The most important element of every antivirus program is antivirus engine. ArcaVir program works on the base of the state-of-the-art ArcaEngine which, thanks to the module construction with plugins, is exceptionally flexible and simple to upgrade. It is especially important, especially taking into account new threats, the number of which has been unfortunately constantly growing. Each plugin fulfils a specified function and is responsible for detecting a specified kind of viruses, worms or Trojan horses. Beside scanning solutions intended to detect known types of threats, the engine has exceptionally powerful heuristic mechanisms (Heur.RoundKick), and thanks to them the engine is able to deal with rapidly changing variations of computer threats.

ArcaEngine directly supports modules responsible for the detection and blocking of applications such as: spyware, adware and riskware, as well as operations aiming at getting access to data crucial for the user (phishing).

The ArcaMon monitor is a resident module, which in the real time controls all the files, which are being saved, opened, copied or downloaded from the Internet. The mechanism does not allow for the system infection by means of an unintentional or intentional execution or opening of an infected file. Every such file is immediately blocked and, depending on the configuration or the user’s decision, deleted, cured or moved to quarantine.

ArcaScan scanner allows for a comfortable and complete control of all the computer resources in search of infections. The flexible configuration results in the possibility of creating the so-called scan profiles, thanks to which the user can at any time, with the help of one click, initiate scanning of selected resources. The task scheduler allows initiating scanning at any time. At the moment of detecting an infection, the scanner not only informs the user about it, but also allows undertaking any action in relation to the found infected object. It is very important that the scanner can not only remove or cure infected files, but also, in most cases, withdraw changes in the system executed by dangerous objects in the registry or system files.

ArcaScan scanner can scan most types of archives (both popular and less common) - ZIP, RAR, ARJ, CAB, ACE, BZIP, TAR, DBX and many others. It has also an advanced module handling the so-called embedded and encrypted executable files (e.g. UPX, FSG, PEPACK, PECRYPT, etc.) and, e.g. unicode documents. Thanks to it, it is able to detect a harmful code even in files, which are not handled by other, standard antivirus scanners.

The twenty first century has brought numerous novelties in the area of data safety, among others, the character of threats has changed. In place of rarely launched, written by amateurs viruses, dangerous software is nowadays a tool of criminal organisations. Instead of a few dozen viruses appearing monthly, the number of dangerous programs increased to a few hundred per month. In order to minimise the time of response to new threats and to detect modifications of the existing ones, it was necessary to create an effective prevention mechanism, which can detect unknown threats and adjusts to changing trends. The solution is a new heuristics module identifying suspicious objects - Heur.RoundKick.

The heuristics is based on the most recent results of research over the processing of a huge number of data (Data Mining). In Arcabit laboratories, characteristic features are extracted from the existing threats and from clean files, and on the basis of them an advanced classifier, which can make a distinction between secure and dangerous files, is created. Depending on a type of threat, the efficiency of classification of new threats can reach even 90%, and, at the same time, there are no false alarms.

Modern threats are characterised by the high level of similarity

The most important advantage of the new heuristics is the possibility of automatic update; thanks to it, it becomes more and more effective with time and adjusts to changing trends in the created dangerous software. Advanced mechanisms can detect dangers of the existing families (such as Mydoom, Sober or Nyxem), as well as quite new, not identified threats. Our intention was to create mechanisms detecting the most popular contemporary threats, i.e. Internet worms, Trojan horses and spyware.

Heur.RoundKick constitutes an ideal supplement of the existing heuristic mechanisms based on the static analysis of code and behavioural analysis, which are implemented in ArcaVir program to protect users against unknown computer viruses. In conjunction with the rapid update of signature definitions, ArcaVir program assures the complex protection against Internet threats.

In the even of a heuristic detection of a potential threat, it is possible to send the suspicious object to Arcabit laboratories for a rapid analysis. The potentially dangerous file is analysed by specialists, who, should there be such a need, elaborate an effective vaccine identifying the threat and "curing" the system.

Objects concealing their presence in the system - rootkits – constitute a more and more serious threat for our systems. Standard protection packets are not prepared to fight this type of objects, and that is why we recommend installing ArcaVir packet, including ArcaRD module, which detects and disarms rootkits.

The number of objects in the Network of the spyware, adware and riskware type has been steadily growing. ArcaAntiXWare module protects the computer user against burdensome, and also often harmful activity of those threats.

The name spyware relates to all the programs aiming at spying the user’s operations. The author of such a program receives data including passwords, numbers of credit cards, visited Websites, etc.

Mail still remains one of the major sources of infection. Ever day our mailboxes receive countless quantities of infected messages. Our response to such challenge is ArcaMail mail scanner. It does not require any additional configuration of mailboxes, and immediately after the installation it protects all the boxes, irrespective of the fact which mail program is used. ArcaMail scans both incoming and outgoing mail. Similarly like ArcaScan and ArcaMon it handles archives and embedded files.

Phishing is a mechanism aiming at stealing data from the user, which allows gaining access to the user’s private resources – bank account, account at Internet auctions and at other services, if their membership entails some value. Phising most often is present in form of specially prepared e-mails, simulating by their look and content messages from known services (e.g. banks). Examples of such messages:

or

After clicking on the link included in the message content, the user unaware of a threat is redirected to a fake site, where he or she is asked to submit data, which should not be rendered accessible to strangers – e.g. account No. and password. If the user submits this data, the hacker has access to his or her resources and the user can, e.g. lose money. ArcaVir has a module recognising this type of messages and marking them as dangerous.

