The Custom Container Scan task is used to store the setting values that are applied by executing the kesl-control --scan-container
command.
To use the task, a license that includes the corresponding function is required.
When the Custom Container Scan task is run, the application creates a temporary Container Scan task (ContainerScan type) with the Custom_Container_Scan task settings. You can change the setting values of the Custom_Container_Scan task using the command line. After the scan is complete, the Custom_Container_Scan task is automatically deleted. The Custom Container Scan task cannot be deleted manually.
To start the Custom Container Scan task, execute the following command:
kesl-control --scan-container <
container ID or image ID
|
container name
|
image name
[:
tag
]>
If there are several entities with the same name, the application scans all of them.
You can use masks to scan several objects.
When you create a Custom Container Scan task by executing the kesl-control --create-task <
task name
> --type ContainerScan
command, the application uses the same setting values as for the Container Scan (Container_Scan) task.
Examples: Scan the container named my_container:
Scan the image named my_image (all tags):
|
The table describes all available values and the default values of all the container and image scan settings.
Custom Container Scan task settings
Setting |
Description |
Values |
|
---|---|---|---|
|
Scan of containers specified by mask You can specify masks using the |
|
|
|
Specifies a name or a name mask that defines a container to scan. Masks are specified in command shell format. You can use the ? and * symbols. Before specifying this setting, make sure that |
Default value:
|
|
|
Scan of images specified by mask You can specify masks using the |
|
|
|
Specifies a name or a name mask that define images to scan. Before specifying this setting, make sure that the Masks are specified in command shell format. If you want to specify several masks, each mask must be specified on a new line with a new index. |
Default value: * (scan all images).
|
|
|
Checking all image layers and running containers. |
|
|
|
Action to be performed on a container when an infected object is detected. Actions on an infected object inside the container are described below. |
Due to the way a CRI-O environment works, an infected object is not disinfected or deleted in a container in a CRI-O environment. We recommend to select the
|
|
|
Specifies the action to be performed on an image when an infected object is detected. Actions on an infected object inside the image are described below. |
All dependencies will also be deleted. Running containers will be stopped, and then deleted. |
The settings described below are applied to the objects inside containers and images.
Custom Container Scan task settings
Setting |
Description |
Values |
|
---|---|---|---|
|
Enables scanning of archives (including SFX self-extracting archives). The application scans the following archives: .zip; .7z*; .7-z; .rar; .iso; .cab; .jar; .bz; .bz2; .tbz; .tbz2; .gz; .tgz; .arj. The list of supported archive formats depends on the application databases being used. |
|
|
|
Enables scanning of self-extracting archives only (archives that contain an executable extraction module). |
|
|
|
Enables scanning email databases of Microsoft Outlook, Outlook Express, The Bat, and other mail clients. |
|
|
|
Enables scanning of plain text email messages. |
|
|
|
Maximum object scan duration (in seconds). The application stops scanning the object if it takes longer than the time specified by this setting. |
0 – 9999 0 — The object scan time is unlimited. Default value: 0. |
|
|
Maximum size of an object to be scanned (in megabytes). If the object to be scanned is larger than the specified value, the application skips this object. |
0 – 999999 0 — The application scans objects of any size. Default value: 0. |
|
|
Selection of the first action to be performed by the application on the infected objects. |
Default value: |
|
|
Selection of the second action to be performed by the application on the infected objects. The application performs the second action if the first action fails. |
The possible values of the If Default value: |
|
|
Uses scan exclusions for the objects specified by the |
|
|
|
Excludes objects from being scanned by name or mask. You can use this setting to exclude an individual file from the specified scan scope by name or exclude several files at once using masks in the shell format. |
The default value is not defined.
|
|
|
Uses scan exclusions for objects containing the threats specified by the |
|
|
|
Excludes objects from scans by the name of the threats detected in them. Before specifying a value for this setting, make sure that the In order to exclude an object from scans, specify the full name of the threat detected in this object – the string containing the application's decision that the object is infected. For example, you may be using a utility to collect information about your network. To keep the application from blocking it, add the full name of the threat contained in it to the list of threats excluded from scans. You can find the full name of the threat detected in an object in the application log or on the website https://threats.kaspersky.com. |
The setting value is case-sensitive. The default value is not defined.
|
|
|
Enables logging of information about scanned objects that the application reports as not being infected. You can enable this setting, for example, to make sure that a particular object was scanned by the application. |
|
|
|
Enables logging of information about scanned objects that are part of compound objects. You can enable this setting, for example, to make sure that an object within an archive has been scanned by the application. |
|
|
|
Enables logging of information about objects that have not been processed for some reason. |
|
|
|
Enables heuristic analysis. Heuristic analysis helps the application to detect threats even before they become known to virus analysts. |
|
|
|
Specifies the heuristic analysis level. You can specify the heuristic analysis level. The heuristic analysis level sets the balance between the thoroughness of searches for threats, the load on the operating system's resources, and the scan duration. The higher the heuristic analysis level, the more resources and time are required for scanning. |
|
|
|
Enables usage of the iChecker technology. If Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments, the use of the iChecker technology is not supported. Scan optimization is implemented by means of the Protection Server. |
|