Virus scan

A virus scan is a one-time full or custom scan of files on a computer performed by Kaspersky Endpoint Security. Kaspersky Endpoint Security can perform multiple virus scan tasks at the same time.

By default, Kaspersky Endpoint Security creates one predefined virus scan task—full scan. The application scans all objects located on local drives of the computer, as well as all mounted and shared objects that are accessed via the Samba and NFS protocols with the recommended security settings.

Computer CPU will be occupied during a full disk scan. It is recommended to run the full scan task when the business is idle.

Users can create custom virus scan tasks.

By default, Kaspersky Endpoint Security also creates a predefined custom virus scan task.

If the application was restarted by the watchdog or manually by a user during a virus scan run, a task is interrupted. The application logs the OnDemandTaskInterrupted event.

Virus scan task settings

Setting	Description
Task priority	This section lets you specify a priority for a scan task: Scan task priority is a parameter that combines a number of internal Kaspersky Endpoint Security settings and process start settings. By using this parameter, you can specify the way the application consumes system resources for running tasks: Idle. Specify this value to release the application resources for other tasks, including user processes. The current scan task takes longer to complete. Normal. Specify this value to perform the current scan task faster. Idle—Task is run with a low priority (it takes longer to complete the task, but the application releases resources for other tasks). Normal—Task is run with a normal priority. Select this option if the scan time is important. The Idle option is selected by default.
Scan archives	This check box enables or disables scan of archives. If this check box is selected, Kaspersky Endpoint Security scans archives. The application detects infected objects in archives, but does not disinfect them. Select this action for a more detailed scan. To scan an archive, the application has to unpack it first, which may slow down scanning. You can reduce the archive scan duration by enabling and configuring the Skip object if scan takes longer than (sec) and/or Skip objects larger than (MB) parameters. If this check box is cleared, Kaspersky Endpoint Security does not scan archives. This check box is selected by default.
Scan SFX archives	This check box enables or disables scanning of self-extracting archives. Self-extracting archives are archives that contain an executable extraction module. If this check box is selected, Kaspersky Endpoint Security scans self-extracting archives. If this check box is cleared, Kaspersky Endpoint Security does not scan self-extracting archives. This check box is available if the Scan archives check box is cleared. This check box is selected by default.
Scan mail databases	This check box enables or disables scan of mail databases of Microsoft Outlook, Outlook Express, The Bat!, and other mail applications. If this check box is selected, Kaspersky Endpoint Security scans mail database files. If this check box is cleared, Kaspersky Endpoint Security does not scan mail database files. This check box is cleared by default.
Scan mail formats	This check box enables or disables scan of files of plain-text email messages. If this check box is selected, Kaspersky Endpoint Security scans plain-text messages. If this check box is cleared, Kaspersky Endpoint Security does not scan plain-text messages. This check box is cleared by default.
Skip object if scan takes longer than (sec)	The field for specifying the maximum time to scan an object, in seconds. After the specified time is reached, Kaspersky Endpoint Security stops scanning the object. Available values: `0` – `9999`. If the value is set to `0`, the scan time is unlimited. Default value: `0`
Skip objects larger than (MB)	The field for specifying the maximum size of an archive to scan, in megabytes. Available values: `0` – `999,999`. If the value is set to `0`, Kaspersky Endpoint Security scans objects of any size. Default value: `0`
Log clean objects	This check box enables or disables logging the events of the `ObjectProcessed` type. If this check box is selected, Kaspersky Endpoint Security logs the events of the `ObjectProcessed` type for any scanned object. If this check box is cleared, Kaspersky Endpoint Security does not log the events of the `ObjectProcessed` type for any scanned object. This check box is cleared by default.
Log unprocessed objects	This check box enables or disables logging the events of the `ObjectNotProcessed` type if a file cannot be processed during the scan. If this check box is selected, Kaspersky Endpoint Security logs the events of the `ObjectNotProcessed` type. If this check box is cleared, Kaspersky Endpoint Security does not log the events of the `ObjectNotProcessed` type. This check box is cleared by default.
Log packed objects	This check box enables or disables logging the events of the `PackedObjectDetected` type about any packed objects that are detected. If this check box is selected, Kaspersky Endpoint Security logs the events of the `PackedObjectDetected` type. If this check box is cleared, Kaspersky Endpoint Security does not log the events of the `PackedObjectDetected` type. This check box is cleared by default.
Use iChecker technology	This check box enables or disables scan of only new and modified since the last scan files. If the check box is selected, Kaspersky Endpoint Security scans only new or modified since the last scan files. If the check box is cleared, Kaspersky Endpoint Security scans files regardless to the date of creation or modification. This check box is selected by default.
Use heuristic analysis	This check box enables or disables heuristic analysis during an object scan. This check box is selected by default.
Heuristic analysis level	If the Use heuristic analysis check box is selected, you can select the heuristic analysis level in the drop-down list: Light is the least detailed scan, minimum system load. Medium is a medium scan, balanced system load. Deep is the most detailed scan, maximum system load. Recommended is the optimal level recommended by Kaspersky's experts. It ensures an optimal combination of quality of protection and impact on the performance of protected servers. The Recommended option is selected by default.
Actions on infected objects	In this section, you can select the actions to be performed by Kaspersky Endpoint Security on an infected object that has been detected. In the first drop-down list, you can select the action to be performed first: Disinfect the object. Remove the object. Skip the object. Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it. Perform recommended action is selected by default. If the first action fails, the application performs the second action that you can select in the second drop-down list. If an infected object is detected in a file referenced to by a symbolic link that is included in the scan scope (while the file referenced by this symbolic link is is not included in the scan scope), the specified action will be performed to the target file. For example, if you specify the `Remove` action, the application removes the target file, but the symbolic link file remains and refers to a non-existent file.
Scan scopes	Table that contains objects that are scanned by the Virus scan task. You can add, configure, delete, move up, or move down scan scopes in the table. Clicking the Move down button moves the selected item down in the table. Kaspersky Endpoint Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table. This button is available if only one item is selected in the table. Clicking the Move up button moves the selected item up in the table. Kaspersky Endpoint Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table. This button is available if only one item is selected in the table. Clicking the Delete button excludes the selected scope from scanning. This button is available if at least one scan scope is selected in the table. Clicking the scan scope name opens the <scan scope> window. In this window, you can modify the settings of the selected scan scope. Clicking the Add button opens the <New scan scope> window. In this window, you can define a new scan scope.

You can also configure exclusion scopes, exclusions by mask, and by threat name for the Virus scan task in the Exclusion scopes section.

Page top