This section describes scan settings that are applied to Docker containers and images.
All available values and default values for each setting are described below.
ScanContainers
Enables or disables scanning of Docker containers defined by masks. You can specify masks by using the ContainerNameMask
setting.
Available values:
Yes
—Scan Docker containers defined by mask.
No
—Do not scan Docker containers defined by mask.
Default value: Yes
ContainerNameMask
Specifies a name or a name mask that defines a Docker container to scan.
Before specifying this setting, make sure the ScanContainers
setting value is set to Yes
.
Available values:
Masks are specified in command shell format. You can use ?
and *
characters.
Default value: *
(all Docker containers are scanned)
Examples: Scan a container with my_container name:
Scan all containers whose names start with my_container:
Scan all containers whose names start with my_, then contain any five characters, then _container, and end with any characters sequence:
|
ScanImages
Enables or disables scanning of images defined by masks. You can specify masks by using the ImageNameMask
setting.
Available values:
Yes
—Scan images defined by mask.
No
—Do not scan images defined by mask.
Default value: Yes
ImageNameMask
Specifies a name or a name mask that define images to scan.
Before specifying this setting, make sure the ScanImages
setting value is set to Yes
.
Available values:
Masks are specified in command shell format.
If you want to specify several masks, each mask must be specified on a new line with new index specified (item_xxxx).
Default value: *
(all images are scanned)
Examples: Scan an image with name
Scan all images whose names start with
|
DeepScan
Enables or disables scanning of all layers of images.
Available values:
Yes
—Scan all layers.
No
—Do not scan all layers.
Default value: No
ContainerScanAction
Specifies the action to be performed on a Docker container when an infected object is detected. Actions on an infected object inside the Docker container are described below.
Available values:
StopContainerIfFailed
—The application stops the Docker container if an infected object disinfection failed.
StopContainer
—The application stops the Docker container when an infected object is detected.
Skip
—The application does not perform any action on the Docker container when an infected object is detected.
Default value: StopContainerIfFailed
ImageAction
Specifies the action to be performed on an image when an infected object is detected. Actions on an infected object inside the image are described below.
Available values:
Skip
—The application does not perform any action on the image when an infected object is detected.
Delete
—The application deletes the image when an infected object is detected (not recommended). All dependencies will also be deleted. Running Docker containers will be stopped, and then deleted.
Default value: Skip
Scan settings
Settings described below are applied to objects inside Docker containers and images.
ScanArchived
Enables or disables scanning of archives, including self-extracting (SFX) archives. Kaspersky Endpoint Security detects infected objects in archives, but does not disinfect them.
Available values:
Yes
—Scan archives, including self-extracting (SFX) archives. If FirstAction=Recommended
is specified, the application removes an archive that contains a threat.
No
—Do not scan archives.
Default value: Yes
ScanSfxArchived
Enables or disables scanning of self-extracting archives only (archives that contain an executable extraction module).
Available values:
Yes
—Scan self-extracting archives.
No
—Do not scan self-extracting archives.
Default value: Yes
ScanMailBases
Enables or disables scanning of email databases of Microsoft Outlook, Outlook Express, The Bat!, and other mail clients.
Available values:
Yes
—Scan email databases.
No
—Do not scan email databases.
Default value: No
ScanPlainMail
Enables or disables scanning of plain text email messages.
Available values:
Yes
—Scan plain text email messages.
No
—Do not scan plain text email messages.
Default value: No
ScanPriority
Specifies the scan task priority. Scan task priority is a parameter that combines a number of internal Kaspersky Endpoint Security settings and process start settings. By using this parameter, you can specify the way the application consumes system resources for running tasks.
Available values:
Idle
—Run the scan task with a low priority. Specify this value to release the application resources for other tasks, including user processes. The current scan task takes longer to complete.
Normal
—Run the scan task with a normal priority. Specify this value to perform the current scan task faster.
Default value: Idle
TimeLimit
Specifies the scan duration for a single archive (in seconds).
