   What's New in VirusScan for Windows NT v4.0.3 (4014)
    Copyright (c) 1994-99 by Network Associates, Inc.,
    and its Affiliated Companies. All Rights Reserved.


Thank you for using VirusScan for Windows NT. This What's
New file contains important information regarding this
release. Network Associates strongly recommends that you
read the entire document.

Network Associates welcomes your comments and suggestions.
Please use the information provided in this file to contact
Customer Care or technical support.

**NOTE: Do not attempt to install this version of
VirusScan on a Digital Equipment (DEC) Alpha system.**

**IMPORTANT: This version of VirusScan for Windows NT DOES
include support for Windows NT 3.51. Network Associates
recommends that you install Windows NT Service Pack 5 in
order to use VirusScan with this Windows NT version.

Note also that running VirusScan for Windows NT with
Windows NT v4.0 recommends that you have Windows NT v4.0
Service Pack 4 installed.**

___________________
WHAT'S IN THIS FILE

- New Features
- Known Issues
- Installation
- Performing a "Silent" Installation
- Documentation
- Frequently Asked Questions
- Additional Information
- Contacting Network Associates

____________
NEW FEATURES

1.  A new Network Associates scanning engine is at the heart
    of VirusScan v4.0.3. Created and backed by the combined
    efforts of the McAfee Labs and Dr Solomon anti-virus
    research teams, this engine delivers outstanding virus
    detection and cleaning rates.

2.  VirusScan protection now extends to file system support
    for Microsoft's Distributed File System.

3.  Alert Manager can now direct alert messages to McAfee
    Management Edition v2.0 for network-wide administrative
    convenience.

4.  The new scanning engine incorporated in VirusScan for
    Windows NT comes with improved heuristic scanning
    capability that detects previously unidentified macro
    and file-infector viruses. The engine employs both
    positive heuristics, which allows it to look for
    "virus-like" characteristics in the files it scans,
    and negative heuristics, which allows it to look for
    file characteristics that indicate that questionable
    code does not result from a virus infection. As a
    result, the incidence of false virus identifications
    is very low. See "Additional Information" later in this
    file for more information.

5.  VirusScan for Windows NT supports Windows NT 5.0 BETA 2.

6.  You can now enable or disable the on-access scanning
    component in VirusScan for Windows NT both from the
    graphical user interface and from an NT Command Prompt
    window. To learn how to do so, see item 12 in
    "Additional Information" later in this file.

7.  VirusScan's Setup utility will seamlessly remove from
    your target server or workstation all existing
    NetShield NT and VirusScan for Windows NT versions
    earlier than v3.1.4a. Setup will also allow you to
    remove any version later than v3.1.4a and, if you wish,
    to preserve the settings you chose for that earlier
    version.

8.  VirusScan's Setup utility will remove all existing
    versions of Dr Solomon Anti-Virus Toolkit for
    Windows NT v7.74 and later.



* NEW VIRUSES DETECTED *

              **** IMPORTANT NOTE ****

This release of VirusScan for Windows NT functions ONLY with
the 40XX .DAT file series. Network Associates recommends
that you use this VirusScan release with the 4014 .DAT files
included with the program package or series 40XX .DAT files
released later. You CANNOT use VirusScan with .DAT file
versions from the 30XX, the 97XX or the 98XX series, nor
may you use the .DAT files included in this release with
2.x or 3.x versions of VirusScan for Windows NT.

                         ****

Because the previous VirusScan for Windows NT scanning
engine and the new Network Associates scanning engine
identify and classify viruses in different ways, the .DAT
files included with this VirusScan release do not include
a list of viruses cleaned. Future releases will
incorporate this information, once McAfee Labs adopts a
standard virus naming convention.

With this .DAT file release, the new scanning engine
detects a total of about 40,715 viruses and variants,
Trojan horse files, and other malicious software. Of
this number these 308 viruses are new:

