What's New in NetShield for Windows NT v2.5.2 (9609)
         Copyright 1994-1996 by McAfee, Inc.
                 All Rights Reserved.


Thank you for using McAfee's NetShield for Windows NT.
This What's New file contains important information
regarding the current version of this product. It is
highly recommended that you read the entire document.

McAfee welcomes your comments and suggestions. Please 
use the information provided in this file to 
contact us.

___________________
WHAT'S IN THIS FILE

- New Features
- Known Issues
- Installation             
- Documentation            
- Frequently Asked Questions
- Additional Information
- Contact McAfee

____________
NEW FEATURES              

* ENHANCEMENTS *

1.  NetShield NT v2.5.2 is NT 4.0 compatible.
2.  NetShield NT v2.5.2 is compatible with the
    Compaq SmartArray controller.
3.  AutoUpdate changes are made to the registry.
4.  An SNMP registry entry was added to point to 
    Alertmanager's SNMP capabilities.
5.  This release includes an external utility, VIRNOTFY.EXE,
    that will notify you if McAfee's Alertmanager is
    not installed. 


* ISSUES ADDRESSED IN THIS RELEASE *

1.  Exclusions for both on-access and on-demand scans
    now work.
2.  McFSREC errors in the event log have been resolved.
3.  SMTP traps are now sent properly.
4.  Activity log write errors have been resolved.
5.  During a scan, long directory names are no longer
    truncated in the SCAN32.EXE display.
6.  Inbound read-only files are now detected, removed and/
    or cleaned.
7.  When an infected file is accessed multiple times, it
    is now reported as a single event in the log file.


* NEW VIRUSES DETECTED *
  
This DAT file (9609) detects the following 68 new viruses.
In addition, locations that have experienced problems with
a particular virus are identified.

_1194                   Spain
ACCOUNT.AVENGER.873
ALLIANCE
ARCV.255 
ARCV.679
ARCV.745
ASH.743
BEDA.1530
BEER.2620
BEER.3164.B
BEER.3192.B
BIRTHDAY:DE (*)         Germany
BLEAH
BUERO:DE                Germany
BW-525
CASTELLO.3742           Spain
CHEGUEVA                Spain
COMPBACK.3783
CORDOBES.3334           Spain
DEI.8772
DEI.DR.8772
DELWIN.1199
DIETZEL:DE (*)
DODGER
HASSLE
HASTA.884
HLLP.NAZI.5984
IVP.665
JERUSALEM.BUPT.1220
JERUSALEM.BUPT.1279
JERUSALEM.BUPT.1367
KABOUT.1804 (*)
KARNAVALI.1972          Europe
KDG
KITTY
LAMEGO.729              Portugal
LIBERTY.2857.D
LITTLEPEST.4243 (*)
MANNEQUIN
MANZON.1404             Europe
MENDOZA.3380            Spain
MSU.297
NECROS.1164.A
NECROS.1164.B
PHALCON.1117
PINDONGA.B
PS-MPC.578.C
PS-MPC.611.J
PS-MPC.753
PS-MPC.AOS
PULCE.1840 
RADYUM.509
RAHACK.936              Netherlands
RDA FIGHTER.5871
RIOT.ETERNITY.565
SALMAN.2000             US
SATRIA.RZ               Europe
SCREAMING_FIST.652
SCREAMING_FIST.709
SIRIUS.ALIVE.4608
TANPRO.749
TEQUILA.2468
TURNER.3276
TV
V3.1765
VACSINA.1206.A
VERWOLF
VICTOR.2442.A
(*) Requires DOS/Win 2.5.2 engine

  
* NEW VIRUSES REMOVED *

This DAT file (9609) removes the following 38 new viruses.
In addition, locations that have experienced problems with
a particular virus are identified.

_1194                   Spain
ACCOUNT.AVENGER.873
ALLIANCE                England
ARCV.255
ARCV.657
ARCV.679
ARCV.745
ASH.743
BIRTHDAY:DE (*)         Germany
BLEAH
BUERO:DE                Germany
CHEGUEVA                Spain
COMPBACK.3783
CORDOBES.3334           Spain
DEI.8772
DEI.DR.8772
DIETZEL:DE (*)
HASSLE
HASTA.884
HLLP.NAZI.5984
IVP.665
LAMEGO.729              Portugal
LITTLE_BROTHER          Germany
NO_FRILL.835            Australia
PS-MPC.611.J
PS-MPC.753
RAHACK.936              Netherlands
SALMAN.2000             US
SATRIA.RZ               Europe
SCREAMING_FIST.652
SHELL.10634             Internet
TANPRO.524
TANPRO.749
TEQUILA.2468
TV
V3.1765
VICTOR.2442.A
ZYX                     Europe
(*) Requires DOS/Win 2.5.2 engine

____________
KNOWN ISSUES

1.  When a macro virus is detected in conjunction with
    other viruses, the macro virus remover will not
    work. If this occurs, remove the other virus first
    or work in a separate area.

