Kaspersky Embedded Systems Security 3.4 for Windows

Configuring the task protection scope

To configure a protection scope for Real-Time File Protection task:

1. In the main window of the Kaspersky Security Center Web Console, select Devices → Policies & profiles.
2. Click the policy name you want to configure.
3. In the <Policy name> window that opens, select the Application settings tab.
4. Select the Real-time computer protection section.
5. Click Settings in the Real-Time File Protection subsection.
6. Select the Protection scope section.
7. Do one of the following:
   • Click the Add button to add a new rule.
   • Select an existing rule and click Edit button.

   The Edit scope window opens.

8. Switch the toggle button to Active and select an object type.
9. In the Objects protection section, configure the following settings:
   • Objects protection mode:
     • All objects

       

       Kaspersky Embedded Systems Security for Windows scans all objects.

     • Objects scanned by format

       

       Kaspersky Embedded Systems Security for Windows scans only infectable objects based on file format.

       Kaspersky compiles the list of formats. It is included in the Kaspersky Embedded Systems Security for Windows databases.

     • Objects scanned according to list of extensions specified in anti-virus database

       

       Kaspersky Embedded Systems Security for Windows scans only infectable objects based on file extension.

       Kaspersky compiles the list of extensions. It is included in the Kaspersky Embedded Systems Security for Windows databases.

     • Objects scanned by specified list of extensions

       

       Kaspersky Embedded Systems Security for Windows scans files based on file extension. The list of file extensions can be manually customized in the List of extensions window, which can be opened by clicking the Modify button.

   • Scan disk boot sectors and MBR

     

     Enables protection of boot sectors and master boot records.

     If the check box is selected, Kaspersky Embedded Systems Security for Windows scans boot sectors and master boot records on hard drives and removable drives of the protected device.

     The check box is selected by default.

   • Scan alternate NTFS streams

     

     Scanning of alternative file and folder streams on drives with the NTFS file system.

     If the check box is selected, the application scans a probably infected object and all NTFS streams associated with that object.

     If the check box is cleared, the application scans only the object that was detected and considered as probably infected.

     The check box is selected by default.

10. In the Objects protection section, select or clear the
    Protect only new and modified files

    

    This check box enables / disables scanning and protection of files that have been recognized by Kaspersky Embedded Systems Security for Windows as new or modified since the last scan.

    If the check box is selected, Kaspersky Embedded Systems Security for Windows scans and protects only the files that it has recognized as new or modified since the last scan.

    If the check box is cleared, Kaspersky Embedded Systems Security for Windows scans and protects files regardless of their modification status.

    By default, the check box is selected for the Maximum performance security level. If the Maximum protection or Recommended security levels are set, the check box is cleared.

    check box.
11. In the Compound objects protection section, specify the compound objects that you want to include in the scan scope:
    • Archives

      

      Scanning of ZIP, CAB, RAR, and ARJ archives and other archive formats.

      If this check box is selected, Kaspersky Embedded Systems Security for Windows scans archives.

      If this check box is cleared, Kaspersky Embedded Systems Security for Windows skips archives during scanning.

      The default value depends on the selected protection level.

    • SFX archives

      

      Scanning of self-extracting archives.

      If this check box is selected, Kaspersky Embedded Systems Security for Windows scans SFX archives.

      If this check box is cleared, Kaspersky Embedded Systems Security for Windows skips SFX archives during scanning.

      The default value depends on the selected protection level.

      This option is active when the Archives check box is cleared.

    • Packed objects

      

      Scanning of executable files packed by binary code packers, such as UPX or ASPack.

      If this check box is selected, Kaspersky Embedded Systems Security for Windows scans executable files packed by packers.

      If this check box is cleared, Kaspersky Embedded Systems Security for Windows skips executable files packed by packers during scanning.

      The default value depends on the selected protection level.

    • Email databases

      

      Scanning of Microsoft Outlook and Microsoft Outlook Express mail database files.

      If this check box is selected, Kaspersky Embedded Systems Security for Windows scans mail database files.

      If this check box is cleared, Kaspersky Embedded Systems Security for Windows skips mail database files during scanning.

      The default value depends on the selected security level.

    • Plain email

      

      Scanning of files in mail formats, such as Microsoft Outlook and Microsoft Outlook Express messages.

      If this check box is selected, Kaspersky Embedded Systems Security for Windows scans files in mail formats.

      If this check box is cleared, Kaspersky Embedded Systems Security for Windows skips files in mail formats during scanning.

      The default value depends on the selected security level.

    • Embedded OLE objects

      

      Scanning of objects embedded in files (such as Microsoft Word macros, or email message attachments).

      If this check box is selected, Kaspersky Embedded Systems Security for Windows scans objects embedded in files.

      If this check box is cleared, Kaspersky Embedded Systems Security for Windows skips objects embedded in files during scanning.

      The default value depends on the selected protection level.

    • Entirely remove compound file that cannot be modified by the application in case of embedded object detection

      

      This check box enables or disables forced removal of the parent compound file when a malicious, probably infected or other detectable embedded child object is detected.