ACV
ACVT.1243.DR
ADA
ALABAMA.1560.DAM
ALFONS
ANARCHY.666
ANCEV
ANI
ANTI-CLERIC.877
ANTI-FORTRAN
ANTI-PASCAL.DR
ANTI-PASCAL
APME.GENERATOR NON
ARETHREE.MP
ARUSIEK
ASAHI
ASCII.OW
ASH.280B.DR
ATAKA
ATTITUDE
AVALANCHE
AVISPA.2048.DR
BADCOM
BASIL
BILLBOARD
BIZARRE.2716
BLUE SCORPION.2119
BLUE SHARK.1771
BNE.1115
BNUT.MP
BOEHMEX
BOOTDR 124
BOOTDR121
BOOTDR122
BOOTDR123
BREAKPOINT
BUBBEL
BUPT.1279.E
BUPT
BUZZ.365
BV/COLD.3928
BV/DAMN.1432
BV/MF.249
BV/MF.282
BV/NASTY.1259
BV/SMALL
BW.MBRY.BARNEY.477
BW.MBRY.BARNEY.477
BW.MUT.2055
BW.WHITE NOIZE.1602
CANDY.999CARPE DIEM
CARTUJA
CASINO
CATPHISH
CCBB.MP.2221
CHAOS.1181
CHEMNITZ
CHIMP
CHLORIDE.MP
CHLORIDE.MP.CAV.480
CIVIL WAR
CLAUDI
COMZ.512
COSENZA
COUNTDOWN
CRIMINAL
CROATIA
CRUSADE.MP.3000
CRUSADE.MP.3030
CV.271
CYSTA
DARK MATTER.744
DARK REVENGE.1024
DARK THOUGHTS.6144
DEMON.5350
DESTAGE.1200
DIR KILL
DIWA.377B
DR DOOM.283
DRACULA.827
DREAM WORLD.806
DT.13120
ECHOKEYS
ECHOKEYS.DR
FESIME.379
FICK.7326
FLEEING.1986
FLEEING.625
FONX.1958
FREAK.938
GELDWASH.1819
GIRLFRIEND
GISVI
GLEW.4275
GRACED.1389
HALFA
HARPY.1400
HARPY.1790
HARYANTO.981
HLL.CMP.4658
HLL.CMP.6144
HLL.CMP.8902
HLL.MP.CMP.4407
HLL.OW.4601A
HLL.OW.4601B
HLL.OW.4870.C
HLL.OW.7616
HLLP.10105
HLLP.10932
HLLP.2915
HLLP.4415
HLLP.4859A
HLLP.4859B
HLLP.6279
HLLP.6702
HLLP.8636
HLLP.9583
HLLP.9700
HLLP.9787
HLLT.4942
HLLT.5070
HLLT.5150A
HLLT.5712A
HLLT.5712BHLLT.6387
HLLT.7864
HLLW.8560
HOB
HOLIDAY
ICQHOLE
IOS.1290
IRC/FUN
IRC/LEPHA
IRC/PARMS
IRC/PROTEC.B
ISDEAD.2308
ITHAQUA.MP
ITHAQUA.MP.DR
IVP.MOFFATTS.556
IXBT
IZHEVSK
JERU.AURORA
JERUSALEM.1024
JEST
KEYPRESS.1232R
KHIZHNJAK.160
KIKI.1604
KONTRAGAPI
KOREA WANDERER.1455B
KREMIKOV.1013
LOY
LUPUS
MAGIC HOLE.512
MAILBOMB
MALAISE.1355
MANUEL
MARIN.1296
MARIN.902
MARL.619
MAVERICK.3584B
MESSEV.2778
MESSEV.DR
MINISTRY.474
MORTEZ.MP.2676
MPRMOD
MUTAGEN.2419
MVF.1951
NATALIE.MP.1192
NATURE.715
NIGRO
NOPARTY.OW
NUMB.CAV.330
O97M/JERK
PIOLIN.1176
PKUNK.1586
POLLUTE.829.DAM
PREDATOR.G1
QDEL24
QDEL25
QDEL26
QDEL27
QDEL28
QMAGICK
QRES.328B
QZAP14
RASMIN
RAVEN
RDAE.864
REDARC.267
RELUCTANT.OW
RES.MP
RIP.302
RSA
RUSAK.335
SCHENK
SENDKEY
SILLYRU
SMALLPOX.740
SMUT.MP.938
SOCKETS23
SOULFLY.2000
SPAN.1127
SQUATTER.10389
SQUATTER.8566
SQUATTER.DR
SULEI.692
SUPERVISOR.3760
SUPERVISOR
SYSFLES
SYSTRY
TAIPAN.DAM
TEARDROP
TIE.512
TRIAMBER.1408
TROI
TWISTER
VAS.TIMEBOMB
VCOMM
VCS.KIT
VELVET.OW
VERB.733
VERONIKA.1490.B.DR
VICE1.2406
VIENNA.1000.DAM
VIENNA.353C.DAM
VIENNA.387
VIENNA.638B.DR
VIENNA.641
VIENNA.645D.DR
VIENNA.708DR
VIENNA.769
VIENNA.828.DAM
VIENNA.961
VIENNA
VINNITSA
VIVA
VODKA
VOID
VOYAGER
VOYAGER.4500
VULCAN
W32/HIGHWAY
W32/REPU
W32/SKA
W97M/ALLIANCE
W97M/ARGH
W97M/CALIGULA
W97M/COLOMBIA
W97M/ETHAN
W97M/HAWK
W97M/MENTAL
W97M/MODEL
W97M/PEACE
W97M/STEROID.DAM
W97M/TRISTATE
W97M/VMPCK1.BF
W97M/ZMK.P
W9M/PRI
WG.12288
WIDOWMAKER.MP.5741
WIN32/HIGHWAY
WIN95/HERETIC
WIN95/KENSTON
WIN95/SLIDE
WIN95/WG.12288
WIN95/WG.12288.DR
WIN95/ZERG
WIZ
WM/CABEZA
WM/CS
WM/DECEPT
WM/KARATKA
WM/KATTY
WORM.NUKE
WSCRIPT/DEDICATED
WSCRIPT/DEDICATED.A
WSCRIPT/DEDICATED.B
WSCRIPT/ZULU
X97M/LAROUX.EP
X97M/LAROUX.HJ
X97M/LAROUX.HN
X97M/LAROUX.HO
X97M/PTH
X97M/SW
X97M/TOTALER
X97M/TRISTATE
XANY.125
XANY.126A
XANY.126A.DR
XANY.126B
XANY.140B
XANY.87
XM/LAROUX.DN
XM/LAROUX.EP
XM/LAROUX.HJ
XM/LAROUX.HN
XM/LAROUX.HO
XM/LAROUX.HR
XM/PTH
XM/VCX
XMAS
XRES.889
XRES
XUXA
Y2K
YEARN
YEST.615
ZULU.1390
ZZZ

____________
KNOWN ISSUES

1.  You may not connect to another workstation on the
    network to run an AutoUpgrade session from that
    computer. You can, however, connect to another server,
    schedule an AutoUpgrade session, then disconnect to
    allow the remote server to run AutoUpgrade itself.
    
2.  If you add the Simple Network Management Protocol
    service to your workstation setup after you have
    installed VirusScan, you must re-install VirusScan
    in order to use SNMP as an alerting option with
    Alert Manager. 

3.  If you have manually uninstalled a previous installation
    of VirusScan for Windows NT, and have not rebooted, a
    silent installation of VirusScan v4.0.3 will fail.

4.  When installing using the default Windows NT SYSTEM
    account, some product functionality is not available.
    This includes: alert forwarding to other NT servers,
    sending alerts to printers, scheduled AutoUpdates
    from NT file shares, remote event logging, and scheduled
    scans of network drives.

5.  To upgrade a component of VirusScan, you must perform
    the full installation. If a partial installation is
    performed, an error message will appear when the system
    is restarted.

6.  The Network Associates McShield Service will not run
    when you start the server if you give it a custom
    account. You must run this service with a system
    account. During installation, however, Setup installs
    the McShield service to run with a system account,
    whether or not you specify a custom account for the 
    rest of the installation.

7.  VirusScan will send several alert messages if it finds
    a virus when it scans the boot sector on a floppy disk.
    Although ordinarily this might indicate that the disk
    has several separate infections, here the messages all
    result from the single infection. VirusScan generates
    several messages because it scans the floppy disk and
    detects the same virus each time Windows tries to mount
    the disk. If it cannot read a virus-infected boot sector
    on the floppy disk, Windows tries to mount the disk
    several times before it gives up.

    If you have VirusScan's on-access scanner set to clean
    or delete infected files, subsequent scanning passes
    should not generate alert messages.

8.  If you create a scan task in VirusScan's Scan Wizard,
    then tell VirusScan to start the task immediately
    without saving its settings, VirusScan will start the
    task without creating a task entry in the AntiVirus
    Console window. This means that you cannot see task
    statistics if you close the Status window after the
    task starts, and it means that you cannot stop the
    scan operation once it's underway.

    To have more control over the scan operation, first
    save your settings, then start the scan operation from
    the AntiVirus Console window. When the task finishes,
    you can delete it from the task list.

9.  If you disable the Network Associates Task Manager 
    Service from the Windows NT Control Panel,
    VirusScan's on-access scanning component will not
    disable correctly. Although the system tray icon will
    indicate that the on-access scanner is not active,
    the scanner will continue to monitor your system.
    
    If you choose not to install the Task Manager Service
    component during a custom installation, you will not
    be able to enable or disable the on-access scanning
    component.

10. Setup will not install some VirusScan services correctly
    under these conditions:

    * If you have a folder or file named PROGRAM in your
      root directory--C:\PROGRAM, for example.

    * If you have a VIRUSSCAN directory where Setup expects
      to create the VirusScan program directory. If, for
      example, you create a VIRUSSCAN folder in the path
      C:\Program Files\Network Associates, Setup will not
      install some VirusScan services correctly.

    This same problem occurs during silent installations.

    To avoid this problem, delete any files or folders in
    the directories noted above, then run Setup and allow
    it to create the correct program directory structure
    during installation.

