Kaspersky Anti-Virus 8.0 for Storage

 
 
 

Actions applied to infected objects

Back to "General Info"
2012 Jan 24 ID: 5551
 
 
 
 
Applies to Kaspersky Anti-Virus 8.0 for Storage


Correct processing of infected objects is an important part of antivirus software functionality. Kaspersky Lab currently uses the following classification of known malicious programs:
  • Virus (Virware). This type comprises two subtypes: classical Virus and Worms of all kind.

  • Trojans (Trojware) – all trojan programs.

  • Other malicious programs (Malware). The latter threat type comprises:

Constructor DoS Exploit FileCryptor Flooder HackTool not-virus:Hoax not-virus:BadJoke Nuker 

PolyCryptor PolyEngine Sniffer SpamTool Spoofer VirTool Email-Flooder IM-Flooder SMS-Flooder

  • Advertising stuff (Adware). Anti-Virus detects such programs as not-a-virus:AdWare.

  • Autodialers (Pornware). This type comprises: not-a-virus:Porn-Dialer, not-a-virus:Porn-Downloader, and not-a-virus:Porn-Tool.

  • Potentially dangerous software (Riskware). This threat type comprises the following classes: 

not-a-virus:Tool
not-a-virus:Client-IRC 
not-a-virus:Dialer 
not-a-virus:Downloader


not-a-virus:PSWTool 
not-a-virus:RemoteAdmin 
not-a-virus:Server-FTP 
not-a-virus:Server-Proxy

not-a-virus:Server-Web 
not-a-virus:RiskTool 
not-a-virus:NetTool 
not-a-virus:Client-P2P

not-a-virus:AdTool 
not-a-virus:FraudTool 
not-a-virus:Monitor 
not-a-virus:Server-Telnet

not-a-virus:Client-SMTP 
 
InformationYou can read more about malware classifications and its particular types on www.viruslist.ru.

Each threat type has its definition and properties. Accordingly, each one requires a special approach. Some can be cured, others not. Using Kaspersky Anti-Virus 8.0 for Storage, an administrator can perform the following manipulations with infected objects:

  • Anti-virus will apply selected actions, regardless of detected threat type.
  • Recommended action. Anti-virus decides on an action to apply to the file. The analysis is based on threat type.
  • Administrator configures actions applied to each threat type.

You can select only one option at a time.


One and the same action is applied to all threat types

By default, Kaspersky Anti-virus processes objects according to status assigned during a scan: disinfect infected objects, Delete if disinfection fails, quarantine suspicious objects. Before processing (disinfect or delete), a copy of the original object is created in backup storage.

You can modify existing settings or configure a dependence between detected threat type and action.

You can configure actions by selecting a task (Real-time file protection or an On-demand-scan task), clicking the tab Configuring protection scope in the right pane, and clicking the button Settings below. Here you can select an action (according to task type) in the tab Actions:

InformationReal-time file protection task will also apply the action Block access besides the action you select.

  • Disinfect (for infected objects only). Anti-virus attempts to disinfect the infected object. If it can be disinfected, it will be disinfected, its copy will be saved on hard disk, and the original file will be placed into backup storage. If it cannot be disinfected, it will remain on the disk unchanged. We recommend deleting incurable objects.

  • Disinfect, delete if disinfection is impossible (for infected objects only). Anti-virus attempts to disinfect the infected object. If it can be disinfected, it will be disinfected, and its copy will be saved on hard disk replacing the original file. If it cannot be disinfected, it will be deleted and its original file will be placed into backup storage.

  • Delete. Anti-virus deletes the infected or suspicious object and its original file will be placed into backup storage.

  • Perform recommended action. Kaspersky Anti-virus will automatically apply an action recommended by Kaspersky Lab experts. Its original file will be placed into backup storage.

  • Skip. Anti-virus skips the object. If it is set to log such event types, it will be logged in the task execution log. The object remains on hard disk in its original state.

  • Quarantine (for suspicious objects only). Anti-virus moves the suspicious object into quarantine folder where it will be stored in an encrypted form excluding a possibility of an outbreak. Quarantined files can be rescanned after an update, analyzed by administrator or sent to Kaspersky Lab.

Anti-virus decides on an action to apply to the detected threat

How to enable this mode:
  1. Select a task (Real-time file protection or an on-demand-scan task), click the tab Configuring protection scope in the right pane, and click the button Settings below. Go to the tab Actions.
    • Select the option Perform recommended action for an On-demand-scan task.
    • Select the options Block access and perform recommended action for Real-time file protection task.

Administrator configures actions applied to each threat type

How to enable this mode:
  1. Select a task (Real-time file protection or an on-demand-scan task), click the tab Configuring protection scope in the right pane, and click the button Settings below. Go to the tab Actions.

  2. Check the box Act depending on the threat type in the section Actions on objects depending on the threat type and click the button Settings.

  3. Select desired action(s) for each threat type: Disinfect, Delete, Skip, Quarantine. Anti-virus attempts to performs First action, and then Second one if the First fails.
    Type Undefined encompasses threats that cannot be rated according to currently used classification.
InformationReal-time file protection will additionally perform an action Block infected object.

WarningIf the First action is Quarantine, and it fails, no Second action will be performed. The obejct will be skipped.

WarningIf Anti-virus detects just a suspicion in a file (a real threat possibly), it will apply the action you chose for that threat type.
For example, you have set the action Delete for trojans. Anti-virus detects a code that can possibly be a trojan program. It will delete the file according to your settings.

 
 
 
 
Did the provided info help you?
Yes No