- Kaspersky Endpoint Security overview
- What's new in this version
- Comparison of Kaspersky Endpoint Security functions depending on the Kaspersky Security Center management tool
- Install and uninstall the application
- Start the application for the first time
- Kaspersky Endpoint Security application interface
- About notifications
- Kaspersky Endpoint Security application licensing
- Perform common tasks
- Open and quit the application
- View the status of computer protection
- View the operating status of installed components
- Disable and resume computer protection
- Use Protection Center
- Perform scan tasks
- Configure the automatic start of a scheduled scan task
- Update application databases
- What to do if file access is blocked
- Restore a file that has been deleted or disinfected by the application
- View the application operation report
- What to do if notification windows appear
- Advanced configuration of the application
- Computer protection scope
- File Threat Protection
- Web Threat Protection
- Network Threat Protection
- Scan
- Update tasks
- Local tasks
- Backup
- Reports
- Managed Detection and Response
- Endpoint Detection and Response (KATA)
- Endpoint Detection and Response Optimum
- FileVault Disk Encryption
- Password protection
- Behavior Detection
- Participate in Kaspersky Security Network
- Check the integrity of application components
- Manage the application via Kaspersky Security Center Administration Console
- Deploy Kaspersky Endpoint Security on a corporate network
- Update Kaspersky Endpoint Security version 11.1 or later to version 12.1
- Prepare for remote installation of Kaspersky Endpoint Security
- Manage Network Agent from the command line
- Install and uninstall Kaspersky Endpoint Security
- Start and stop the application via Kaspersky Security Center
- Create and manage tasks
- Create and manage policies
- Create and manage policy profiles
- Generate a report on detected objects
- Get a recovery key for an encrypted disk
- Remote administration of the application via Kaspersky Security Center Web Console and Cloud Console
- Install the Kaspersky Endpoint Security web plug-in
- Create policies
- Create tasks
- Get a recovery key for an encrypted drive
- Manage the application from the command line
- View command line help
- Run malware scan
- Update the application
- Roll back the last update
- Start/stop a component or task
- View status and statistics of a component or task
- Export protection settings
- Activate the application
- Install the system extension
- Configure network connections
- Remove license keys
- Return codes of the command line
- Quit the application
- Uninstall the application
- Detection and Response management commands
- Contact Technical Support
- Sources of information about the application
- Appendices
- Information about third-party code
- Trademark notices
File Threat Protection
File Threat Protection prevents infection of the computer's file system. The component starts during startup of the operating system, remains in computer memory, and scans for malware all files that are opened, saved, or run on your computer and on all connected disks. If you disable File Threat Protection, it will not start at operating system startup. You will have to re-enable File Threat Protection manually.
Enable/disable File Threat Protection
- In the menu bar, click the application icon and choose Settings.
The application settings window opens.
- On the Essential tab, in the File Threat Protection section, select/deselect the Enable File Threat Protection checkbox.
You can also enable File Threat Protection in Protection Center. Disabling computer protection or disabling protection components puts your computer at much higher risk of infection. This is why Protection Center informs you when protection is disabled.
You can create a protection scope for File Threat Protection.
Add/remove a file or folder to/from the protection scope
- In the menu bar, click the application icon and choose Settings.
The application settings window opens.
- On the Essential tab, in the File Threat Protection section, click Protection Scope.
A window with a list of objects that File Threat Protection scans opens. By default, File Threat Protection scans all objects located on internal, removable, and network disks connected to your computer.
Note: You can skip scanning of the read-only system volume to significantly reduce scanning time. By default, File Threat Protection does not scan the read-only system volume.
- In the Protection scope section, add/remove the objects to/from the protection scope:
- To add a file or folder to the protection scope:
- Click
.A pop-up menu where you can select objects to add to the protection scope opens.
- In the pop-up menu, choose the Files and Folders item.
A dialog where you can select a file or folder opens.
- Select a file or folder that you want to add to the protection scope.
- Click Open.