11. If you install VirusScan on a computer running a
    beta version of Windows NT 5.0, right-clicking the
    AntiVirus Console icon in the system tray, then choosing
    Console from the shortcut menu will open the AntiVirus
    Console. If you then close the Console, the system tray
    icon will disappear. If you restart your computer after
    you install VirusScan, this problem will not occur.

12. Stopping any of the VirusScan services in the Windows
    NT Services control panel can cause VirusScan to lose
    track of the status of its on-access scanning
    component.

    For example, if you stop the McTaskManager or the
    McShield services, the system tray icon for the
    VirusScan on-access scanner will indicate that the
    scanner is disabled. If you then right-click the icon,
    however, the shortcut menu will show Disable as a menu
    choice instead of Enable.

    Rather than stopping VirusScan services to disable the
    scanner, use the VirusScan interface to disable it.
    For more details, see item 12 in "Additional
    Information" later in this file.

13. This VirusScan version comes with its network scanning
    option disabled. You can enable this option by selecting
    a checkbox in the on-access scanning property page.

14. If you use a version earlier than v3.10 (Build 364) of
    Cheyenne Backup Agent for Open Files or a version of
    St. Bernard's Open File Agent earlier than v5.1 during
    system backups, and you have VirusScan's on-access
    scanning component active, your server could hang. To
    remedy this problem, upgrade your backup agent software
    to the versions indicated, or to later versions.

15. If you have Norton Utilities v2.0 installed, then you
    install VirusScan, your system will halt with a blue-
    screen error in the RDR.SYS module as you try to
    restart it. A conflict with the Norton Unerase version
    included with this Norton Utilities release causes this
    error. To resolve this problem, install the latest
    Norton Utilities version available. 

____________
INSTALLATION

* INSTALLING VIRUSSCAN FOR WINDOWS NT *

VirusScan requires Windows NT 4.0 Service Pack 4 to run.
Before you install VirusScan, verify that your system has
Windows NT 4.0 and NT Service Pack 4 installed, then follow
the steps below. 

If you plan to run VirusScan with Windows NT 3.51, verify
that you have installed Windows NT v3.51 Service Pack 5.
VirusScan for Windows NT functions best with, but does not
require, Service Pack 5.

1.  Make sure you have Administrator rights for the
    workstation on which you are installing VirusScan.

2.  Run SETUP.EXE and follow the prompts.
 
    NOTE: If you uninstall VirusScan in order to install an
    upgrade, Network Associates recommends that you first
    reboot the system before you install the upgrade
    version.


__________________________________
PERFORMING A "SILENT INSTALLATION"

If you want to deploy VirusScan as your standard anti-virus
security application, you can use the programs "silent"
installation feature to set up VirusScan on each network
node with little or no interaction from end users or other
administrators. During a silent installation, Setup does
not display any of its usual wizard panels or windows, or
offer the end user any configuration options.

Instead, you preset these choices and run Setup in the
background on each target workstation. If you wish, you can
even install VirusScan on any unattended servers, provided
you have all of the necessary administrative privileges.

A silent installation consists of two major steps. First,
you must install the same VirusScan components on your
administrative computer that you want Setup to install on
each target server. A special Setup mode records the
choices you make during installation and preserves them
in a configuration file called SETUP.ISS.

Next, you must use a different Setup mode to install an
identical VirusScan configuration on each target system.
Setup will use the SETUP.ISS file you create in the first
step to guide each subsequent installation you perform.

NOTE: Silent installations use the system account for
installation. This can mean that some VirusScan features
will not function after installation. See Known Issue #3
earlier in this file for details.


* RECORDING YOUR PREFERENCES *

To record your installation preferences, follow these
steps:

1.  Look for an existing SETUP.ISS file inside the
    \WINDOWS, the \I386 or the \WINNT folder on your
    administrative computer. If you find a file with
    that name there, rename it or delete it.

    As you record your installation preferences, Setup
    will save them into a new SETUP.ISS file in the
    same location.

2.  Choose Run from the Start menu in the Windows
    taskbar.

    The Run dialog box will appear.

3.  Type <X>:\SETUP.EXE -R in the text box provided,
    then click OK.

    Here, <X> represents the drive letter for your
    CD-ROM drive or the path to the folder that
    contains your extracted VirusScan files. The -R
    tells Setup to run in its record mode.

    NOTE: If your VirusScan copy came on a VirusScan
    Security Suite or a Total Virus Defense CD-ROM disc,
    you must also specify which folder contains
    VirusScan for Windows NT. See the CONTENTS.TXT file
    included with either product suite for details.

4.  Follow the instructions outlined in each wizard panel
    to choose the components and the settings you want each
    of the target workstations to have.

    Setup notes the choices you make at each step and
    records them as entries in SETUP.ISS.

    NOTE: Take particular care during this initial
    installation to respond to any questions that appear
    in the wizard panels and to follow the installation
    steps in the sequence presented, or the silent
    installation you run later will abort. You may not
    backtrack during the installation to change your
    settings.
    
    To specify different options, you will need to begin
    the installation again in order for Setup to record
    your choices correctly. If you plan to install
    VirusScan on unattended workstations, be sure to
    specify options that do not require user interaction.

5.  Once youve completed the installation, click Finish
    to quit Setup.


* EDITING THE SETUP.ISS FILE *

If you want Setup to silently install VirusScan in a
particular directory, or if you want Setup to silently
uninstall previous VirusScan versions before it installs
another version, you will need to edit the SETUP.ISS file
you created when you installed VirusScan on your
administrative computer or workstation.

To make network administration easier, for example, you
might want to install all of your VirusScan copies in the
same directory on each network node.

SETUP.ISS is simply a specially formatted text file similar
to configuration files such as WIN.INI or SYSTEM.INI. You
can open it in any text editor and change any of its
entries to suit your needs.

NOTE: Network Associates recommends that you make only
limited changes to the SETUP.ISS file. If you want
complete control over the installation process, or if you
want to specify the configuration options for each copy of
VirusScan in advance, you can use ISeamless, a powerful
Network Associates scripting tool designed for this
purpose. Contact Network Associates technical support
for details.


Specifying an Installation Directory

SETUP.ISS specifies an installation directory as a value
for the variable szDir, which youll find listed beneath
the header [SdSetupType-x]. By default, this entry reads:

[SdSetupType-0]
szDir=C:\Program Files\Network Associates\NetShld\
Result=XXX

Possible values for XXX will normally include 301, 302, or
303, depending on which options you chose when you recorded
your initial installation.

To specify a different installation directory, replace the
path shown with the path you want. The installation
directory you specify here will override the default
installation directory on each target system.

To tell Setup to determine where to install the program
files on the target computer, add 100 to the value shown
at XXX so that, for example, 301 becomes 401. This tells
each target computer to disregard the szDir variable and
to assign a directory for the files that reflects the
organization of that computer's operating system.


Uninstalling Previous VirusScan Versions

To tell Setup to remove previous VirusScan versions
before installing an updated version, open SETUP.ISS
in a text editor, scroll to the bottom of the file,
then add this line:

Preserve=0

Next, save the file in text format, then quit your text
editor.

