File Threat Protection task settings

This section provides information about the settings you can specify for the File Threat Protection task.

All available values and default values for each setting are described.

ScanArchived

Enables or disables scanning of archives (including SFX self-extracting archives). Kaspersky Endpoint Security detects threats in archives but does not disinfect them. The following archive types are supported: .zip; .7z*; .7-z; .rar; .iso; .cab; .jar; .bz;.bz2; .tbz; .tbz2; .gz; .tgz; .arj.

Available values:

Yes—Scan archives. If FirstAction=Recommended is specified, the application removes an archive that contains a threat.

No—Do not scan archives.

Default value: No

ScanSfxArchived

Enables or disables scanning of self-extracting archives only (archives that contain an executable extraction module).

Available values:

Yes—Scan self-extracting archives.

No—Do not scan self-extracting archives.

Default value: No

ScanMailBases

Enables or disables scanning of email databases of Microsoft Outlook®, Outlook Express, The Bat! and other mail clients.

Available values:

Yes—Scan files of email databases.

No—Do not scan files of email databases.

Default value: No

ScanPlainMail

Enables or disables scanning of plain text email messages.

Available values:

Yes—Scan plain text email messages.

No—Do not scan plain text email messages.

Default value: No

SizeLimit

Specifies the maximum size of an archive to be scanned (in megabytes).

If an archive is larger than the specified value, the application skips it during the scan.

Available values:

0999,999

0—Kaspersky Endpoint Security scans archives of any size.

Default value: 0

TimeLimit

Specifies the scan duration for a single archive (in seconds).

The application will skip archives that are scanned for longer than the specified time.

Available values:

09999

0—The archive scan duration is unlimited.

Default value: 60

FirstAction

Selection of the first action to be performed by Kaspersky Endpoint Security on infected objects.

In File Threat Protection tasks, before performing the action specified by you on an object, Kaspersky Endpoint Security blocks access to the object by applications that attempt to access it.

Available values:

Disinfect—Kaspersky Endpoint Security attempts to disinfect an object by saving a copy of it in Storage. If disinfection fails (for example, if the type of object or the type of threat in the object cannot be disinfected) Kaspersky Endpoint Security leaves the object unchanged. If the first action is set to Disinfect, it is recommended to specify the second action using the SecondAction setting.

Remove—Kaspersky Endpoint Security removes the infected object after first creating a backup copy of it.

Recommended (perform recommended action)—Kaspersky Endpoint Security automatically selects and performs an action on the object based on information about the threat detected in the object. For example, Kaspersky Endpoint Security immediately removes Trojans since they do not incorporate themselves into other files and therefore they do not need to be disinfected.

Block—Kaspersky Endpoint Security blocks access to the infected object. Information about the infected object is logged.

Default value: Recommended

SecondAction

Selection of the second action to be performed by Kaspersky Endpoint Security on infected objects. Kaspersky Endpoint Security performs the second action if the first action fails.

The values of the SecondAction setting are the same as the values of the FirstAction setting.

If Block or Remove is selected as the first action, a second action does not need to be specified. It is recommended to specify two actions in other cases. If you have not specified a second action, Kaspersky Endpoint Security applies Block as the second action.

Default value: Block

UseExcludeMasks

Enables or disables the scan exclusion of objects specified using the ExcludeMasks setting.

Available values:

Yes—Exclude objects specified by the ExcludeMasks setting.

No—Do not exclude objects specified by the ExcludeMasks setting.

Default value: No

ExcludeMasks

Excludes objects from scanning by name or mask. You can use this setting to exclude an individual file from the specified scan scope by name or exclude several files at once using masks in command shell format.

The default value is not defined.

Example:

UseExcludeMasks=Yes

ExcludeMasks.item_0000=eicar1.*

ExcludeMasks.item_0001=eicar2.*

UseExcludeThreats

Enables or disables the scan exclusion of objects with threats specified using the ExcludeThreats setting.

Available values:

Yes—Exclude from scanning the objects containing threats specified using the ExcludeThreats setting.

No—Do not exclude from scanning the objects containing threats specified using the ExcludeThreats setting.

Default value: No

ExcludeThreats

Excludes objects from scanning by the name of the threats detected in them. Before specifying a value for this setting, make sure that the UseExcludeThreats setting is enabled.

In order to exclude a single object from scanning, specify the full name of the threat detected in this object – the Kaspersky Endpoint Security string with the decision that the object is infected.

For example, you may be using a utility to collect information about your network. To keep Kaspersky Endpoint Security from blocking it, add the full name of the threat contained in it to the list of threats excluded from scanning.

You can find the full name of the threat detected in the object in the Kaspersky Endpoint Security log. You can also find the full name of the threat on the website of the Virus Encyclopedia. To find the name of a threat, enter the application name in the Search field.

The setting value is case-sensitive.

The default value is not defined.