2.  Files with the "-" (dash) character in the filename
    that are compressed in zipped files will not be
    scanned by the on-demand scanner.

3.  NetShield continues to scan after clicking STOP.
    If this occurs, move the Netshield window to
    reveal the DynaZip UnZip Error window. Then click
    OK and respond appropriately to the dialog box.

4.  On-access exclusions only apply to local devices.

____________
INSTALLATION

* INSTALLING THE PRODUCT *

Prior to installation, take the following steps:

1.  Uninstall any previous version of NetShield NT.
2.  Reboot the NT system.
3.  Make sure you have Administrator rights for the server
    on which you are installing NetShield.
4.  Run SETUP.EXE and follow the prompts. If the NT server
    is a BDC, make sure to check the appropriate box when
    prompted.

If you would like to perform a "silent" installation
of NetShield NT, requiring minimal user interaction and
using all default or "Typical" installation settings, add
-s (i.e. SETUP.EXE -s) to the setup command when you
install the product.

NOTE: If you would like to perform a silent installation
      on machines running NT 4.0, you must first rename
      SETUP40.ISS to SETUP.ISS. 

Network Administrators can customize the silent
installation by following the steps below.

1.  Check in the Windows directory to ensure that a
    file named SETUP.ISS does not already exist. If it
    does, rename it, back it up, or delete it.

2.  Run SETUP.EXE with the -r switch, (i.e. SETUP.EXE -r).

3.  Select the components you would like to be installed
    during the silent installation.  All responses will
    be recorded.

4.  Finish the installation, and locate the file SETUP.ISS
    in the Windows directory.

5.  Open the file using any ASCII editor (e.g., NOTEPAD.EXE)
    and delete the section titled  APPLICATION.

6.  Locate the section [SdSetupType-0] in the SETUP.ISS
    file and go to the line:

        Result=x

        where x is equal to
        301 (Typical installation)
        302 (Compact installation)
        303 (Custom installation)

7.  Add 100 to the above value, so that the Result
    variable is equal to 401, 402, or 403. Modifying
    this file will allow the installation to copy the
    NetShield files to the drive where the operating
    system resides instead of defaulting to the C:
    drive.


8.  Rename, back up, or delete SETUP.ISS on the first
    installation disk (floppies only). For CD-ROM versions
    of the product, you must copy the installation files
    onto the hard drive before taking this step.

9.  Copy the new SETUP.ISS from the Windows directory
    to the location of the installation files.

10. Run SETUP.EXE with the -s switch (i.e. SETUP.EXE -s).

11. When the silent installation is complete, you should
    reboot the machine manually.

    NOTE: If you do not specify a "recorded" answer for
    all dialog boxes during the initial installation, the
    silent installation will fail. Also, the file used
    for the silent installation, SETUP.ISS, may not work
    properly across different operating systems. For
    example, if the silent install is generated for
    Windows 95, it may not work properly in Windows 3.1x
    or Windows NT.

* PRIMARY PROGRAM FILES FOR NETSHIELD NT *

Files located in the Install directory:
=======================================

1.  Installed for the Alert Manager/Console/Server:

                  MCKRNLNT.DLL = Library files
                  MCSCAN32.DLL = Library files
                  MCUTILNT.DLL = Library files
                    SHUTIL.DLL = Library files
                    README.1ST = McAfee information
                  WHATSNEW.TXT = What's New document
                   PACKING.LST = Packing list
                    AGENTS.TXT = McAfee authorized agents
                  VALIDATE.EXE = McAfee file validation
                                 program
                    UPDATE.MSG = Update message file
                    SHIELD.HLP = On-access scanner help
                    SHIELD.CNT = On-access context-sensitive
                                 help
                  MCCONSOL.HLP = Console help
                  VIRUSCAN.HLP = On-demand scanner help
                  VIRUSCAN.CNT = On-demand context-sensitive
                                 help
                     NAMES.DAT = Virus names definition data
                      SCAN.DAT = Virus scan definition data
                     CLEAN.DAT = Virus clean definition data
    Netshield Activity Log.TXT = NetShield activity log
         Scan Activity Log.TXT = Scan activity log
                    MODEMS.TXT = Modem initialization
                                 strings
                    SAMPLE.CMD = Sample alert file
                  MCUPDATE.EXE = Update module
                  AMGRCNFG.EXE = Alert manager configuration
                                 program
                    FTPGET.CMD = Automatic updating script
                    DEISL1.ISU = Uninstall file
                  MCSRVSHL.EXE = Uninstall application
                  MCSERVIC.DLL = Install/uninstall library file

