Table of Contents. Ad-Aware Total Security. Lavasoft Support. Installing the software. After the installation. On the first run

Transcription

1

2 Table of Contents Lavasoft Support Installing the software After the installation On the first run Internet update wizard... 5 Virus check wizard... 6 How... do I improve the security status 7 How... is the Total Security Interface organised 7 License CPU load Virus check Options (Virus check)... 9 Options (Monitor) Last virus check Virus scan Virus monitor More functions Schedule Job Analysis... scope 15 Scheduling Virus check User account Quarantine Logs Create boot... CD 17 Updates Options (Internet update) Logon to update... server 18 Last virus update Automatic updates Program version More functions Options (Web/IM) Options ( check) Incom ing m... ail 23

3 Outgoing m... ail 23 Scan options Advanced Web protection Define exceptions Phishing protection Firewall Configure Status Netw orks Edit netw... ork 28 Rule sets Create rule... sets 29 Using the Rule... w izard 30 Using the advanced... dialogue 31 Rules Firew all alarm Logs Options (Firew... all) 33 Autom atic Inquiry Attacks Miscellaneous protection Spam protection Configure Status More filters Add new... filter 39 Statistics No spam Spam Options (Anti-Spam... ) 41 Spam filter Spam OutbreakShield Use w hitelist Use blacklist Use real-time... blacklists 42 Use keyw ords... ( text) 42 Use keyw ords... (subject) 43 Use content... filter 43 Reaction Advanced... settings 44 Settings More filters Parental controls Configure Status Create new... user 45 Prohibited... content 46 Perm itted... content 47

4 Monitor Internet... usage period 47 Block periods Monitor com... puter usage period 48 Block periods Personal filters Logs Options (Parental... controls) 49 Log Tuner Configure Status Configuration Define profile Security Perform ance Data Protection Undo Schedule Nam e Profile Scheduling Logs Options (Tuner) General Folder protection File protection Backup Configure Status Backup Standard... backup 56 Source files Target Schedule Partial backups Advanced... backup 58 File selection Select target Schedule Partial backups Options General archive... options 60 User details Compression Exclude files Reset to current... default options 62 Reset to Ad-Aw... are default options 62 Restore Restore job Select target Actions Adm inister... online archives 63 FTP brow ser Burn archive... to CD/DVD retrospectively 64 Im port archive... 64

5 Logs Options What happens when my license expires Tips for installation Boot scan prior to installation Customized setup or full installation Invalid registration number Access data invalid or missing Can I use my old access data to obtain updates on a new computer Notes on uninstalling... 69

6 1 This fast start guide will help you install your new and gives you a few practical, easy tips on how to use it to protect your computer optimally. The following sections will give you additional help on installing, getting started with and general questions about the program: Installing the software: This will show you how to install the on your computer. After the installation: What's changed on your system since installing the software What options does the software offer Find out here. On the first run: Wizards will help you create the necessary settings to ensure that your system is protected effectively as soon as the software has been installed. If you are an experienced user of you won't need these wizards anymore. Total Security Interface: The actual program interface. You can create settings and find information here. Normally you only need to open the interface if you are advised to. Tips for Installation Please consult this section for any questions about installing and registering Do you have further questions You can consult the online help in the software at any time. Just press the F1 key while using the program or click on the Help button. The answers to many queries can also be found in the Online database for frequently asked questions (FAQ), which can be accessed in the Support section on the Lavasoft website.

7 2 Lavasoft Support Installation and use of is generally easy and self-explanatory. However, should you encounter a problem, just contact Lavasoft Support. Website: Support: Lavasoft Support Center

8 Installing the software 3 Installing the software Important note: includes full Anti-Virus, Anti-Spyware and Anti-Malware real-time protection. If you use more than one real-time Anti-Virus or Anti-Spyware program at the same time, your computer may experience decreased performance, become unstable, or restart unexpectedly. Before you install Ad-Aware, we recommend that you disable or uninstall other security-related programs. To ensure that functions smoothly, your computer should meet the following minimum requirements: PC with one of the following operating systems: Windows 7, Windows Vista, Windows XP (SP2 or higher) At least 512 MB RAM memory, Internet access, Internet Explorer 6 or higher Please install as follows: Start Installation If you downloaded your copy of, locate and double-click on the downloaded file to start the installation. If you received a Boot CD, insert the CD and the installation should start. If installation doesn't start by itself, open the CD and double-click Autostart Welcome Screen Please read the welcome screen and click "Next" to continue. Installation Please read the End User License Agreement before you proceed. When you have completed reviewing the agreement and if you agree to the terms, check the box next to "I accept the terms of license agreement", and click Next to continue with the standard installation of the software. Choose to do a Complete install or to customize the installation, click "Custom." Click "Next" to continue with the installation. Additional Modules Select whether to install Parental Controls and the Ad-Aware Shredder. Schedule Select whether to use automatic updates. Click Next and then Install to continue with the installation. After the files finish copying, you will receive a confirmation message that the installation was successful. Installation Complete Your computer must be restarted to complete the installation. Choose to Restart Now or Restart Later. Click "Finish" to complete the installation process. Your computer will restart and AdAware Total Security will be completely installed.

9 4 After the installation To open your program interface, just click on the icon on your desktop pictured here. To read about how you use the Total Security Interface, read the section: Please be aware of the following after you have installed : Security icon: will protect your computer from viruses and malware. An icon appears in the taskbar at the bottom next to the clock, so you can see that the protection is active. Fast check: Is there a suspicious file on your computer Do you want to scan a download for viruses Fast check enables you to check a file or folder with great ease, and without having to run. Just use your mouse to select the file or folder in e.g. Windows Explorer. Right-click and select Check for viruses (). The affected files will now be automatically scanned for viruses.

10 On the first run 5 On the first run When you run, two wizards automatically open one after the other. They will help you create important settings for the software. As soon as this is done and you are familiar with how the software works, you can disable these wizards and create settings in the software yourself. To disable an assistant, simply check the box next to Do not show this message again. Internet update wizard If you are running the software for the first time after installing it, a wizard opens which you can use to update directly over the Internet. As new viruses are constantly being developed, it is crucial that is up to date! Therefore you should run the Internet update as quickly as possible. 1 To do so, click on the Perform updates button. A window will now appear requesting the access data for Internet updates. 2 To get this access data, just click on the Register with server button. Then you will see a new window where you can enter your registration number and customer data. Unable to log onto the server If you cannot log onto the server, please first make sure that you have an Internet connection (that is, whether you can access a website via your browser). If you can and still cannot register with the server, please click on the Internet settings button. Here you can then check the settings for your Internet connections. 3 You can find the registration number on the back of the printed manual. If you bought online, you will receive your registration number in a separate .

11 6 If you click the Login button, your access data is generated on the Lavasoft UpdateServer. If the registration was successful, an information screen appears in which you can click on the OK button. 4 The actual updating of the data will now follow. An information screen will tell you about the progress of the update and about which data is being transferred to your computer. You can then exit the update window by clicking on the Close button. You have now updated your. Virus check wizard As soon as you have installed on your computer, it is protected from malware. However, you should verify whether a virus could have nested itself on your computer BEFORE the installation. You can use the virus check wizard, which appears when you start the software for the first time, to directly carry out this scan. You can choose between the Quick virus check (recommended) and Intensive virus check options. An intensive virus check is generally preferred, but depending on your hardware configuration it can take more than an hour. If you are pressed for time, at least run the quick virus check.

12 7 After installing your virus protection should run automatically. You only actually need to consult if you want to access the virus check or one of the software's many additional features. In rare circumstances, it may also be necessary to access Ad-Aware Total Security if the security icon in the task bar displays a warning sign indicating that you need to intervene. In the Total Security Interface you can see all key information at a glance and can intervene directly if a protection function needs updating or checking. How do I improve the security status Security does not have to be complicated. You can get possible threats to your computer out of the way with just one click. You can use the Security status icon and the Correct button for this. If there is a green cross next to the Security status entry, your system is secure. A red light indicates that your system is in immediate danger. You should then undertake immediate measures so that the protection of your data remains ensured. If you click on the Correct button, will suggest to you what actions you should take in order to optimally protect your system again. Simply select the actions displayed one after the other until the security status displays a green light again. The Correct button then automatically changes to inactive and can only be used again if the security status should get worse. Your is then up to date and you can close the interface again. All functions and settings you can see under the Security Status icon (such as Virus check or Updates) can be used if you want to actively configure the security of your system. You decide to what degree you would like to be involved with the virus protection. gives you that choice! How is the Total Security Interface organised In the relevant subsections (such as Virus check or Updates) you can see precisely which areas of are optimally set up and which could be improved. The following icons indicate the security status of the respective area.

13 8 Green checkmark = everything is ok Yellow exclamation mark = intervention needed soon Red exclamation mark = immediate intervention required Wildcard = This security function was not enabled by you. If an area should be marked yellow or red, simply click on it with the mouse. This will take you directly to the program area where you can carry out the required settings. Additional functions can be invoked via the blue entries. Do you want to make an unscheduled check of the computer for viruses Do you want to reset the schedule Is a check of the settings needed Simply click on the blue actions. If you click the info icon in the top right, you will receive information regarding the program version. This information may be useful when talking to Lavasoft Support. License Under the License entry on the left-hand side of the program interface you can see how long your virus update license is valid for. Constant updates are more important for anti-virus software than for any other type of software. CPU load This small chart shows you how much speed costs you when in use on your computer. If heavy CPU load occurs regularly in relation to a specific application (e.g. when using video processing programs), it may help to define the relevant application as an exception. You can find additional information on this in the online help for the Virus monitor. Under the header, you can view the current load is placing on your computer. The total current load on your computer is displayed under the System header. During virus checks the system load caused by Ad-Aware Total Security can be very high; however, under normal use Ad-Aware Total Security should only use up very little processing power. So if your computer is responding more slowly than usual, you can see at a glance here if is carrying out a detailed scan or if your computer is being slowed down by something other than a virus check. You can also configure so the virus check can be automatically interrupted if your computer is under a heavy load from other applications. For more information please read the section Options (Virus check).

14 Virus check 9 Virus check In this area, you can undertake all settings involved with the protection of your computer against virus infection. Use the Options button to obtain access to the program parameters affecting this area. Options (Virus check) Here you can create basic program settings for Virus check. However, in normal operation this is not required. Use engines: works with multiple engines, in other words, two virus check modules in addition to the other Lavasoft technologies that work essentially independent of each other. Each engine by itself would provide you with a high degree of protection against viruses, but it is precisely the combination of all engines that gives the very best results. You can accelerate the virus check in older and slower computers by using an individual engine, but normally you should keep the setting Both engines. In the case of an infection: detected a virus In the standard setting, the software now asks you what you would like to do with the infected file. If you would always like to perform the same action, you can set this here. The highest protection for your data is offered here by the setting Disinfect (if not possible: place in quarantine). Infected archive: Here you determine whether archive files (e.g. files with the extension RAR, ZIP, or PST) should be handled differently from normal files. As viruses stored in an archive can only cause damage when they are unzipped, you may choose to completely deactivate the archive scan under certain circumstances. If your virus monitor is permanently enabled, this will prevent an infection as soon as an infected archive is unzipped. Pause the virus check at times of high system load: A virus check should normally be carried out when the computer is not being used. If you then need to use the computer, the virus check is paused so that your computer can run at normal speed for you. This virus check will then carry on when you stop working. You can create more settings for virus checks by clicking on the Advanced button. In most cases, however, it is completely adequate to use the specified default settings. File types: You can specify here which file types should be inspected by the software for viruses. Selecting the option Program files and documents only entails certain speed benefits. Priority scanner: Via this setting you can specify the degree to which a virus check influences the processing power of your computer. If you want to run a virus check when you are not using the computer, the setting High (short run time) is recommended. Heuristics: In the heuristic analysis, viruses are not only detected by the virus database, which you receive with every update of, but are also identified on the basis of particular characteristics typical of viruses. This method increases the level of security, but in rare cases may also generate a false alarm. Check archive: Checking compressed data in archives (these can be recognized by their file extensions such as ZIP, RAR or PST) is very time-consuming and can normally be omitted if the virus monitor is generally active on the system. The monitor can detect a previously hidden virus while the archive is being unzipped and can automatically prevent it from spreading. Check archive: Because already checks incoming and outgoing for virus infections, it is usually a good idea to omit regular checks for archives since this process may take several minutes, depending on the size of the archive. Check system areas: In general, system areas (for example boot sectors) in your computer should not be excluded from virus checks.

15 10 Check for dialers / spyware / adware / riskware: You can also use this function to check your system for dialers and other malware (spyware, adware and riskware). These are e.g. programs that establish expensive, unwanted Internet connections, of which the potential for financial damage is no less significant than that of the virus. They may for example secretly record your surfing habits or even all the keyboard entries you make (including your passwords) and forward these to third parties via the Internet at the earliest opportunity. Check for rootkits: Rootkits attempt to evade conventional virus detection methods. Additional monitoring for this malware is always advisable. Only check new and updated files: If you enable this function, the virus check will run significantly faster, but will restrict itself to just files that have changed or been newly created since the last virus check. You should therefore only use this option if your computer is routinely protected using the Virus monitor, so regular virus checks are still additionally carried out. Generate log: By checking the Generate log box, you can specify that the software creates a log of the virus check process. This log can be viewed in the Logs area. Options (Monitor) In the Options dialogue for the Virus monitor you have the following setting options. Changes only need to be made here in the event of exceptions occurring: Use engines: works with multiple engines, in other words, in other words, two virus check modules in addition to the other Lavasoft technologies. Each engine by itself would already provide you with a high degree of protection against viruses, but it is precisely the combination of all engines that gives the very best results. You can accelerate the virus check in older and slower computers by using an individual engine, but normally you should keep the setting Both engines - performance optimised. In the case of an infection: detected a virus In the standard setting, the software now asks you what you would like to do with the infected file. If you would always like to perform the same action, you can set this here. The highest protection for your data is offered here by the setting Disinfect (if not possible: place in quarantine). Infected archive: Here you determine whether archive files (e.g. files with the extension RAR, ZIP, or PST) should be handled differently from normal files. As viruses stored in an archive can only cause damage when they are unzipped, you may choose to completely deactivate the archive scan under certain circumstances. If your virus monitor is permanently enabled, this will prevent an infection as soon as an infected archive is unzipped. System protection and autostart monitoring: When system protection is on, the Windows registry and the system folders are checked each time the system is started. This way, the HOSTS file is protected against manipulation. The HOSTS file is a text file on your computer which compares host names with IP addresses. If this file is modified by malware, users can unwittingly be diverted to phishing websites, for example. By clicking the exceptions button, you can exclude certain drives, directories, and files from the virus monitor check and in this manner sometimes significantly accelerate virus detection. To do this, proceed as follows: 1 Click the Exceptions button. 2 Click New... in the Monitor exceptions window. 3 Now select whether you want to exclude a drive, a directory, or a file and/or a file type.

