Home supported products

Kaspersky Internet Security 2010

Kaspersky Anti-Virus 2010

Kaspersky Internet Security 2009

Kaspersky Anti-Virus 2009

Kaspersky Anti-Virus (Mac OS X)

Support lifecycle of applications for personal desktop protection

Home legacy products

Business products
Workstations & Servers protection

Fighting malicious programs
How to disinfect...

Training and Certification
Take an educational course and become a certified anti-virus security specialist

Self Service
More help online

Support contacts and conditions
Information about support services and rules

You are visiting our Support Website and we thank you in advance for your participation in this poll and your feedbacks.

Please vote honestly, we will analyze the results and will do our best to improve our service as soon as possible.

Read the same in:

Home / Home products / Home supported products / Troubleshooting

Kaspersky Internet Security 7.0 MP1 (build 7.0.1.325)

Troubleshooting [48]

More Sections

How Kaspersky Lab products version 6.0/7.0 co-operate with the service CHKDSK
ID Article: 1491	Other languages:	70	2009 Jun 02 21:39	Printable version

	Useful links
	NTFS-Identifiers detailed description Microsoft API detailed description

Concerning to:

Kaspersky Anti-Virus 7.0 (all builds)

Kaspersky Internet Security 7.0 (all builds)

Kaspersky Anti-Virus 6.0 (all builds)

Kaspersky Internet Security 6.0 (all builds)

Kaspersky Anti-Virus 6.0 for Windows Workstations (all builds)

Kaspersky Anti-Virus 6.0 for Windows Servers (all builds)

Intellectual technologies iChecker and iSwift allow accelerating work of the anti-virus application either in the real-time protection or in the on-demand scan mode in Kaspersky Lab's products version 5.0.

iChecker operating principles:

During the first scan the check sum of an object is saved. Check sum is a unique digital signature of an object (file) that allows identifying this object (file). Check sum changes every time the object is modified. This information is saved in a special table. During the next scan of an object the previous and current check sums are compared. If the check sum is different it means the object was changed and it should be scanned for a malicious code once again, if the check sum is the same, the object was not changed and therefore it is not scanned. Use of this technolgy does not interfere with th service CHKDSK and its productivity.

iStreams operating principles:

During the first anti-virus scan of the object and its contents for an infected code, the scan sum and some other service parameters of the object are counted, fixed and saved. These parameters define the state of the object by the moment of scan completion. The data received during the scan (CRC object, service parameters, date of the first scan) are registered in the object stream. During the next anti-virus scan of the object the object data (CRC and service parameters) are compared with the data saved in the stream (if it exists). If there is no stream and data do not coincide, the parameters saved in the data base are scanned. If the data coincide, the object is not scanned. This technology works only on the NTFS file system.

The technology iChecker was further enhanced in Kaspersky Labs products versions 6.0 and 7.0, and the iStreams technology was substituted by iSwift.

iSwift operating principles:

The technology has been developed for NTFS file system. In this system an object-identifier (object-ID) is given to each object. To get/ create an object-ID documented Microsoft API is used. Object identifier (ID) is compared with values of the special iSwift database

An object ID is an optional attribute that uniquely identifies a file or directory on a volume. Rename, backup, and restore operations preserve object IDs. However, copy operations do not preserve object IDs, because that would violate their uniqueness.

If the database values with the Object ID value do not coincide then the object is scanned or rescanned, in case it has been modified. Technology is linked to a file location in the file system. If the file has been copied, relocated it will be rescanned.

The above mentioned technologies do NOT change the file itself, its structure or structure of the hard drive. These technologies ONLY use the NTFS documented features (iStreams and iSwift) or a special table (iChecker) to store the service data.

An index of all object IDs is stored on the volume. Once Kaspersky Anti-Virus has performed initial scan with the iSwift technology and an object ID is given to each file, database volume may increase form 2MB to 200 MB depending on the number of objects/ files on this computer.

CHKDSK checks the database of objects IDs and their integrity set up in the operating system; their average size might be 200MB). And the problem is CHKDSK does not show the scan progress of such big index and appears to hang for a period of time, that is normal. You can get more detailed information about operating principles of CHKDSK and 'freeze' reasons of the scan process in the following article on the Microsoft site: An explanation of the new /C and /I Switches that are available to use with Chkdsk.exe .

In order to resolve such problems Kaspersky Labs experts recommend launching the service CHKDSK with the /I switch from the command line.

The Microsoft Corporation officially states that API means were not developed for the mechanism deployed in the iSwift technology. On the other hand no restrictions to use API means were mentioned in the API description. In Kaspersky Labs products version 8.0 experts are planning to add a new scheme to index computer objects (files); this scheme will allow avoiding problems by co-work with the service CHKDSK.