Example:

UseExcludeThreats=Yes

ExcludeThreats.item_0000=EICAR-Test-*

ExcludeThreats.item_0001=?rojan.Linux

ReportCleanObjects

Enables or disables logging of information about scanned objects that Kaspersky Endpoint Security has deemed non-infected.

You can enable this setting, for example, to make sure that a particular object has been scanned by Kaspersky Endpoint Security.

Available values:

Yes—Log information about non-infected objects.

No—Do not log information about non-infected objects.

Default value: No

ReportPackedObjects

Enables or disables logging of information about scanned objects that are part of compound objects.

You can enable this setting, for example, to make sure that an object within an archive has been scanned by Kaspersky Endpoint Security.

Available values:

Yes—Log information about scanning objects within archives.

No—Do not log information about scanning objects within archives.

Default value: No

ReportUnprocessedObjects

Enables or disables the logging of information about unscanned objects.

Available values:

Yes—Log information about unscanned objects.

No—Do not log information about unscanned objects.

Default value: No

UseAnalyzer

Enables or disables Heuristic Analyzer.

Heuristic analysis helps the application to detect threats even before they become known to virus analysts.

Available values:

Yes—Enable Heuristic Analyzer

No—Disable Heuristic Analyzer

Default value: Yes

HeuristicLevel

Heuristic analysis level.

You can specify the heuristic analysis level. The heuristic analysis level sets the balance between the thoroughness of searches for threats, the load on the operating system's resources, and the scan duration. The higher the heuristic analysis level, the more resources and time are required for scanning.

Available values:

Light—The least thorough scan with minimal load on the system

Medium—Medium heuristic analysis level with a balanced load on the operating system

Deep—The most thorough scan with maximum load on the operating system

Recommended—Recommended value

Default value: Recommended

UseIChecker

Enables or disables the use of iChecker technology.

Available values:

Yes—Enable use of iChecker technology.

No—Disable use of iChecker technology.

Default value: Yes

ScanByAccessType

You can use this setting to specify the File Threat Protection mode. The ScanByAccessType setting is applied only in File Threat Protection task.

Available values:

SmartCheck—Scan a file when there is an attempt to open it, and scan it again when there is an attempt to close it if the file has been modified. If a process accesses an object multiple times in the course of its operation and modifies it, the application scans the object again only when the process closes it for the last time.

OpenAndModify—Scan a file when there is an attempt to open it, and scan it again when there is an attempt to close it if the file has been modified.

Open—Scan the file when an attempt is made to open it for reading or for execution or modification.

Default value: SmartCheck

The [ScanScope.item_#] section contains the following settings:

AreaDesc

Description of the scan scope, which contains additional information about the scan scope. The maximum length of the string specified using this setting is 4096 characters.

Default value: All objects

Example:

AreaDesc="Scan mail databases"

UseScanArea

This setting enables or disables scanning of the specified scope. To run the task, you must include at least one area to scan.

Available values:

Yes—Scan the specified scope.

No—Do not scan the specified scope.

Default value: Yes

AreaMask

You can use this setting to restrict the scan scope.

In the scan scope, Kaspersky Endpoint Security scans only the files that are indicated using command shell masks.

If this setting is not specified, Kaspersky Endpoint Security scans all objects in the scan scope. You can specify several values for this setting.

Default value: * (scan all objects)

Example:

AreaMask=*doc

Path

You can use this setting to specify the path to objects to scan.

The value of the Path setting consists of two elements: <file system type>:<access protocol>. It may also contain the path to the directory in the local file system.

Available values:

<path to local directory>—Scan objects in the specified directory.

Shared:NFS—Scan the computer's file system resources that are accessible via the NFS protocol.

Shared:SMB—Scan the computer's file system resources that are accessible via the SMB protocol.

AllRemoteMounted—Scan all remote directories mounted on the computer using the SMB and NFS protocols.

AllShared—Scan all of the computer's file system resources shared via the SMB and NFS protocols.

The [ExcludedFromScanScope.item_#] section contains the following settings:

AreaDesc

Description of the scan exclusion scope. Contains additional information about the exclusion scope.

The default value is not defined.

Example:

AreaDesc="Exclude separate SAMBA"

UseScanArea

Enables or disables scanning of the specified scope.

Available values:

Yes—Exclude the specified scope.

No—Do not exclude the specified scope.

Default value: Yes

Path

You can use this setting to specify the path to objects excluded from scanning.

The value of the Path setting consists of two elements: <file system type>:<access protocol>. It may also contain the path to the directory in the local file system.

Available values:

<path to local directory>—Exclude objects in the specified directory from scanning. You can use masks to specify the path.

Shared:NFS—Exclude the computer's file system resources that are accessible via the NFS protocol.

Shared:SMB—Exclude the computer's file system resources that are accessible via the Samba protocol.

AllRemoteMounted—Exclude all remote directories mounted on the computer using the SMB and NFS protocols.

AllShared—Exclude all of the computer file system resources shared via the SMB and NFS protocols.

Page top