The Critical Areas Scan task allows you to scan boot sectors, startup objects, process memory, and kernel memory.
The table describes all available values and the default values of all the settings that you can specify for the Critical Areas Scan task.
|
|
|
Setting
|
Description
|
Values
|
ScanFiles
|
Enables file scan.
|
Yes — Scan files.
No (default value) — Do not scan files.
|
ScanBootSectors
|
Enables boot sector scans.
|
Yes (default value) — Scan boot sectors.
No — Do not scan boot sectors.
|
ScanComputerMemory
|
Enables process memory and kernel memory scans.
|
Yes (default value) — Scan process memory and kernel memory.
No — Do not scan process memory and kernel memory.
|
ScanStartupObjects
|
Enables startup object scans.
|
Yes (default value) — Scan startup objects.
No — Do not scan startup objects.
|
ScanArchived
|
Enables scanning of archives (including SFX self-extracting archives).
The application scans the following archives: .zip; .7z*; .7-z; .rar; .iso; .cab; .jar; .bz; .bz2; .tbz; .tbz2; .gz; .tgz; .arj. The list of supported archive formats depends on the application databases being used.
|
Yes (default value) — Scan archives. If the FirstAction=Recommended value is specified, then, depending on the archive type, the application deletes either the infected object or the entire archive that contains the threat.
No — Do not scan archives.
|
ScanSfxArchived
|
Enables scanning of self-extracting archives only (archives that contain an executable extraction module).
|
Yes (default value) — Scan self-extracting archives.
No — Do not scan self-extracting archives.
|
ScanMailBases
|
Enables scanning email databases of Microsoft Outlook, Outlook Express, The Bat, and other mail clients.
|
Yes — Scan files of email databases.
No (default value) — Do not scan files of email databases.
|
ScanPlainMail
|
Enables scanning of plain text email messages.
|
Yes — Scan plain text email messages.
No (default value) — Do not scan plain text email messages.
|
ScanPriority
|
Task priority. Task priority is a parameter that combines a number of internal Kaspersky Endpoint Security settings and process start settings. By using this parameter, you can specify the way the application consumes system resources for running tasks.
|
Idle — Run the task with a low priority: no more than 10% of processor resource consumption. Specify this value to release the application resources for other tasks, including user processes. The current scan task takes longer to complete.
Normal (default value) — Run the task with a normal priority: no more than 50% of all processors resources.
High — Run the task with a high priority, without limiting the consumption of processor resources. Specify this value to perform the current scan task faster.
|
SizeLimit
|
Maximum size of an object to be scanned (in megabytes). If the object to be scanned is larger than the specified value, the application skips this object.
|
0 – 999999
0 — The application scans objects of any size.
The default value is 0.
|
TimeLimit
|
Maximum object scan duration (in seconds). The application stops scanning the object if it takes longer than the time specified by this parameter.
|
0 – 9999
0 — The object scan time is unlimited.
The default value is 0.
|
FirstAction
|
Selection of the first action to be performed by the application on the infected objects.
If an infected object is detected in a file referenced to by a symbolic link that is included in the scan scope (while the file referenced by this symbolic link is not included in the scan scope), the specified action will be performed to the target file. For example, if you specify the Remove action, the application removes the target file, but the symbolic link file remains and refers to a non-existent file.
|
Disinfect — The application tries to disinfect an object and save a copy of it to the Storage. If disinfection fails (for example, if the type of object or the type of threat in the object cannot be disinfected), then the application leaves the object unchanged. If the first action is Disinfect, it is recommended to specify a second action using the SecondAction setting.
Remove — The application removes the infected object after creating a backup copy of it.
Recommended (perform recommended action) – The application automatically selects and performs an action on the object based on information about the threat detected in the object. For example, Kaspersky Endpoint Security immediately removes Trojans since they do not incorporate themselves into other files and therefore they do not need to be disinfected.
Skip – The application does not try to disinfect or delete infected objects. Information about the infected object is logged.
Default value: Recommended.
|
SecondAction
|
Selection of the second action to be performed by the application on the infected objects. The application performs the second action if the first action fails.
|
The possible values of the SecondAction setting are the same as those of the FirstAction setting.