16 Virus check 4 Underneath this, select the directory or the drive you would like to protect. In order to protect files, enter the complete file name in the entry field under file mask. You can also work with wildcards here. Wildcards work as follows: 11 The question mark symbol () represents individual characters. The asterisk symbol (*) represents entire character strings. For example, in order to protect all files with the file extension ".sav, enter *.sav. In order to protect a special selection of files with sequential file names (e.g., text1.doc, text2.doc, text3.doc), enter text.doc 5 Now, click OK. The exception will be displayed in the Monitor exceptions window. 6 Also click OK in the Monitor exceptions window. You can repeat this procedure as often as desired and also delete or modify the existing exceptions. Furthermore, you can click the button Advanced to specify which additional tests should be performed by the virus monitor. Normally you do not have to enter any more settings here. File types: Here you can specify which file types are to be inspected by the Ad-Aware Total Security for viruses. With Program files and documents only, only the files that can generally contain executable malware are checked. This gives a speed advantage during monitoring. Check during writing: Directly after a file has been created, the virus monitor will check whether a virus has latched on to the process. Check network access: If your computer has a network connection to unprotected computers (for example, other laptops), it is a good idea to check the network accesses to see if any malicious programs are being transferred. If you use your computer as a stand-alone computer without network access, you don't need to enable this option. If you have installed virus protection on each computer in the network, it is recommended that you turn off this option. Otherwise, some files will be checked twice, which negatively affects speed. Heuristics: In the heuristical analysis, viruses are not only detected by means of virus updates that you regularly receive from us online, but are also identified on the basis of certain characteristics typical of viruses. This method increases the level of security, but in rare cases may also generate a false alarm. Check archive: Checking compressed data in archives is a very time-consuming process and can generally be omitted if the virus monitor in your system is always active. The monitor can detect a previously hidden virus while the archive is being unzipped and can automatically prevent it from spreading. To avoid decreasing performance with unnecessary checks of large archive files that are rarely used, you can set a size limit (number of kilobytes) for archives to be checked. Check archives: Because the software already checks incoming and outgoing for virus infections, it is usually a good idea to omit regular checks for archives since this process may take several minutes, depending the size of the archive. Check system areas during system start: In general, system areas (for example boot sectors) in your computer should not be excluded from virus checks. You can specify here whether you want to run a check on system start-up or during a media exchange (e.g., new CD-ROM). Generally you should have at least one of these two functions activated. Check system areas during change of medium: In general, system areas (for example boot sectors) in your computer should not be excluded from virus checks. You can specify here whether whether you want to run a check on system start-up or during a media exchange(e.g., new CD-ROM or similar). Generally you should have at least one of these two functions activated.

17 12 Check for dialers / spyware / adware / riskware: You can use to check your system for dialers and other malware programs (spyware, adware, riskware). These are e.g. programs that establish expensive, unwanted Internet connections, of which the potential for financial damage is no less significant than that of the virus. They may for example secretly record your surfing habits or even all the keyboard entries you make (including your passwords) and forward these to third parties via the Internet at the earliest opportunity. Only check new or modified files: When you activate this function, a virus check executes significantly faster; however, it only extends to files that were modified or newly created. You should use this option if your computer is generally always protected by the virus monitor and does not come into contact with networks, questionable websites (unknown shops, lottery sites, etc.), or data carriers (CDs, USB sticks, removable disks) that can often come from infected sources.

18 Last virus check 13 Last virus check This is where you can see when your computer was last fully checked for viruses. If this entry is highlighted in red, you should run a virus check as soon as possible. To do so, just click on the entry and start the checking process by pressing the Check computer now button. After the scan, the entry is highlighted in green, meaning that the virus check was run sufficiently recently. Virus scan If you have a specific concern and only want to check certain areas of your computer for malware, please select which areas you want to check here. Check computer: If you want to check your computer independently of the automatic scan (e.g. because you currently have a suspected virus), just click on the Check computer entry. Your computer will now be checked for viruses. Check memory and Startup: All running processes the program files and DLLs (program libraries) will then be checked. In this way malware can be directly removed from the memory and Autostart area. Active viruses can be directly removed without searching through the entire hard drive. Since this check can be done relatively quickly, it is recommended that it is performed regularly (e.g. as part of an automatic virus check). This function, however, is not a replacement for regular virus control of saved data, but rather an extension to it. Check directories/files: This enables you to scan selected drives, directories or files for viruses. If you double-click on this action, a directory and file selection dialogue will open. You can scan specific individual files or entire directories for viruses here. Select directories/files In the directory tree, you can open and select directories by clicking on the plus symbols. Their contents will then be shown in the file view. Each directory or file that you mark with a check will be scanned by. If not all files in a directory are checked, this directory is marked with a gray checkmark. Check removable media: Use this function to check CD-ROMs or DVD-ROMs, diskettes, memory cards or USB sticks for viruses. If you click on this option, all removable media connected to your computer will be checked (including CDs in the tray, inserted memory cards, hard drives connected via USB or USB sticks). Please note that cannot of course remove viruses from media that do not have write access (e.g. burned CD-ROMs). In this case, virus discoveries are logged. Check for rootkits: Rootkits attempt to evade conventional virus detection methods. You can use this function to specifically search for rootkits, without checking all the hard drives and saved data.

19 14 Virus monitor The virus monitor should always be active. If you would like to switch off the monitor or would like to change something in the settings, click the entry Disable virus monitor. In addition, by clicking the Advanced button, you can customise the settings of your virus monitor. More functions Here you will find details relating to program areas of which you might not use so regularly. Schedule You can choose to have the most important functions of run automatically at regular intervals. This is highly recommended. The procedures for customizing automatic updates and automatic virus checks are very similar. Automatic updates: Virus definition updates occur hourly in the default setting. If your computer is not connected to the Internet with a data flat-rate, it would be advisable to perform the automatic update either less frequently or always set it so that it occurs as soon as you access the Internet. Automatic virus checks: Your computer should be completely checked for virus infection regularly. Depending on how you use your computer and depending on whether the virus monitor is used, you can change the interval between these automatic virus checks. Various virus checks In many cases it suffices if the computer is completely checked at regular intervals. Via the New virus check button you can issue various automatic virus checks that are independent of one another. It is thus possible that you check the folder Downloads daily while you check your MP3 collection only once a week, for example. To edit an automatic update or a virus check, select it and click on the entry Edit. A window with tabs then opens in which you can undertake the corresponding changes: Job Enter the name you want to give the newly created job here. It is a good idea to use meaningful names to differentiate between the various jobs, for instance, Local hard disks (weekly scan) or Archive (monthly scan). If you check Switch off the computer after completion of the task, the computer will automatically shut down once the automatic virus check has been completed. This is useful if for example you want to run a virus check when your day at work has finished. If the computer can switch itself off automatically after the scan, this avoids wasting energy unnecessarily. What is a "job" Each individually executed, automatic task for updating the virus data or scanning the computer is called a "job". Automatic update By checking Generate log you can make sure that the software creates a log whenever it updates. This log can be viewed in the Logs area.

20 Virus monitor 15 Analysis scope Here you can define whether the virus check should be run on the local hard drives, whether memory and autostart areas should be tested, or whether you only want to test certain directories and files. If this is the case, use the Select button to specify the directories you want. Select directories/files In the directory tree, you can open and select directories by clicking on the plus symbols. Their contents will then be shown in the file view. Each directory or file that you mark with a check will be scanned by. If not all files in a directory are checked, this directory is marked with a gray checkmark. Automatic update This tab is not required for automatic updates. Scheduling This tab allows you to specify when the automatic update should run and how often. You set up the default schedule under Run and then specify it in more detail under Time. Of course, if you select On system start-up, the scheduling defaults no longer apply and the software will run the scan each time your computer starts up. If you select the option Idle mode, the job will only be run if the computer that is turned on at this time is not being used. If this is the case, the job will first start when the computer is no longer being used. Automatic update If you select the Internet connection setup option under Time, the scheduling defaults no longer apply and the software will run the update each time your computer connects to the Internet.

21 16 Virus check This area allows you to define which settings should be used for the automatic virus check. Use engines: works with multiple engines, in other words, two virus check modules in addition to the other Lavasoft technologies that work essentially independent of each other. Each engine by itself would already provide you with a high degree of protection against viruses, but it is precisely the combination of all engines that gives the very best results. You can accelerate the virus check in older and slower computers by using an individual engine, but normally you should keep the setting Both engines. In the case of an infection: has detected a virus In the standard setting, the software now asks you what you would like to do with the infected file. If you would always like to perform the same action, you can set this here. The highest protection for your data is offered here by the setting Disinfect (if not possible: quarantine). Infected archive: Here you determine whether archive files (e.g. files with the extension RAR, ZIP, or PST) should be handled differently from normal files. As viruses stored in an archive can only cause damage when they are unzipped, you may choose to completely deactivate the archive scan under certain circumstances. If your virus monitor is permanently enabled, this will prevent an infection as soon as an infected archive is unzipped. Automatic update This tab is not required for automatic updates. Furthermore, you can click the button Advanced to specify which additional virus checks should be performed or omitted. In most cases, however, it is completely sufficient to use the specified default settings. File types: You can specify here which file types should be inspected by the software for viruses. Selecting the option Program files and documents only entails certain speed benefits. Priority scanner: Via this setting you can specify the degree to which a virus check influences the processing power of your computer. If you want to run a virus check when you are not using the computer, the setting High (short run time) is recommended. Heuristics: In the heuristic analysis, viruses are not only detected by the virus database, which you receive with every update of the, but are also identified on the basis of particular characteristics typical of viruses. This method increases the level of security, but in rare cases may also generate a false alarm. Check archive: Checking compressed data in archives (these can be recognized by their file extensions such as ZIP, RAR or PST) is very time-consuming and can normally be omitted if the virus monitor is generally active on the system. The monitor can detect a previously hidden virus while the archive is being unzipped and can automatically prevent it from spreading. Check archive: Because already checks incoming and outgoing for virus infections, it is usually a good idea to omit regular checks for archives since this process may take several minutes, depending on the size of the archive. Check system areas: In general, system areas (for example boot sectors) in your computer should not be excluded from virus checks. Check for dialers / spyware / adware / riskware: You can also use this function to check your system for dialers and other malware (spyware, adware and riskware). These are e.g. programs that establish expensive, unwanted Internet connections, of which the potential for financial damage is no less significant than that of the virus. They may for example secretly record your surfing habits or even all the keyboard entries you make (including your passwords) and forward these to third parties via the Internet at the earliest opportunity. Check for rootkits: Rootkits attempt to evade conventional virus detection methods. Additional monitoring for this malware is always advisable.

22 Virus monitor 17 Generate log: By checking the Generate log box, you can specify that the software creates a log of the virus check process. This log can be viewed in the Logs area. User account Here you can specify the user account on the computer on which the virus check should take place. This account is required for access to network drives. Automatic update Here you can specify a user account on the computer for which the Internet access has been configured. Quarantine During the virus check, you have different options for dealing with any viruses found. One option is to move the infected file to quarantine. Quarantine is a secure area in the software where infected files are encrypted and stored so they cannot transfer the virus to any other files. Logs The log area lists the logs made by the software. Click the Start time, Type, Header, or Status column headers to sort the available logs accordingly. The Save as and Print buttons can be used to save log data as text files or print them out directly. To delete a log, highlight the entry in the table using the mouse and either press the Del key or click on the Delete button. Create boot CD The boot CD is a useful tool for rendering computers that have already been compromised virus-free. Use of a boot CD is particularly recommended for computers that had no virus protection prior to installing. Read how to create and use a boot CD in the section: Boot scan prior to installation Are described functions such as creating a boot CD not available to you It may be possible that the Create boot CD option was not installed during the installation of. This can easily be installed retrospectively by reinserting the CD and running the installation with the boot CD option or by running the installation file you downloaded.

23 18 Updates In this area, you can undertake all settings involved with the updating of your virus protection. Use the Options button to obtain access to the program parameters affecting this area. Options (Internet update) If updating the software via the Internet does not work, you can perform all the operations necessary to enable updates to take place automatically in this area. In the options, enter the access data ( user name and password) that you received when you registered your online. The Lavasoft update server will use this data to recognize you so updates can now run completely automatically. You should only disable the version check in the event of problems with the virus signatures (e.g. if you have accidentally deleted files here). Logon to update server If you have not registered with the server yet, you can do this now by clicking the Register with server button. A new window appears in which you can enter your registration number and customer data. You can find the registration number on the back of the printed manual. If you have purchased the software online, you will receive the registration number in a separate . Click the Log in button and your access data is generated on the Lavasoft UpdateServer. If the login is successful, an info screen appears with the message Logged in successfully, which you can exit using the Close button. Warning: you will also receive access data for your documentation and for any software reinstallations by . Therefore please make sure that the address indicated in your online registration is correct; otherwise you will not receive the access data. Your access data will then be automatically transferred into the original input screen, and you can start the actual process of updating by clicking on the OK button. Unable to log onto the server If you cannot log onto the server, please click on the Internet Settings button. Here you can then check the settings for your Internet connections.

24 Last virus update 19 Last virus update This is where you can see when your computer last received updated anti-virus information from the Internet. If this entry is highlighted in red, you should run a virus update as soon as possible. To start the update, just click on the Update entry next to it. Are you having problems with the Internet update Detailed information can be found in the section: Options (Internet update)

25 20 Automatic updates You can update regularly via the Internet. This is highly recommended. If you have set up an automatic update you will never have to worry about updating again. If you don't want to use automatic updates, click on the entry and select the Disable automatic updates option. Read how to set up or, if necessary, change an automatic check or update, in the section entitled Schedule.

