This can happen when we distribute a new AV version. The rollouts are spread over several days. Only when the regular rollout is finished, the new version will be kept as the latest version in the database.

Files can be sent to IKARUS for analysis via Quarantine -> Right-click on the virus and send to IKARUS.

Please send an email with the infected file to probe(at)ikarus(dot)at. The file will be analyzed there.
A local virus scanner or one integrated in the firewall can remove the file when sending it.

This removes the entries from the quarantine list.
Entries older than 7 days are automatically removed from the list.

IKARUS anti.virus does not move any files.
As soon as a contaminated file is found on a computer, IKARUS anti.virus blocks it (copying and executing the file is no longer possible) and displays it in quarantine.

A special case is a corrected false alarm: The quarantine checks as soon as it is opened whether all entries are still verifiable.
If the virus database has been updated in the meantime and the entries are no longer verifiable with the current VDB, they are removed from quarantine and the files are released again.

This feature can be configured via the AV Portal. See also Configuration Profiles

IKARUS anti.virus Client cannot perform NTLM authentication on the client.
As a workaround, an authentication exception can be set up in the HTTP proxy.
.*.ikarus.at
.*.mailsecurity.at
For more information, see the Wiki article -> HTTP proxy and IKARUS anti.virus

A license is required for one operating system instance (Windows). This applies to installations directly on the hardware (bare metal) as well as for virtual instances. The licensing is identical for client and server operating systems. A further distinction does not exist.

When uninstalling, the activation is removed in the portal.

Updating the license reloads the information about the license and devices.

Yes, notifications can be set up in the license for reaching a number of activations.

For the complete log, all for options under

Extras -> Settings -> Protocols

must be activated.

• Protocols

Extras -> Protocols

• Each scan profile has its own protocol
• Protocol for update
• Protocol for system cleaning

• Log

C:Program FilesIKARUSanti.viruslog

• log

info [ 870](compattelrunne,2,s)[s] on-access scan of "c:Program Files (x86)Mozilla
Thunderbirddistributionextensions{e2fda1a4-762b-4020-b5ad-a41df1933103}chrome.jar", size 1048196 B,
CRC: 5188e7c97a1401c3 in 1.008 sec [B: 0.003 C1: 0.0000 C2: 0.0000 S: 1.005 A: 0.0000]


1. [25.04.2019 08:08:27]
2. info
3. [ 870]
4. (compattelrunne,2,s)
5. „c:Program Files (x86)Mozilla
   Thunderbirddistributionextensions{e2fda1a4-762b-
   4020-b5ad-a41df1933103}chrome.jar„
6. size 1048196 B
7. CRC: 5188e7c97a1401c3
8. in 1.008 sec
   [B: 0.003 C1: 0.0000 C2: 0.0000 S: 1.005 A: 0.0000]

Description:

1. Timestamp of the log entry
2. Log level of the entry
3. LogID, which log entries belong to a process
4. Service that has accessed the following file
5. File accessed by the service
6. Size of the file in bytes
7. Test value, checks if the file scanner is already known
8. Time the scan took
   • B: Time before performing the scan (exclusions etc.)
   • C1:Time to get information about the file
   • C2: Time to process the information from C1
   • S: Time of the scan engine
   • A: Time to release data

AV_Registration: INFO: Using TID for registration: xxxx-xx-xx-xx-xxxxxx
AV_Registration: INFO: No proxy will be used for connection.
AV_Registration: INFO: Connecting to server: https://avitc.ikarus.at
AV_Registration: ERROR: Could not establish connection to the server. Please check your internet connectivity.
Cause: No connection to the backend servers.
Solution: Check the Internet connection.

CAQuietExec: Entering CAQuietExec in C:WindowsInstallerMSIF3D9.tmp, version 3.11.2318.0
CAQuietExec: ” C:Program FilesIKARUSanti.virusbinguardxservice_x64.exe” -install
CAQuietExec: Service already installed, but stopped. Starting it.
CAQuietExec: Error: Starting service ‘start service: :(2) The system cannot find the specified file. ‘
CAQuietExec: Error 0xffffffff: Command line returned an error.
CAQuietExec: Error 0xffffffff: QuietExec Failed
CAQuietExec: Error 0xffffffff: Failed in ExecCommon method
CustomAction InstallService64 returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Cause: Residuals present on the operating system after the AV could not be installed correctly.
Solution: Remove the remains with AV Remover.

AV_Registration: INFO: Backend return code: 402
AV_Registration: ERROR: An error occured while checking validity of License. Aborting!
AV_Registration: ERROR: The server returned an error message: ‘License TID has reached usercount limit!‘
Reason: No further activations available, the license is full.
Solution: The license must be checked.

AV_Registration: INFO: Connecting to server: https://avitc.ikarus.at
AV_Registration: ERROR: Could not establish connection to the server. Please check your internet connectivity.
Returncode: 400 BAD_REQUEST
Response:



Cause: SSL interception without exceptions.
Solution: Exceptions for SSL interception must be entered in the firewall.

Error: Starting service ‘start service starten : :(577) The digital signature of this file cannot be verified.
A recent hardware or software change may have installed an incorrectly signed or corrupted file or a file that is malicious software from an unknown source.

Cause 1:
Operating system is Windows 7: The update KB3033929 is missing (support for SHA-2 certificates)

Solution 1:
Install KB3033929 and reboot the operating system.

Cause 2:
Operating system is not Windows 7: AV was already installed and there are still remnants of the service or driver.

Solution 2:
Remove the remnants of the installation with the remover and then perform installation.