If Skip or Remove is selected as the first action, the second action does not need to be specified. It is recommended to specify two actions in all other cases. If you have not specified the second action, the application applies Skip as the second action.
Default value: Skip.
|
UseExcludeMasks
|
Enables exclusion of the objects specified by the ExcludeMasks setting from scan.
|
Yes — Exclude objects specified by the ExcludeMasks setting from scan.
No (default value) — Do not exclude objects specified by the ExcludeMasks setting from scan.
|
ExcludeMasks
|
Excludes objects from being scanned by name or mask. You can use this setting to exclude an individual file from the specified scan scope by name or exclude several files at once using masks in the shell format.
Before specifying a value for this setting, make sure that the UseExcludeMasks setting is enabled.
|
The default value is not defined.
Example:
UseExcludeMasks=Yes
ExcludeMasks.item_0000=eicar1.*
ExcludeMasks.item_0001=eicar2.*
|
|
UseExcludeThreats
|
Enables exclusion of objects containing the threats specified by the ExcludeThreats setting from scans.
|
Yes — Exclude objects containing the threats specified by the ExcludeThreats setting from scans.
No (default value) — Do not exclude objects containing the threats specified by the ExcludeThreats setting from scans.
|
ExcludeThreats
|
Excludes objects from scans by the name of the threats detected in them. Before specifying a value for this setting, make sure that the UseExcludeThreats setting is enabled.
In order to exclude a single object from scans, specify the full name of the threat detected in this object – the string containing the application's decision that the object is infected.
For example, you may be using a utility to collect information about your network. To keep the application from blocking it, add the full name of the threat contained in it to the list of threats excluded from scans.
You can find the full name of the threat detected in the object in the application log. You can also find the full name of the threat on the Virus Encyclopedia website. To find the name of a threat, enter the application name in the Search field.
|
The setting value is case-sensitive.
The default value is not defined.
Example:
UseExcludeThreats=Yes
ExcludeThreats.item_0000=EICAR-Test-*
ExcludeThreats.item_0001=?rojan.Linux
|
|
ReportCleanObjects
|
Enables logging of information about scanned objects that the application reports as not being infected.
You can enable this setting, for example, to make sure that a particular object was scanned by the application.
|
Yes — Log information about non-infected objects.
No (default value) — Do not log information about non-infected objects.
|
ReportPackedObjects
|
Enables logging of information about scanned objects that are part of compound objects.
You can enable this setting, for example, to make sure that an object within an archive has been scanned by the application.
|
Yes — Log information about scanned objects within archives.
No (default value) — Do not log information about scanned objects within archives.
|
ReportUnprocessedObjects
|
Enables logging of information about objects that have not been processed for some reason.
|
Yes — Log information about unprocessed objects.
No (default value) — Do not log information about unprocessed objects.
|
UseAnalyzer
|
Enables heuristic analysis.
Heuristic analysis helps the application to detect threats even before they become known to virus analysts.
|
Yes (default value) — Enable Heuristic Analyzer.
No — Disable Heuristic Analyzer.
|
HeuristicLevel
|
Specifies the heuristic analysis level.
You can specify the heuristic analysis level. The heuristic analysis level sets the balance between the thoroughness of searches for threats, the load on the operating system's resources, and the scan duration. The higher the heuristic analysis level, the more resources and time are required for scanning.
|
Light — The least thorough scan with minimum load on the system.
Medium — A medium heuristic analysis level with a balanced load on the system.
Deep — The most thorough scan with maximum load on the system.
Recommended (default value) — The recommended value.
|
UseIChecker
|
Enables usage of the iChecker technology.
|
Yes (default value) — Enable use of the iChecker technology.
No — Disable use of the iChecker technology.
|
DeviceNameMasks.item_#
|
List of device names. The application will scan boot sectors of these devices.
The setting value cannot be empty. At least one device name mask must be specified to run this task.
|
AllObjects – scan boot sectors of all devices.
<device name mask> – Scan boot sectors of the devices whose names match the specified mask.