NOTE: Setup creates a unique SETUP.ISS file for each
Network Associates product on each platform. You must
use the file that corresponds to the operating system
running on the target workstation. You may not, for
example, use a SETUP.ISS file created during a
VirusScan for Windows 95 installation to control a
VirusScan for Windows NT installation.

Network Associates recommends that you use the
SETUP.ISS file you created to perform a test installation
on a single workstation before you use it to deploy
VirusScan across your network.


* RUNNING A SILENT INSTALLATION *

Once you have a SETUP.ISS file that lists all of the
components and settings you want each workstation on your
network to have, you can replicate these settings
exactly for every VirusScan copy you install.

You can run a silent installation in a variety of ways,
and with different levels of interaction with network
users. You can, for example, create a script for your
users that runs a silent VirusScan installation as soon
as they connect to an authentication server, with no
further interaction beyond that needed to log in. You
can also ask your users or other administrators to run
the installation from a designated server. Still other
options include deploying VirusScan through a network
management application such as Zero Administration
Client (ZAC) from Network Associates, System Management
Server (SMS) from Microsoft, or similar packages.

Whichever method you choose, you must first prepare the
VirusScan package for installation, then run Setup in
its silent mode. Follow these steps:

1.  Copy the VirusScan installation files from the
    VirusScan CD-ROM disc or the folder on your
    administrative computer in which your store them
    to a VirusScan directory on a central server.

    Your users or your network management application
    will install VirusScan from this server.

2.  Locate the SETUP.ISS file stored in the VirusScan
    directory on the central server. Rename or delete
    this file.

3.  Copy the SETUP.ISS file you created when you ran
    the recorded installation on your administrative
    computer to the VirusScan directory on the central
    server.

    Youll find the file you need to copy in the WINNT
    directory on your administrative computer.

    Once you finish this step, your users or your network
    management application can run Setup in its silent
    mode to replicate the installation you recorded.

To run Setup in silent mode, include the line
<X>:\SETUP.EXE -S in any login script you write or
any instructions to your users that describe how to
run Setup.

In this line, <X> represents the path to the folder on
the server that contains the VirusScan installation files
and the SETUP.ISS file you created. The -S tells Setup
to run in silent mode. By default, Setup restarts the
workstation when it has finished installing files.

If you do not want Setup to reboot each target workstation,
you must edit the SETUP.ISS file you created during your
recorded installation. Here, you would change the value
in the BootOption entry beneath the heading
[sdFinishReboot - 0] from its current value to zero (0).
This tells Setup not to force the target workstation to
reboot.

As a further step toward enforcing a consistent anti-virus
security policy across your network, you can also copy a
configuration file with the options you want your users to
have into the installation directory on each workstation.
You can also use password protection to prevent
unauthorized changes to the configuration settings you
chose.

To preset your configuration options so that VirusScan
installs with them already in place, use the Network
Associates ISeamless scripting utility. This utility
gives you complete control over installation and
configuration options. Contact your sales representative
or Network Associates technical support for details.


* COMPONENTS INSTALLED WITH VIRUSSCAN *

    Component                Supported Systems
    ---------                -----------------
1.  VirusScan Console        Windows NT Workstation

2.  VirusScan Task Manager   Windows NT Workstation

3.  McShield on-access       Windows NT Workstation
    scanner

4.  Alert Manager            Windows NT Workstation


* PRIMARY PROGRAM FILES FOR VIRUSSCAN *

Files located in the Install directory:
=======================================

1.  Installed for the Alert Manager/Console/Server:

                    README.1ST = Network Associates
                                 information
                  MCARCHIV.DLL = Archive library file
                    MCCOMM.DLL = NetWare communications
                  MCKRNL32.DLL = Cross-platform file
                     MCRPC.DLL = RPC library
                   MCRUTIL.DLL = NetWare utility library
                  MCUTIL32.DLL = Multipurpose file
                    SHUTIL.DLL = NT utility library
                  AMGRCNFG.EXE = Alert Manager configuration
                                 program
                  MCSEVSHL.EXE = Service installation
                  SCNCFG32.EXE = Task configuration
                   SCNSTAT.EXE = Task statistics
                   SHCFG32.EXE = On-access scanning
                                 configuration
                    SHSTAT.EXE = Shield status monitor
                                 program
                    SVCPWD.EXE = Service account
                                 configuration program
                  VALIDATE.EXE = Network Associates file
                                 validation program
                  VIRNOTFY.EXE = Notification utility
                     WCMDR.EXE = Uninstall helper
                  MCCONSOL.HLP = Console help
                   PKGDESC.INI = Update description file
                     WCMDR.INI = Uninstall helper
                  WCMDRSIL.INI = Silent uninstall helper
                    DEISL1.ISU = Uninstall file
                   PACKING.LST = Packing list
                  NAIFILTR.SYS = System files
                  RESELLER.TXT = Network Associates
                                 authorized resellers
                  WHATSNEW.TXT = This document
   

2.  Installed for Alert Manager:

                    SAMPLE.CMD = Sample alert command file
                  DMIALERT.DLL = DMI alerting library
                  MCALSNMP.DLL = SNMP alerting
                  MCSERVIC.DLL = Service installation
                                 library
                  POWERP32.DLL = Alert manager paging
                  AMGRSRVC.EXE = Alert manager service
                                 program
                   ALRTMGR.HLP = Alert manager help file
                  ANTIVIRI.MIB = SNMP trap template
                       NAI.MIB = SNMP trap template
                    MODEMS.TXT = List of modems and
                                 initialization strings
                      OHNO.WAV = Alert message sound file
                   WARNING.WAV = Default alert sound file
                  CENTALRT.TXT = Centralized alerting file

3.  Installed for the Console:

                    SHIELD.CNT = Help link file
                  BROWSENT.DLL = NT browser library
                  INETWH16.DLL = Help file library
                  INETWH32.DLL = Help file library
                   REGEMUL.DLL = Registry emulator library
                   IMPTASK.EXE = Import task file
                  MCCONSOL.EXE = Console manager
                  MCREGEDT.EXE = Network Associates
                                 registry editor
                  MCUPDATE.EXE = AutoUpdate file
                  SETBROWS.EXE = Sets default browser
                    SHIELD.HLP = On-access scanning help

4.  Installed for the VirusScan Task Manager:

                    SCAN32.EXE = On-demand scanner
                  VIRUSCAN.CNT = Help link file
                     CLEAN.DAT = Virus clean definition data
                     NAMES.DAT = Virus names definition data
                      SCAN.DAT = Virus definition data
                   LICENSE.DAT = Virus definition data
                  MESSAGES.DAT = Virus definition data
                   SHLDMSG.DAT = Virus definition data 
                  MCSCAN32.DLL = Scan32 main library
                  MCSERVIC.DLL = Service installation
                                 library
                  VSTSKMGR.EXE = VirusScan Task Manager
                                 service
                  MCSHIELD.EXE = VirusScan on-access service
                    NAIANN.DLL = Library file that handles
                                 communications between the
                                 McShield service and the
                                 Task Manager service
                  VIRUSCAN.HLP = Scan 32 help
    VIRUSSCAN ACTIVITY LOG.TXT = VirusScan Activity Log
                   DEFAULT.VSC = Default scan32 values

Files located in %SYSTEMROOT%\SYSTEM32:
=======================================

1.  Installed for the Console/Server/Alert Manager:

                   CTL3D32.DLL = 32-bit 3D Windows
                                 controls library
                   DSSDATA.DLL = on-access scanning library


Files located in %SYSTEMROOT%\SYSTEM32\DRIVERS:
=============================================== 

1.  Installed for the on-access scanner:

                  NAIFSREC.SYS = System files

* TESTING YOUR INSTALLATION *

The Eicar Standard AntiVirus Test File is a combined effort
by anti-virus vendors throughout the world to implement one
standard by which customers can verify their anti-virus
installations.

