File Threat Protection component prevents infection of the device file system. The component is enabled automatically with the default settings when Kaspersky Endpoint Security starts. It resides in the device operating memory and scans all files that are opened, saved, and launched in real time.
Upon detecting malware, Kaspersky Endpoint Security may remove the infected file and terminate the malware process started from this file.
The operation of the component is affected by the file operation interception mode, which you can select in the general settings of the application. By default, access to the file is blocked for the duration of the scan.
If File Threat Protection is enabled and Container monitoring is enabled, the application also scans all namespaces and containers on all supported operating systems.
You can enable or disable File Threat Protection, and also configure the protection settings:
To optimize the File Threat Protection component, you can exclude from scans any files being copied from network directories. Files are scanned only after the process of copying to a local directory is finished. To exclude files located in network directories from scans, configure exclusion based on processes for the utility used for copying from network directories (for example, for the cp
utility). If you manage the application using Kaspersky Security Center, you can configure exclusion based on processes in the Web Console or the Administration Console. If you are administering the application using the command line, you can configure an exclusion by process by adding an [ExcludedForProgram.item_ #]
section to the settings of the OAS task.