File Threat Protection prevents infection of the file system on the user device. File Threat Protection starts automatically with the default settings upon Kaspersky Endpoint Security start. It resides in the device operating memory and scans all files that are opened, saved, and launched.
File Threat Protection settings
Setting |
Description |
---|---|
File Threat Protection enabled / disabled |
This toggle button enables or disables File Threat Protection on all managed devices. The check toggle button is switched on by default. |
File Threat Protection mode |
In this drop-down list, you can select the File Threat Protection mode:
|
First action |
In this drop-down list, you can select the first action to be performed by the application on an infected object that has been detected:
|
Second action |
In this drop-down list, you can select the second action to be performed by the application on an infected object, in case the first action is unsuccessful:
|
Scan scopes |
Clicking the Configure scan scopes link opens the Scan scopes window. |
Scan archives |
This check box enables or disables scan of archives. If the check box is selected, the application scans the archives. To scan an archive, the application has to unpack it first, which may slow down scanning. You can reduce the duration of archive scans by enabling and configuring the Skip file if scan takes longer than (sec) and Skip file larger than (MB) settings. If the check box is cleared, the application does not scan the archives. This check box is cleared by default. |
Scan SFX archives |
This check box enables or disables self-extracting archive scans. Self-extracting archives are archives that contain an executable extraction module. If the check box is selected, the application scans self-extracting archives. If the check box is cleared, the application does not scan self-extracting archives. This check box is available if the Scan archives check box is unchecked. This check box is cleared by default. |
Scan mail databases |
This check box enables or disables scans of mail databases of Microsoft Outlook, Outlook Express, The Bat!, and other mail applications. If the check box is selected, the application scans mail database files. If the check box is cleared, the application does not scan mail database files. This check box is cleared by default. |
Scan mail format files |
This check box enables or disables scan of files of plain-text email messages. If this check box is selected, the application scans plain-text messages. If this check box is cleared, the application does not scan plain-text messages. This check box is cleared by default. |
Skip text files |
Temporary exclusion of files in text format from scans. If the checkbox is selected, Kaspersky Endpoint Security does not scan text files if they are reused by the same process for 10 minutes after the most recent scan. This setting makes it possible to optimize scans of application logs. If this check box is unselected, Kaspersky Endpoint Security scans text files. This check box is cleared by default. |
Skip file if scan takes longer than (sec) |
In this field, you can specify the maximum time to scan a file, in seconds. After the specified time, the application stops scanning the file. Available values: The default value is |
Skip file larger than (MB) |
In this field, you can specify the maximum size of a file to scan, in megabytes. Available values: The default value is |
Log clean objects |
This check box enables or disables logging of the ObjectProcessed event. If this check box is selected, the application logs the ObjectProcessed event for all scanned objects. If the check box is cleared, the application does not log the event. This check box is cleared by default. |
Log unprocessed objects |
This check box enables or disables logging of the ObjectNotProcessed event if a file cannot be processed during scan. If this check box is selected, the application logs the ObjectNotProcessed event. If the check box is cleared, the application does not log the event. This check box is cleared by default. |
Log packed objects |
This check box enables or disables logging of the PackedObjectDetected event for all packed objects that are detected. If this check box is selected, the application logs the PackedObjectDetected event. If the check box is cleared, the application does not log the event. This check box is cleared by default. |
Use iChecker technology |
This check box enables or disables scan of only new and modified since the last scan files. If the check box is selected, the application scans only new files or the files modified since the last scan. If the check box is cleared, the application scans the files regardless of the creation or modification date. The check box is selected by default. If Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments, the use of the iChecker technology is not supported. Scan optimization is implemented by means of the Protection Server. |
Use heuristic analysis |
This check box enables or disables heuristic analysis during an object scan. The check box is selected by default. |
Heuristic analysis level |
If the Use heuristic analysis check box is selected, you can select the heuristic analysis level in the drop-down list:
|