26 Program version 21 Program version When new program versions of are available, you can easily update these with a click, as with the virus information. If you receive anotification here that an update is available, simply click on the entry Update. Are you having problems with the Internet update Detailed information can be found in the section: Internet update

27 22 More functions In this area you can create settings for safe surfing on the Internet. Web protection Phishing protection Firewall This is where you can manage protection for your mailbox. protection Spam protection Here, the program functions that go beyond pure virus protection are available to you. Parental controls Tuner Backup Use the Options button to obtain access to the program parameters affecting this area. Options (Web/IM) You can create the following settings here. Internet content (HTTP): In the web options, you can determine that all HTTP web content is checked for viruses while browsing. Infected web content is not run at all and the corresponding pages are not displayed. To set this option, please check Process Internet content (HTTP). Avoid browser timeout: Since processes web content before it is displayed in the Internet browser, it requires a certain amount of time to do so depending on the data traffic. Therefore it is possible for an error message to appear in the Internet browser because the browser does not receive data immediately, due to the anti-virus software checking it for malicious routines. By activating the checkbox Avoid browser timeout, you can disable this error message and as soon as all browser data has been checked for viruses, the data will appear as normal in the Internet browser. Send addresses of infected websites Through this function you can automatically anonymously of course - report Internet sites that were deemed unsafe by Ad-Aware Total Security. With that, you optimize security for all users. Download size limit: With this function you can interrupt the HTTP check for web content that is too large. The contents are then monitored by the virus monitor as soon as suspected malicious routines become active. The advantage of the size limit is that there are no delays caused by virus checks when surfing the web. Instant Messaging: Since viruses and other malware can also be spread via Instant Messaging, can also prevent infected data from being displayed and downloaded in advance. If your Instant Messaging applications do not run using standard port numbers, please enter the corresponding port addresses under Server port number(s). Instant Messaging (integration into IM application): If you use Microsoft Messenger (version 4.7 and later) or Trillian (version 3.0 and later), you can set the checkmark for the respective program to define a context menu in which you can directly check suspicious files for viruses.

28 More functions 23 If you do not want to check the Internet content, the Virus monitor naturally takes action if infected files are started. That means your system is also protected without checking Internet content as long as the virus monitor is active. However, if you want to use parental controls (e.g. as part of ), the checkmark for Process Internet content (HTTP) must be set because the parental controls will not work correctly otherwise. Options ( check) The check enables you to scan incoming and outgoing s and file attachments for viruses and eliminate possible infections at the source. can directly delete file attachments or repair the infected files if viruses are found. In Microsoft Outlook checks are carried out by using a plug-in. This offers the same protection as the POP3/IMAP-orientated protection function in the Anti-Virus options. After installing this plugin, you will find the function Scan folder for viruses in the Outlook menu Tools, with which you can check your folders individually for virus contamination. Incoming mail In the case of an infection: Here you can specify what is supposed to happen if an infected is discovered. Depending on the purposes for which you are using your computer, different settings apply here. Generally we recommend using the Disinfect (if not possible: delete attachment/ text) setting. Check received By activating this option, all the you receive while you are working on your computer are checked for viruses. Check unread on program start-up (Microsoft Outlook only): Only for Microsoft Outlook: This option is used to scan for viruses in you receive while you are offline. All unread in your Inbox folder and subfolders will be checked as soon as you open Outlook. Append report to received, infected When you enable the report option and a virus is found, the virus will be removed and the will be replaced by text. Outgoing mail Check before sending: also allows you to scan your for virus infection before you send them, to ensure you do not inadvertently send viruses yourself. If you try to actually send a virus (unintentionally), the message The [subject header] contains the following virus: [virus name] appears. The cannot be sent, and the corresponding will not be sent. Append report to received, infected mails: a scan report is displayed underneath the actual text of every outgoing . Here you can also specify whether this report contains information about the version used (Version information). Scan options Use engines: uses multiple anti-virus engines, two generally independently operating analysis units in addition to the other Lavasoft technologies. In principle, use of all engines should guarantee optimum virus protection results.

29 24 OutbreakShield: This option lets you activate the OutbreakShield. With the activated OutbreakShield, creates checksums of , compares these with current anti-spam blacklists and, as a result, it is able to react to a mass-mailing before the relevant virus definitions become available. OutbreakShield uses the Internet to monitor increased volumes of suspicious , enabling it to close the window between the mass mail outbreak and its containment with specially adapted virus definitions, practically in real time. The OutbreakShield is an integral part of the virus blocker. If you use a proxy server, click on the Internet settings button and carry out the settings. You should change these settings only if your OutbreakShield doesn't function. If necessary, consult your system administrator or Internet service provider about the proxy address. Advanced also automatically protects your once installed. To do so, it uses a special plug-in for Microsoft Outlook and a special client for POP3/IMAP-based programs (e. g. Outlook Express, Thunderbird, Pegasus, Opera etc.) that scans before they are sent or received by your program. By checking the relevant checkbox, you can also disable protection for incoming (POP3/IMAP) and outgoing (SMTP). Since processes incoming before the program itself, you may get an error message if there is a large quantity of or if the connection is slow. This is because it is not receiving the data immediately, as it is being scanned for viruses by AdAware Total Security. If you check the Avoid timeout in mail client box, this type of error message is suppressed and will forward the messages to the program as usual as soon as all the data has been checked for viruses. If you do not use the default ports for your programs, you can enter the port you use for incoming or outgoing under Server port number. Click on the Default button to automatically restore the default port numbers. You can also enter multiple ports. Separate each of these with a comma. Microsoft Outlook is protected by a special plug-in that allows you to scan folders and directly from Outlook. To scan an or folder for viruses in Outlook, simply select the Tools > Scan folder for viruses command from the Outlook menu bar and the current folder will be checked.

30 Web protection 25 Web protection In this area, you can enable or disable web protection. By means of the Advanced button, you can set basic settings for handling web content and messaging services. Define exceptions Web protection ensures that you do not fall victim to infected or fraudulent websites on the Internet. However, in rare cases it may occur that a website is not displayed properly, even though it is supplied by a safe provider. In such a case, you can add this web address to the Whitelist, i.e. you can define it as an exception and Web protection will no longer block this site. To add a website to the exceptions in the Whitelist, please proceed as follows: 1 Click on the Define exceptions button. The Whitelist window will appear. This will display the websites that have been categorized as safe and entered here. 2 To add another website, please click on the New button. An input screen will appear. Enter the name of the website (e.g. com) under URL and, if necessary, enter a comment under Note about why you have included this website. If you click on OK now, the website will be transferred to the whitelist and will no longer be checked by Web protection. 3 An information window will confirm that the website has been added to the Whitelist. You can then exit the Whitelist window by clicking on the Close button at the upper right corner. To remove a website from the Whitelist, highlight it in the list using your mouse and then click on the Delete button.

31 26 Phishing protection With so-called phishing, scammers on the Internet attempt to redirect customers of a particular bank or shop to fake websites in order to steal their data there. The Webfilter is constantly updated online with the latest information about new phishing websites and blocks these automatically. Activating the phishing protection is highly recommended.

32 Firewall 27 Firewall A firewall protects your computer from being spied on. It checks which data and programs from the Internet or network reach your computer and which data is sent from your computer. As soon as there is an indication that data is to be installed or downloaded on your computer without authorization, the firewall alarm sounds and blocks the unauthorized data exchange. It is generally advisable to use the firewall in Autopilot mode. It then virtually runs in the background and protects you without you having to undertake major settings. If you are using the firewall in Autopilot mode, this will remain completely in the background and operate independently. If you are using the firewall with user-defined settings, a dialogue window will appear in the event of doubt in which you can gradually optimize the firewall for your system environment. Autopilot mode is included as standard when installing the firewall. The firewall starts tracking your computer's network activities from the moment it is installed. When you are working locally with your computer, you will only be aware of the firewall from the Security icon on the Windows taskbar. You can use the Configure buttons to set the firewall individually if you do not want to use Autopilot Mode. Configure The firewall usually operates in Autopilot mode. It is only advisable to change the firewall settings if you have sufficient knowledge of processes involving networks, Internet access and data transfer. If you want to customise the firewall settings, you can use the firewall program interface to do so. Click on the icons on the left of the firewall screen to select various tabs that will take you to the relevant program area where you can carry out different actions, select default settings and check connection data. Status In the status area of the firewall, you will find basic information about the current status of your system and the firewall. You will find this to the right of the relevant entry as either text or numerical data. In addition, the status of components is also displayed graphically. By double-clicking the relevant entry (or selecting the entry and clicking the Edit button), you can directly select actions or switch to the relevant program area. As soon as you have optimized the settings for a component with a warning icon, the icon in the Status area will revert to the green check icon. Security: As you use the computer for your daily tasks, the firewall gradually learns which programs you do or do not use for Internet access and which programs represent a security risk. Depending on how familiar you are with firewall technology, you can configure the firewall to provide either highly effective basic protection without an excessive number of inquiries or professional protection customised to your own computing habits, but which also requires knowledge of firewalls. Double-click on Security to call up a range of security versions: Autopilot mode (recommended): Here the firewall works fully autonomously and automatically keeps threats from the local PC. This setting offers practical all-around protection and is recommended in most cases.

33 28 Manual rule creation: If you would like to individually configure your firewall or do not want particular applications to work together with autopilot mode, you can adjust your firewall protection entirely to your requirements via the manual rule creation. Mode: Here you are informed of which basic setting your firewall is currently operating in. Either the manual rule creation or automatic (autopilot) are possible here. Networks: Naturally, the firewall monitors all network activities such as a DTN (data transmission network) and a LAN connection. If one or more networks are not protected, for example, because they were manually excluded from firewall monitoring, a warning icon will alert you of this. Double-clicking the respective entry opens a dialogue box via which you can individually configure the rules and settings for the selected network. Here, under Rule set simply select whether the respective network is supposed to belong to the Trustworthy networks, the Untrustworthy networks, or the Networks to be blocked. The Direct Internet connection setting is, for the most part, based on the settings that also apply to Trustworthy networks. Each network can be assigned a special rule set. While the Networks area tells you which networks are available on your computer, the Rule sets area tells you which automatically created or user-defined rule sets are available in the firewall. Registered attacks: As soon as the firewall registers an attack on your computer, it is logged here and you can obtain further information by clicking the menu item. Application radar: The application radar shows you which programs are currently being blocked by the firewall. If you still want to allow one of the blocked applications to use the network, simply select it and then click the Allow button. Networks The Networks area lists the networks (e.g. LAN, data transmission network etc.) to which your computer is connected. Also shown here is which rule sets (see section Rule sets) are protecting the respective network. If you uncheck the relevant network it will no longer be protected by the firewall. However, you should only disable this protection in specially justified circumstances. If you use the mouse to highlight a network and click on the Edit button, you can view and/or change the firewall settings for this network. Edit network When editing network settings, you have a choice of using the rule wizard or the advanced dialogue. We generally recommend using the rule wizard since it helps the user create rules and settings. About network: This is where you can find information about the network - where this is available - concerning the IP address, subnet mask, default gateway, DNS, and WINS server. Firewall enabled on this network: You can use this option to disable the firewall's network protection, but you should only do this in specially justified circumstances. Internet connection sharing: If your system connects directly to the Internet you can determine whether all computers connected via a TCP/IP network should have access to the Internet or not. This Internet connection sharing (ICS) can generally be activated for home networks. Enable automatic configuration (DHCP): When you connect your computer to the network, a dynamic IP address (via DHCP = Dynamic Host Configuration Protocol) is assigned. You should leave this option checked if you are connected to the network using this default configuration.

34 Firewall 29 Rule set: You can very quickly choose from predefined rule sets and determine whether, in terms of firewall monitoring, you are dealing with a network which can be e.g. trusted, not trusted, or should be blocked. Clicking the Edit rule set button gives you the option of configuring rule sets individually. Please also refer to the section Rule sets. Rule sets In this area you can create special rules for different networks. These rules can then be grouped together to form a rule set. There are default rule sets for a direct connection to the Internet, untrustworthy networks, trustworthy networks, and networks to block. The relevant rule set is listed with names and stealth mode status in the overview. You can change existing rule sets or add new ones using the New, Delete, and Edit buttons. Stealth mode (hidden, secret) is used for not answering requests to the computer that verify the relevant port's accessibility. This makes it difficult for hackers to obtain system information in this manner. The default rule sets for Direct Internet connection, Trustworthy networks, Untrustworthy networks, and Networks to be blocked cannot be deleted. You may, of course, delete additional rule sets that you yourself have created at any time. Create rule sets You can allocate every network its own rule set (i.e. a collection of rules specially matched to it). In this manner you can protect networks with different levels of danger in different ways using the firewall. For example, a home network surely requires considerably less protection (and consequently less administrative effort) than a data transmission network directly connected to the Internet. The firewall contains three default rule sets for the following network types: Rule set for an untrustworthy network: This generally covers open networks (e.g. data transmission networks) with Internet access. Rule set for a trustworthy network: Home and company networks are generally trustworthy. Rule set for a network to be blocked: This setting can be used if the computer's access to a network is to be blocked on a temporary or permanent basis. This is advisable, for instance, when you are connected to external networks with an indeterminate level of security (e.g. at LAN parties, external corporate networks, public workspaces for notebooks, etc.) Newly established networks on your computer can be assigned an appropriate rule set. Furthermore, you can also create individual rule sets for networks by clicking the New button. To do this, click the New button in the Rule sets area and enter the following details in the dialogue window: Rule set name: Enter a meaningful name for the rule set here. Generate an empty rule set: This allows you to generate an empty rule set and enter customdefined rules. Generate a rule set which contains a number of meaningful rules: This option allows you to specify if you want the new rule set to include a few basic default rules for untrustworthy, trustworthy networks or for networks to be blocked. You can then make individual adjustments based on these defaults. The new rule set now appears in the list in the rule sets area under the relevant rule set name (e.g. new rule set). If you then click on Edit - depending on the setting you made under Miscellaneous (see the section with the same name) - the Rule wizard or the Advanced dialogue for editing the individual rules of this rules set will open. You can learn how to assign new rules in the rule sets in the sections entitled Using the Rule wizard and Using the advanced dialogue.