To test your installation, copy the following line into its
own file, then save the file with the name EICAR.COM.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

The file size will be 69 or 70 bytes.

Next, start your anti-virus software and allow it to scan
the directory that contains EICAR.COM. When your software
scans this file, it will report finding the
EICAR virus.

Note that this file is NOT A VIRUS. Delete the file
when you have finished testing your installation to
avoid alarming unsuspecting users.


* UNINSTALLING VIRUSSCAN *

To remove VirusScan from your workstation, run the
uninstallation utility that comes with the program. You
can run this utility in normal or "silent" mode. To do
so, follow these steps:

1.  Open a Command Prompt window in Windows NT.

2.  Type either of these lines at the command line:

    a. To uninstall VirusScan with no special options, type

        X:\Progra~1\Networ~1\VirusS~1\wcmdr.exe

        followed by this argument:
 
        -iD:\PROGRA~1\NETWOR~1\VIRUSS~1\WCmdr.ini

        Here X: represents the drive on which you have
        VirusScan installed. If you have installed
        VirusScan to a different drive or directory,
        substitute the correct path at the command line.
        Both the command and its argument should appear
        on the same line.

    b.  To uninstall VirusScan "silently," type:

        X:\Progra~1\Networ~1\VirusS~1\wcmdr.exe

        followed by this argument:

        -iD:\PROGRA~1\NETWOR~1\VIRUSS~1\Wcmdrsil.ini

        Again, X: represents the drive on which you have
        VirusScan installed. If you have installed
        VirusScan to a different drive or directory,
        substitute the correct path at the command line.
        Both the command and its argument should appear
        on the same line.


* UNINSTALLING VIRUSSCAN WITHOUT THE UNINSTALLATION UTILITY *

1.  Before starting, follow these two substeps:

    a. Run the Windows NT utility RDISK to create an
       emergency repair disk.

    b. Run the command UNLODCTR MCSHIELD from the Windows NT
       command line to stop the registry from recording
       performance counter information for the McShield
       service.

2.  Open the Windows NT Services Control Panel, then stop
    the Network Associates Task Manager service, the
    Network Associates McShield service, and the Network
    Associates AlertManager service.

3.  Stop the VirusScan console if running.

4.  Using the NT Task Manager, end the SHSTAT process.

5.  If you use SNMP, stop the SNMP service in
    Control Panel/Services.

6.  Delete the VirusScan installation directory (the
    directory that contains the VirusScan executables).

7.  Delete this device driver file from %SYSTEMROOT%
    \SYSTEM32\DRIVERS

    NAIFSREC.SYS

    Delete this file from %SYSTEMROOT%\SYSTEM32\
    
    DSSDATA.DLL
 
8.  If you are using Windows NT 4.0 and if VirusScan was
    set to load at startup, remove the following registry
    keys:

    HKLM\software\microsoft\windows\CurrentVersion\Run
     \Shstatexe
    HKLM\software\microsoft\windows\CurrentVersion
     \uninstall\VirusScan NT

9.  Remove VirusScan installation registry keys:
    HKLM\software\mcafee\mcalsnmp
    HKLM\software\network associates\VirusScan for Windows NT
    HKLM\software\mcafee\virusscan
    HKLM\software\mcafee\alertmanager (Do not remove this
                                       key if you have
                                       other Network
                                       Associates products
                                       installed that use
                                       Alertmanager.)

10. Remove VirusScan device driver and service registry
    keys:
    HKLM\system\CurrentControlSet\Services\Alertmanager 
    HKLM\system\CurrentControlSet\Services\NaiFilter
    HKLM\system\CurrentControlSet\Services\NaiFsrec
    HKLM\system\CurrentControlSet\Services\McShield
    HKLM\system\CurrentControlSet\Services\McTaskManager

11. If you are using Windows NT 4.0 and the
    context-sensitive scanning option was installed, remove
    the following registry keys:
    HKLM\software\classes\comfile\shell\virusscan
    HKLM\software\classes\directory\shell\virusscan
    HKLM\software\classes\drive\shell\virusscan
    HKLM\software\classes\exefile\shell\virusscan
    HKLM\software\classes\word.document.6\shell\virusscan
    HKLM\software\classes\word.document.8\shell\virusscan
    HKLM\software\classes\word.template\shell\virusscan

12. If you are using Windows NT 4.0 and you want to remove
    the Scan for Viruses right-click option, remove the
    following registry keys:
    HKCR\comfile\shell\VirusScan
    HKCR\Directory\shell\VirusScan
    HKCR\Drive\shell\VirusScan
    HKCR\exefile\shell\VirusScan
    HKCR\Excel.Addin\shell\VirusScan
    HKCR\Excel.Chart.5\shell\VirusScan
    HKCR\Excel.Macrosheet\shell\VirusScan
    HKCR\Excel.Sheet.5\shell\VirusScan
    HKCR\Excel.Template\shell\VirusScan
    HKCR\Excel.Workspace\shell\VirusScan
    HKCR\Excel.XLL\shell\VirusScan
    HKCR\exefile\shell\VirusScan
    HKCR\WinZip\shell\VirusScan
    HKCR\Word.Document.6\shell\VirusScan
    HKCR\Word.Template\shell\VirusScan

13. To remove SNMP extension agent, remove the following
    registry value:
    HKLM\system\CurrentControlSet\services\SNMP\parameters\
    ExtensionAgent\McAlSNMP

14. Since entries in HkeyClassesRoot are not derived
    from a hive, it is unneccessary to delete these keys
    manually. When you reboot, VirusScan-specific keys
    under HkeyClassesRoot will be removed.

15. Reboot the system.


* CREATING AN EMERGENCY DISK *

This version of VirusScan for Windows NT includes a utility
that allows you to create an emergency boot disk that can
scan your workstation for boot-sector viruses. Use this disk
to restart your workstation if VirusScan detects a boot-sector 
virus during installation, or to scan for boot-sector or
memory-resident viruses any time thereafter.

The emergency disk utility consists of a floppy disk image
file (EDISK.IMG), a disk-copy program (NAIDSKIM.EXE), and
a batch file (MAKEDISK.BAT) that starts the utility to copy
the disk image.

To create the emergency disk, follow these steps:

1.  Click Start in the Windows taskbar, then choose Run.

2.  Click Browse in the Run dialog box to open a dialog box
    you can use to locate the file MAKEDISK.BAT. You'll find
    this file in the \VirusScan\EDU directory.

