File Threat Protection
File Threat Protection prevents infection of the computer's file system. The component starts during startup of the operating system, remains in computer memory, and scans for viruses and other malware all files that are opened, saved, or run on your computer and on all connected disks. If you disable File Threat Protection, it will not start at operating system startup. You will have to re-enable File Threat Protection manually.
Enable/disable File Threat Protection
- In the menu bar, click the application icon and choose Preferences.
The application preferences window opens.
- On the Essential tab, in the File Threat Protection section, select/deselect the Enable File Threat Protection checkbox.
You can also enable File Threat Protection in Protection Center. Disabling computer protection or disabling protection components puts your computer at much higher risk of infection. This is why Protection Center informs you when protection is disabled.
You can create a protection scope for File Threat Protection.
Add/remove a file or folder to/from the protection scope
- In the menu bar, click the application icon and choose Preferences.
The application preferences window opens.
- On the Essential tab, in the File Threat Protection section, click Protection Scope.
A window with a list of objects that File Threat Protection scans opens. By default, File Threat Protection scans all objects located on internal, removable, and network disks connected to your computer.
Note: On computers running macOS 10.15 or later, you can skip scanning of the read-only system volume to significantly reduce scanning time. By default, File Threat Protection does not scan the read-only system volume.
- In the Protection scope section, add/remove the objects to/from the protection scope:
- To add a file or folder to the protection scope:
- Click
.A pop-up menu where you can select objects to add to the protection scope opens.
- In the pop-up menu, choose the Files and Folders item.
A dialog where you can select a file or folder opens.
- Select a file or folder that you want to add to the protection scope.
- Click Open.
- To remove a file or folder from the protection scope:
- Select an object in the list of protection scope objects.
- Drag the selected object from the window or click
.
- If you want to scan the read-only system volume, in the Optimization section, deselect the Skip scanning of read-only system volume checkbox.
Important: Optimization might be disabled for security reasons.
- Click Save.
Add/remove an object on the list of default objects to/from the protection scope
- In the menu bar, click the application icon and choose Preferences.
The application preferences window opens.
- On the Essential tab, in the File Threat Protection section, click Protection Scope.
A window with a list of objects that File Threat Protection scans opens. By default, File Threat Protection scans all objects located on internal, removable, and network disks connected to your computer.
Note: On computers running macOS 10.15 or later, you can skip scanning of the read-only system volume to significantly reduce scanning time. By default, File Threat Protection does not scan the read-only system volume.
- In the Protection scope section, add/remove the objects on the list of default objects to/from the protection scope:
- To add an object on the list of default objects to the protection scope:
- Click .
A pop-up menu where you can select objects to add to the protection scope opens.
- In the pop-up menu, select an object that you want to add to the protection scope (for example, All Internal Disks).
- To remove an object on the list of default objects from the protection scope:
- Select an object in the list of protection scope objects.
- Drag the selected object from the window or click .
- If you want to scan the read-only system volume, in the Optimization section, deselect the Skip scanning of read-only system volume checkbox.
Important: Optimization might be disabled for security reasons.
- Click Save.
Disable protection of an object in the protection scope
- In the menu bar, click the application icon and choose Preferences.
The application preferences window opens.
- On the Essential tab, in the File Threat Protection section, click Protection Scope.
A window with a list of objects that File Threat Protection scans opens. By default, File Threat Protection scans all objects located on internal, removable, and network disks connected to your computer.
Note: On computers running macOS 10.15 or later, you can skip scanning of the read-only system volume to significantly reduce scanning time. By default, File Threat Protection does not scan the read-only system volume.
- Deselect the checkbox next to an object in the list of protection scope objects.
- Click Save.
Enable scanning of the read-only system volume
- In the menu bar, click the application icon and choose Preferences.
The application preferences window opens.
- On the Essential tab, in the File Threat Protection section, click Protection Scope.
A window with a list of objects that File Threat Protection scans opens. By default, File Threat Protection scans all objects located on internal, removable, and network disks connected to your computer.
Note: On computers running macOS 10.15 or later, you can skip scanning of the read-only system volume to significantly reduce scanning time. By default, File Threat Protection does not scan the read-only system volume.
- In the Optimization section, deselect the Skip scanning of read-only system volume checkbox.
Important: Optimization might be disabled for security reasons.
- Click Save.
When you or an application attempt to access a file included in the protection scope, File Threat Protection checks iSwift databases for information about the file, and uses this information to decide whether to scan the file.
Recognizing malicious objects is possible thanks to signature analysis, a way of searching for threats based on threat descriptions included in the anti-virus databases. In addition to signature analysis, File Threat Protection uses heuristic analysis and other scanning technologies.
If a threat is detected in a file, Kaspersky Endpoint Security identifies the type of the detected malware (for example, virus or Trojan). Then the application displays a notification about the detected object and performs an action on the object based on your File Threat Protection preferences.
Select the action that File Threat Protection performs after detecting an infected file
- In the menu bar, click the application icon and choose Preferences.
The application preferences window opens.
- On the Essential tab, in the File Threat Protection section, select the action that File Threat Protection performs after detecting an infected file.
Before attempting to disinfect or delete an infected file, Kaspersky Endpoint Security saves a backup copy for subsequent restoration or disinfection.
Information about File Threat Protection and all detected objects is logged in a report.
Note: If File Threat Protection stops running with an error, you can view the report and try to start the component again. If the problem is not solved, you can contact Kaspersky Technical Support.
View the File Threat Protection report
- In the menu bar, choose Protection > Reports.
The Reports window opens.
- Open the File Threat Protection tab.