

You must enter e-mail addresses for the Sender and Recipient(s), as well as the Outgoing Mail Server. Further, you'll need to enter a username and password that your mail server will accept. E-mail messages can be sent to multiple recipients. To add a recipient, click the + button. To remove a recipient, click the - button.

The lower half of the Mail Settings window deals with advanced options that VirusBarrier X6 may require to send e-mail.

The drop-down menu shows the various types of e-mail authentication handled, as shown below.

You should use the same Authentication, User Name and Password as you use in your usual e-mail program. If you're not sure what to enter here, check with your ISP or system administrator. If you don't know which type of authentication you use, select Automatic.

When you're done, you can confirm that the e-mail will go through by clicking the Test Settings button. You may have to wait several seconds for your mail server to respond; when finished, a dialog box appears with the test's results.

The next section of the Real-Time Scanner settings window allows you to activate two settings.

The first option, Remove quarantine marker after scanning uninfected files, tells VirusBarrier X6 to remove a quarantine marker set by Mac OS X when applications are downloaded and VirusBarrier X6 has found that they are not infected by any malware. This removes the Mac OS X dialog warning you that they were downloaded and asking if you're sure you want to open them.

The second option, Behavioral Analysis, tells VirusBarrier X6 to use Behavioral Analysis to keep an eye on suspicious activities performed by applications. If any application does anything that could be considered abnormal (such as deleting a large number of files, for example), VirusBarrier X6 will alert you to this.

Archive Settings

Archives contain one or more files, usually in a compressed format, so that they can be transferred easily and quickly. VirusBarrier X6 will look inside several popular types of archives, scanning not only the archive file itself, but also the files that it contains.

By default, VirusBarrier X6 will scan all archive types that it understands; however, you could choose to scan only certain archive types by unchecking different types of archives in the Archive Kind list. You can also, when running manual scans, skip any archives while they are being examined by clicking the Skip button in VirusBarrier X6's Orb. You may want to do this for large archives that take a long time to analyze, if you are sure they are free of malware.

The Default archive timeout setting lets you tell VirusBarrier X6 to stop scanning archives that take more than a certain amount of time to uncompress and scan. By default, this is set to 60 seconds. However, any files that have been uncompressed before the end of this timeout will be scanned.

Advanced Scan Settings

The Advanced tab provides a number of settings that apply to the On-Demand scanner, as well as some general scan settings.

The first available option is CPU and disk priority for scan operations. You can choose Low, Normal or High from a popup menu. This setting applies to manual scans and scheduled scans, and tells VirusBarrier X6 to adjust its scanning so other applications don't get slowed down. This setting affects both the processor (CPU) for the scan and the reading of your hard disk(s). Note that this also applies to scans set to run automatically when you mount external disks or after you update VirusBarrier X6's filters. So if you want those scans to complete more quickly, you should choose normal or high; if you don't care how long they take, or want your Mac to have more priority, choose Low.

The Skip Boot Camp volumes setting tells VirusBarrier X6 to not scan Boot Camp volumes during scans.

Five options affect On-Demand scanner behavior:

The Scan for section lets you choose to have VirusBarrier X6 scan files for specific types of malware:

A final section lets you choose to look for two other types of malware:

Trusted Files

VirusBarrier X6 offers the option to add files, folders or volumes to a list of Trusted Files. VirusBarrier X6 will assume that these files are all safe and will not scan them. You should only use this for files that have already been scanned by VirusBarrier X6.

There are two ways to add files, folders and volumes to the Trusted Files list. First click the Trusted Files button:

Then, do one of the following:

Adding a folder or volume tells VirusBarrier X6 to trust all files contained in the selected item, including in any subfolders it contains.

To remove an item from the Trusted Zone, click it to select it, then click the - button.

You can also use the Contextual Menu to add items to the Trusted Zone: See this chapter's section about the Contextual Menu, below, for more information.

Quarantine Zone

If you don't want to repair files automatically, you can have VirusBarrier X6 put them in its Quarantine Zone. When files are quarantined, they can't be opened or read, ensuring that they cannot infect your Mac. This is useful for administrators who want to check files before running VirusBarrier X6's repair functions.

As mentioned above when discussing alerts, VirusBarrier X6 automatically places files in the Quarantine Zone if you don't respond to an alert within one minute. You can then check these files and decide what to do. The Quarantine button on VirusBarrier X6's Overview screen shows you which files are quarantined.