3.  Choose the file, then click OK in the Run dialog box
    to start the batch file.

    The batch file will open a Command Line Prompt window
    and will ask you to insert a write-capable floppy disk
    into your floppy drive.

4.  Insert a blank, unlocked floppy disk into your floppy
    drive, then press any key on your keyboard to continue.

    MAKEDISK.BAT will copy these files onto the floppy disk:

    AUTOEXEC.BAT
    BIOS.SYS
    BOOTSCAN.EXE
    CLEAN.DAT
    COMMAND.COM
    GETREPLY.EXE
    KERNEL.SYS
    NAMES.DAT
    SCAN.DAT

5.  When the batch file has finished, press any key on your
    keyboard to continue.

6.  Click the close box in the upper right corner of the 
    Command Prompt window to exit.

7.  Copy to the disk you just created any other utilities
    you need to start your computer, debug your system
    software, manage any extended or expanded memory you
    have, or perform other tasks at startup. If you use a
    disk compression utility, be sure to copy the drivers
    you need to uncompress your files.

8.  When you have finished copying files to the emergency
    disk, remove it from your floppy drive, label it, lock
    it, and store it in a safe place.

    NOTE: A locked floppy disk shows two holes near the edge
    of the disk opposite the metal shutter. If you dont see
    two holes, look for a plastic sliding tab at one of the
    disk corners, then slide the tab until it locks in an
    open position. Because no software can save to a locked
    disk, viruses cannot infect files stored on one.


__________________________
FREQUENTLY ASKED QUESTIONS

Regularly updated lists of frequently asked questions 
about Network Associates products also are available on
the Network Associates BBS and website, and on CompuServe
and America Online.


Q: How can I scan mapped Novell drives with scheduled
   on-demand scans?

A: If you want to scan any Novell-server drives
   (mapped or via UNC) from scheduled tasks, you must
   create the same account/password on the Novell server
   as used by VirusScan services on your Windows NT workstation.


Q:  As an administrator, how can I scan private
    directories that are accessible only to
    individual users?

A:  On-demand (scheduled) scans are launched by the
    VirusScan Task Manager service. If you specify a
    user name and password for the service, then the
    scheduled scan will only scan directories for which the
    service name has privileges. If no user name was
    specified, then the service has SYSTEM privileges.

    To perform an on-demand, or scheduled, scan of
    private directories, the VirusScan Task Manager
    service must have access to these private areas.
    Following are two ways to address this issue:

    Solution A:

    1. Create a custom user name to be used by the Service.
    2. Give this user name privileges to access the private
       spaces.

       Considerations with Solution A:

       This account can be used to access the private
       directories. To prepare these directories with proper
       rights, open a DOS prompt and enter:

       CACLS /E /G (domain name)\(service account name)

       Enter CACLS at the DOS prompt to get a complete list
       of options. 

    Solution B:
    1. Do not associate a user name to the Service.
    2. Give SYSTEM privileges to access the private spaces.

       Considerations with Solution B:
       Someone could create or use a Service to access your
       information.

    Network Associates recommends Solution B as a more
    secure solution.


Q:  VirusScan will not perform an on-demand (scheduled)
    scan of some network drives. Why?

A:  It is possible that the user name you are using for
    the VirusScan Task Manager service does not have
    sufficient rights to scan the drives in question. To
    verify whether this is the issue, connect to each drive
    using the user name and password utilized by the
    VirusScan Task Manager service from the workstation where
    the service is running. Confirm that this user name has
    rights on the device by manually running an on-demand
    scan. If you can scan the device while you're logged in,
    then the service should also be able to do it as a
    scheduled scan. When scanning remote locations, Network
    Associates recommends using the UNC path for scheduled
    tasks.

Q:  My scheduled tasks do not run when the VirusScan Task
    Manager service is stopped. Why?

A:  The VirusScan Task Manager service is responsible for
    starting scheduled on-demand tasks and AutoUpdate tasks.
    If the VirusScan Task Manager service is stopped, all of
    these tasks are disabled.

Q:  Can I update VirusScan's data files to detect
    new viruses?

A:  Yes, VirusScan now includes the Network Associates
    AutoUpdate and AutoUpgrade components, which offer
    powerful updating capabilities that ensure that you have
    the latest VirusScan files installed. AutoUpdate can
    automatically update the VirusScan data (.DAT) files
    the program uses to detect viruses. AutoUpgrade can
    automatically download new VirusScan program versions.

    If you need additional assistance with downloading,
    contact Network Associates Download Support at
    (408) 988-3832.


Q:  How do I disable VirusScan's on-access scanner?

A:  You can now enable or disable the on-access scanning
    component in VirusScan both from the graphical user
    interface and from an NT Command Prompt window. To
    learn how to do so, see item 12 in "Additional
    Information" later in this file.


Q:  Can I run a silent installation that removes previous
    VirusScan versions before Setup installs a new
    VirusScan version?

A:  Yes. To do so, however, you must edit the SETUP.ISS
    file you create when you record your initial
    installation. To learn how to do so, see "Editing
    the SETUP.ISS File" earlier in this file.

______________________
ADDITIONAL INFORMATION

1.  After completing your installation or upgrade of
    VirusScan, Network Associates recommends that you reboot
    your computer before you use VirusScan. 

2.  VirusScan automatically excludes a Microsoft Exchange
    database directory if the following Windows NT Registry
    key exists:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    \MSExchangeIS\ParametersSystem\DB Log

    This entry allows VirusScan Task Manager service to look
    for Microsoft Exchange Server each time it starts. This
    exclusion is needed to avoid potential mail database
    corruption in the event that VirusScan detects an
    infected file.

    Note: If Microsoft Exchange Server is installed, an
    entry will be visible in the VirusScan Properties
    Exclusions tab.

3.  SVCPWD.EXE is a utility for setting or changing
    usernames and passwords that the Network Associates
    services use.

    SVCPWD requests one command-line parameter which is a
    filename (e.g., computers.txt). Use SVCPWD /? to get
    additional information about command-line options.
    This file (e.g., computers.txt) contains a list of all
    the computers that you want to modify the service
    accounts (username and password)for.

    Example:

    \\COMPUTER1
    \\COMPUTER2
    \\SERVER

    Start the SVCPWD utility by entering the file as
    command-line (i.e. SVCPWD computers.txt). This utility
    contacts all the computers via the network and changes
    the username and password originally given to the
    Network Associates service. The username and password
    are changed to the value that you set when you start
    the utility. All service accounts must be set to user
    "LocalSystem". If a domain\username is entered, then
    the SVCPWD utility will require a password for the
    domain\username.

    When this is completed, the utility contacts all the
    computers and changes the settings.

    Note 1: The domain\username that is used by the services
            needs to be an administrative account.

    Note 2: The person running this utility must have an
            administrative account for all the computers
            that require such changes.

    Note 3: Do not run this utility during an on-demand
            scan operation.

4.  When using an ISeamless Install Script, and running
    setup in standard or silent mode without any parameters,
    setup requires that the custom installation file
    produced by ISeamless be named admin.sis or oem.sis.