The application will skip archives that are scanned for longer than the specified time.
Available values:
0 – 9999
If 0
is specified, the scan duration is not limited.
Default value: 0
SizeLimit
Specifies the maximum size of an archive to be scanned (in megabytes).
If an archive is larger than the specified value, the application skips it during the scan.
Available values:
0 – 999999
If 0
is specified, the application scans archives of any size.
Default value: 0
Each detected object is assigned a status that indicates its danger to the system. You can specify two actions to perform on infected objects. Firstly, the application tries to perform the first action on an infected object. If performing the first action fails, the second one is performed.
Specified actions are performed on the layer, where an infected object was detected.
FirstAction
Specifies the first action to be performed on an infected object.
If an infected object is detected in a file referenced to by a symbolic link that is included in the scan scope (while the file referenced by this symbolic link is not included in the scan scope), the specified action will be performed to the target file. For example, if you specify the Remove
action, the application removes the target file, but the symbolic link file remains and refers to a non-existent file.
Available values:
Disinfect
—The application blocks access to an infected object and then attempts to disinfect it.
Remove
—The application blocks access to an infected object and then deletes it.
Recommended
—The application applies the action that is recommended by Kaspersky's experts.
Skip
—The application skips an infected object during the scan
Default value: Recommended
SecondAction
Specifies the action to be performed on an infected object, if the action defined by the FirstAction
parameter fails.
Available values:
Disinfect
—The application blocks access to an infected object and then attempts to disinfect it.
Remove
—The application blocks access to an infected object and then deletes it.
Recommended
—The application applies the action that is recommended by Kaspersky's experts.
Skip
—The application blocks access to an infected object.
Default value: Skip
UseExcludeMasks
Enables or disables the scan exclusion of objects.
Available values:
Yes
—Exclude objects specified by the ExcludeMasks
parameter from the scan.
No
—Do not exclude objects specified by the ExcludeMasks
parameter from the scan.
Default value: No
UseExcludeThreats
Enables or disables the scan exclusions of specified threats.
Available values:
Yes
—Exclude from scanning the objects containing threats specified by the ExcludeThreats
parameter.
No
—Do not exclude from scanning the objects containing threats specified by the ExcludeThreats
parameter.
Default value: No
ReportCleanObjects
Enables or disables logging of information about scanned objects that the application reported as "Clean" during the scan.
Available values:
Yes
—Log the information about clean objects. Setting this parameter value to Yes
for a long period is not recommended, since logging a large amount of information may reduce the application performance.
No
—Do not log the information about clean objects.
Default value: No
ReportPackedObjects
Enables or disables logging of information about objects, that are part of compound objects.
Available values:
Yes
—Log the information about packed objects. Setting this parameter value to Yes
for a long period is not recommended, since logging a large amount of information may reduce the application performance.
No
—Do not log the information about packed objects.
Default value: No
ReportUnprocessedObjects
Enables or disables logging of information about files that have not been processed for some reason.
Available values:
Yes
—Log the information about unprocessed objects. Setting this parameter value to Yes
for a long period is not recommended, since logging a large amount of information may reduce the application performance.
No
—Do not log the information about unprocessed objects.
Default value: No
UseAnalyzer
Enables or disables Heuristic Analyzer.
Available values:
Yes
—Enable Heuristic Analyzer.
No
—Disable Heuristic Analyzer.
Default value: Yes
HeuristicLevel
Specifies the level of the heuristic analysis.
Available values:
Light
—Least detailed scan, minimum system load.
Medium
—Medium scan, balanced system load.
Deep
—Most detailed scan, maximum system load.
Recommended
—Optimal level recommended by Kaspersky's experts.
Default value: Recommended
UseIChecker
Enables or disables using iChecker technology during the scan.
Available values:
Yes
—Use the iChecker technology during the scan.
No
—Do not use the iChecker technology during the scan.
Default value: Yes