35 30 In addition to directly entering rules yourself, you can also create rules via the firewall alarm info box. This learning process of the firewall is explained in the section entitled Firewall alarm. Using the Rule w izard The Rule wizard allows you to define specific additional rules to the relevant rule set or modify existing rules. We recommend that users unfamiliar with firewall technology use the Rule wizard rather than the advanced dialogue. Using the Rule wizard you can change one or more rules in the selected rule set. Thus you always create a rule within a rule set that contains various rules. Depending on which rule set you have specified for the relevant network, one rule set (e.g. for untrustworthy networks) may block an application while another (e.g. for trustworthy networks) could grant it full network access. This means you can use a strategic combination of rules to restrict a browser in such a way that, for example, it can access websites available within your home network but cannot access content from the data transmission network. The following basic rules are available in the Rule wizard: Allow or deny access to a specific application: This allows you to select a specific application (program) on your hard disk and explicitly permit or deny it access to the network governed by the rule set. Simply use the wizard to select the required program (program path) then indicate under Connection direction whether the program is to be blocked for incoming connections, outgoing connections or both incoming and outgoing connections. This enables you, for example, to prevent your MP3 player software from forwarding data about your listening habits (outbound connections) or to ensure that program updates are not downloaded automatically (inbound connections). Open or disable a specific Internet service (port): A Port is a specific address area that automatically forwards data transferred over a network to a specified protocol and then on to specified software. For example, standard websites are transferred via port 80, while is sent via port 25 and received via port 110, etc. Without a firewall, all ports on your computer normally remain open, although the majority of users do not need most of these. Blocking one or more of these ports is a quick way of eliminating vulnerabilities that could be used for attacks by hackers. The wizard provides the option of blocking ports completely or for a particular application only (e.g. your MP3 player software). Allow or deny file and printer sharing (NetBIOS): NetBIOS is a special interface in networks that can be used for e.g. sharing files or printers directly between one computer and another without using the TCP/IP protocol. It is often advisable to deny sharing for untrustworthy networks, as this is generally not necessary for home networks and the NetBIOS can also be used by hackers to compromise a computer. Allow or deny domain services: A domain is a type of classification directory for computers on a network which allows the computers linked to the network to be managed centrally. Enabling for domain services in untrustworthy networks should generally be denied. Enable Internet connection sharing: If your system connects directly to the Internet you can determine whether all computers connected via a TCP/IP network should have access to the Internet or not. This Internet connection sharing (ICS) can generally be activated for home networks. Switch to the extended edit mode (advanced dialogue): This allows you to move from the Rule wizard to the advanced dialogue. For further information on the advanced dialogue, see the section Using the advanced dialogue.

36 Firewall 31 If you remove the checkmark next to Always launch the Rule wizard in the future checkbox, the firewall will automatically open the advanced dialogue to define new rules. Using the advanced dialogue The advanced dialogue allows you to set highly specific rules for the relevant network, although you will need a basic knowledge of network security for this. You can, of course, create all the rules here that could be created using the rule wizard, but in addition advanced settings can also be made. The following configuration options are available: Name: This allows you to change the name of the current rule set if required. The rule set will then be displayed under this name in the list within the Rule sets area and can be combined with networks identified by the firewall there. Stealth mode: Stealth mode (meaning: hidden, secret) is used for not answering requests to the computer that verify the relevant port's accessibility. This makes it difficult for hackers to obtain system information in this manner. Action if no rule applies: Here, you can specify if access to the network should generally be permitted, denied, or subject to an inquiry. Should any special rules for individual programs be defined by the firewall's learning function, these will naturally be applied. Adaptive mode: Adaptive mode supports applications that use feedback channel technology (e.g. FTP and numerous online games). These applications connect to a remote computer and negotiate a feedback channel with it, which the remote computer then uses to "reverse connect" to your application. If the Adaptive mode is enabled, the firewall detects this feedback channel and permits it without querying it separately. Rules The list of rules contains all the rules specified as existing exceptions for this rule set. This means, for example, that selected programs can be authorised for numerous network accesses even if the network is classified as untrustworthy. The rules applicable here may have been created in various ways: Via the Rule wizard Directly via the Advanced dialogue using the New button Via the dialogue in the info box displayed when the firewall alert is triggered. Of course, each rule set has its own list of rules. Since the firewall rules are partly nested hierarchically, it is sometimes important to note the ranking of each rule. For example, a port that you have granted access to may be blocked again because a certain protocol is denied access. To modify the rank of a rule in the sequence, highlight it with the mouse and use the arrow buttons under Rank to move it up or down the list. If you create a new rule using the Advanced dialogue or modify an existing rule using the Edit dialogue, the Edit rule dialogue appears with the following setting options: Name: For default and automatically generated rules, this displays the program name to which the relevant rule applies. You can also use the Edit button at any time to change the name or add further information. Rule enabled: You can disable a rule without actually deleting it by deactivating the checkbox.

37 32 Comment: This indicates how the rule was created. Default rule is listed next to rules preset for the rule set; generated in response to alert is listed next to rules that arise from the dialogue from the Firewall alarm; and for rules that you generate yourself via the advanced dialogue you can insert your own comment. Direction of connection: With Direction, you specify if the selected rule applies to incoming or outgoing connections, or to both incoming and outgoing connections. Access: This specifies if access is to be permitted or denied for the relevant program within this rule set. Protocol: This allows you to select the connection protocols you want to permit or deny access. You can generally block or enable protocols or link usage of a protocol to the use of one or more specific applications (Match to applications). Similarly, you can use the Match to Internet service button to specify the ports that you do or do not wish to use. Time window: You can also set up time-related access to network resources to ensure, for example, that the network can only be accessed during your normal working day and is blocked at all other times. IP address space: It is advisable to regulate network use by restricting the IP address range, especially for networks with fixed IP addresses. A clearly defined IP address range significantly reduces the risk of attack from a hacker. Firewall alarm When in manual rule creation mode, the firewall will generally check unknown programs and processes that try to connect to the network, to see if they should be allowed or blocked. An information box will open to show you details about the relevant application. You can also allow oneoff or permanent access to the network, or deny any access. As soon as you have allowed or denied permanent access for a program, a rule will be created in that network's rule set for this and you will not be asked about this again. The following buttons are available: Always permit: This button lets you create a rule for the application mentioned above (e.g. Opera.exe or Explorer.exe or itunes.exe) allowing permanent access to the network and/or Internet. You will also find this rule as Rule created by enquiry in the area called Rule sets. Allow this time: You can use this button to permit the relevant application to access the network only once. The firewall will issue another alert the next time this program attempts to access the network. Always block: This button lets you create a rule for the application mentioned above (e.g. dialer. exe or spam.exe or trojan.exe) permanently denying it access to the network or Internet on the network specified for the application. You will also find this rule as Rule created by enquiry in the area called Rule sets. Block this time: This button lets you deny the relevant application access to the network once only. The firewall will issue another alert the next time this program attempts to access the network.

38 Firewall 33 There is further information available on the protocol, port and IP address with which the relevant application is trying to interact. Logs The log area logs all the connections to the network and Internet permitted or blocked by the firewall. You can sort this list as desired using different criteria by clicking on the relevant column header. Click the Details button for further information on the individual connections. Options (Firewall) In the upper menu bar of the program interface, you will find comprehensive functions and settings options by clicking the Options button. Automatic The advantage of using the default security levels is that you can adapt the firewall to your individual requirements without too much administrative input or specialist knowledge of network security. You can set the security level by simply adjusting the slide control. The following security levels are available: Maximum security: The firewall rules are generated using very strict guidelines. So you should be familiar with specialised network concepts (TCP, UDP, ports etc.). The firewall detects the slightest inconsistencies and will issue frequent queries during the learning phase. High security: The firewall rules are generated using very strict guidelines. So you should be familiar with specialised network concepts (TCP, UDP, ports, etc.). The firewall may issue frequent queries during the learning phase. Normal security: The firewall rules are generated at the application level only. Wizards keep network-specific details away from you. You will be queried as little as possible during the learning phase. Low security: The firewall rules are generated at the application level only. Wizards keep network-specific details away from you. You will only be rarely queried during the learning phase. This level of security still offers highly effective protection against any connection requests that may occur. Firewall disabled: You can disable the firewall completely if required. This means that your computer is still connected to the Internet and any other networks, but the firewall is no longer protecting it against attacks or electronic espionage. If you wish to make specific settings for your firewall, check Custom security (for professionals). Please note: for these settings you will need at least a basic understanding of network security. Inquiry Here you can specify if, when and how the firewall should query users when programs request a connection to the Internet or network. Define rule: If the firewall detects a connection being made to the network, an information box appears in which you specify how to proceed for this particular application. Specify here precisely how to proceed in terms of allowing or forbidding network access:

39 34 Per protocol/port/application. Per application, if a minimum of inquiries are pending: There are applications (e.g. Microsoft Outlook) that send requests to multiple ports when requesting network access or that use different protocols simultaneously. This might for example cause several queries to occur via dialogue boxes in the setting per protocol/port/application. Therefore you can specify here that applications should receive global permission for or denial of network use as soon as you have allowed or blocked the user's connection. Per application: This enables you to specify general authorization or denial of network access by the currently selected application on any port and using any transfer protocol (e.g. TCP or UDP). Per protocol/port/application: The application requesting network access is only permitted to go online with the requested transfer protocol and on the specified port. If the same application requests an additional network connection on another port or using a different protocol, the information box will appear again, allowing you to create another rule for it. Cache: You can bundle recurring requests for connection of an application. This way, information boxes do not keep appearing during connection attempts for which you have not yet specified a rule, but rather only in e.g. 20-second intervals or another period of you define. Unknown server applications: Applications that are not yet managed using a rule in the firewall may be handled in a different manner. The time of the inquiry lies within a certain latitude. If the server application goes to "on receipt", this means that it is waiting for a connection request as if on standby. This connection request is made under the Connection request setting. In general, the checkmark next to Scan for unknown server applications on program start should be set. Otherwise Trojans, for example, that were present on the computer before the firewall was started, could continue to remain active without being discovered. Unprotected networks: A firewall can only function properly if all the networks accessed by the computer it is protecting can also be detected and monitored by it. You should therefore leave the checkmarks next to Immediately report new networks if unprotected and Scan for unprotected networks at program start set. Attacks You should generally leave these boxes checked to ensure that the widest range of hacker attacks is detected. The potential damage a successful attack could inflict considerably outweighs the slight improvement in system performance achieved if the firewall is not scanning for threats. The firewall will detect the following types of attacks: Port scans: Here, the open TCP and UDP ports on an attacked computer are identified. Such an attack is used to search for weaknesses in the computer system and usually precedes more dangerous attacks. Ping of Death: In this attack, an ICMP packet is sent with a size exceeding the allowable value of 64 KB. The attack can cause certain operating systems to crash. Land: in this attack, a request is sent to an open port on the attacked computer to establish a connection to itself. This causes an infinite loop on the affected computer, resulting in a greatly increased processor load and possibly causing the operating system to crash.

40 Firewall 35 SYN Flood: With this attack, large quantities of false connection requests are sent to the attacked computer. The system reserves certain resources for each of these connections, causing all of its resources to be consumed and preventing it from responding to connection requests from other sources. UDP flood: With this attack, a UDP packet is sent, which, due to its structure, is endlessly sent back and forth between the computer under attack and an address that the computer can access freely. This causes a loss of resources on both computers and increases the load on the connection channel. ICMP Flood: With this attack, large quantities of ICMP packets are sent to the computer under attack. This causes a greatly increased load on the processor since the computer reacts to each packet. Helkern: With this attack, special UDP packets with executable malware are sent to the attacked computer. The attack leads to a slowing down of Internet functions. SMB Die: This attack involves an attempt to establish a connection according to SMB protocol; if the connection is successful, a special packet is sent to the computer which tries to overflow the buffer. Consequently, the computer restarts. Lovesan: With a Lovesan attack, the program tries to detect security holes in the DCOM RPC of Windows NT 4.0/NT 4.0 Terminal Services Edition/2000/XP/Server (tm) 2003 operating systems. If such vulnerabilities exist on the computer, a program with malicious functions is sent to perform arbitrary changes on your computer. If you click on the entries in the Mode column, you can specify whether you want to be immediately alerted to hacker attacks via a dialogue box or if these attacks should only be recorded in the log. Miscellaneous Further setting alternatives are available here. Reference testing for applications: During reference testing the firewall calculates a checksum based on the file size and other criteria for applications for which it has already enabled network access. If the checksum for this program suddenly changes, it may be because the program has been modified by a malware program. In such cases, the firewall generates an alarm. Generally, reference testing for applications should remain switched on. In the same way, Reference testing for loaded modules monitors modules that the applications use (e.g. DLLs). Since these frequently change or new modules are downloaded, consistent checking for modified and unknown references for modules may result in a considerable administration effort for the firewall. Every modified module would cause a security request to be sent in its trail to the firewall. Therefore module checking should only be used in this way for very high security requirements. Modified references: Modified references can be automated as much as possible in the reference testing (e.g. during a Windows update) if the modules are checked using Ad-Aware Total Security and found to be harmless. If the Anti-Virus module is not installed, confirmation of modified references can also be carried out manually by the user. Rule sets: Specify here whether, in general, you wish to create new rules using the Rule wizard or using the Advanced dialogue. For users who are not familiar with the subject of network security, we recommend using the Rule wizard. You can, of course, switch from the Rule wizard directly to the Advanced dialogue and vice versa at any time. To do this, in the Rule wizard under What do you want to do simply select the entry Switch to the extended edit mode or in the Advanced dialogue click the Wizard button.

41 36 Connection protocol: Here you can specify for how long the firewall connection data should be saved. You can retain the data for anywhere between an hour and 56 hours and view it in the Protocol program area. Autopilot: During computer games (and other full screen applications), it can be disruptive if the firewall interrupts the flow of the game with lots of inquiry windows or simply interferes with the picture. To ensure that you can enjoy uninterrupted gaming without security compromises, the autopilot is a useful setting because it suppresses the inquiries of the firewall. If you are not using autopilot as a default setting, you can use the Offer autopilot automatically function to ensure that it is activated automatically if you are using a program running in full screen mode.

42 protection 37 protection protection is used to protect you from infected , but also to ensure that you do not accidentally send messages that contain malware. You can use the Advanced option to create custom settings for checking incoming and outgoing . Please also refer to the section Options ( check).

