Working with active threats

Kaspersky Endpoint Security logs information about files that it has not processed for some reason. This information is recorded in the form of events in the list of active threats.

An infected file is considered processed if Kaspersky Endpoint Security performs one of the following actions on this file according to the specified application settings while scanning the computer for viruses and other threats:

• Disinfect.
• Remove.
• Delete if disinfection fails.

Kaspersky Endpoint Security moves the file to the list of active threats if, for any reason, Kaspersky Endpoint Security failed to perform an action on this file according to the specified application settings while scanning the computer for viruses and other threats.

This situation is possible in the following cases:

• The scanned file is unavailable (for example, it is located on a network drive or on a removable drive without write privileges).
• The action that is selected in the Action on threat detection section for scan tasks is Inform, and the user selects the Skip action when a notification about the infected file is displayed.

You can do one of the following:

• Manually start a Custom Scan task for files in the list of active threats after updating databases and application modules. File status may change after the scan.
• Remove records from the list of active threats.

Working with the list of active threats

The list of active threats is presented as a table of events related to infected files that were not processed for some reason.

You can perform the following actions with files from the list of active threats:

• View the list of active threats
• Scan active threats from the list using the current version of Kaspersky Endpoint Security databases and modules
• Restore files from the list of active threats to their original folders or to a different folder of your choice (when the original folder cannot be written to)
• Remove files from the list of active threats
• Open the folder where the file was initially located from the list of active threats

You can also perform the following actions while managing data in the table:

• Filter active threats based on column values or custom filter conditions.
• Use the active threat search function.
• Sort active threats.
• Change the order and arrangement of columns that are shown in the list of active threats
• Group active threats.

If necessary, you can copy information about selected active threats to the clipboard.

Start custom scan task for files from the list of active threats

You can manually start a custom scan task for infected files that for some reason were not processed. You can start the scan if, for example, the last scan was interrupted for some reason or if you want to rescan files from the list of active threats after the latest update of databases and application modules.

To start a Custom Scan of files from the list of active threats:

1. In the main application window, click the <...> active threats section.

   The Active threats window opens.

2. In the table in the Active threats window, select one or several records associated with files that you want to scan.

   To select multiple entries, select them while holding down the CTRL key.

3. Start the Custom Scan task in one of the following ways:
   • Click the Rescan button.
   • Right-click to bring up the context menu and select Rescan.

Deleting records from the list of active threats

To delete records from the list active threats:

1. In the main application window, click the <...> active threats section.

   The Active threats window opens.

2. In the table in the Active threats window select one or more records you want to delete from the list of active threats.

   To select multiple entries, select them while holding down the CTRL key.

3. Delete the records in one of the following ways:
   • Click the Delete button.
   • Right-click to open the context menu and select Delete.