Default value: /** – any set of characters in the device name, including the / character.
|
The [ScanScope.item_#] section contains the following settings:
|
AreaDesc
|
Description of the scan scope, which contains additional information about the scan scope. The maximum length of the string specified using this setting is 4096 characters.
|
Default value: All objects.
Example:
AreaDesc="Mail bases scan"
|
|
UseScanArea
|
Enables scans of the specified scope. To run the task, enable scans of at least one scope.
|
Yes (default value) — Scan the specified scope.
No — Do not scan the specified scope.
|
AreaMask
|
Scan scope limitation. Within the scan scope, the application scans only the files that are specified using the masks in the shell format.
If this setting is not specified, the application scans all objects in the scan scope. You can specify several values for this setting.
|
The default value is * (scan all objects).
Example:
AreaMask_<item number>=*doc
|
|
Path
|
Path to the directory with objects to be scanned.
|
<path to local directory> — Scan objects in the specified directory.
Shared:NFS — Scan the computer file system resources that are accessible via the NFS protocol.
Shared:SMB – Scan the computer file system resources that are accessible via the Samba protocol.
Mounted:NFS – Scan the remote directories mounted on a computer using the NFS protocol.
Mounted:SMB – Scan the remote directories mounted on a computer using the Samba protocol.
AllRemoteMounted – Scan all remote directories mounted on the computer using the Samba and NFS protocols.
AllShared – Scan all the computer file system resources that are accessible via the Samba and NFS protocols.
<file system type> — Scan all the resources of the specified computer file system.
|
The [ExcludedFromScanScope.item_#] section contains the following settings:
|
AreaDesc
|
Description of the scan exclusion scope, which contains additional information about the exclusion scope.
|
The default value is not defined.
|
UseScanArea
|
Excludes the specified scope from scans.
|
Yes (default value) — Exclude the specified scope.
No — Do not exclude the specified scope.
|
AreaMask
|
Limitation of scan exclusion scope. In the exclusion scope, the application only excludes files that are specified using masks in the shell format.
If this setting is not specified, the application excludes all objects within the exclusion scope. You can specify several values for this setting.
|
Default value: * (exclude all objects)
|
Path
|
Path to the directory with objects to be excluded.
|
<path to local directory> — Exclude objects in the specified directory from scan. You can use masks to specify the path.
You can use the * (asterisk) character to create a directory name mask.
A single * replaces any number of any characters in the path except for the delimiter (/) and can be combined with regular characters. Two consecutive * characters replace any number of path elements, and must be separated from other characters by a delimiter (/).
For example, the /dir/example/123/subdir directory matches the following masks: /**/subdir (the ** characters match /dir/example/123) and /dir/ex*/*/*dir (the ex* characters match example, the next * character matches 123, and the *dir characters matches subdir), but it does not match the following masks: /dir/**/example/123/subdir (the path does not contain an element between dir and example) and /dir/ex*/*dir (after ex* matches example, the path contains 123, that does not match *dir).
To exclude the mount point /dir, you need to specifically write /dir (no asterisk), since /dir/* excludes all mount points at the level below /dir but not /dir itself. And /dir/** excludes all mount points at all levels below /dir but not /dir itself.
In order to optimize the operation of scan tasks, it is recommended to add the path with snapshots mounted by the system in the read-only mode to the exclusions for the systems with the btrfs file system and enabled active snapshots. For example, for the systems based on SUSE/OpenSUSE, you can add the following exclusion /.snapshots/*/snapshot/.
Shared:NFS — Exclude computer file system resources that are accessible via the NFS protocol from scans.
Shared:SMB — Exclude computer file system resources that are accessible via the Samba protocol from scans.
Mounted:NFS – Exclude the remote directories mounted on a computer using the NFS protocol from scan.
Mounted:SMB – Exclude the remote directories mounted on a computer using the Samba protocol from scan.
AllRemoteMounted – Exclude all remote directories mounted on the computer using the Samba and NFS protocols from scan.
AllShared – Exclude all computer file system resources that are accessible using the Samba and NFS protocols from scan.
<file system type> — Exclude all the resources of the specified computer file system from scans.
|