Scanning the computer

A virus scan is vital to computer security. Regularly run virus scans to rule out the possibility of spreading malware that is undetected by protection components due to a low security level setting or for other reasons.

Kaspersky Endpoint Security does not scan files whose contents are located in OneDrive cloud storage, and creates log entries stating that these files have not been scanned.

Full Scan

A thorough scan of the entire computer. Kaspersky Endpoint Security scans the following objects:

Kaspersky experts recommend that you do not change the scan scope of the Full Scan task.

To conserve computer resources, it is recommended to run a background scan task instead of a full scan task. This will not affect the security level of the computer.

Critical Areas Scan

By default, Kaspersky Endpoint Security scans the kernel memory, running processes, and disk boot sectors.

Kaspersky experts recommend that you do not change the scan scope of the Critical Areas Scan task.

Custom Scan

Kaspersky Endpoint Security scans the objects that are selected by the user. You can scan any object from the following list:

Background scan

Background scan is a scan mode of Kaspersky Endpoint Security that does not display notifications for the user. Background scan requires less computer resources than other types of scans (such as a full scan). In this mode, Kaspersky Endpoint Security scans startup objects, the boot sector, system memory, and the system partition.

Integrity check

Kaspersky Endpoint Security checks the application modules for corruption or modifications.

Scan settings

Parameter

Description

Security level

Kaspersky Endpoint Security can use different groups of settings for running a scan. These groups of settings that are stored in the application are called security levels:

  • High. Kaspersky Endpoint Security scans all types of files. When scanning compound files, Kaspersky Endpoint Security also scans mail-format files.
  • Recommended. Kaspersky Endpoint Security scans only the specified file formats on all hard drives, network drives, and removable storage media of the computer, and also embedded OLE objects. Kaspersky Endpoint Security does not scan archives or installation packages.
  • Low. Kaspersky Endpoint Security scans only new or modified files with the specified extensions on all hard drives, removable drives, and network drives of the computer. Kaspersky Endpoint Security does not scan compound files.

Action on threat detection

Disinfect; delete if disinfection fails. If this option is selected, Kaspersky Endpoint Security automatically attempts to disinfect all infected files that are detected. If disinfection fails, Kaspersky Endpoint Security deletes the files.

Disinfect; block if disinfection fails. If this option is selected, Kaspersky Endpoint Security automatically attempts to disinfect all infected files that are detected. If disinfection is not possible, Kaspersky Endpoint Security adds the information about the infected files that are detected to the list of active threats.

Inform. If this option is selected, Kaspersky Endpoint Security adds the information about infected files to the list of active threats on detection of these files.

Before attempting to disinfect or delete an infected file, Kaspersky Endpoint Security creates a backup copy of the file in case you need to restore the file or if it can be disinfected in the future.

Protection scope

List of objects that Kaspersky Endpoint Security scans while performing a scan task. Objects within the scan scope can include the kernel memory, running processes, boot sectors, system backup storage, mail databases, hard drive, removable drive or network drive, folder or file.

Scan schedule

Manually. Run mode in which you can start scan manually at a time when it is convenient for you.

Scheduled. In this scan task run mode, Kaspersky Endpoint Security starts the scan task in accordance with the schedule that you create. If this scan task run mode is selected, you can also start the scan task manually.

Run skipped tasks

(available only in the Kaspersky Security Center Console)

If the check box is selected, Kaspersky Endpoint Security starts the skipped scan task as soon as it becomes possible. The scan task may be skipped, for example, if the computer was off at the scheduled scan task start time.

If the check box is cleared, Kaspersky Endpoint Security does not run skipped scan tasks. Instead, it carries out the next scan task in accordance with the current schedule.

Run only when the computer is idling

Postponed start of the scan task when computer resources are busy. Kaspersky Endpoint Security starts the scan task if the computer is locked or if the screen saver is on.

Run scan as

By default the scan task is run in the name of the user with whose rights you are registered in the operating system. The protection scope may include network drives or other objects that require special rights to access. You can specify a user that has the required rights in the Kaspersky Endpoint Security settings and run the scan task under this user's account.