5.  If VirusScan finds an older version of the file
    WININET.DLL during installation, it upgrades the file
    to the current version.

6.  If you are running any other anti-virus product on the
    system, please exclude that product's installation
    directory within the VirusScan Properties Exclusions
    tab.

7.  When installing VirusScan to remote systems on your
    network, the destination systems must have a proper 
    security relationship (i.e., they must reside on the 
    same domain or share a trust relationship, and the
    account being used must have Administrator privileges on
    the machine being installed to) with the system you are
    performing the installation from. If the computers do
    not have a proper security relationship, the remote
    installation will not be performed properly.

8.  If compressed file scanning is turned on, VirusScan 
    temporarily uses additional harddrive space when
    scanning compressed files (i.e., ZIP, LZH/LHA,
    UUENCODE, etc.).

9.  When performing a silent installation using the default
    SETUP.ISS file, via either AutoUpgrade or the command
    setup -s, your service user resets to the LocalSystem
    account and the workstation reboots if necessary when the
    installation is completed. If you wish to keep your
    settings, record your own SETUP.ISS file for use during
    silent installations (see the VirusScan User's Guide for
    detailed information on creating your own setup.iss
    file).

10. By default, VirusScan's on-access scanning component
    does not have heuristic scanning activated. You can
    activate this feature by entering the values shown for
    the REG_DWORD entries in these registry keys:

    HKEY_LOCAL_MACHINE\Software\McAfee\VirusScan\McShield\CurrentVersion
      dwMacroHeuristicsLevel:REG_DWORD:0 or 1
      dwProgramHeuristicsLevel:REG_DWORD:0 or 1

11. The new NAI.MIB and ANTIVIRI.MIB files included with
    this release improve the data reporting capabilities of
    SNMP traps sent via Alert Manager. You can compile these
    files into your SNMP management utility so that the
    utility can decode traps sent from Alert Manager. Some
    SNMP managers also allow you to write scripts that will
    act on the information received via the SNMP traps.

    New alert items include:

    ALERT NAME                     WHAT IT REPORTS    

    naiTrapAgent                   Names the agent that 
                                    sent the trap
    naiTrapAgentVersion            Gives the version of the
                                    agent
    naiTrapSeverity                Gives the severity code
                                    the alert message
    naiTrapDescription             Describes the trap
    naiTrapAlarmSourceAddress      Gives the IP or IPX
                                    address of the computer
                                    that sends the trap
    naiTrapAlarmSourceDNSName      Lists the fully qualified
                                    DNS name or computer
                                    name
    naiTrapGMTTime                 Lists the GMT time at
                                    which the alert
                                    generation occurred
    naiTrapLocalTime               Lists the time local to
                                    the computer that 
                                    generated the trap
    naiTrapURL                     Gives a URL link to an
                                    HTML or FTP file
    naiTrapPseudoID                Lists the Pseudo Trap ID
                                    or Message ID for the
                                    generated trap
    naiAntiVirusTrapAgentUser      Lists the name of the
                                    active user account
                                    that generated the trap
    naiAntiVirusTrapInfectedFile   Names the infected file
                                    that caused the computer
                                    to generate a trap
    naiAntiVirusTrapVirusName      Names the infecting virus
    naiAntiVirusTrapTaskName       Names the active task
                                    that generated the trap
    naiAntiVirusTrapStatus         Gives the status of the
                                    file that caused the
                                    computer to send a trap
    naiAntiVirusTrapOS             Lists the active
                                    operating system on the
                                    computer that sent the
                                    trap
    naiAntiVirusTrapEngineVersion  Lists the version number
                                    of the VirusScan scan
                                    engine
    naiAntiVirusTrapDATVersion     Lists the version number
                                    of the current .DAT file


12. To enable or disable VirusScan's on-access scanning
    component, you can use one of these methods:

    - You can disable on-access scanning from the
      VirusScan graphical user interface. To do so, first
      verify that the VirusScan shield icon appears in
      your system tray to the left of the clock.

      If the icon appears there, right-click it to display
      a shortcut menu, then choose Disable. The icon will
      appear with a red line through it, which indicates
      that on-access scanning is disabled. To enable
      on-access scanning again, right-click the icon,
      then choose Enable from the shortcut menu.

      If the icon does not appear in your system tray,
      verify that you have installed the on-access
      component correctly.

    - You can also disable VirusScan on-access scanning
      from a Windows NT Command Prompt window. To do so,
      open a Command Prompt window, then type:
  
      SHSTAT.EXE -DISABLE

      To enable on-access scanning again, type

      SHSTAT.EXE -ENABLE
  
      at the prompt.

    - You can disable and enable on-access scanning from
      VirusScan's AntiVirus Console. To do so, open the
      Console, then select the VirusScan On-Access Monitor
      task in the task list. Next, click the Stop button in
      the Console toolbar, or choose Disable from the
      Console's Scan menu. To enable the on-access
      component again, select the On-Access Monitor task,
      then click the Play button in the Console toolbar,
      or choose Enable from the Console's Task menu.

13. If you schedule an AutoUpdate or AutoUpgrade session
    that downloads the installation package from a NetWare
    server to an NT system, you can use the optional
    File Copy Utility shipped with VirusScan. To install
    this component, you must choose it as a Custom
    installation option during Setup. To learn more about
    this component, contact your PrimeSupport
    representative.


_____________
DOCUMENTATION

For more information, refer to the users guides for each
product included on the CD-ROM or available from Network
Associates electronic services. Each product user's guide
is saved in Adobe Acrobat Portable Document Format (.PDF).
You can view and print this document with Adobe's Acrobat
Reader. PDF files can include hypertext links and other
navigation features to assist you in finding answers to
questions about your Network Associates product.

To download Adobe Acrobat Reader from the World Wide Web,
visit Adobe's website at:

http://www.adobe.com/prodindex/acrobat/readstep.html

To download documentation for Network Associates anti-virus
software, visit the Network Associates FTP site at:

ftp://www.nai.com/pub/manuals/total_virus_defense

Additional contact information appears in the following
section.

Documentation feedback is welcome. Send e-mail to
tvd_documentation@nai.com.

_____________________________
CONTACTING NETWORK ASSOCIATES

On December 1, 1997, McAfee Associates merged with
Network General Corporation, Pretty Good Privacy, Inc.,
and Helix Software, Inc. to form Network Associates, Inc.
The combined Company subsequently acquired Dr Solomon's
Software and CyberMedia, Inc.

Network Associates continues to market and support the
product lines from each of the former entities. You may
direct all questions, comments and technical support
requests to the Network Associates Customer Care department
at any of the addresses or phone numbers listed below.

