Working with active threats

Kaspersky Endpoint Security logs information about files that it has not processed for some reason. This information is recorded in the form of events in the list of active threats. If advanced disinfection technology is enabled in application settings, Kaspersky Endpoint Security will perform disinfection without notifying the user. If advanced disinfection technology is disabled, Kaspersky Endpoint Security shows notification about active threats (see figure below). You cannot close this notification without processing the file. You can configure advanced disinfection technology in Virus Scan task settings and in application settings.

Advanced Disinfection during a virus scan task on a computer is performed only if the Advanced Disinfection feature is enabled in the properties of the policy applied to this computer.

If Kaspersky Endpoint Security is installed on a computer running Windows for Servers, Kaspersky Endpoint Security does not show the notification. Therefore, the user cannot select an action to disinfect an active threat. To disinfect a threat, you need to enable advanced disinfection technology in application settings and run advanced disinfection immediately in Virus Scan task settings. Then you need to start Virus Scan task.

loc_screen_KES11_ActiveThreats_Notification

Notification about active threat

An infected file is considered processed if Kaspersky Endpoint Security performs one of the following actions on this file according to the specified application settings while scanning the computer for viruses and other threats:

Disinfect.
Remove.
Delete if disinfection fails.

Kaspersky Endpoint Security moves the file to the list of active threats if, for any reason, Kaspersky Endpoint Security failed to perform an action on this file according to the specified application settings while scanning the computer for viruses and other threats.

This situation is possible in the following cases:

The scanned file is unavailable (for example, it is located on a network drive or on a removable drive without write privileges).
The action that is selected in the Action on threat detection section for scan tasks is Inform, and the user selects the Skip action when a notification about the infected file is displayed.

Main application window when a threat is detected

To process active threats:

In the main application window, click the Details button.
The list of active threats opens.
Select the object that you want to process.
Choose how you want to handle the threat:
- Resolve. If this option is selected, Kaspersky Endpoint Security automatically attempts to disinfect all infected files that are detected. If disinfection fails, Kaspersky Endpoint Security deletes the files.
- Ignore. If this option is selected, Kaspersky Endpoint Security deletes the entry from the list of active threats. If there are no active threats remaining on the list, the computer status will be changed to OK. If the object is detected again, Kaspersky Endpoint Security will add a new entry to the list of active threats.
- Open containing folder. If this option is selected, Kaspersky Endpoint Security opens the folder containing the object in the file manager. You can then manually delete the object or move the object to a folder that is not within the protection scope.
- Learn more. If this option is selected, Kaspersky Endpoint Security opens the Kaspersky Virus Encyclopedia website.

Page top