File types

Kaspersky Endpoint Security considers files without an extension as executable ones. Kaspersky Endpoint Security always scans executable files regardless of the file types that you select for scanning.

All files. If this setting is enabled, Kaspersky Endpoint Security checks all files without exception (all formats and extensions).

Files scanned by format. If this setting is enabled, Kaspersky Endpoint Security scans infectable files only. Before scanning a file for malicious code, the internal header of the file is analyzed to determine the format of the file (for example, .txt, .doc, or .exe). The scan also looks for files with particular file extensions.

Files scanned by extension. If this setting is enabled, Kaspersky Endpoint Security scans infectable files only. The file format is then determined based on the file's extension.

Scan only new and changed files

Scans only new files and those files that have been modified since the last time they were scanned. This helps reduce the duration of a scan. This mode applies both to simple and to compound files.

Skip files that are scanned for longer than N seconds

Limits the duration for scanning a single object. After the specified amount of time, Kaspersky Endpoint Security stops scanning a file. This helps reduce the duration of a scan.

Scan archives

Scans archives in the following formats: RAR, ARJ, ZIP, CAB, LHA, JAR, and ICE.

Scan distribution packages

This check box enables/disables scanning of third-party distribution packages.

Scan files in Microsoft Office formats

Scans Microsoft Office files (DOC, DOCX, XLS, PPT and other Microsoft extensions). Office format files include OLE objects as well.

Scan email formats

This check box enables / disables the option for Kaspersky Endpoint Security to scan files in email formats and mail databases.

The application only fully scans MS Outlook, Windows Mail/Outlook Express and EML mail file formats and only if the computer has the MS Outlook x86 mail client.

If the check box is selected, Kaspersky Endpoint Security splits the mail-format file into its components (header, body, attachments) and scans them for threats.

If this check box is cleared, Kaspersky Endpoint Security scans the mail-format file as a single file.

Scan password-protected archives

If the check box is selected, Kaspersky Endpoint Security scans password-protected archives. Before files in an archive can be scanned, you are prompted to enter the password.

If the check box is cleared, Kaspersky Endpoint Security skips scanning of password-protected archives.

Do not unpack large compound files

If this check box is selected, Kaspersky Endpoint Security does not scan compound files if their size exceeds the specified value.

If this check box is cleared, Kaspersky Endpoint Security scans compound files of all sizes.

Kaspersky Endpoint Security scans large files that are extracted from archives regardless of whether the check box is ticked or not.

Machine learning and signature analysis

The machine learning and signature analysis method uses the Kaspersky Endpoint Security databases that contain descriptions of known threats and ways to neutralize them. Protection that uses this method provides the minimum acceptable security level.

Based on the recommendations of Kaspersky experts, machine learning and signature analysis is always enabled.

Heuristic Analysis

The technology was developed for detecting threats that cannot be detected by using the current version of Kaspersky application databases. It detects files that may be infected with an unknown virus or a new variety of a known virus.

When scanning files for malicious code, the heuristic analyzer executes instructions in the executable files. The number of instructions that are executed by the heuristic analyzer depends on the level that is specified for the heuristic analyzer. The heuristic analysis level ensures a balance between the thoroughness of searching for new threats, the load on the resources of the operating system, and the duration of heuristic analysis.

iSwift Technology

This technology allows increasing scan speed by excluding certain files from scanning. Files are excluded from scanning by using a special algorithm that takes into account the release date of Kaspersky Endpoint Security databases, the date that the file was last scanned on, and any modifications to the scanning settings. The iSwift technology is an advancement of the iChecker technology for the NTFS file system.

iChecker Technology

This technology allows increasing scan speed by excluding certain files from scanning. Files are excluded from scans by using a special algorithm that takes into account the release date of Kaspersky Endpoint Security databases, the date when the file was last scanned, and any modifications to the scan settings. There are limitations to iChecker Technology: it does not work with large files and applies only to files with a structure that the application recognizes (for example, EXE, DLL, LNK, TTF, INF, SYS, COM, CHM, ZIP, and RAR).

Page top