Container Scan in the Web Console

In the Web Console, you can scan containers and images using the Container Scan task.

You can create and run Container Scan user tasks. You can configure the scan settings by editing the settings of the tasks.

Container Scan task settings

Setting

Description

Scan archives

This check box enables or disables scan of archives.

If the check box is selected, the application scans the archives.

To scan an archive, the application has to unpack it first, which may slow down scanning. You can reduce the duration of archive scans by configuring the Skip file that is scanned for longer than (sec) and Skip file larger than (MB) settings in the General scan settings section.

If the check box is cleared, the application does not scan the archives.

The check box is selected by default.

Scan SFX archives

This check box enables or disables self-extracting archive scans. Self-extracting archives are the archives that contain an executable extraction module.

If the check box is selected, the application scans self-extracting archives.

If the check box is cleared, the application does not scan self-extracting archives.

This check box is available if the Scan archives check box is unchecked.

The check box is selected by default.

Scan mail databases

This check box enables or disables scans of mail databases of Microsoft Outlook, Outlook Express, The Bat!, and other mail applications.

If the check box is selected, the application scans mail database files.

If the check box is cleared, the application does not scan mail database files.

This check box is cleared by default.

Scan mail format files

This check box enables or disables scan of files of plain-text email messages.

If this check box is selected, the application scans plain-text messages.

If this check box is cleared, the application does not scan plain-text messages.

This check box is cleared by default.

Skip file that is scanned for longer than (sec)

In this field, you can specify the maximum time to scan a file, in seconds. After the specified time, the application stops scanning the file.

Available values: 0–9999. If the value is set to 0, the scan time is unlimited.

Default value: 0.

Skip file larger than (MB)

In this field, you can specify the maximum size of a file to scan, in megabytes.

Available values: 0–999999. If the value is set to 0, the application scans files of any size.

Default value: 0.

Log clean objects

This check box enables or disables the logging of ObjectProcessed type events.

If this check box is selected, the application logs events of the ObjectProcessed type for all scanned objects.

If this check box is cleared, the application does not log events of the ObjectProcessed type for any scanned object.

This check box is cleared by default.

Log unprocessed objects

This check box enables or disables the logging ObjectNotProcessed type events if a file cannot be processed during a scan.

If this check box is selected, the application logs the events of the ObjectNotProcessed type.

If this check box is cleared, the application does not log the events of the ObjectNotProcessed type.

This check box is cleared by default.

Log packed objects

This check box enables or disables the logging of PackedObjectDetected type events for all packed objects that are detected.

If this check box is selected, the application logs the events of the PackedObjectDetected type.

If this check box is cleared, the application does not log the events of the PackedObjectDetected type.

This check box is cleared by default.

Use iChecker technology

This check box enables or disables scan of only new and modified since the last scan files.

If the check box is selected, the application scans only new files or the files modified since the last scan.

If the check box is cleared, the application scans the files regardless of the creation or modification date.

The check box is selected by default.

Use heuristic analysis

This check box enables or disables heuristic analysis during file scans.

The check box is selected by default.

Heuristic analysis level

If the Use heuristic analysis check box is selected, you can select the heuristic analysis level in the drop-down list:

  • Light is the least detailed scan with minimal system load.
  • Medium is a medium scan with balanced system load.
  • Deep is the most detailed scan with maximum system load.
  • Recommended (default value) is the optimal level recommended by Kaspersky experts. It ensures an optimal combination of protection quality and impact on the performance of the protected devices.

First action

In this drop-down list, you can select the first action to be performed by the application on an infected object that has been detected:

  • Disinfect the object. A copy of the infected object will be moved to the Backup.
  • Remove the object. A copy of the infected object will be moved to the Backup.
  • Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it (default value).
  • Skip the object.

Second action

In this drop-down list, you can select the second action to be performed by the application on an infected object, in case the first action is unsuccessful:

  • Disinfect the object. A copy of the infected object will be moved to the Backup.
  • Remove the object. A copy of the infected object will be moved to the Backup.
  • Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it.
  • Skip the object (default value).

Scan containers

This check box enables or disables container scans. If the check box is selected, you can specify a name or a name mask for containers to be scanned.

The check box is selected by default.

Name mask

Entry field for a name or a name mask for containers to be scanned.

By default, the * mask is specified – all containers will be scanned.

Action on threat detection

You can select the action that the application performs on a container when it detects an infected object:

  • Skip container – do not perform any actions on the container when an infected object is detected.
  • Stop container – stop container when an infected object is detected.
  • Stop container if disinfection fails (default value) – stop the container if disinfection of the infected object or elimination of the threat fails.

Due to the way a CRI-O environment works, an infected object is not disinfected or deleted in a container in a CRI-O environment. We recommend to select the Stop container action.

Scan images

This check box enables or disables the image scan. If the check box is selected, you can specify a name or a name mask for images to be scanned.

The check box is selected by default.

Name mask

Entry field for a name or a name mask for images to be scanned.

By default, the * mask is specified (all images are scanned).

Action on threat detection

You can select the action that the application performs on a container when it detects an infected object:

  • Skip image (default value) – do not perform any actions on the image when an infected object is detected.
  • Delete image when an infected object is detected (not recommended). All dependencies will also be deleted. Running containers will be stopped, and then deleted.

Scan each layer

This check box enables or disables the scanning of all layers of images and running containers.

This check box is cleared by default.

In this section

Exclusion scopes section

Exclusions by mask window

Exclusions by threat name window

Page top