Virus scan task settings

This section provides information about the settings you can specify for the virus scan task.

All available values and default values for each setting are described.


Enables or disables scanning of archives (including SFX self-extracting archives). Kaspersky Endpoint Security detects threats in archives but does not disinfect them. The following archive types are supported: .zip; .7z*; .7-z; .rar; .iso; .cab; .jar; .bz;.bz2;.tbz;.tbz2; .gz;.tgz; .arj.

Available values:

Yes—Scan archives. If FirstAction=Recommended is specified, the application removes an archive that contains a threat.

No—Do not scan archives.

Default value: Yes


Enables or disables scanning of self-extracting archives only (archives that contain an executable extraction module).

Available values:

Yes—Scan self-extracting archives.

No—Do not scan self-extracting archives.

Default value: Yes


Enables or disables scanning of email databases of Microsoft Outlook®, Outlook Express, The Bat!, and other mail clients.

Available values:

Yes—Scan files of email databases.

No—Do not scan files of email databases.

Default value: No


Enables or disables scanning of plain text email messages.

Available values:

Yes—Scan plain text email messages.

No—Do not scan plain text email messages.

Default value: No


Specifies the scan task priority. Scan task priority is a parameter that combines a number of internal Kaspersky Endpoint Security settings and process start settings. By using this parameter, you can specify the way the application consumes system resources for running tasks.

Available values:

Idle—Run the scan task with a low priority. Specify this value to release the application resources for other tasks, including user processes. The current scan task takes longer to complete.

Normal—Run the scan task with a normal priority. Specify this value to perform the current scan task faster.

Default value: Idle


Specifies the maximum size of an archive to be scanned (in megabytes).

If an archive is larger than the specified value, the application skips it during the scan.

Available values:


0—Kaspersky Endpoint Security scans archives of any size

Default value: 0


Specifies the scan duration for a single archive (in seconds).

The application will skip archives that are scanned for longer than the specified time.

Available values:


0—The archive scan duration is unlimited.

Default value: 0


Selection of the first action to be performed by Kaspersky Endpoint Security on infected objects.

If an infected object is detected in a file referenced to by a symbolic link that is included in the scan scope (while the file referenced by this symbolic link is not included in the scan scope), the specified action will be performed to the target file. For example, if you specify the Remove action, the application removes the target file, but the symbolic link file remains and refers to a non-existent file.

Available values:

Disinfect—Kaspersky Endpoint Security attempts to disinfect an object by saving a copy of it in Storage. If disinfection fails (for example, if the type of object or the type of threat in the object cannot be disinfected) Kaspersky Endpoint Security leaves the object unchanged. If the first action is set to Disinfect, it is recommended to specify the second action using the SecondAction setting.

Remove—Kaspersky Endpoint Security removes the infected object after first creating a backup copy of it.

Recommended (perform recommended action)—Kaspersky Endpoint Security automatically selects and performs an action on the object based on information about the threat detected in the object. For example, Kaspersky Endpoint Security immediately removes Trojans since they do not incorporate themselves into other files and therefore they do not need to be disinfected.

Skip—Kaspersky Endpoint Security does not attempt to disinfect or delete an infected object. Information about the infected object is logged.

Default value: Recommended


Selection of the second action to be performed by Kaspersky Endpoint Security on infected objects. Kaspersky Endpoint Security performs the second action if the first action fails.

The values of the SecondAction setting are the same as the values of the FirstAction setting.

If Skip or Remove is selected as the first action, a second action does not need to be specified. It is recommended to specify two actions in other cases. If you have not specified a second action, Kaspersky Endpoint Security applies Skip as the second action.

Default value: Skip


Enables or disables the scan exclusion of objects specified using the ExcludeMasks setting.

Available values:

Yes—Exclude objects specified by the ExcludeMasks setting

No—Do not exclude objects specified by the ExcludeMasks setting

Default value: No


Excludes objects from scanning by name or mask. You can use this setting to exclude an individual file from the specified scan scope by name or exclude several files at once using masks in command shell format.

The default value is not defined.






Enables or disables the scan exclusion of objects with threats specified using the ExcludeThreats setting.

Available values:

Yes—Exclude from scanning the objects containing threats specified using the ExcludeThreats setting.

No—Do not exclude from scanning the objects containing threats specified using the ExcludeThreats setting.

Default value: No


Excludes objects from scanning by the name of the threats detected in them. Before specifying a value for this setting, make sure that the UseExcludeThreats setting is enabled.

