Container Scan task settings

This section describes scan settings that are applied to Docker containers and images.

All available values and default values for each setting are described below.

ScanContainers

Enables or disables scanning of Docker containers defined by masks. You can specify masks by using the ContainerNameMask setting.

Available values:

Yes—Scan Docker containers defined by mask.

No—Do not scan Docker containers defined by mask.

Default value: Yes

ContainerNameMask

Specifies a name or a name mask that defines a Docker container to scan.

Before specifying this setting, make sure the ScanContainers setting value is set to Yes.

Available values:

Masks are specified in command shell format. You can use ? and * characters.

Default value: * (all Docker containers are scanned)

Examples:

Scan a container with my_container name:

ContainerNameMask=my_container

Scan all containers whose names start with my_container:

ContainerNameMask=my_container*

Scan all containers whose names start with my_, then contain any five characters, then _container, and end with any characters sequence:

ContainerNameMask=my_?????_container*

ScanImages

Enables or disables scanning of images defined by masks. You can specify masks by using the ImageNameMask setting.

Available values:

Yes—Scan images defined by mask.

No—Do not scan images defined by mask.

Default value: Yes

ImageNameMask

Specifies a name or a name mask that define images to scan.

Before specifying this setting, make sure the ScanImages setting value is set to Yes.

Available values:

Masks are specified in command shell format.

If you want to specify several masks, each mask must be specified on a new line with new index specified (item_xxxx).

Default value: * (all images are scanned)

Examples:

Scan an image with name my_image, and the tag value latest:

ImageNameMask=my_image:latest

Scan all images whose names start with my_image_ and with any tag value:

ImageNameMask=my_image*

DeepScan

Enables or disables scanning of all layers of images.

Available values:

Yes—Scan all layers.

No—Do not scan all layers.

Default value: No

ContainerScanAction

Specifies the action to be performed on a Docker container when an infected object is detected. Actions on an infected object inside the Docker container are described below.

Available values:

StopContainerIfFailed—The application stops the Docker container if an infected object disinfection failed.

StopContainer—The application stops the Docker container when an infected object is detected.

Skip—The application does not perform any action on the Docker container when an infected object is detected.

Default value: StopContainerIfFailed

ImageAction

Specifies the action to be performed on an image when an infected object is detected. Actions on an infected object inside the image are described below.

Available values:

Skip—The application does not perform any action on the image when an infected object is detected.

Delete—The application deletes the image when an infected object is detected (not recommended). All dependencies will also be deleted. Running Docker containers will be stopped, and then deleted.

Default value: Skip

Scan settings

Settings described below are applied to objects inside Docker containers and images.

ScanArchived

Enables or disables scanning of archives, including self-extracting (SFX) archives. Kaspersky Endpoint Security detects infected objects in archives, but does not disinfect them.

Available values:

Yes—Scan archives, including self-extracting (SFX) archives. If FirstAction=Recommended is specified, the application removes an archive that contains a threat.

No—Do not scan archives.

Default value: Yes

ScanSfxArchived

Enables or disables scanning of self-extracting archives only (archives that contain an executable extraction module).

Available values:

Yes—Scan self-extracting archives.

No—Do not scan self-extracting archives.

Default value: Yes

ScanMailBases

Enables or disables scanning of email databases of Microsoft Outlook, Outlook Express, The Bat!, and other mail clients.

Available values:

Yes—Scan email databases.

No—Do not scan email databases.

Default value: No

ScanPlainMail

Enables or disables scanning of plain text email messages.

Available values:

Yes—Scan plain text email messages.

No—Do not scan plain text email messages.

Default value: No

ScanPriority

Specifies the scan task priority. Scan task priority is a parameter that combines a number of internal Kaspersky Endpoint Security settings and process start settings. By using this parameter, you can specify the way the application consumes system resources for running tasks.

Available values:

Idle—Run the scan task with a low priority. Specify this value to release the application resources for other tasks, including user processes. The current scan task takes longer to complete.

