Special considerations for scanning symbolic links and hard links

Kaspersky Endpoint Security lets you scan symbolic links and hard links to files.

Scanning symbolic links

The application scans symbolic links only if the file referenced by the symbolic link is within the scan scope of the File Threat Protection component.

If the file referenced by the symbolic link is not within the scan scope of the File Threat Protection component, the application does not scan this file. However, if the file contains malicious code, the security of the device is at risk.

Scanning hard links

When processing a file with more than one hard link, the application chooses an action depending on the specified action on objects:

• If the Perform recommended action option is selected, the application automatically selects and performs an action on an object based on data about the danger level of the threat detected in the object and the possibility of disinfecting it.
• If the Remove action is selected, the application removes the hard link being processed. The remaining hard links to this file will not be processed.
• If the Disinfect action is selected, the application disinfects the source file. If disinfection fails, the application deletes the hard link and creates in its place a copy of the source file with the name of the deleted hard link.

When you restore a file with a hard link from the Backup storage, the application creates a copy of the source file with the name of the hard link that was moved to the Backup storage. Connections with the remaining hard links to the source file will not be restored.

Page top