- Click
- To remove a file or folder from the protection scope:
- Select an object in the list of protection scope objects.
- Drag the selected object from the window or click
.
- To add a file or folder to the protection scope:
- If you want to scan the read-only system volume, in the Optimization section, deselect the Skip scanning of read-only system volume checkbox.
Important: Optimization might be disabled for security reasons.
- Click Save.
Add/remove an object on the list of default objects to/from the protection scope
- In the menu bar, click the application icon and choose Settings.
The application settings window opens.
- On the Essential tab, in the File Threat Protection section, click Protection Scope.
A window with a list of objects that File Threat Protection scans opens. By default, File Threat Protection scans all objects located on internal, removable, and network disks connected to your computer.
Note: You can skip scanning of the read-only system volume to significantly reduce scanning time. By default, File Threat Protection does not scan the read-only system volume.
- In the Protection scope section, add/remove the objects on the list of default objects to/from the protection scope:
- To add an object on the list of default objects to the protection scope:
- Click .
A pop-up menu where you can select objects to add to the protection scope opens.
- In the pop-up menu, select an object that you want to add to the protection scope (for example, All Internal Disks).
- Click
- To remove an object on the list of default objects from the protection scope:
- Select an object in the list of protection scope objects.
- Drag the selected object from the window or click .
- To add an object on the list of default objects to the protection scope:
- If you want to scan the read-only system volume, in the Optimization section, deselect the Skip scanning of read-only system volume checkbox.
Important: Optimization might be disabled for security reasons.
- Click Save.
Disable protection of an object in the protection scope
- In the menu bar, click the application icon and choose Settings.
The application settings window opens.
- On the Essential tab, in the File Threat Protection section, click Protection Scope.
A window with a list of objects that File Threat Protection scans opens. By default, File Threat Protection scans all objects located on internal, removable, and network disks connected to your computer.
Note: You can skip scanning of the read-only system volume to significantly reduce scanning time. By default, File Threat Protection does not scan the read-only system volume.
- Deselect the checkbox next to an object in the list of protection scope objects.
- Click Save.
Enable scanning of the read-only system volume
- In the menu bar, click the application icon and choose Settings.
The application settings window opens.
- On the Essential tab, in the File Threat Protection section, click Protection Scope.
A window with a list of objects that File Threat Protection scans opens. By default, File Threat Protection scans all objects located on internal, removable, and network disks connected to your computer.
Note: You can skip scanning of the read-only system volume to significantly reduce scanning time. By default, File Threat Protection does not scan the read-only system volume.
- In the Optimization section, deselect the Skip scanning of read-only system volume checkbox.
Important: Optimization might be disabled for security reasons.
- Click Save.
When you or an application attempt to access a file included in the protection scope, File Threat Protection checks iSwift databases for information about the file, and uses this information to decide whether to scan the file.
Recognizing malicious objects is possible thanks to signature analysis, a way of searching for threats based on threat descriptions included in the anti-malware databases. In addition to signature analysis, File Threat Protection uses heuristic analysis and other scanning technologies.
If a threat is detected in a file, Kaspersky Endpoint Security identifies the type of the detected malware (for example, virus or Trojan). Then the application displays a notification about the detected object and performs an action on the object based on your File Threat Protection settings.
Select the action that File Threat Protection performs after detecting an infected file
- In the menu bar, click the application icon and choose Settings.
The application settings window opens.
- On the Essential tab, in the File Threat Protection section, select the action that File Threat Protection performs after detecting an infected file.
Before attempting to disinfect or delete an infected file, Kaspersky Endpoint Security saves a backup copy for subsequent restoration or disinfection.
Information about File Threat Protection and all detected objects is logged in a report.
Note: If File Threat Protection stops running with an error, you can view the report and try to start the component again. If the problem is not solved, you can contact Kaspersky Technical Support.
View the File Threat Protection report
- In the menu bar, choose Protection > Reports.
The Reports window opens.
- Open the File Threat Protection tab.