Concerning to Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition MP2
Trusted zone is a unified list of objects which can be excluded from the scan. Processes, files, areas on the disk, and some threats can be defined as excluded objects.
If during the Anti-Virus installation you have chosen Add to exclusions threats by mask not-a-virus:RemoteAdmin* and Consider Microsoft recommendations, then these exclusion rules are applied in the task Real-time file protection and Script monitoring tasks as well as to on-demand scan tasks except the tasks Scan Quarantined Objects and Verify application modules integrity.
In order to set Trusted zone right-click the Kaspersky Anti-Virus node > select Configure trusted zone.
Excluding processes from scan
You can exclude a process from scan in Real-time file protection task, i.e. add a process to the trusted zone list, by:
- selecting this process from the list of processes currently running on the protected server;
- selecting an executable file of the process regardless of whether the process is currently running.
Processes can be added to the list of trusted processes on the Trusted processes tab: check the box Do not monitor file activity of the specified processes and click the Add button. Specify the path to the necessary file (click the Browse button) or select the process from the process of active processes (the Processes button).
Only a member of the local administrators group on the protected server can view active processes on the server.
The Anti-Virus does not consider a process to be a trusted process if:
1. the executable file of the process has been modified. In this case the Anti-Virus will exclude this process from the list of trusted processes.
2. the path to the executable process file is different from the path specified by you in the Path to file on protected computer field. If you wish a process launched from a file that may be located in any folder to be considered trusted, then enter character * in the Path to file on protected computer field. Specifying the path you can use environment variables.
3. The executable file of the process has been added to the list of trusted processes but the process is not checked, i.e. the rule has been created but is not enabled.
You can disable real-time protection of files accessed by the backup file copying operation during the time while this task is being executed. Check the box Do not check files backup operations and Anti-Virus will not scan files opened for reading by the backup copying application with attribute FILE_FLAG_BACKUP_SEMANTICS.
Once the list of trusted processes has been set, Make sure that the trusted area is applied in tasks Real-time File Protection and Scan monitoring: open properties of the task and on the Protection mode tab check if the box Apply trusted zone is enabled.
Pay attention that in this case exclusion rules configured on the Exclusion rules tab will be applied to the Real-time file protection and Script monitoring tasks as well.
Excluding scripts, files and threats from scan
Files, scripts and threats can be excluded from scan on the Exclusion rules tab in the trusted zone. On this tab you can exclude from scan:
- specified files/ scripts/ areas
- threats detected in files located in the definite disk areas
- threats without binding to the location where the threat/ file was detected.
Pay attention, creating an exclusion rule for a threat does not mean the file will not be scanned, the file with the excluded threat will be scanned, but it will not be processed, thus no actions will be applied to the detected threat. I.e. the Anti-Virus scans file, finds the threat in it, detects that the threat has been added to the Trusted zone and does not perform any actions over the file.
According to the default settings the Trusted zone is applied to the Real-time file protection, Script monitoring tasks and to all on-demand scan tasks (and to all newly created tasks). But use of the Trusted zone can be disabled in the settings of the definite task. For it uncheck the box Apply trusted zone on the Protected zone tab in the properties of the selected task. After you enable or disable a trusted area, exclusions in this area will be immediately applied to or removed from the Real-Time File Protection/ Script monitoring and in to/from the on-demand scan tasks - next time the task is launched.
Additionally individual exclusions for a selected task can be configured to enhance the server security.
To create exclusion rules click the Add button. Indicate the rule according to which Anti-Virus will exclude the object:
- in order to exclude specified files, scripts or areas check the Object box and click the Change button.
- When defining Disk or folder you can use absolute/ relative paths and environment variables – masks cannot be used.
- When defining the File you can use absolute/ relative paths, environment variables and masks
You can only use one wildcard in a path and only at the end of the path to the file. Example of correct usage: "C:\Temp\Temp*" or "C:\Temp\Temp???.doc" or "C:\Temp\Temp*.doc".
- When defining File or URL of the script you can use wildcards such as * and ?, as well as environment variables.
You can only use one wildcard in a path and only at the end of the path to the file or URL script.
- in order to exclude definite threats check the Threats box and the Change button. In the field enter either the full name of the mask or the mask. Use names of the threats as Kaspersky Labs detects them! As a result the threat defined will not be processed by the Anti-Virus – regardless of the file location where it was detected.
- in order to exclude defined threats in the definite areas/ files check the Object and Threats boxes and perform the necessary configuration. As a result the threat defined in the rule and detected in the file will not be processed by the Anti-Virus.
By default the trusted area is applied in the Real-time file protection and Script monitoring tasks, system tasks and newly created on-demand scan tasks. In order to apply this rule to one task, clear the corresponding box in the Rule application scope parameter.
Once the exclusions list is configured make sure Trusted zone is enabled in the Real-time file protection and Script monitoring tasks and in the on-demand scan tasks. For it open properties of the necessary task on the General/ Protection mode tab and make sure that the Apply trusted zone box is enabled. Pay attention that in this case exclusion rules configured on the Trusted processes tab will be applied to the selected task.