Special considerations for scanning symbolic links and hard links

Kaspersky Endpoint Security lets you scan symbolic links and hard links to files.

Scanning symbolic links

Kaspersky Endpoint Security scans symbolic links only if the file referenced by the symbolic link is within the protection scope of the File Threat Protection task.

If the file referenced by the symbolic link is not within the File Threat Protection task, the application does not scan this file. However, if the file contains malicious code, the security of the computer is at risk.

Scanning hard links

When Kaspersky Endpoint Security processes a file that has more than one hard link, the application selects an action based on the assigned action to take on objects:

• If the Perform recommended action is selected, Kaspersky Endpoint Security automatically selects and performs an action on an object based on data about the danger of the threat detected in the object and the capability to disinfect it.
• If the Remove action is selected, Kaspersky Endpoint Security removes the hard link being processed. The remaining hard links to this file will not be processed.
• If the Disinfect action is selected, Kaspersky Endpoint Security disinfects the source file. If disinfection fails, the application deletes the hard link and creates in its place a copy of the source file with the name of the deleted hard link.

When you restore a file with a hard link from Storage, Kaspersky Endpoint Security creates a copy of the source file with the name of the hard link that was moved to Storage. Connections with the remaining hard links to the source file will not be restored.

Page top