Contact the Network Associates Customer Care
department at: 

1.  Phone (408) 988-3832
    Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time

2.  Fax (408) 970-9727
    24-hour, Group III Fax 

3.  Fax-back automated response system (408) 346-3414

 
Send correspondence to any of the following Network
Associates locations:
  
     Network Associates Corporate Headquarters  
     3965 Freedom Circle
     McCandless Towers   
     Santa Clara, CA 95054

     Phone numbers for corporate-licensed customers:
     Phone: (408) 988-3832
     Fax:   (408) 970-9727

     Phone numbers for retail-licensed customers:
     Phone: (972) 278-6100
     Fax:   (408) 970-9727

Network Associates offices outside the United States:

     Network Associates Australia
     Level 1, 500 Pacific Highway
     St. Leonards, NSW
     Sydney, Australia 2065
     Phone: 61-2-8425-4200
     Fax:   61-2-9439-5166 

     Network Associates Austria
     Pulvermuehlstrasse 17
     Linz, Austria
     Postal Code A-4040
     Phone: 43-732-757-244
     Fax:   43-732-757-244-20

     Network Associates Belgium
     Bessenveldtstraat 25a
     Diegem, Belgium - 1831
     Phone: 32-3-716-4070
     Fax:   61-2-716-4770

     Network Associates do Brasil
     Rua Geraldo Flausino Gomez 78
     Cj. - 51 Brooklin Novo - So Paulo
     SP - 04575-060 - Brasil
     Phone:  (55 11) 5505 1009
     Fax:    (55 11) 5505 1006

     Network Associates Canada
     139 Main Street, Suite 201
     Unionville, Ontario
     Canada L3R 2G6
     Phone: (905) 479-4189
     Fax:   (905) 479-4540

     Network Associates People's Republic of China
     New Century Office Tower, Room 1557
     No. 6 Southern Road Capitol Gym 
     Beijing
     People's Republic of China 100044
     Phone: 86 10 6849-2650
     Fax:   86 10 6849-2069

     NA Network Associates Oy
     Sinikalliontie 9, 3rd Floor
     02630 Espoo
     Finland
     Phone: 358 9 5270 70
     Fax:   358 9 5270 7100

     Network Associates France S.A.   
     50 Rue de Londres    
     75008 Paris     
     France
     Phone: 33 1 44 908 737
     Fax:   33 1 45 227 554  

     Network Associates GmbH
     Ohmstrae 1
     D-85716 Unterschleiheim
     Deutschland
     Phone: 49 (0)89/3707-0
     Fax:   49 (0)89/3707-1199


     Network Associates Hong Kong
     19th Floor, Matheson Centre
     3 Matheson Way
     Causeway Bay
     Hong Kong 63225
     Phone: 852-2832-9525
     Fax:   852-2832-9530

     Network Associates Srl
     Centro Direzionale Summit     
     Palazzo D/1
     Via Brescia, 28
     20063 - Cernusco sul Naviglio (MI)
     ITALY  
     Phone: 39 (0)2 9214 1555   
     Fax:   39 (0)2 9214 1644

     Network Associates Japan, Inc.
     Toranomon 33 Mori Bldg.
     3-8-21 Toranomon Minato-ku
     Tokyo 105-0001 Japan
     Phone: 81 3 5408 0700
     Fax:   81 3 5408 0780

     Network Associates Latin America
     150 South Pine Island Road, Suite 205
     Plantation, Florida 33324
     United States
     Phone: (954) 452-1731
     Fax:   (954) 236-8031

     Network Associates de Mexico
     Andres Bello No. 10, 4 Piso
     4th Floor
     Col. Polanco
     Mexico City, Mexico D.F. 11560
     Phone: (525) 282-9180
     Fax:   (525) 282-9183

     Network Associates International B.V.   
     Gatwickstraat 25   
     1043 GL Amsterdam    
     The Netherlands    
     Phone: 31 20 586 6100
     Fax:   31 20 586 6101

     Network Associates Portugal
     Av. da Liberdade, 114
     1269-046 Lisboa
     Portugal
     Phone:  351 1 340 4543
     Fax:    351 1 340 4575

     Net Tools Network Associates South Africa
     Bardev House, St. Andrews
     Meadowbrook Lane
     Epson Downs, P.O. Box 7062
     Bryanston, Johannesburg
     South Africa 2021
     Phone: 27 11 706-1629
     Fax:   27 11 706-1569

     Network Associates South East Asia
     78 Shenton Way
     #29-02
     Singapore 079120
     Phone: 65 222-7555
     Fax:   65 222-7555

     Network Associates Spain
     Orense 4, 4a Planta.
     Edificio Trieste
     28020 Madrid
     Spain
     Phone: 34 91 598 18 00
     Fax:   34 91 556 14 04

     Network Associates Sweden
     Datavgen 3A
     Box 596
     S-175 26 Jrflla
     Sweden
     Phone: 46 (0) 8 580 88 400
     Fax:   46 (0) 8 580 88 405

     Network Associates AG
     Baeulerwisenstrasse 3
     8152 Glattbrugg
     Switzerland
     Phone: 0041 1 808 99 66
     Fax:   0041 1 808 99 77

     Network Associates Taiwan
     Suite 6, 11F
     No. 188, Sec. 5
     Nan King E. Rd.
     Taipei, Taiwan, Republic of China
     Phone: 886-2-27-474-8800
     Fax:   886-2-27-635-5864

     Network Associates International Ltd.
     Minton Place, Victoria Street
     Windsor, Berkshire
     SL4 1EG
     United Kingdom
     Phone: 44 (0)1753 827 500
     Fax:   44 (0)1753 827 520


Or, you can receive online assistance through any
of the following resources:

 1.  Internet E-mail: support@nai.com

 2.  Internet FTP: ftp.nai.com

 3.  World Wide Web: http://support.nai.com

 4.  America Online: keyword MCAFEE

 5.  CompuServe: GO NAI

To provide the answers you need quickly and efficiently,
the Network Associates technical support staff needs
some information about your computer and your software.
Please have this information ready when you call:
                          
 - Program name and version number
 - Computer brand and model
 - Any additional hardware or peripherals connected to
   your computer
 - Operating system type and version numbers
 - Network name, operating system, and version
 - Network card installed, where applicable
 - Modem manufacturer, model, and baud, where applicable
 - Relevant browsers or applications and their version 
   numbers, where applicable
 - How to reproduce your problem: when it occurs, whether
   you can reproduce it regularly, and under what 
   conditions
 - Information needed to contact you by voice, fax, or 
   e-mail

We also seek and appreciate general feedback.

 
* FOR PRODUCT UPGRADES *

To make it easier for you to receive and use Network
Associates products, we have established a reseller's
program to provide service, sales, and support for our
products worldwide. For a listing of resellers, see the
resellers.txt file or contact Network Associates
Customer Care for resellers near you.

 
* FOR REPORTING PROBLEMS *

Network Associates prides itself on delivering a
high-quality product. If you find any problems, please
take a moment to review the contents of this file. If
the problem you've encountered is documented, there is
no need to report the problem to Network Associates.

If you find any feature that does not appear to
function properly on your system, or if you believe
an application would benefit greatly from enhancement,
please contact Network Associates with your suggestions
or concerns.


* FOR ON-SITE TRAINING INFORMATION *

Contact Network Associates Customer Service at
(800) 338-8754.


* NETWORK ASSOCIATES BETA SITE *

Get pre-release software, including .DAT files, through
http://www.avertlabs.com. You will have access to Public
Beta and External Test Areas. Your feedback will make
a difference.