Kaspersky Internet Security 2011

 
 
 

File Anti-Virus operation algorithm in Kaspersky Lab 2011 products

Retour vers la section "Tous les articles"
2012 nov. 06 Article ID: 4069
 
 
 
 

Cet article n'est pas encore disponible en français. Merci de votre patience et de votre compréhension.

Applies to:
  • Kaspersky Internet Security 2011
  • Kaspersky Anti-Virus 2011
  • File Anti-Virus loads when you start your operating system and runs in your computer's RAM, scanning all files that are opened, saved or executed.

    By default, File Anti-Virus only scans new or modified files; in other words, files that have been added or modified since the previous scan.

    Files are scanned according to the following algorithm:

    • The component intercepts every attempt by the user or by any program to access any file.
    • File Anti-Virus scans iChecker and iSwift databases for information about the intercepted file, and determines if it should scan the file, based on the information retrieved.

    The following operations are performed when scanning:

    1. The file is scanned for viruses. Malicious objects are recognized based on Kaspersky Internet Security databases. The database contains descriptions of all malicious programs and threats currently known, and methods for processing them.
    2. After the analysis you have the following available courses of action for Kaspersky Internet Security:
      • If malicious code is detected in the file, File Anti-Virus blocks the file, creates a backup copy and attempts to perform disinfection. If the file is successfully disinfected, it becomes available again. If disinfection fails, the file is deleted.
      • If potentially malicious code is detected in the file (but the maliciousness is not absolutely guaranteed), the file proceeds to disinfection and then is sent to the special storage area called Quarantine.
      • If no malicious code is discovered in the file, it is immediately restored.

    The application will notify you when an infected or a possibly infected file is detected. If an infected or potentially infected object is detected, a notification with a request for further actions will be displayed onscreen.

    You will be offered the following:

    • quarantine the object, allowing the new threat to be scanned and processed later using updated databases;
    • delete the object;
    • skip the object if you are absolutely sure that it is not malicious.
     
     
     
     
    Cette solution a-t-elle répondu à votre question ?
    Oui Non