      If the check box is selected and the task is configured to remove infected and probably infected objects, Kaspersky Embedded Systems Security for Windows forcibly removes the entire parent compound object when a malicious or other embedded object is detected. The parent file along with all of its contents are forcibly removed if the application cannot remove only the detected child object (for example, if the parent object cannot be modified).

      If this check box is cleared and the task is configured to remove infected and probably infected objects, Kaspersky Embedded Systems Security for Windows does not perform the selected action if the parent object cannot be modified.

12. Select the action to be performed on infected and other detected objects:
    • Notify only

      

      When this mode is selected, Kaspersky Embedded Systems Security for Windows does not block access to nor perform any actions on infected or other detected objects. The following event is recorded in the task log: Object not disinfected. Reason: no action was taken to neutralize detected object due to user-defined settings. The event specifies all available information about the detected object.

      Notify only mode should be separately configured for each protection or scan area. This mode is not used by default in any of the security levels. If you select this mode, Kaspersky Embedded Systems Security for Windows automatically changes the security level to Custom.

      .
    • Block access

      

      When this option is selected, Kaspersky Embedded Systems Security for Windows blocks access to the detected or probably infected object. In the drop-down list, you can select an additional action to perform on blocked objects.

      .
    • Perform additional action.

      Select the action from the drop-down list:

      • Disinfect.
      • Disinfect. Remove if disinfection fails.
      • Remove

        

        Kaspersky Embedded Systems Security for Windows deletes the object and places a copy of it in Backup.

        .
      • Recommended

        

        Kaspersky Embedded Systems Security for Windows performs an action recommended by Kaspersky experts.

        .
13. Select the action to be performed on probably infected objects:
    • Notify only.
    • Block access.
    • Perform additional action.

      Select the action from the drop-down list:

      • Quarantine.
      • Remove.
      • Recommended.
14. Configure actions to be performed on objects depending on the type of object detected:
    1. Clear or select the
       Perform actions depending on the type of object detected

       

       If the check box is selected, you can independently set primary and secondary actions for each type of detected objects by clicking the Settings button next to the check box. However, Kaspersky Embedded Systems Security for Windows will not allow to open or execute an infected object regardless of your choice.

       If the check box is cleared, Kaspersky Embedded Systems Security for Windows performs actions that are selected in the Action to perform on infected and other objects and Action to perform on probably infected objects blocks for the specified object types.

       By default, the check box is cleared.

       check box.
    2. Click the Settings button.
    3. In the window that opens, select a primary action and a secondary action (to be performed if the primary action fails) for each type of detected object.
    4. Click the OK button.
15. In the Exclusions section, configure the following settings:
    • Clear or select the
      Exclude files

      

      Excluding files from scanning by file name or file name mask.

      If this check box is selected, Kaspersky Embedded Systems Security for Windows skips specified detectable objects during scanning.

      If this check box is cleared, Kaspersky Embedded Systems Security for Windows scans all objects.

      By default, the check box is cleared.

      check box.
    • Clear or select the
      Do not detect

      

      Objects are excluded from scanning by the name or name mask of the detectable object. The list of names of detectable objects is available on the Virus Encyclopedia website.

      If this check box is selected, Kaspersky Embedded Systems Security for Windows skips specified detectable objects during scanning.

      If the check box is cleared, Kaspersky Embedded Systems Security for Windows detects all objects specified in the application by default.

      By default, the check box is cleared.

      check box.
16. In the Performance section, configure the following settings:
    • Stop scanning if it takes longer than (sec)

      

      Limits the duration of object scanning. The default value is 60 seconds.

      If the check box is selected, scanning is limited to the specified maximum duration.

      If the check box is cleared, scanning is unlimited.

      By default, the check box is selected for the Maximum performance security level.

    • Do not scan compound objects larger than (MB)

      

      Excludes objects larger than the specified size from scanning.

      If the check box is selected, Kaspersky Embedded Systems Security for Windows skips compound objects whose size exceeds the specified limit during a virus scan.

      If this check box is cleared, Kaspersky Embedded Systems Security for Windows scans compound objects of any size.

      By default, the check box is selected for the Maximum performance security level.

    • Use iSwift technology

      

      iSwift compares a file’s NTFS identifier stored in a database with its current identifier. Scanning is performed only for files whose identifiers have changed (new files and files modified since the last scan of NTFS system objects).

      If the check box is selected, Kaspersky Embedded Systems Security for Windows scans only new files or those modified since the last scan of NTFS system objects.

      If the check box is cleared, Kaspersky Embedded Systems Security for Windows scans NTFS file system objects regardless of the file creation date or file modification date, except for files from network folders.

      The check box is selected by default.

    • Use iChecker technology

      

      iChecker calculates and remembers checksums of scanned files. If an object is modified, the checksum changes. The application compares all checksums and scans only files that are new and have been modified since the last scan.

      If the check box is selected, Kaspersky Embedded Systems Security for Windows scans only new and modified files.

      If the check box is cleared, Kaspersky Embedded Systems Security for Windows scans files regardless of the file creation date or file modification date.

      The check box is selected by default.

17. Click the OK button.