In order to exclude a single object from scanning, specify the full name of the threat detected in this object – the Kaspersky Endpoint Security string with the decision that the object is infected.

For example, you may be using a utility to collect information about your network. To keep Kaspersky Endpoint Security from blocking it, add the full name of the threat contained in it to the list of threats excluded from scanning.

You can find the full name of the threat detected in the object in the Kaspersky Endpoint Security log. You can also find the full name of the threat on the website of the Virus Encyclopedia. To find the name of a threat, enter the application name in the Search field.

The setting value is case-sensitive.

The default value is not defined.






Enables or disables logging of information about scanned objects that Kaspersky Endpoint Security has deemed non-infected.

You can enable this setting, for example, to make sure that a particular object has been scanned by Kaspersky Endpoint Security.

Available values:

Yes—Log information about non-infected objects.

No—Do not log information about non-infected objects.

Default value: No


Enables or disables logging of information about scanned objects that are part of compound objects.

You can enable this setting, for example, to make sure that an object within an archive has been scanned by Kaspersky Endpoint Security.

Available values:

Yes—Log information about scanning objects within archives.

No—Do not log information about scanning objects within archives.

Default value: No


Enables or disables the logging of information about unscanned objects.

Available values:

Yes—Log information about unscanned objects.

No—Do not log information about unscanned objects.

Default value: No


Enables or disables Heuristic Analyzer.

Heuristic analysis helps the application to detect threats even before they become known to virus analysts.

Available values:

Yes—Enable Heuristic Analyzer

No—Disable Heuristic Analyzer

Default value: Yes


Heuristic analysis level.

You can specify the heuristic analysis level. The heuristic analysis level sets the balance between the thoroughness of searches for threats, the load on the operating system's resources, and the scan duration. The higher the heuristic analysis level, the more resources and time are required for scanning.

Available values:

Light—The least thorough scan with minimal load on the system.

Medium—Medium heuristic analysis level with a balanced load on the operating system.

Deep—The most thorough scan with maximal load on the operating system.

Recommended—Recommended value.

Default value: Recommended


Enables or disables the use of iChecker technology.

Available values:

Yes—Enable use of iChecker technology.

No—Disable use of iChecker technology.

Default value: Yes

The [ScanScope.item_#] section contains the following settings:


Description of the scan scope, which contains additional information about the scan scope. The maximum length of the string specified using this setting is 4096 characters.

The default value: All objects


AreaDesc="Scan mail databases"


Enables or disables scanning of the specified scope. To run the task, you must include at least one area to scan.

Available values:

Yes—Scan the specified scope.

No—Do not scan the specified scope.

The default value: Yes


You can use this setting to restrict the scan scope.

In the scan scope, Kaspersky Endpoint Security scans only the files that are indicated using command shell masks.

If this setting is not specified, Kaspersky Endpoint Security scans all objects in the scan scope. You can specify several values for this setting.

The default value: * (scan all objects)


AreaMask_<item number>=*.doc


You can use this setting to specify the path to objects to scan.

The value of the Path setting consists of two elements: <file system type>:<access protocol>. It may also contain the path to the directory in the local file system.

Available values:

<path to local directory>—Scan objects in the specified directory.

Shared:NFS—Scan the computer's file system resources that are accessible via the NFS protocol.

Shared:SMB—Scan the computer's file system resources that are accessible via the SMB protocol.

AllRemoteMounted—Scan all remote directories mounted on the computer using the SMB and NFS protocols.

AllShared—Scan all of the computer's file system resources shared via the SMB and NFS protocols.

The [ExcludedFromScanScope.item_#] section contains the following settings:


Description of the scan exclusion scope. Contains additional information about the exclusion scope.

The default value is not defined.


AreaDesc="Exclude separate SAMBA"


Enables or disables scanning of the specified scope.

Available values:

Yes—Excludes the specified scope.

No—Does not exclude the specified scope.

Default value: Yes


You can use this setting to specify the path to objects excluded from scanning.

The value of the Path setting consists of two elements: <file system type>:<access protocol>. It may also contain the path to the directory in the local file system.

Available values:

<path to local directory>—Exclude objects in the specified directory from scanning. You can use masks to specify the path.

Shared:NFS—Exclude the computer's file system resources that are accessible via the NFS protocol.

Shared:SMB—Exclude the computer's file system resources that are accessible via the Samba protocol.

AllRemoteMounted—Exclude all remote directories mounted on the computer using the SMB and NFS protocols.

AllShared—Exclude all of the computer's file system resources shared via the SMB and NFS protocols.

Page top