43 38 Spam protection Here you can switch the protection against unwanted advertising and spam on or off. You can use the Configure buttons to define in detail what you would like to define as spam. Configure The flood of unwanted increases every day. Is your inbox overflowing with vast amounts of unwanted will use a combination of the most up-to-date spam checking criteria to securely protect you from spam/junk mail, block spam senders effectively and prevent false detections. The software is designed to be self-explanatory and clearly laid out. Using tabs selected via the icons displayed on the left in the interface, you can switch to the appropriate program area where you can carry out different actions, select default settings or review processes. Additionally, you can find overlapping functions and settings in the menu bar at the top of the program interface (see section Spam protection). Status In the status area of the spam filter, you will find basic information about the current status of your system and. This is indicated by the text to the right of the relevant item. By double-clicking the relevant entry (or selecting the entry and clicking the Edit button), you can directly select actions or switch to the relevant program area. As soon as you have optimised the settings for a component with a warning icon, the icon in the Status area will revert to the green check icon. Spam filter: Double-clicking on this entry enables you to access its settings window where you can create a wide range of settings to protect your system from receiving spam . Disable HTML scripts: You can disable HTML scripts by double-clicking on this entry. Unlike regular file attachments, scripts in HTML formatted can start to deploy their damaging functionality when the user views the message in the preview pane in his or her program. Caution is especially applicable here. To switch off protection against HTML scripts, uncheck the box next to the Scripts entry in More filters. Filter harmful attachments: Extensive functions are available for removing or deactivating dangerous file attachments or for warning users of the danger. Double-clicking the entry enables you to access the settings area where you can define appropriate filter rules for attachments). More filters In this area you can conveniently apply filters that block incoming or automatically remove potentially malicious content from . You can use the New button to set up new filter rules or edit existing filters with the Edit button. The filters created are shown in the list and can be enabled or disabled as required by checking the checkbox to the left. If you see a check in the checkbox, it means that that filter is active. If there is no checkmark in the box, the filter is inactive. To permanently delete a filter, click the relevant filter once to highlight it and then click the Delete button.

44 Spam protection 39 The filter options available here are additional filters which support the actual spam filter and which allow you to configure your own personal settings. The original spam filter (described in the section Spam filter) gives you extensive setting options which effectively block with unwanted content or block from unwanted senders (for example, mass-mail senders). The program checks for numerous characteristics that are typical of spam. These characteristics are used to calculate a value reflecting the likelihood of it being spam. To this end multiple tabs are available providing you with all the relevant settings options sorted by subject. Add new filter When you create a new filter, a selection window appears in which you can specify the basic filter type. All of the other details about the filter can be created using a wizard, which will guide you through that filter type. This is a convenient way to create filters for every imaginable type of threat. Disable HTML scripts: This filter disables scripts in the HTML part of an . Scripts that might look OK on a web page tend to be rather irritating when they are integrated into an HTML . In some cases, HTML scripts are also used to actively infect computers, whereby scripts have the option of running not only when the infected attachment is opened but even when an is previewed. Filter attachments: A large number of filter options for filtering attachments are provided. Most viruses are spread through attachments, which usually have more or less well-hidden executable files. This can be in the form of a standard EXE file that contains malware, but can also be VB scripts, which could be hidden behind an apparently safe graphic, film or music file. In general, users should exercise extreme caution when opening attachments. If in doubt, the sender of the should be asked before opening files that have not been expressly requested. Under File extensions you can list the file extensions to which you would like to apply the respective filter. This lets you put all executable files (e.g. EXE and COM files) into one filter, and have another filter for other files (e.g. MPEG, AVI, MP3, JPEG, JPG, GIF etc.) if their file size would overload the mail server. You can also filter archive files (e.g. ZIP, RAR or CAB). Please use a semicolon to separate all file extensions in a filter group. The Also filter attachments in embedded function ensures that the filtering performed under File extensions for the selected attachment types also applies to messages that are themselves being forwarded as attachments. This option should generally be enabled. Choosing Only rename attachments has the effect of renaming attachments that are to be filtered rather than deleting them automatically. This is not only recommended for executable files (such as EXE and COM) but also for Microsoft Office files that may contain executable scripts and macros. Renaming an attachment makes it impossible to open it simply by clicking it. Instead, the user must first save (and possibly rename) the attachment before it can be used. If the checkmark for the Only rename attachments function has not been set, the respective attachments are deleted directly. Under Suffix you can enter a character string that should be appended to the file extension (*. exe.danger, for instance), which prevents the execution of this type of file by just clicking on it. Under Insert message in text you can inform the recipient of the filtered that an attachment was deleted or renamed based on a filter rule.

45 40 Content filter: You can use the content filter to easily block messages which contain certain subjects or text. Simply enter the keywords and expressions to which Ad-Aware Total Security should react under Search criteria. It is possible to use the AND and OR logical operators to link text components with one another. Under Search area you can now enter those elements of an message where the defined terms should be looked for. The header is the part of an message that, among other things, contains the address of the sender and the recipient, the subject line, and information on the programs and protocols used, and the date sent. If you have, for instance, activated Subject as the search area, only the content of the subject line will be checked, and no other information contained in the header. If you select text as the search area, you have the additional option of limiting the search area to pure text , or extending the search to text in HTML (HTML text). By checking Embedded s you can define whether the content filter search should also cover messages included as attachments in received messages. Under Reaction you can determine what is to be done with recognised as spam by. Using Reject means the in question will not even be accepted by your program. If you check the box for Insert warning in subject and text you can prefix the actual text in the subject line with a warning (prefix in subject line), e.g. Spam or Warning. You can also enter text to be placed above the actual text in the event of suspected spam (Message in text). If you use Microsoft Outlook (caution: not to be confused with Outlook Express or Outlook Mail), you also have the option of moving containing suspected spam to a fully customizable folder in your mailbox (Move to folder). You can create this folder directly via Ad-Aware Total Security by defining the corresponding folder under Folder name. The AND logical operator assumes that all components that have been linked with AND must be present, while the OR operator assumes that at least one of the elements needs to be present. Sender filter: You can use the sender filter to easily block coming from certain senders. To do this, simply enter the addresses or domain names to which Ad-Aware Total Security should react under Senders/domains. Use a semicolon to separate multiple entries. Under Reaction you can determine what is to be done with recognized as spam by AdAware Total Security. Using Reject means the in question will not even be accepted by your program. If you check the box for Insert warning in subject and text you can prefix the actual text in the subject line with a warning (prefix in subject line), e.g. Spam or Warning. You can also enter text to be placed above the actual text in the event of suspected spam (Message in text). If you use Microsoft Outlook (caution: not to be confused with Outlook Express or Windows Mail), you also have the option of moving containing suspected spam to a fully customizable folder in your mailbox (Move to folder). You can create this folder directly via by defining the corresponding folder under Folder name. Language filter: The language filter lets you automatically define in specific languages as spam. For example, if you do not generally have contact with a German-speaking person, then you can set German as a spam language which should be filtered out. Simply select the languages in which you do not receive regular contact and will raise the spam probability for such s. In the Reaction area you can determine what should be done with filtered in this way. Under Reaction you can determine what is to be done with recognized as spam by. Using Reject means the in question will not even be accepted by your program. If you check the box for Insert warning in subject and text you can prefix the actual text in the subject line with a warning (prefix in subject line), e.g. Spam or Warning. You can also enter text to be placed above the actual text in the event of suspected spam (Message in text). If you use Microsoft Outlook (caution: not to be confused with Outlook Express or Windows Mail), you also have the option of moving containing suspected spam to a fully customizable folder in your mailbox (Move to folder). You can create this folder directly in Ad-Aware Total Security by defining the corresponding folder under Folder name.

46 Spam protection 41 Statistics In this area, you receive a statistical analysis of all spam-relevant operations of your traffic. No spam Here you can view all not recognized as spam by. You can use the Update button to retrieve the most up-to-date data status of the software and the Delete button to delete previously marked entries. The messages themselves, which are held in your program, are not deleted. You can use the Add to whitelist button to add a highlighted to the whitelist, thus generally excluding the relevant address from further spam checks. Please also read the section Whitelist in the Spam filter chapter. You can use the Add to blacklist button to add a highlighted to the blacklist, thus generally subjecting the relevant address to extensive checks for spam elements. Please also read the section Blacklist in the Spam filter chapter. Spam Here you are provided with an overview of all s defined as spam by. You can use the Update button to retrieve the most up-to-date data status of the software and the Delete button to delete previously marked entries. The messages themselves, which are held in your program, are not deleted. You can use the Add to whitelist button to add a highlighted to the whitelist, thus generally excluding the relevant address from further spam checks. Please also read the section Whitelist in the Spam filter chapter. You can use the Add to blacklist button to add a highlighted to the blacklist, thus generally subjecting the relevant address to extensive checks for spam elements. Please also read the section Blacklist in the Spam filter chapter. Options (Anti-Spam) Here you can define basic settings for handling spam . Spam filter The spam filter provides you with an extensive range of settings options for effectively blocking with undesirable content or from undesirable senders (e.g. mass senders). The program checks for numerous characteristics that are typical of spam. These characteristics are used to calculate a value reflecting the likelihood of it being spam. You can use the Use spam filter button to enable or disable the spam filter. In order to switch the different filter types of the spam filter on or off, simply set or remove the checkmark in front of the respective entry. To make changes to the various filters, simply click on the respective entry. A dialogue window then opens in which you can vary corresponding settings. The following settings options are available: Spam OutbreakShield The OutbreakShield detects and neutralizes threats from malware in mass mailings before the most up-to-date relevant virus signatures become available. OutbreakShield uses the Internet to monitor increased volumes of suspicious s, enabling it to close the window between the mass mail outbreak and its containment with specially adapted virus definitions, practically in real time.

47 42 If you use a computer behind a firewall, or if you have other special settings for your Internet access, please use a proxy server. To do this, click the Internet Settings button and make the appropriate changes. You should change these settings only if your OutbreakShield doesn't function. If necessary, consult your system administrator or Internet service provider about the proxy address. Use w hitelist Certain sender addresses or domains can be explicitly excluded from spam testing via the Whitelist. Simply enter the address (e.g. newsletter@lavasoft.com) or domain (e.g. com) that you want to exclude from suspected spam in the Addresses/domains field, and Ad-Aware Total Security will not process messages from that sender or sender domain as spam. You can use the Import button to insert predefined lists of addresses or domains into the whitelist. Each address or domain must be listed on a separate line. A plain txt file format is used for storing this list; you can create this list using Windows Notepad, for example. You can also use the Export button to export whitelists as text files. Use blacklist Certain sender addresses or domains can be explicitly flagged as suspected spam via the blacklist. Simply enter the address (e.g. newsletter@megaspam.de.vu) or domain (e.g.www. megaspam.de.vu) that you want to check for spam in the Addresses/Domains field, and Ad-Aware Total Security will generally process from that sender or sender domain as with a very high spam probability. You can use the Import button to insert predefined lists of addresses or domains into the blacklist. Each address or domain must be listed on a separate line. A plain txt file format is used for storing this list; you can create this list using Windows Notepad, for example. With the Export button, you can export blacklists as text files. Use real-time blacklists You can find blacklists on the Internet that contain the IP addresses of servers known to send spam. uses DNS queries to the RBLs (real-time blacklists) to determine whether the sending server is listed. If it is, this increases the probability that it is spam. In general we recommend that you use the default setting here, although you can add your own Internet addresses to blacklists 1, 2, and 3. Use keyw ords ( text) You can also identify suspected spam messages through the words in the mail text by defining a list of keywords. If at least one of these terms is included in the text, the spam probability increases. You can change this list as you like by using the Add, Change, and Delete buttons. You can add predefined lists of keywords to your list using the Import button. Entries in such a list must be listed one below the other on separate lines. A plain txt file format is used for storing this list; you can create this list using Windows Notepad, for example. You can also use the Export button to export such a list of keywords as a text file. By checking Find whole words only, you can specify that will only search for complete words in the subject line of an . Thus, for example, a term such as cash would fall under suspicion as spam whereas the general cashew nuts would be allowed to pass.

48 Spam protection 43 Use keyw ords (subject) You can also identify suspected spam messages through the words in the subject line by defining a list of keywords. An occurrence of at least one of the listed terms in the subject line increases the probability of spam. You can change this list as you like by using the Add, Change, and Delete buttons. You can add predefined lists of keywords to your list using the Import button. Entries in such a list must be listed one below the other in separate lines. A plain txt file format is used for storing this list; you can create this list using Windows Notepad, for example. You can also use the Export button to export such a list of keywords as a text file. By checking Find whole words only, you can specify that will only search for complete words in the subject line of an . Thus, for example, a term such as cash would fall under suspicion as spam whereas the general cashew nuts would be allowed to pass. Use content filter The content filter has been designed as a self-learning filter based on the Bayes method, calculating spam probability on the basis of the words that are used in the text. This filter not only works on the basis of predefined word lists but also learns from each new received. You can view the word lists that are used by the content filter for identifying as spam via the Query table contents button. You can delete all words in this table by using the Reset tables button, after which the content filter will restart its learning process again from the beginning. Reaction Here you can define how the spam filter should process messages that may contain spam. You can use the spam probability value calculated for the affected by to define three different levels of filtering. How those messages in which finds individual spam elements are handled is defined under Suspected spam. Such messages may not generally be spam, but can also be newsletters or part of a mass mailing that is of interest to the recipient. In such cases, it is recommended that you inform the recipient that the is suspected spam. High spam probability covers that contains many spam characteristics and is rarely of real interest to the recipient. Very high spam probability covers that meets all the spam criteria. Such s are rarely wanted, and rejecting with these characteristics is recommended in most cases. Each of these three graduated reactions can be customized. Simply click on the Change button and define the reaction which should use. The Reject option allows you to specify that the corresponding messages do not reach your mailbox. With Insert spam warning in mail subject and mail text you can identify and highlight messages that have been identified as spam to enable these to be filtered more easily. If you use Microsoft Outlook (caution: not to be confused with Outlook Express or Windows Mail), you also have the option of moving containing suspected spam to a fully customizable folder in your mailbox ( Move to folder). You can create this folder directly via by defining the corresponding folder under Folder name. Even if you do not use Outlook, messages that have been identified as spam can be moved to a different folder. Just add an alert in the subject line of the message (for instance "[Spam]") and define a rule in your program to move with this text in the subject line to a different folder.