2.  Installed for Alert Manager:

                     WCMDR.EXE = Uninstall program
                     WCMDR.INI = Uninstall initialization file
                   DEFAULT.VSC = On-demand scanner default
                                 configuration settings
                   NETSHLD.MIF = MIF file
                   IMPTASK.EXE = Task import tool
                   IMPTASK.TXT = Task import text file
                  AMGRSRVC.EXE = Alert manager service
                                 program
                  MCALSNMP.DLL = Alert manager SNMP
                  POWERP32.DLL = Alert manager support
                                 module
                  VIRNOTFY.EXE = Notification utility

3.  Installed for the Console:

                  MCCONSOL.EXE = Console manager 
                    SHSTAT.EXE = Shield status monitor
                                 program
                   SCNSTAT.EXE = Scan status monitor
                                 program
                  SCNCFG32.EXE = Console configuration
                                 module
                   VIRLIST.EXE = Virus list
                   SHCFG32.EXE = Console configuration
                                 module
                    DPMI16.DLL = 16-bit DOS protected
                                 mode interface library
                    DPMI32.DLL = 32-bit DOS protected
                                 mode interface library
                  MCKRNL95.DLL = Library files      
                  MCUTIL95.DLL = Library files

4.  Installed for the Server:

                  DUNZIP32.DLL = File decompression
                                 library
                    DZIP32.DLL = File decompression
                                 library
                   TASKMRG.EXE = Task managing service
                    SCAN32.EXE = On-demand scanner


Files located in WINNT35\SYSTEM32:
==================================

1.  Installed for the Console/Server/Alert Manager:

                   CTL3D32.DLL = 32-bit 3D Windows
                                 controls library (*)

(*) File will be installed upon installation of
    NetShield if the file does not already exist,
    or if an older version is found.  


Files located in WINNT35\SYSTEM32\DRIVERS:
========================================== 

1.  Installed for the Server:

                  MCFILTER.SYS = System files
                   MCFSREC.SYS = System files
                    MCKRNL.SYS = System files
                    MCSCAN.SYS = System files
                    MCUTIL.SYS = System files
                  MCSHIELD.SYS = System files


* TESTING YOUR INSTALLATION *
                              
The Eicar Standard AntiVirus Test File is a combined effort
by anti-virus vendors throughout the world to come up with
one standard by which customers can verify their anti-virus
installations.

To test your installation, copy the following line
into its own file and name it EICAR.COM.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

When done, you will have a 69- or 70-byte file.

When NetShield for Windows NT is applied to this file,
Scan will report finding the EICAR-STANDARD-AV-TEST-FILE
virus.

It is important to know that THIS IS NOT A VIRUS. However,
users often have the need to test that their installations
function correctly. The anti-virus industry, through the
European Institute for Computer Antivirus Research, has 
adopted this standard to facilitate this need.

Please delete the file when installation testing is completed
so unsuspecting users are not unnecessarily alarmed.

_____________
DOCUMENTATION

For more information, refer to the NetShield User's
Guide, included on the CD-ROM versions of this program
or available from McAfee's BBS and FTP site. This file
is in Adobe Acrobat Portable Document Format (.PDF)
and can be viewed using Adobe Acrobat Reader. This form
of electronic documentation includes hypertext links
and easy navigation to assist you in finding answers
to questions about your McAfee product.

Adobe Acrobat Reader is available on CD-ROM in the
ACROREAD subdirectory. Adobe Acrobat Reader also can be
downloaded from the World Wide Web at:

http://www.adobe.com/Acrobat/readstep.html

NetShield documentation can be downloaded from McAfee's
BBS or the World Wide Web at:

http://www.McAfee.com or http://205.227.129.97

For more information on viruses and virus prevention,
see the McAfee Virus Information Library, MCAFEE.HLP,
included on the CD-ROM version of this product or
available from McAfee's BBS or FTP site. 