Normal—Run the scan task with a normal priority. Specify this value to perform the current scan task faster.

Default value: Idle

TimeLimit

Specifies the scan duration for a single archive (in seconds).

The application will skip archives that are scanned for longer than the specified time.

Available values:

0 – 9999

If 0 is specified, the scan duration is not limited.

Default value: 0

SizeLimit

Specifies the maximum size of an archive to be scanned (in megabytes).

If an archive is larger than the specified value, the application skips it during the scan.

Available values:

0 – 999999

If 0 is specified, the application scans archives of any size.

Default value: 0

Each detected object is assigned a status that indicates its danger to the system. You can specify two actions to perform on infected objects. Firstly, the application tries to perform the first action on an infected object. If performing the first action fails, the second one is performed.

Specified actions are performed on the layer, where an infected object was detected.

FirstAction

Specifies the first action to be performed on an infected object.

If an infected object is detected in a file referenced to by a symbolic link that is included in the scan scope (while the file referenced by this symbolic link is not included in the scan scope), the specified action will be performed to the target file. For example, if you specify the Remove action, the application removes the target file, but the symbolic link file remains and refers to a non-existent file.

Available values:

Disinfect—The application blocks access to an infected object and then attempts to disinfect it.

Remove—The application blocks access to an infected object and then deletes it.

Recommended—The application applies the action that is recommended by Kaspersky's experts.

Skip—The application skips an infected object during the scan

Default value: Recommended

SecondAction

Specifies the action to be performed on an infected object, if the action defined by the FirstAction parameter fails.

Available values:

Disinfect—The application blocks access to an infected object and then attempts to disinfect it.

Remove—The application blocks access to an infected object and then deletes it.

Recommended—The application applies the action that is recommended by Kaspersky's experts.

Skip—The application blocks access to an infected object.

Default value: Skip

UseExcludeMasks

Enables or disables the scan exclusion of objects.

Available values:

Yes—Exclude objects specified by the ExcludeMasks parameter from the scan.

No—Do not exclude objects specified by the ExcludeMasks parameter from the scan.

Default value: No

UseExcludeThreats

Enables or disables the scan exclusions of specified threats.

Available values:

Yes—Exclude from scanning the objects containing threats specified by the ExcludeThreats parameter.

No—Do not exclude from scanning the objects containing threats specified by the ExcludeThreats parameter.

Default value: No

ReportCleanObjects

Enables or disables logging of information about scanned objects that the application reported as "Clean" during the scan.

Available values:

Yes—Log the information about clean objects. Setting this parameter value to Yes for a long period is not recommended, since logging a large amount of information may reduce the application performance.

No—Do not log the information about clean objects.

Default value: No

ReportPackedObjects

Enables or disables logging of information about objects, that are part of compound objects.

Available values:

Yes—Log the information about packed objects. Setting this parameter value to Yes for a long period is not recommended, since logging a large amount of information may reduce the application performance.

No—Do not log the information about packed objects.

Default value: No

ReportUnprocessedObjects

Enables or disables logging of information about files that have not been processed for some reason.

Available values:

Yes—Log the information about unprocessed objects. Setting this parameter value to Yes for a long period is not recommended, since logging a large amount of information may reduce the application performance.

No—Do not log the information about unprocessed objects.

Default value: No

UseAnalyzer

Enables or disables Heuristic Analyzer.

Available values:

Yes—Enable Heuristic Analyzer.

No—Disable Heuristic Analyzer.

Default value: Yes

HeuristicLevel

Specifies the level of the heuristic analysis.

Available values:

Light—Least detailed scan, minimum system load.

Medium—Medium scan, balanced system load.

Deep—Most detailed scan, maximum system load.

Recommended—Optimal level recommended by Kaspersky's experts.

Default value: Recommended

UseIChecker

Enables or disables using iChecker technology during the scan.

Available values:

Yes—Use the iChecker technology during the scan.

No—Do not use the iChecker technology during the scan.

Default value: Yes

Page top