49 44 Advanced settings This window enables you to make detailed changes to the spam detection of Ad-Aware Total Security, adapting the system to suit your traffic. However, it is generally recommended that default settings are used here. Making changes in the advanced settings should only be done if you have the corresponding expertise and know exactly what you are doing. Settings You can create more settings in this area. Scan unread mails in the inbox at program start: Only for Microsoft Outlook: The Scan unread mails in the inbox at program start option is used to check for suspected spam in received while you are offline. will check all unread in your Inbox folder and subfolders as soon as you open Outlook. Other mail programs (using POP3): For technical reasons, received via POP3 cannot be deleted directly. If a filter is supposed to reject , this is then assigned a replacement text. The replacement text for rejected is: The message has been rejected. However, you can also customize the text for these notification functions. In the text you define for the subject line and text, the following wildcards (defined using a percentage symbol followed by a lower case letter) are available: %s Sender %u Subject In your program, you can define a rule that automatically deletes s with the replacement text defined here. More filters The following filters are created by default; however, if necessary you can also switch them off by unchecking the box. Please also refer to the section Add new filter. Disable HTML scripts: This filter disables scripts in the HTML part of an . Scripts that might look OK on a web page tend to be rather irritating when they are integrated into an HTML . In some cases, HTML scripts are also used to actively infect computers, whereby scripts have the option of running not only when the infected attachment is opened but even when an is previewed. Filter harmful attachments: A large number of filter options are provided for filtering dangerous attachments. Most viruses are spread through attachments, which usually have more or less well-hidden executable files. This can be in the form of a standard EXE file that contains malware, but can also be VB scripts, which could be hidden behind an apparently safe graphic, film or music file. In general, users should exercise extreme caution when opening attachments. If in doubt, the sender of the should be asked before opening files that have not been expressly requested.

50 Parental controls 45 Parental controls You can use parental controls to regulate surfing behavior and computer use for your children. Configure The parental controls are designed to be self-explanatory and clear. Using various tabs that you can select by clicking the icons displayed on the left, you can switch to the relevant part of the program, where you can perform actions, set defaults or review processes. The parental controls are not included in a standard installation of AdAware Total Security. However you can install this retrospectively by running a customized setup (see section Installation). The following program areas are available Status: Here you can review the current settings and can administer user accounts, so, for example, allocate various Internet security levels for your children. Personal filters: This is where you can individually configure the permitted content and prohibited content settings for different users. Logs: The log provides information on each user's surfing behavior, so, for example, you can see when parental controls have intervened and based on which filter rules. Additionally, you can find overlapping functions and settings in the menu bar at the top of the program interface. Test: As an administrator, this is where you can check whether the restrictions you have defined for particular users are having the desired effect. The Test mode lets you check that websites that are to be blocked cannot be seen via your Internet browser, and thus making sure that the settings are correct. Options: This is where you can adjust the basic operational settings for parental controls and adapt them to your individual requirements. Status As administrator you can select the user for whom you wish to make modifications or create settings under User in the Status area; you can also create new users here. Users with existing Windows user profiles set up on your computer can be selected directly under Users. To modify settings here, just select the relevant user and click the Edit button. Create new user Click the New user button. Enter the user name and password for the relevant user in the dialogue box. To make a password as secure as possible, it should be at least 8 characters long, include upper and lower case letters, and numbers.

51 46 You will now see the new user name under Users; a Windows user account is created for this user at the same time. This means that parental controls are automatically activated for the person whose user name was used to log on when Windows was started, and that this person's settings will apply. By double-clicking the Settings area, you can select the settings for a particular user, for example: to block Prohibited content or to allow only Permitted content or to specify whether the I nternet usage period or Computer usage period should be monitored for this user. Prohibited content Opens a dialogue window in this area where you can block specific web content for the user currently displayed. Check the categories you wish to be blocked. Click on OK and the websites that fit the blocking criteria will be blocked. If you click on the New button, a dialogue window opens where you can define your own blocking criteria (also called blacklists). To do this, first give the name and, if you want, any additional information about the filter you are creating. Then click on OK to open a new window which lets you list the content you'd like blocked by this filter. Add a term under Filter that is to be blocked, and under Search location indicate the parts of a website that should be searched for the term. Here, you have the following options: URL: If you set the checkmark here, it will search for the text that should be blocked in the web address. For example, if you want to block websites like etc., you can simply set chat as a filter, and check the URL option and then click on the Add button. This way, you can block all websites in which the word chat appears in the domain name, i.e., the Internet address. Title: If you check "Title" it will search for the term that should be blocked in the website's title. This is the short website description you see, for example, when you add a website to your Favorites list as a bookmark. For example, if you want to block websites like Chat City Detroit, Teenage Chat 2005 etc., you can simply set chat as a filter, and check the Title option, then click on the Add button. This way, you can block all websites in which the letter combination chat appears in the title. Meta: So-called meta tags are text entries that are hidden in websites. They are there to help search engines find relevant content or just to boost a website's visibility. Search terms like sex or chat are often used here to increase the number of hits a website receives. If you want to block websites in which chat appears among the meta tags, it will suffice to enter the filter chat, check the Meta option and then click on the Add button. This way, you can block all websites in which the letter combination chat appears in the meta tags. In entire text: If you want to check all readable content of a website, just add a term that should be blocked - for example, chat - then check the In the entire text option and click on the Add button. This way, you can block all websites in which the word chat appears anywhere in the website text. Of course, using filter terms that are too general may also block websites that are perfectly harmless. Thus a blocked term such as cash can also cause entries for cashew nuts to be blocked. Websites that accidentally get filtered can be removed from the list using the Exceptions function. To do so, just click on the Exception button and add the term (e.g. cashew) to the filter as an exception. You can create and delete your own filters as required in the Personal filters area. For more information, see the section Personal filters.

52 Parental controls 47 Permitted content Opens a dialogue window where you can permit specific Internet content for the user currently displayed. Select the categories you want to permit by checking the relevant boxes. Now click OK to permit access to the websites relating to the criteria you want. If you click on the New button, you will open a window where you can define your own permitted content (also called whitelists). There you can give a name (and a short description if you want) to your personally created filter. Now, click OK. A dialogue window will open in which, for example, you can create a whitelist of websites suitable for children. Under Filter, enter the domain name components you want to permit. If, for example, you want to permit access to a website with child-friendly content, you can enter e.g. and thus permit access to this website. Now indicate in the Description field what is contained on this website (e.g. Elefanti - child-friendly website) and enter the site's exact web address under Link to website. The description and the link to the website are important if, for example, your child tries to access a website that you have not permitted. Instead of an error message, an HTML website will appear in the browser listing all the websites on the whitelist and a description. This allows your child to directly access the websites he or she is permitted to visit. Once you have added all the entries, click Add and the whitelist will be updated to include these details. The filter also searches for parts of domain names. The results can vary depending on what you enter in the filter. Broader or stricter criteria can be useful here, depending on the website. Monitor Internet usage period This allows you to define for how long and at what times the selected user can access the Internet. To do this, check the box next to Monitor Internet usage period. You can now specify how long the user can access the Internet in total per month, how long per week and how many hours on particular days of the week. This means that e.g. weekends for school children can be handled differently from weekdays. You can simply set the relevant periods under Days/hh:mm, where for example the entry 04/20:05 would mean permission to use the Internet for 4 days, 20 hours and 5 minutes. When there are conflicting details about Internet use, the smallest value is always used. So, if you set a time limit of four days per month, but a weekly limit of five days, then the software will automatically limit Internet usage to four days. If users try to access the Internet beyond their permitted amount of time, an information screen appears telling them that they have exceeded their allotted time. Block periods With the Block periods button, you can open a dialogue box where you can completely block certain time periods during the week - in addition to limiting the computer usage. The blocked time periods are shown in red; the allowed time periods are shown in green. In order to allow or block a time period, simply highlight it using the mouse. A context menu then appears next to the cursor in which you have two options: Approve period and Block period. If users try to access the Internet during the blocked periods, an information screen will appear in the browser informing them that they do not have Internet access during that period.

53 48 Monitor computer usage period This allows you to define for how long and at what times the selected user can access the Internet. To do this, set the checkmark for Monitor computer usage period. You can now specify how long the user may use the computer for in total per month, how long per week and how many hours on certain weekdays. This means that e.g. weekends for school children can be handled differently from weekdays. You can simply set the relevant periods under Days/hh:mm, where for example the entry 04/20:05 would mean permission to use the computer for 4 days, 20 hours and 5 minutes. You can use the Display warning before time expires button to automatically inform the user shortly before the computer is shut down so that he/she can save his/her data beforehand. Otherwise data losses may occur if the computer is shut down without warning. With regard to computer usage entries, it is always the smallest value that is used. That means, if you specify a restriction of four days for the month but allow e.g. five days during the week, the software automatically caps the user's computer usage at four days. Block periods With the Block periods button, you can open a dialogue box, where you can, in addition to limiting the computer usage, completely block certain time periods during the week. The blocked time periods are shown in red; the allowed time periods are shown in green. In order to allow or block a time period, simply highlight it using the mouse. A context menu then appears next to the cursor in which you have two options: Approve period and Block period. If a user attempts to use the computer during the blocked time periods or after his time limit has been reached, he will not be allowed to log on. Personal filters In this area you can modify the whitelists (permitted content) and blacklists (prohibited content) you have compiled and create entirely new lists manually. List types differ fundamentally from one another, as described below: Whitelist: If you set up a whitelist for one of the users selected above, the relevant user can only view websites specified in this whitelist. The Master data area allows the administrator to set up the whitelist according to his/her wishes or to select an appropriate list for a user from a number of predefined whitelists. A whitelist is particularly suitable for allowing younger children restricted Internet access, enabling them to use websites with beneficial educational content only. Blacklist: A blacklist allows you to block access to selected websites for a specific user. Otherwise, the user has free access to the Internet. Please note that this function allows you to block specific pages but that identical content may still be accessible on other websites. In this regard, a blacklist of Internet addresses can never provide complete protection against unwanted content. You cannot run a whitelist simultaneously with a blacklist since, by definition, a whitelist already imposes the strictest possible access restrictions. The following buttons can be used to edit the exclusion lists: Delete: The Delete function enables you to delete the selected lists quickly and easily with your mouse. New: Use this to set up a completely new blacklist or whitelist. The procedure for using this function is the same as that described in the sections entitled Prohibited content and Permitted content. Edit: This allows you to modify the contents of an existing list.

54 Parental controls 49 Logs In the log area, you as the administrator have an overview of all attempts made by other users to call up blocked content. For that purpose you have to select a user from the list at the top of the screen to display his/her specific log. You can also delete these logs using the Delete log button. Options (Parental controls) You can change basic software settings under Options. Simply click the tab with the setting options you wish to change. Log Here you can change the basic settings for information shown in the Log area (see section Logs). In this manner, you can specify whether violations of allowed and/or forbidden content should be logged or not. If contents are logged, you can view the logs of different users in the log area. Since log files grow considerably during regular use, you can have the Parental Controls setting Alert when file reaches KB remind you that the log file has exceeded a certain size, and then delete it manually in the Log area, under Delete logs.

55 50 Tuner Using the tuner makes optimization of your operating system effortless and uncomplicated. From automatically memorizing Windows updates, through regular time-controlled defragmentation, to regular removal of unnecessary registry entries and temporary files, the tuner is your handy tool for making your Windows system much faster and more manageable. You will be shown when the last tuning operation occurred. The Configure entry can be used for creating settings for tuning and starting the tuning process. Configure On the left side of the program interface, you'll see a number of options to launch the different program areas of the software. These different areas will be explained in detail in the following sections. Furthermore, in the upper menu bar of the program interface under Options you will find comprehensive functional and settings options. Status In the Status area, you can get an overview of all the key information for running the tuner software. The following information is available in the Status area. Active elements are displayed in green while inactive elements are displayed in gray: Active profile: This option allows you to define various tuning profiles (such as security, performance, or data protection tuning) so that they can be implemented independently of one another. If you do not define different profiles, the standard profile is displayed. You can create individual profiles in the Configuration program area. Last run: This shows when the tuner software was last run. Both automatic and manual runs are shown here. To directly start a tuning process, simply click the entry Last run or the Run button. The software then immediately checks your system and optimises it according to the configurations which you set in the Configuration program area. During the tuning process, an information window appears which shows the tuning functions currently being run. As soon as tuning has ended, this message will disappear. When the tuning process is being performed, a status bar indicates the progress of the activity. This status bar can be seen in the status area and the configuration area. Changes made: The number of system changes made to date during tuning is listed here. Double-click on this entry to reset the changes counter. Scheduled tuning runs: If you define an automated scheduled system check in the Schedule area, your computer will be regularly optimised at intervals you specify. If you don't want the tuning process to run automatically, you can either click on Schedule and delete or disable the relevant tuning job or temporarily disable all planned tuning tasks by clicking on the Run scheduled tuning processes entry. The entry will then be shown as disabled. To restart the automatic run, simply click on this entry again. Active tuning function: The Active tuning function field indicates which components are currently being optimised and/or checked during the tuning process. This window disappears automatically once the tuning process is complete.

56 Tuner 51 Configuration In the Configuration area you can select all the modules that the tuner should use for a tuning process. Selected modules are then either started automatically as a scheduled event (see Schedule) or manually, by going to the Status area and clicking the Run button. To activate a module simply double-click it. Using the All button you can activate every module in a specific category (e.g. security, performance or data protection). You can use the None button to deactivate all the modules, and with the Toggle button you can deactivate all active modules and activate all inactive modules. The Test run button allows you to determine which changes the tuner would make during a tuning process, without the changes actually being performed. Following a test run, a screen appears in which the upcoming changes are documented. If you click OK, these changes will actually be made. If you click Close however, none of the system changes suggested by the test run are implemented. You can use the Details button to view a detailed log of the suggested changes selected using the mouse. Furthermore, you can export this as a TXT file using the Save button. Define profile This option allows you to define various tuning profiles (such as security, performance, or data protection tuning) so that they can be implemented independently of one another. If you do not define different profiles, the standard profile is displayed. To configure a new profile, simply click the Add profile button. A window then opens in which you can enter a name (e.g. Security tuning or the like) for the new profile. All the changes that you make when selecting the modules are saved so that you can perform very specific tuning runs. To delete a profile, select the profile and then click the Delete button. The standard profile cannot be deleted. Security Various functions that download data automatically from the Internet are only of use to the provider and have no benefit for you. These functions may often leave you vulnerable to malware. With these modules you can protect your system and keep it up-to-date. Performance Once installation is complete, temporary files (such as backup copies, log files or installation data that are no longer required) occupy hard disk space, only slow down your hard disk and use up valuable memory capacity. Moreover processes and file links that are no longer required can significantly slow down your system. You can use the modules listed here to remove this superfluous load from your computer and speed the computer up. Data Protection This provides a summary of the modules that ensure your data is protected. Traces that are created unintentionally while surfing or using the computer in general and that contain a lot of information about your user behavior, or even important data and passwords, are deleted here.