__________________________
FREQUENTLY ASKED QUESTIONS

Regularly updated lists of frequently asked questions 
about McAfee products also are available on McAfee's 
BBS, website, and CompuServe and AOL forums.
 
Q:  How do I manually uninstall NetShield for Windows NT?

A:  To uninstall, take the following steps:

    1.  Close all product dialog windows.
    2.  Delete the installation directory.
    3.  Delete the HKLM\SOFTWARE\MCAFEE key in the
        registry.
    4.  Delete the six McAfee device drivers (MC*.*)
        in %SYSTEMROOT%\SYSTEM32\DRIVERS.
    5.  Reboot.                  

Q:  Why do I get an error in MCINST32.DLL when I
    attempt to install NetShield for Windows NT?

A:  NetShield for Windows NT was designed for an i386
    processor only. This error is usually caused by an
    attempt to install to a non i386-based machine.
  

Q:  Is there a conflict with the Novell written client
    for NT?

A:  No. However, there are some timing issues that
    arise when NetShield for Windows NT is installed.
    If it is necessary for you to use the Novell client,
    then change the account that both the McAfee Task
    Manager and the Alert Manager use to a "System"
    account.


Q:  Why do I get errors in my event viewer after
    installing Service Pack 3 or Service Pack 4?

A:  Service Pack 3 and Service Pack 4 involved a
    change to the HAL.DLL file that is used by McAfee's
    device drivers. If you are using NetShield for
    Windows NT Version 2.5.0, uninstall, then install
    Version 2.5.2 or higher.
                     

Q:  As an administrator, how can I scan private
    directories that are accessible only to 
    individual users?

A:  The on-access scanner will detect infected files 
    as they are copied into the users' private spaces. 

    On-demand (scheduled) scans are launched by the 
    McTaskManager Service. If you specify a user name 
    and password for the Service, then the scheduled 
    scan will only scan directories for which the user 
    name has privileges. If no user name was specified, 
    then the Service has SYSTEM privileges. 
    
    To perform an on-demand, or scheduled, scan of 
    private directories, the McTaskManager Service must 
    have access to these private areas. Following are 
    two ways to address this issue:

    Solution A:
    1. Create a custom user name to be used by the Service.  
    2. Give this user name privileges to access the private 
       spaces.

       Considerations with Solution A:
       The administrator will need to know the user names 
       and passwords.  

    Solution B:
    1. Do not associate a user name to the Service.
    2. Give SYSTEM privileges to access the private spaces.

       Considerations with Solution B:
       Someone could create or use a Service to access your 
       information.

    McAfee recommends Solution B as a more secure solution. 


Q:  NetShield will not perform an on-demand (scheduled)
    scan of some networked devices. Why?
  
A:  It is possible that the user name you are using for
    the Taskmanager Service does not have sufficient
    rights to scan the devices in question. To verify
    whether this is the issue, log in to each device using
    the user name and password used by the Taskmanager
    Service. Confirm that this user name has rights on
    the device by manually running an on-demand scan. If
    you can scan the device while you're logged in, then
    the Service should also be able to do it as a scheduled
    scan.


Q:  When performing an on-demand (scheduled) scan of a
    networked device, the system locks up. How can I
    solve this problem?

A:  Log on to the device in question and manually run
    an on-demand scan with the Compressed Files option
    turned off. If the scanner locks up, note where it
    locks. Attempt to determine which file NetShield locks
    on and send the information to McAfee. If the scan
    succeeds, select the Compressed Files option and scan
    the device again. If it locks this time, chances are
    you have a ZIP file that is corrupted or large, and
    it takes time to scan. If scanning works in both
    scenarios, then give the Taskmanager Service the same
    user name and password currently logged in as and try
    a scheduled scan again. If this now works, then the
    old user name didn't have sufficient rights to scan
    the device in question.


Q:  I have an on-demand (scheduled) scan that doesn't
    seem to run. What am I doing wrong?

A:  Scheduled scans should not overlap one another. If
    you have more than one drive, folder, or item that
    you would like to have scanned, add additional items
    for scanning to the Detections page of the Task's
    properties. After making the changes, restart the
    computer and scheduled scans should function as
    designed.

Q:  Can I update NetShield's data files to detect
    new viruses?

