Kaspersky Small Office Security 2.0 (File Server)

 
 
 

File Anti-Virus operation algorithm in Kaspersky Small Office Security 2 for File Server

Back to "File Anti-Virus"
2012 Jan 24 ID: 5468
 
 
 
 

Applies to Kaspersky Small Office Security 2 for File Server

File Anti-Virus loads when you start your operating system and runs in your computer's RAM, scanning all files that are opened, saved or executed.

By default, File Anti-Virus only scans new or modified files; in other words, files that have been added or modified since the previous scan.

Files are scanned according to the following algorithm:

  • The component intercepts every attempt by the user or by any program to access any file.
  • File Anti-Virus scans iChecker and iSwift databases for information about the intercepted file, and determines if it should scan the file, based on the information retrieved.

The following operations are performed when scanning:

  1. The file is scanned for viruses. Malicious objects are recognized based on the antivirus databases. The database contains descriptions of all malicious programs and threats currently known, and methods for processing them.
  2. After the analysis you have the following available courses of action for Kaspersky Internet Security:
    • If malicious code is detected in the file, File Anti-Virus blocks the file, creates a backup copy and attempts to perform disinfection. If the file is successfully disinfected, it becomes available again. If disinfection fails, the file is deleted.
    • If potentially malicious code is detected in the file (but the maliciousness is not absolutely guaranteed), the file proceeds to disinfection and then is sent to the special storage area called Quarantine.
    • If no malicious code is discovered in the file, it is immediately restored.

If interactive mode is enabled, then if an infected or potentially infected object is detected, a notification with a request for further actions will be displayed on screen only.

You will be offered the following:

  • quarantine the object, allowing the new threat to be scanned and processed later using updated databases;
  • delete the object;
  • skip the object if you are absolutely sure that it is not malicious.
 
 
 
 
Did the provided info help you?
Yes No