57 52 Undo The software creates a Restore point each time a change is made. If one of the executed tuning actions leads to unwanted results, you can undo this action and restore your system to the status before the respective change. To do this, simply use your mouse to select the area up to the point where you wish to perform the Restore operation and then click the Restore button. Here you may deliberately select only those areas from the most recent change, up to the last specified restore point as the maximum. Since system optimization and system cleaning operations are cumulative, you cannot, for example, select an intermediate restore point from the sequence on its own. Performing a restore without taking account of subsequent changes would lead to system-related problems. By using the Delete all button you can delete all Ad-Aware Total Security restore points. Automatic system recovery is subsequently no longer possible. Since only a small amount of memory is required for restore data and you are provided with the opportunity in the Options area to have restore points deleted automatically after a certain period, you should avoid manual deletion of restore points as a rule. Schedule In this area, you can define automatic scheduled system checks. Use the Edit button to change an existing scheduled system check. Use the Start now button to perform a tuning job immediately, irrespective of time specifications. Simply click the New system check button and enter all necessary details in the wizard that appears. If you want to delete a scheduled automatic system check instruction, right-click the entry and select Delete from the context menu which appears. Name Enter a meaningful name for the new system check in the Name area (e.g. daily system check). Profile In this area you can select one of the profiles you have created in the Configuration area for the respective tuning job. Scheduling The Scheduling tab allows you to specify when the automatic tuning job should run and how often. You set up the default schedule under Run and then specify in more detail by entering the Time. Under Daily, you can use the Weekdays settings, for example, to specify that the computer should only carry out the tuning on workdays or just every other day, or on weekends only, when it is not being used for work. To change the time and date under Time, simply highlight the item you wish to change (e.g. day, hour, month, year) with the mouse and use the arrow keys or the small arrow symbols to the right of the input box to chronologically scroll within the relevant item.

58 Tuner 53 Logs In the Logs area, you can find log files relating to all tuning processes. Here you can see in detail which files have been deleted or modified, which user accounts and system areas have been checked, and which entries in the registry have been changed. To view details relating to a specific log, simply double-click the desired log, or highlight it and click the Open button. To manually delete log files that are no longer required, use the Delete button. In the Configuration area, you can also delete the log files automatically. Options (Tuner) You can change basic software settings under Options. Simply click the tab with the setting options you wish to change. General Here you can determine when obsolete data (e.g. old TEMP folders), restoration data (which the tuner software creates when changes are made) and desktop shortcuts (if they have not been used for a corresponding number of days) are supposed to be deleted. Here you can also specify whether or not the tuner is supposed to search the Internet automatically for current Windows updates and Office updates. Of course, the search for Office updates only works if Microsoft Office is installed on the relevant computer. The tuner is structured in such a way that it consistently logs information about any changes that are made. If you think that a log file containing relevant information about what the tuner has deleted is a security risk, you can suppress creation of such a deletion log by setting the checkmark for Do not create log files with detailed information about the deleted items. In the Logs area, this information is then displayed in non-detailed format. You can use the Permanently delete temporary web browser files function to exclude web files (such as cookies, temporary Internet files) from the restore option in the tuner i.e. you cannot restore these files using the Undo program area. By activating this function, you reduce the number of files that the tuner has to manage in the Undo area considerably. This improves performance. Use the Automatic computer restart not permitted by the service option to prevent a possible computer restart, which the tuner might otherwise need to perform for a scheduled tuning job. Since the tuner would only perform a computer restart without asking when no user is logged on, it is definitely recommended that this option is not activated in the majority of cases. If you are using a Firefox browser, you can use the Restore standard rights for Firefox function to further improve the security of the Firefox browser. When you switch to standard rights, the Firefox browser always starts with a security prompt from then on. Furthermore, the browser can only save to folders with the same security level, i.e. you can only save data from the Internet to a preconfigured download folder or the desktop.

59 54 Folder protection This tab lets you select specific folders (including your Windows partition) to protect old files from automatic deletion. Just click the Add icon and select the corresponding folder or the desired drive. To clear all the items from an Exceptions directory, select it in the Temporary files area and then click the Delete button. The tuner software finds temporary files based on the file extensions. The following file types are defined as temporary files: file*.chk, *.tmp, *.temp, *.gid, *.bak, *.sik and *.old. Here you can define specific directories as exceptions. So, for example, if you define C: as an exception, then all files in the top directory level of C:\ (the root directory) will be protected. Temporary files in the subfolders of this directory (e.g., C: > Windows or C: > Data > Storage) will be searched for temp files and, if necessary, completely cleaned, as normal. File protection You can use file protection to protect certain files from being deleted by the tuner, for example, game scores for computer games or similar files with unusual file extensions, which could also be interpreted as backup or temp files. To protect specific files, click the Add button and enter the corresponding file name. You can also use wildcards here. Wildcards work as follows: The question mark symbol () represents individual characters. The asterisk symbol (*) represents entire character strings. For instance, in order to protect all files with the file extension.sav, enter *.sav. Or to protect files of various types that have identical initial file names, enter e.g. text*.*. Now choose the folder in which the files are to be protected by clicking the Advanced button. Here you can now select the storage location where the files to be protected are located. The Tuner now protects the files thus defined in this folder only (e.g. only game scores in the relevant games folder).

60 Backup 55 Backup As everyday life becomes increasingly digitalized, including the use of online music services, digital cameras and , backing up your personal data becomes ever more important. Whether in case of a hardware error, an accident or damage from viruses or hacker attacks, you should take care to regularly backup your personal documents. Backup takes care of this job for you and protects your most important documents and files so that you don't have to worry about them. Configure The software is designed to be self-explanatory and clearly laid out. Using various tabs which you can select by clicking the icons displayed on the left, you can switch to the relevant program area where you can perform actions, set defaults or review processes. The following program areas are available Status: In the status area you can see the current status of your data security measures. Backup: In this area you can launch backups directly or create schedules for automatic backups. Restore: Here you can restore files that you have backed up. Actions: In the actions area you can use additional FTP and burn functions. Logs: All the backup, administration and restore processes are logged by Backup. You can access the logs here. Additionally, you can find overlapping functions and settings in the menu bar at the top of the program interface. Options: Here you can change the backup program's basic settings to suit your requirements. Including online storage (1 GB) When you register this software, Lavasoft will give you 1 GB of online storage on an FTP server for your backups, for free. The FTP details will automatically be entered in Backup's FTP window and you will be able to store your most important data safely online, with password protection if required. You'll find the necessary information about FTP access data on the back of the user guide. If you bought your software online, you'll receive the access data in a separate . If you have multiple licenses you get 1 GB of free online storage space for every license; for example, a triple license means you have 3 GB of space. As long as you are getting Lavasoft virus updates, this FTP storage space will remain available to you. If you terminate the contract, you still have 30 days to remove the files from the Lavasoft Backup server. After that, the data will be deleted. Status In the Status area you can see an overview of the current backup status. Here you can check when the last backup was made and see when the next automatic backup is due to be run by the program.

61 56 Backup In this program area, you can start a backup of your important data immediately or define an automatic backup that makes backups of your data at regular intervals automatically. Simply choose the files for backup, define a target (e.g. external hard disk or DVD-ROM drive) and click the Start backup button. You can choose between the options Standard backup and Advanced backup, and you can toggle between them using the respective icon at the top right. Standard backup In Standard backup you will find all the settings options in a single dialogue window. This is recommended for making a quick backup of the most critical data. Source files Select the files here that should be included in the backup. Backup provides default parameters for folders in which personal data in Windows is generally saved. In other words, you can perform a backup of your images, your music, or even all of your most important files. Images: If you set the checkmark here, Backup saves all types of files that contain images and are found in certain folders. Music: If you select this function, the software saves all types of files that contain music and are located in certain folders. Documents: You can also back up text documents having the most varied of formats. Films: Film files of every format can also be backed up with Backup. The software also makes it possible to back up your . For this, the archives of the programs that are found on your computer are saved. Other file types: You can define other file types here if you use documents that you would like to back up even though they do not have a standard file format. Additional search folders: In general, Backup compiles a backup from the files and folders that is generally intended for the storage of personal data by your operating system. If you still have folders in another location that should be included in the backup, select them here. These folders will then be automatically searched if you want to back up images, music, documents, etc. Additional folders/files: If you would like to define entire folders or certain files for the backup regardless of the selectable file types, you may do so here. Simply select the folders and files that should be included by Backup. In the File selection area, you can click the plus (+) symbols to open and select directories whose content is then displayed in the file view (right). Each directory or each file which you check off is taken into account during Backup. If not all files in a directory are checked, this directory is marked with a gray checkmark.

62 Backup 57 In the Files types area you can also define individual file types in addition to the specified file types. So, for example, if you also want to back up other text documents in addition to Office documents, such as documents in OpenOffice format, you can define individual file types on the Files types tab using the Add button. So, for example, enter *.odt here for OpenOffice documents. To exclude unnecessary document formats from the backup, you can also select the desired file type using the mouse and then click the Remove button. Target Here you can define the target or location to which Backup should save the backup copy of the files and folders. The currently selected target is displayed. If you double-click on this option, a dialog window opens in which you can define a new target. This can be a CD- or DVD-ROM drive, another hard disk, a USB stick, other removable media or a directory on the network. To store backups on the Lavasoft FTP server, please check the box next to Copy archive to FTP servers. If you cannot establish a connection to the FTP server, please use the extended dialog box to enter the connection details you received during online registration of. If you would like to write the data to a CD-ROM or DVD-ROM, Backup will prompt you to insert a blank CD or DVD in the drive. Please ensure that the backup is not made to the same disk that the original data is located on. If this disk becomes defective, you will lose both your original and your backup data. The best thing to do is to keep the backup at a place that is spatially separate from the original files, that is, on a USB hard disk or burnt to CD/DVD ROM in another room. Schedule You can automate backups here. If you click on this option, a dialogue window will open in which you can define under Schedule how often a backup of your data should be carried out. Warning: To be able to carry out scheduled backups at all, you must check the box next to the Run job as option under User details in the Options area and enter the access data for your Windows user account there. This input is required so the backup can be scheduled to run even when you are not logged on as a user. Under Run, just enter how often, on which days, and at what time the backup should take place. A backup of all data that you selected under Source files will be now made automatically according to the frequency you entered. Warning: Automatic backups do not work with CD-ROMs or DVDROMs since user intervention may be required for changing a blank disk.

63 58 In the Delete older archives section you can define how to use Backup with backups that already exist. Backup archives your data to a separate individual file with the file extension ARC. Having existing backups that have not been overwritten naturally increases the security of your data since, in the event that the current archive should be corrupted, an older archive is available so you do not lose all the data. In general, however, archives require a lot of space on data carriers, so you should beware that you do not accumulate too many archive files. It is a good idea to set a maximum number of backups to store on your backup medium under retain full backups. The oldest archive will then be replaced by the current archive. Partial backups Partial backups serve to speed up data security. Instead of using all data for a backup, a partial backup adds to an existing full backup and only backs up data that has changed since the last full backup. This way you still get a complete backup of your data set, but the backup process itself is significantly faster. If you want to use partial backups, check the box next to Create partial backup(s) and enter the frequency with which the backup should be run. A disadvantage of partial backups is the comparatively greater storage space requirement, as data in the full backup that is no longer required will not be directly deleted. However, after the next full backup, the full and partial backup datasets will be synchronised and the data volume will again be the same as for a full backup. Advanced backup An advanced backup is supported by a wizard and is more comprehensive. Here you can define various independent backup jobs and so, for example, carry out a backup of your music collection every month while backing up important text documents on a daily basis. To start the backup job set-up wizard, please click on the New button. File selection A window now opens in which you can highlight the files and folders you want to save. Just put a check mark in front of the relevant folder or file. In the File selection area, you can click the plus (+) symbols to open and select directories whose content is then displayed in the file view (right). Each directory or each file which you check off is taken into account during Backup. If not all files in a directory are checked, this directory is marked with a gray checkmark. Unlike the Standard backup, which automatically selects the most important user data, with Advanced backup you have to know where you have saved your data and files. You can usually find the My Pictures folder under e.g. Local Disk (C:) > User > [user name] > Images.

64 Backup 59 Select target Here you can define the target or location to which Backup should save the backup copy of the files and folders. This can be a CD- or DVD-ROM drive, another hard disk, a USB stick, other removable media or a directory on the network. To store backups on the Lavasoft FTP server, please set the checkmark for Copy archive to FTP server. If you cannot establish a connection to the FTP server, please use the extended dialogue box to enter the connection data you received during the online registration of. If you would like to write the data to a CD-ROM or DVD-ROM, Backup will, of course, prompt you to insert a blank CD or DVD in the drive. Please ensure that the backup is not made to the same disk that the original data is located on. If this disk becomes defective, you will lose both your original and your backup data. The best thing to do is to keep the backup at a place that is spatially separate from the original files, that is, on a USB hard disk or burnt to CD/DVD ROM in another room. Schedule You can automate backups here. Warning: To be able to carry out scheduled backups at all, you must check the box next to the Run job as option under User details in the Options area and enter the access data for your Windows user account there. This input is required so the backup can be scheduled to run even when you are not logged on as a user. Under Run, just enter how often, on which days, and at what time the backup should take place. A backup of all data that you selected under Source files will now be made automatically according to the frequency you entered. Warning: Automatic backups do not work with CD-ROMs or DVDROMs since user intervention may be required for changing a blank disk. In the Delete older archives section you can define how to use Backup with backups that already exist. Backup archives your data to a separate individual file with the file extension ARC. Having existing backups that have not been overwritten naturally increases the security of your data since, in the event that the current archive should be corrupted, an older archive is available so you do not lose all the data. In general, however, archives require a lot of space on data carriers, so you should beware that you do not accumulate too many archive files. It is a good idea to set a maximum number of backups to store on your backup medium under retain full backups. The oldest archive will then be replaced by the current archive.

