When performing a critical areas scan, Kaspersky Endpoint Security can scan boot sectors, startup objects, process memory, and kernel memory.
Upon detecting malware, the application can remove the infected file and terminate the malware process started from this file.
You can start a critical areas scan and configure the settings of the scan:
Select the operating system objects to be scanned. Scanning of boot sectors, process memory and kernel memory, startup objects and archives is enabled by default. By default, files are not scanned during the critical areas scan.
Limit the size of an object to be scanned and the duration of the object scan.
Select the actions to be performed by the application on the infected objects.
Configure exclusions of objects from scans:
by name or mask
by the name of the threats detected in the objects
Enable or disable global exclusions and File Threat Protection exclusions when scanning.
Enable the logging of information about scanned non-infected objects, about scanning objects in archives, and about unprocessed objects.
Configure the use of the heuristic analyzer and iChecker technology during a scan.
Limit the set of devices whose boot sectors need to be scanned.