Task priority

This section lets you specify a priority for a scan task:

• Idle—Task is run with a low priority (it takes longer to complete the task, but the application releases resources for other tasks).
• Normal—Task is run with a normal priority. Select this option if the scan time is important.

  The Idle option is selected by default.

Scan archives

This check box enables or disables scan of archives.

If this check box is selected, Kaspersky Endpoint Security scans archives. The application detects infected objects in archives, but does not disinfect them. Select this action for a more detailed scan.

To scan an archive, the application has to unpack it first, which may slow down scanning. You can reduce the archive scan duration by enabling and configuring the Skip object if scan takes longer than (sec) and/or Skip objects larger than (MB) parameters.

If this check box is cleared, Kaspersky Endpoint Security does not scan archives.

This check box is selected by default.

Scan SFX archives

This check box enables or disables scanning of self-extracting archives. Self-extracting archives are archives that contain an executable extraction module.

If this check box is selected, Kaspersky Endpoint Security scans self-extracting archives.

If this check box is cleared, Kaspersky Endpoint Security does not scan self-extracting archives.

This check box is available if the Scan archives check box is cleared.

This check box is selected by default.

Scan mail databases

This check box enables or disables scan of mail databases of Microsoft Outlook, Outlook Express, The Bat!, and other mail applications.

If this check box is selected, Kaspersky Endpoint Security scans mail database files.

If this check box is cleared, Kaspersky Endpoint Security does not scan mail database files.

This check box is cleared by default.

Scan mail formats

This check box enables or disables scan of files of plain-text email messages.

If this check box is selected, Kaspersky Endpoint Security scans plain-text messages.

If this check box is cleared, Kaspersky Endpoint Security does not scan plain-text messages.

This check box is cleared by default.

Skip object if scan takes longer than (sec)

The field for specifying the maximum time to scan an object, in seconds. After the specified time is reached, Kaspersky Endpoint Security stops scanning the object.

Available values: 0 – 9999. If the value is set to 0, the scan time is unlimited.

Default value: 120

Skip objects larger than (MB)

The field for specifying the maximum size of an archive to scan, in megabytes.

Available values: 0 – 999,999. If the value is set to 0, Kaspersky Endpoint Security scans objects of any size.

Default value: 0

Log clean objects

This check box enables or disables logging the events of the ObjectProcessed type.

If this check box is selected, Kaspersky Endpoint Security logs the events of the ObjectProcessed type for any scanned object.

If this check box is cleared, Kaspersky Endpoint Security does not log the events of the ObjectProcessed type for any scanned object.

This check box is cleared by default.

Log unprocessed objects

This check box enables or disables logging the events of the ObjectNotProcessed type if a file cannot be processed during the scan.

If this check box is selected, Kaspersky Endpoint Security logs the events of the ObjectNotProcessed type.

If this check box is cleared, Kaspersky Endpoint Security does not log the events of the ObjectNotProcessed type.

This check box is cleared by default.

Log packed objects

This check box enables or disables logging the events of the PackedObjectDetected type about any packed objects that are detected.

If this check box is selected, Kaspersky Endpoint Security logs the events of the PackedObjectDetected type.

If this check box is cleared, Kaspersky Endpoint Security does not log the events of the PackedObjectDetected type.

This check box is cleared by default.

Use iChecker technology

This check box enables or disables scan of only new and modified since the last scan files.

If the check box is selected, Kaspersky Endpoint Security scans only new or modified since the last scan files.

If the check box is cleared, Kaspersky Endpoint Security scans files regardless to the date of creation or modification.

This check box is selected by default.

Use heuristic analysis

This check box enables or disables heuristic analysis during an object scan.

This check box is selected by default.

Heuristic analysis level

If the Use heuristic analysis check box is selected, you can select the heuristic analysis level in the drop-down list:

• Light is the least detailed scan, minimum system load.
• Medium is a medium scan, balanced system load.
• Deep is the most detailed scan, maximum system load.
• Recommended is the optimal level recommended by Kaspersky's experts. It ensures an optimal combination of quality of protection and impact on the performance of protected servers.

  The Recommended option is selected by default.

Actions on infected objects

In this section, you can select the actions to be performed by Kaspersky Endpoint Security on an infected object that has been detected.

In the first drop-down list, you can select the action to be performed first:

• Disinfect the object.
• Remove the object.
• Skip the object.
• Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it.

  Perform recommended action is selected by default.

  If the first action fails, the application performs the second action that you can select in the second drop-down list.

Scan Docker containers

This check box enables or disables the scan of Docker containers. If the check box is selected, you can specify a name or a name mask for Docker containers to scan.

This check box is selected by default.

Name mask

Entry field for a name or a mask that defines Docker containers to scan.

By default, the * mask is specified (all Docker containers will be scanned).

Action on threat detection

This section lets you select an action to be performed when an infected object is detected during the scan:

• Skip threat and do not perform actions on the Docker container when an infected object is detected.
• Stop Docker container when an infected object is detected.
• Stop Docker container if failed to disinfect or remove threat stops the Docker container if the disinfection of an infected object failed.

  The Stop Docker container if failed to disinfect or remove threat action is selected by default.

Scan Docker images

This check box enables or disables the scan of Docker images. If the check box is selected, you can specify a name or a name mask for scanning Docker images.

This check box is selected by default.

Name mask

Entry field for a name or a mask that defines Docker images to scan.

By default, the * mask is specified (all Docker images will be scanned).

Action on threat detection

This section lets you select an action to be performed when an infected object is detected during the scan:

• Skip threat and do not perform actions on the Docker image when an infected object is detected.
• Delete Docker image when an infected object is detected (not recommended). All dependencies will also be deleted. Running Docker containers will be stopped, and then deleted.

  The Skip threat action is selected by default.

Scan all layers

This check box enables or disables scanning all layers of images and started Docker containers.

This check box is selected by default.