65 60 Partial backups Partial backups serve to speed up data security. Instead of using all data for a backup, a partial backup adds to an existing full backup and only backs up data that has changed since the last full backup. This way you still get a complete backup of your data set, but the backup process itself is significantly faster. If you want to use partial backups, check the box next to Create partial backup(s) and enter the frequency with which the backup should be run. A disadvantage of partial backups is the comparatively greater storage space requirement, as data in the full backup that is no longer required will not be directly deleted. However, after the next full backup, the full and partial backup datasets will be synchronised and the data volume will again be the same as for a full backup. Options You can change general archive options in the Options area. In general, you do not have to make any changes here since the default options cover most application scenarios. General archive options In the General archive options, you have the following settings options: Directory for temporary files: Temporary files are data that a backup only writes to your hard disk temporarily. If there is insufficient space on your standard partition, this is where you can change the partition and the temporary storage location for these files. Limit file size of archive: If you store archives on CD, DVD ROM or other writeable media, it is important that Backup limits the size of the archive files. Here, you can choose from default sizes enabling you to retrospectively store the archive data on CD, DVD or Blu-ray discs. When the archive reaches the maximum size specified here, it is split and the backup information is spread across two or more archive files. Delete temporary archives: This option should generally be enabled. After a certain number of backup operations, temporary archives require a lot of space on your hard disk and are no longer needed after their temporary use. Copy restore program: If you activate this function, a program is also installed in the storage area of your data backup that you can use to restore your data without using installed backup software. To use this function, start the AVKBackup program or AVKBackup.exe from the CD/ DVD ROM. Check files for viruses before archiving: If the Anti-Virus module is installed, you can check your data for viruses before it is stored in the backup archive. Check archive after creation: The purpose of this function is to check the archive for completeness and correctness once it has been created. Encrypt archive: If you want to protect archived files from external access, you can assign a password to them. In this case, the data can only be restored with this password. You should memorize this password or write it down and put it somewhere safe. Then your archive data cannot be restored without the password. Integrity test with differential backup: The purpose of this function is to check a partial backup for completeness and correctness once it has been created. Check source/destination drive on same hard disk: If you set this checkmark, Backup checks whether you are accidentally trying to create a backup on the same data medium on which the original data is located. Such a backup is possible in principle, but since both the source and the backup data would be lost if this data medium was lost or destroyed, this would be pointless and dangerous.

66 Backup The restore program is only copied with it onto CD/DVD ROM. This is not the case for backup copies to removable media (USB stick, external hard disk). If you have installed the Backup software on the computer on which the restore is supposed to take place, please do not execute the restore by using the restore program on CD/DVD ROM but by using the function Import archive. 61 User details To run scheduled backups, set the checkmark in the Options area under User details for the Run job as entry and enter the access data for your Windows user account there. This input is required so the backup can be scheduled to run even when you are not logged on as a user. Compression In the Compression area, you can determine if your archives should be strongly or weakly compressed. Good compression: The data is strongly compressed for the backup. This saves you backup storage space, but the backup itself will take longer. Balanced compression: The backup is not as strongly compressed, but it will be executed more quickly. Fast execution: Data is not compressed, so the backup is executed quickly. Exclude files Backup usually saves files on the basis of their file format. On your computer system, however, corresponding file formats also exist in areas that are managed automatically and are not relevant for backup because the respective files are only stored temporarily (e.g. to speed up the display of pages from the Internet). To ensure that Backup does not unnecessarily archive these files as well, you can exclude them by setting the corresponding checkmark. Temporary directory with files: If this option is selected, the temporary folders (... Documents and Settings > "User" > Local Settings > temp) plus any subfolders and files they contain are excluded from the backup. Temporary Internet directories with files: If this option is selected, the folders for saving web pages (... Documents and Settings > "User" > Temporary Internet Folders) and the subfolders and files they contain are excluded from the backup. Thumbs.db: If this option is selected, the Thumbs.db files created automatically by Windows Explorer will be excluded from the backup. These files are used to manage thumbnails for slideshows, for example, and are generated automatically from original images. Temporary files (file attribute): If this option is selected, files with the system-assigned file attribute temporary are not included in the backup. System files (file attribute): If this option is selected, files with the system-assigned file attribute system file are not included in the backup. You can use the Exclude file types function to define file extensions that should be excluded from your backup. To do so, proceed as follows: Under File type (e.g. *.txt), enter the file extension or file name that you want to exclude. Now click OK. Repeat this process for all other file types and file names that you want to exclude, e.g. picasa.ini, *.ini, *bak etc. The asterisk and the question mark can be used as wildcards here.

67 62 Wildcards work as follows: The question mark symbol () represents individual characters. The asterisk symbol (*) represents entire character strings. For instance, in order to check all files with the file extension.exe, enter *.exe. To check e.g. files with different spreadsheet formats (e.g. *.xlr, *.xls), simply enter *.xl. To check e.g. files of various types that have identical initial file names, enter text*.* for example. Reset to current default options By clicking the Reset to Current Default Options button, you accept the options that you have defined as the standard options in the Options item in 's menu bar. If you want special options for a certain backup job, set these up accordingly. If so, you should of course not press the Reset to current default options button. This function is only available if you are setting up special options for individual backup jobs in the wizard for an Advanced backup. Reset to Ad-Aw are default options By clicking the Reset to Ad-Aware Default Options button, you accept the options that have been defined as the standard options for Backup. That is, if you accidentally entered incorrect options for creating backups and you do not know how to correct them, click the Reset to Ad-Aware default options button. This function is only available if you set the options globally, e.g. for a Standard backup using the Options button in the menu bar. Restore In the Restore area you can restore original files from your backup data in the case of data loss. As in the Backup area, there is also a Standard backup and Advanced backup area here. Standard backup: If you used the Standard backup option when backing up your data, you will find it very simple to restore your data from the Restore area under Standard backup. Advanced backup: If you backed up your data using the Advanced backup function, you will also have advanced options in the Restore area. Here you can go back to imported archives and select which version of the backup you want to use when performing a backup. Restore job If you have selected a data backup and clicked the Restore button, you will be asked whether you want to restore all files (Restore all files from the archive) or only selected files (Only restore selected files from the archive). Make your selection here. Select target In the following dialogue box you can specify whether the data is to be restored to the exact same point from which the backup was made or if you want to store the files in a special folder. We usually recommend the Restore files to original directories setting. Under Password enter the

68 Backup 63 access password, if you have compressed your data backups as password protected when you saved. Under Overwrite existing files you can specify how Backup proceeds with files that still exist at the original location when restoring a data backup. The following configuration options are available: Always overwrite: In this setting, the files from the data backup are always seen as more important than the data that is still in the original directory. If you set a checkmark here, any data that may remain is completely overwritten by the data in the archive. If the size has changed: With this setting, existing data in the original directory is only overwritten if the original file has been changed. Files where the size remains unchanged are skipped. This means the data might be restored more quickly. If the 'modified on' time in the archive is more recent: Here, files in the original directory are always replaced with copies from the archive if they are newer than the data in the archive. This may also speed up the data restore because it is possible that only changed data, rather than all files, have to be restored. If the 'modified on' time has changed: Here, the data in the original directory is always replaced if the modification date has changed compared to the archived files. Then click Finish. Your data will now be restored to the specified location. Actions You can manage and maintain your data backups and more in this area. The following tools are available for this purpose: Administer online archives If you backup your most important data online on the Lavasoft FTP server, Backup will of course need the appropriate access data. Here, you can enter the server name, port, user name, password and directory that you were given when you registered with the Lavasoft Update Server. Registering your Lavasoft product is described in detail in the Internet update section. FTP brow ser Simply enter your FTP access data to gain access to your Lavasoft FTP server. This data was sent to you by , when you registered your product online. For more information, see the section entitled Internet update. Using the FTP browser you can now perform the following actions: Connect: If the connection to the FTP browser was lost, you can reactivate it here. Disconnect: You can use this function to terminate the connection to the FTP browser. New folder: If you want to store your backups in different folders (e.g. only special folders just for music backups), you can use this function to create folders in your FTP storage area. Delete: This function enables you to delete folders or archives you no longer need. Update: If you have performed another update while using the FTP browser, you can display the new data by pressing the Update button. Download: You can use this function to copy archives selected using your mouse from the FTP server to any location on your computer.

69 64 Upload: You can use this function to retrospectively save archives generated using Backup on your FTP server. Burn archive to CD/DVD retrospectively You can burn backup files to CD or DVD at a later date. To do this, simply choose the project you want to burn in the dialogue box displayed and then click the Continue button. Choose which drive you want to burn the data backup on. Check data after burning: If you set a checkmark here, the burned data is checked again after the process of burning. This takes a bit longer than a burning process without a check but is generally recommended. Copy restore program files: If you activate this function, a program is also installed in the storage area of your data backup that you can use to restore your data without using installed backup software. To use this function, start the AVKBackup program or AVKBackup.exe from the CD/DVD ROM. Click the Burn button to start the burning process. Once the burning process is complete, the backup CD/DVD is ejected automatically. Of course, the backup data is not deleted from the original data medium after the burning process. Retrospective burning to CD/DVD is an additional backup. You can use the Import archive function to integrate archives on external data carriers such as CD or DVD back into the Backup file management system. Import archive To restore archives and data backups located on a drive that is not managed by Backup, please use the Import archive function. Here, a dialogue box opens in which you can search for the required archive files with the extension ARC, e.g. on a CD, DVD or on the network. Once you have found the archive you want, please set a checkmark and then click the OK button. A message window tells you that the archive has been imported successfully. If you then want to use this archive to restore data, simply go to the Restore area of Backup, select the backup you want and start the restore. Archive files created by Backup have the file extension ARC. Logs The Logs area provides a comprehensive log file for every action and every backup job. Here you can open individual actions by double-clicking on them and print them out as required or save them as text files. Options You can change basic software settings under Options. You may define these options either individually for the respective backup job or globally as a default setting for all the backup jobs. Options are explained in detail in the section Options.

70 What happens when my license expires 65 What happens when my license expires A few days before your license expires, an information window appears in the task bar. If you click this, a dialogue window opens in which you can extend your license without a problem and in a few steps. Simply click on the Buy now button to renew. You can also renew your license by clicking the This Link.

71 66 Tips for installation Here you can find further information about the installation and registration of Ad-Aware Total Security. Boot scan prior to installation The boot scan will help you fight viruses that have embedded themselves prior to installation of the anti-virus software on your computer and that may prevent from being installed. If you bought with a Boot CD, it can be run before the start of Windows. What is meant by booting up When you switch on your computer, the Windows operating system will normally start up automatically. This process is called booting. However, it is also possible to run other programs automatically instead of your Windows operating system. To scan your computer for viruses before Windows starts up, a Boot CD is needed. How do I cancel a boot scan If you restart your computer and a special Ad-Aware interface appears instead of the usual Windows environment, there is no cause for alarm. If you have not planned a boot scan, just use the arrows to select the Microsoft Windows entry and click on return. Windows will now start normally, without first carrying out a boot scan. If you want to run a boot scan, proceed as follows: 1a Boot scan using the program CD: Use the CD to boot up your computer. - Insert the CD into the drive. In the start window that opens, click Cancel and turn off the computer. 1b Boot scan with that you have downloaded from the Internet: You can burn a new boot CD via the Create boot CD entry in the Ad-Aware Total Security program group. - Insert the boot CD you have burnt into the drive. In the start window that opens, click Cancel and turn off the computer. After this first step the boot scan in all three scenarios will proceed identically: 2 Restart the computer. The boot scan start menu will appear.

72 Tips for installation 3 Use the arrow keys to choose the boot CD option and confirm your choice with Enter. A Linux operating system is now started from the CD and a special version for boot scans appears. If you are having problems with the program interface display, restart your computer and choose the boot CD alternative option. 4 The program will now suggest updating the virus definitions (or virus signatures). 5 Click Yes and perform the update. As soon as the data has been updated via the Internet, you see the message Update complete. Now exit the update screen by clicking the Close button. The automatic Internet update is available if you are using a router that assigns IP addresses automatically (DHCP). If the Internet update is not available, you can still perform the boot scan using old virus signatures. However, in that case, you should perform a new boot scan with updated data as soon after installing as possible. 6 You will now see the program interface. Click the Check computer entry to check your computer for viruses and malware. Depending on the type of computer and size of the hard drive, the boot scan can take an hour or more. 7 If finds any viruses, please use the option provided in the program to remove them. Once the virus has been removed successfully, the original file is available again. 8 Once the virus check is complete, leave the system by clicking the Exit button and then choosing Restart. 67

73 68 The Exit button is located on the bottom right of the program interface. 9 Take the CD out of the drive as soon as the drive tray opens. 10 Switch off your computer again and restart it. Your computer will now start with your standard Windows operating system again, and you can be certain of being able to install the regular on a virus-free system. What do I do if my computer will not boot from the CD-ROM If your computer will not boot from the CD/DVD-ROM, you may need to set this option up first. This is done in the so-called BIOS, a system that is automatically started before your Windows operating system. To make changes in BIOS, proceed as follows: 1. Switch your computer off. 2. Restart your computer. Usually you reach the BIOS setup by pressing the DEL button as the computer is booting up (and sometimes the F2 or F10 button as well). 3. How to change individual settings in your BIOS setup varies from computer to computer. Please consult your computer's documentation. The result should be the boot sequence CD/DVDROM:, C:, meaning that the CD/DVD-ROM drive becomes the 1st boot device and the hard disk partition with your Windows operating system on it becomes the 2nd boot device. 4. Save the changes and restart your computer. Your computer is now ready for a boot scan. Customized setup or full installation A full setup applies the settings that make sense for the majority of users. Just click on the module you want and select whether it should be installed or not. A drive icon will show you that the module is being installed. A delete icon will show you that the module cannot be installed. You can also install or uninstall software components later. To do so, simply run the installation again and activate or deactivate the modules you want (or do not want) using the custom setup. Invalid registration number If you have problems entering your registration number, please check for correct entry. Depending on the font used, a capital "I" (for India) is often misread as the number "1" or the letter "l" (for Lima). The same applies to: "B" and "8", "G" and "6", "Z" and "2".