Spam, i.e. unwanted correspondence cluttering our mail boxes is one of the main worries of almost all computer users, who at every receipt of mail have to separate manually valuable messages from the accumulation of spam. Our response to this problem is ArcaAntiSpam module. It can mark unwanted mail, which allows easy filtering in the mail program. ArcaAntiSpam uses advanced statistical techniques, white and black lists, RBL-s, etc.

Nowadays, hardly any computer is isolated from the Network. That is why ArcaFirewall fulfils such an important function in the packet. The flexible and complex configuration allows defining such a level of system security that there is no need of any subsequent user intervention.

Browsing of Internet sites has been a dangerous activity since the time when dangerous software was created, which is installed on a drive during Internet surfing. An innocent picture can include content with a harmful code.

The parental control module enables to easily specify sites that can be used and sites to be blocked. An administrator of a school network, as well as of a company network can specify which sites within the given structure can be rendered accessible to users. The user has at his or her disposal a few simple and effective control mechanisms.

1) The first of them is the so-called white and black list of addresses.
The white list includes addresses (addresses can be defined also as fragments of addresses or regular expressions), the access to which is specified as secure.
The black list includes the addresses, which are specified as unwanted (similarly like in case of the white list, we can also include fragments of addresses, single words or regular expressions). An example of use: If we want to block the access to all the sites except for the selected ones, then we place the expression identifying all the addresses - ".*" (full stop asterisk) on the black list, whereas allowed addresses we place on the white list.

2) Another filtering mechanism is the control of WWW content. Similarly like in case of addresses, we can specify any expressions and their effect on the classification of a site as allowed or banned.

3) Additionally, the user can define in ArcaFirewall settings, when the Network should be available, and when access to the Network should be blocked.

The new ArcaCare module is accessible from the level of the main program window and from the systray menu. After protecting the program settings and the activity of modules with a password, we can be sure that the imposed restrictions will be protected by ArcaVir packet.

The system registry is the major database in Windows system. Its content and condition affect the stability of the system and quality of our work. The registry monitor, i.e. ArcaRegMon continuously monitors whether executed and used by the user applications attempt to insert harmful inscriptions to the registry (e.g. in the Run key, which is responsible for executing applications at the system startup). Each potentially dangerous change results in an alarm, and the program gives the user a possibility to withdraw or accept the change.

The majority of threats and infections can be detected without scanning the whole system – it is enough to control its crucial elements such as the registry or executed processes. This role is fulfilled in ArcaVir packet by ArcaCheck. The module is launched at every system startup and checks whether there is anything suspicious in the system, which could constitute a threat to our data.

The process manager is a tool, which can facilitate the problem analysis in situations when we notice untypical, different than expected computer behaviour. The tool allows analysing the list of applications executed in the system, getting to know the libraries used by them, opened files and other system resources. It also enables to quickly find in the Internet information about a selected application.

ArcaAntiStealth mechanisms are responsible for detecting hidden processes.

ArcaDump enables to quickly gather all the important information about our system (executed processes, important registry keys, system files, equipment characteristics). The generated report can be quickly sent to the technical support section of ArcaBit. Based on the report, company specialists can determine whether there are harmful objects installed and active in the system.

Update in case of antivirus protection software is one of the key factors determining its effectiveness. ArcaUpdate module guarantees that ArcaVir packet installed in the system always has up-to-date virus definitions, up-to-date scanning mechanisms, up-to-date heuristic definitions, etc. ArcaUpdate operates in two modes. The first is the alert update mode, launched by a signal from update servers of ArcaBit company. The other is the task mode, based on the task scheduler function included in the packet. In case of larger networks ArcaUpdate offers the repository mechanism, thanks to which update files are downloaded only by one computer in the network and rendered accessible (in the protocol selected by the administrator, including HTTP) to other computers in the network.

The possibility of the mobile configuration of software for a group of stations in the computer network and current monitoring of their condition constitute one of the key requirements posed by administrators of large networks.

ArcaAdmin module delivers tools allowing the management of ArcaVir program in the network. The central database including information about the program configuration and events taking place in the system, effective mechanisms of exchanging data between the management server and the managed stations and the central management console enable the effective implementation and management of ArcaVir program, even in a really large network.

The quarantine module allows the secure storage of suspected files on a drive. Quarantined files are encrypted, and thanks to it they constitute a threat neither for the system nor for the included data. The quarantine enables comfortable management of stored files. Files can be scanned at any time with the use of the most recent virus definitions, recovered or sent to the technical support section of ArcaBit company.

All the events registered by ArcaVir packet modules are kept in the central reports basis, and thanks to it, the user can monitor operations executed by the protection packet on the current basis. Every event is broadly commented.

The comfortable configuration is one of the factors contributing to the fact that work with the program is simple and satisfactory. ArcaVir offers the centralised configuration module. It allows the specification of parameters of the packet operation from the level of one configuration panel. It should be emphasised that the packet configuration is at the same time both comfortable for advanced users, and easy-to-use for beginners.

ArcaFix installation repair packet allows the rapid recovery of the default configuration of ArcaVir packet, e.g. after a drive or system breakdown.

The task mechanism included in ArcaVir packet enables the periodical execution of specified processes (update or scanning), which means that the user does not have to remember about standard maintenance operations.

Technical Support Section
e-mail: support@arcabit.com