To see which files are quarantined, either click that button, or click the Quarantine button at the top of the screen.

You'll see a display that shows which files are in the Quarantine Zone, as well as a group of buttons allowing you to act on those files.

You can view quarantined files either as Icons or List items by clicking one of the view buttons at the top left of the window.

To act on any of the files, select them and then click one of the four buttons at the bottom right of the window.

You can do the following:

If you display the Quarantine Zone in list mode, a Threat column will tell you which types of malware your files are infected by.

The VirusBarrier X6 Contextual Menu

You have access to a number of VirusBarrier X6's features directly from the Finder using a Contextual Menu. Control-click or right-click on any item - a file, folder or volume - and a contextual menu will open. In Mac OS X 10.6, Snow Leopard, these menu items are grouped at the bottom of the contextual menu; however, if you have enough such items, you'll find a Services menu item, and VirusBarrier X6's menu items will be in the Services sub-menu. In Mac OS X 10.5, Leopard, the VirusBarrier X6 menu appears under a "More" menu.

The contextual menu lets you do the following:

Using VirusBarrier X6 from the Command Line

VirusBarrier X6 also gives you the option of running malware scans and changing settings to network protection from the command line. The following describes the use of this command.

	Command:
	
	/Library/Intego/virusbarrier.bundle/Contents/MacOS/virusbarriers [-rtcCaz]
	<pathname_to_scan> [<current_directory_pathname>]
	 
	The following options are available:
	 
	-a:    Scans all files, including those symlinked to other volumes
	       (or other mount points in /Volumes).
	-c:    Counts files before scanning.
	-C:    Counts files, but does not scan.
	-Q:    Performs a quick scan.	
	-r:    Repairs infected files.
	-t:    Uses Turbo Mode; scans only those files that have not been modified
	       since the previous scan.
	-T:    Scans all but trusted files.
	-z:    Scans compressed archives (including those in e-mail attachments).
	
	<pathname_to_scan>: This is required; it can be a relative or absolute path.
	 
	[<current_directory_pathname>]: This is optional; it is the current working 	
	directory if a relative path is used as the first argument.
	 
	Example:
	 
	/Library/Intego/virusbarrier.bundle/Contents/MacOS/virusbarriers -tacz /
	 
	This scans all volumes for which the user has read permission, scanning archives 
	and counting the number of files to scan before beginning. If you run the 
	command preceded by sudo, and authenticate, you can scan all files.
	 
	You can also define aliases to simplify the use of this command. 
	 
	For bash:
	 
	alias vbscan=/Library/Intego/virusbarrier.bundle/Contents/MacOS/virusbarriers
	 
	For tcsh:
	 
	alias vbscan /Library/Intego/virusbarrier.bundle/Contents/MacOS/virusbarriers
	 
	This allows you to run the same command as follows:
	 
	vbscan -tacz / [-rtcCaz] <pathname_to_scan> [<current_directory_pathname>]
	
	To change network protection settings, use the following option, along with the 
	operations, objects and data listed below (all commands with firewall options 
	require sudo):
	
	-W: Execute firewall operations
	
   	operation           object                     		data
   	--------------------------------------------------------------------
    	import|export       settings                            file_path
    	revert              settings
    	add|remove          blocked_address|trusted_address     ip_address
    	print               blocked_address|trusted_address
    	get                 protection
    	enable/disable      protection
    	enable/disable      trojans
    	enable/disable      data
    	enable/disable      antispyware
    	enable/disable      banner_filter
    	enable/disable      cookie_filter
    	enable/disable      information_filter
    	enable/disable      webthreats
    	enable/disable      antiphishing
    	activate            configuration                       configuration_name
    	print               configuration
    	reset               traffic
    	reset               cookie
     
	For example, to enable firewall protection, run the following command with sudo:
	
	/Library/Intego/virusbarrier.bundle/Contents/MacOS/virusbarriers -W enable protection   
	
	

Using VirusBarrier X6 and AppleScript

VirusBarrier X6 offers the ability to run scans using AppleScript. For more information on the program's AppleScript syntax, open the VirusBarrier X6 dictionary from AppleScript Editor.



‹‹ Getting Started with Intego VirusBarrier X6Protecting Your Mac from Network Attacks ››