File Anti-Virus is the component that monitors the computer's file system in real-time mode. By default, it launches at the operating system startup, persists continuously in RAM, and scans all files that are opened, started or saved on your computer and all associated disk drives.
The scan process comprises the following steps:
- Each attempt by a user or a program to access any file is intercepted by the component.
- The file is analyzed for viruses. Malicious objects are recognized based on the application databases. These databases contain descriptions of all the currently known malicious programs and instructions to neutralize them.
- Following the analysis, one of the following Kaspersky Anti-Virus operation modes may be applied:
- if a malicious code is detected in a file, File Anti-Virus blocks the file and attempts to disinfect it
- after successful disinfection, the file will become accessible
- if disinfection fails, the file will be delete.
- When disinfecting or deleting a file, copy of it is placed into the backup storage.
- If a code that is similar to a malicious one is detected in the file but cannot be proved to be definitely malicious, the file will be placed into a special storage area called Quarantine. The application will attempt to disinfect it later using updated databases. If no malicious code is detected in this file, it will immediately become accessible.