A:  Yes. If you have Internet access, you can download
    updated McAfee data files from the McAfee Web 
    Site, BBS, or other online resources. To download 
    from the McAfee Web Site, follow these steps:
    
    1.  Go to the McAfee Web Site (http://www.mcafee.com
        or http://205.227.129.97).

    2.  Click on the Download McAfee button in the upper
        left hand column or frame.

    3.  Click Get that DAT! to update DAT files. 

    4.  View the information provided on new DAT files
        and downloading.

    5.  Click on Download This Month's DAT.
   
    6.  Data file updates are stored in a compressed form 
        to reduce transmission time. Unzip the files into
        a temporary directory, then copy the files to the
        appropriate directory, replacing your old files.    

    7.  Before performing any scans, shut down your
        computer, wait a few seconds, and turn it on again.

    If you need additional assistance with downloading, 
    contact McAfee Download Support at (408) 988-3832.

______________________
ADDITIONAL INFORMATION

1.  NetShield NT includes an external utility,
    VIRNOTFY.EXE, that will notify you in the event that
    McAfee's Alertmanager is not installed. To use this
    utility, open McConsole, and select Tools/Alerts. Add
    the path and utility to the Program To Execute line.

2.  NetShield NT is Microsoft BackOffice certified. For
    details on how to install NetShield using SMS, refer
    to your BackOffice documentation.

______________
CONTACT McAFEE

* FOR QUESTIONS, ORDERS, PROBLEMS, OR COMMENTS *

Contact McAfee's Customer Care department: 
1.  Call (408) 988-3832
    Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time

2.  Fax: (408) 970-9727
    24-hour, Group III Fax 
		
3.  Fax-back automated response system: (408) 988-3034
    24-hour fax

Send correspondence to any of the following McAfee 
locations:
	
    McAfee Corporate Headquarters		
    2710 Walsh Avenue			
    Santa Clara, CA 95051-0963		
	
    McAfee East Coast Office					
    Jerral West Center
    766 Shrewsbury Avenue
    Tinton Falls, NJ 07724-3298

    McAfee Central Office			
    5944 Luther Lane, Suite 117		
    Dallas, TX 75225				
						
    McAfee Canada
    178 Main Street
    Unionville, Ontario
    Canada L2R 2G9

    McAfee Europe B.V.			
    Orlyplein 81 - Busitel 1		
    1043 DS Amsterdam				
    The Netherlands	 		

    McAfee (UK) Ltd.
    Hayley House, London Road
    Bracknell, Berkshire  RG12 2TH
    United Kingdom  

    McAfee France S.A.			
    50 rue de Londres				
    75008 Paris					
    France					
				
    McAfee Deutschland GmbH
    Industriestrasse 1
    D-82110 Germering
    Germany

Or, you can receive online assistance through any of the 
following resources:

1.  Bulletin Board System: (408) 988-4004
    24-hour US Robotics HST DS

2.  Internet e-mail: support@mcafee.com

3.  Internet FTP: ftp.mcafee.com or 205.227.129.134

4.  World Wide Web: http://www.mcafee.com
    or http://205.227.129.97

5.  America Online: keyword MCAFEE

6.  CompuServe: GO MCAFEE

7.  The Microsoft Network: GO MCAFEE
                               
Before contacting McAfee, please make note of the
following information. When sending correspondence,
please include the same details.

- Program name and version number
- Type and brand of your computer, hard drive, and any 
  peripherals
- Operating system type and version
- Network name, operating system, and version
- Contents of your AUTOEXEC.BAT, CONFIG.SYS, and 
  system LOGIN script
- Microsoft service pack, where applicable
- Network card installed, where applicable
- Modem manufacturer, model, and baud, where 
  applicable
- Relevant browsers/applications and version number,
  where applicable

- Problem
- Specific scenario where problem occurs
- Conditions required to reproduce problem
- Statement of whether problem is reproducible on demand

- Your contact information: voice, fax, and e-mail

Other general feedback is also appreciated.


* FOR ON-SITE TRAINING INFORMATION *
 
Contact McAfee Customer Service at (800) 338-8754.


* FOR PRODUCT UPGRADES *

To make it easier for you to receive and use McAfee's
products, we have established an Agents program to 
provide service, sales, and support for our products 
worldwide. For a listing of agents, see the file 
AGENTS.TXT, where applicable, or contact McAfee
Customer Service for agents near you.



