The File Threat Protection component lets you prevent infection of the file system of the computer. By default, the File Threat Protection component permanently resides in the computer's RAM. The component scans files on all drives of the computer, as well as on connected drives. The component provides computer protection with the help of anti-virus databases, the Kaspersky Security Network cloud service, and heuristic analysis.
The component scans the files accessed by the user or application. If a malicious file is detected, Kaspersky Endpoint Security blocks the file operation. The application then disinfects or deletes the malicious file, depending on the settings of the File Threat Protection component.
When attempting to access a file whose contents are stored in the OneDrive cloud, Kaspersky Endpoint Security downloads and scans the file contents.
File Threat Protection component settings
Parameter |
Description |
|---|---|
Protection scope |
Contains objects that are scanned by the File Threat Protection component. A scan object may be a hard drive, removable drive, network drive, folder, file, or multiple files defined by a mask. By default, the File Threat Protection component scans files that are started on any hard drives, removable drives, or network drives. The protection scope for these objects cannot be changed or deleted. You can also exclude an object (such as removable drives) from scans. |
Action on threat detection |
Disinfect; delete if disinfection fails. If this option is selected, Kaspersky Endpoint Security automatically attempts to disinfect all infected files that are detected. If disinfection fails, Kaspersky Endpoint Security deletes the files. Disinfect; block if disinfection fails. If this option is selected, the File Threat Protection component automatically attempts to disinfect all infected files that are detected. If disinfection fails, the File Threat Protection component blocks these files. Block. If this option is selected, the File Threat Protection component automatically blocks all infected files without attempting to disinfect them. Before attempting to disinfect or delete an infected file, the File Threat Protection component creates a backup copy in case it becomes necessary to restore the file or it becomes possible to disinfect the file at a later time. |
Scan only new and changed files |
This check box enables or disables the mode for scanning only new files and files that have been modified since the previous scan. This helps reduce the duration of a scan. |
Scan archives |
This check box enables / disables scanning of RAR, ARJ, ZIP, CAB, LHA, JAR, and ICE archives. |
Scan distribution packages |
This check box enables/disables scanning of third-party distribution packages. |
Scan Office formats |
This check box enables or disables scanning of Microsoft Office files (DOC, DOCX, XLS, PPT, and others). Office format files include OLE objects as well. |
Do not unpack large compound files |
If this check box is selected, Kaspersky Endpoint Security does not scan compound files if their size exceeds the specified value. If this check box is cleared, Kaspersky Endpoint Security scans compound files of all sizes. Kaspersky Endpoint Security scans large files that are extracted from archives, regardless of whether the Do not unpack large compound files check box is selected. |
Unpack compound files in the background |
If the check box is selected, Kaspersky Endpoint Security provides access to compound files that are larger than the specified value before these files are scanned. In this case, Kaspersky Endpoint Security unpacks and scans compound files in the background. Kaspersky Endpoint Security provides access to compound files that are smaller than this value only after unpacking and scanning these files. If the check box is not selected, Kaspersky Endpoint Security provides access to compound files only after unpacking and scanning files of any size. |