June 1996 Product upgrade, revision 6.11b ------------------------------- NEW AUDIT FEATURE IN IVB. IVB now provides for the auditing of specified directories and drives. The audit function is based on the IVB integrity database and runs concurrently with IVB integrity checking. New, missing and modified files are reported in the audit log. Auditing can run either on-demand or automatically. Auditing can be used in private user and corporate/network environment to keep track of program inventory. Auditing combined with IVB's integrity functions and IVX report is useful in spotting the source of an infection. In the institutional environment auditing can help system administrators in monitoring software uploads to servers. Product upgrade, revision 6.11a ------------------------------- Version 6.11a has a generic "Word Macros" mode added to IVX. The latter will detect forced macros in Word documents and templates and CLEAN them on request. IVX can be used in batch mode for handling macro viruses. INSTALL has been updated to edit the test for macro malware right into the autoexec (see below). Attention network administrators! The new Word Macro mode in IVX has provisions for testing a workstation's integrity right at logging in to the network. Affected workstations can be spotted now right as they login and refused access to the network. For details see appendix G in the DOS online hypertext, or search for "macro" in the Windows IV manual. The INSTALL program menus were changed for user's convenience. The main functions were moved to the first level menu (the default). INSTALL's default options are now: installation, the preparation of the rescue diskette, installation or retraction of the license registration, installation or removal of IVTEST in / from batch files, and removal of IV related files (*.NTZ and signatures). The on-line registration is now assigned to F10 and was removed from the menus. On-line help is now accessed through F1, as is the standard in most software. Where Winword is found in the search path, the user will be prompted if to include the Word templates integrity check against macro malware, in the autoexec. The templates test is extremely fast, it takes just a few seconds and is highly recommended. Improved presentation in IVB, IVX and IVSCAN. The scrolling on screen of the inspected directories and files is progressed now "on-finding" only. This way, the user is presented only with relevant information which should help in assessing the problem at hand. New IVLOGIN /Q switch. When run with the /Q switch, IVLOGIN will query the workstation whether the daily integrity check (IVB DAILY) did run. IVLOGIN returns an errorlevel 0 if the test was run and 1 otherwise. The integrity query switch can be used by network administrators to refuse access to users that disabled the IV daily integrity check. The memory stealing alert was modified to a threshold of 7 Kbytes for drives using dynamic boot overlay (DDO), thus eliminating the nagging message resulting from this source. The "dynamic boot driver" message related with Ontrack's DM and MicroHouse EZ-Drive was removed from IVINIT. Product upgrade, revision 6.11 ------------------------------ An on-line hypertext user's guide for Windows was added with version 6.11. The file's name is IVMANUAL.HLP and it can be added as an icon on the Windows desktop, for quick reference. IV's winhelp contains screen captures and detailed procedures and tips. You can produce a formatted hard copy of selected topics from the IV manual, through Windows Print Manager. Windows 95 enables booting to DOS by swapping and renaming the system files (IO.SYS and MSDOS.SYS). In result, IVB reported changes every time the computer was booted to a different OS from the previous one. IVB now identifies legitimate swapping between Win 95 and previously installed DOS. The editing of the Bios Parameter Block (BPB) of logical drives' boot sector was added to ResQdisk. This facilitates the recovery of hard drives with non-standard configurations such as Compaq models and multiple partitions with dynamic boot overlay drives (DDO), as well as NT servers and workstations. Batch processing of floppies with the IVX correlator was added. The IVX correlation-scan parameters need to be entered just once to process floppies in bulk.