Forming the protection scope of the File Threat Protection component
The protection scope refers to the objects that the component scans when enabled. The protection scopes of different components have different properties. The location and type of files to be scanned are properties of the protection scope of the File Threat Protection component. By default, the File Threat Protection component scans only potentially infectable files that are run from hard drives, removable drives and network drives.
A file which, due to its structure or format, can be used by intruders as a "container" to store and spread malicious code. As a rule, these are executable files, with such file extensions as .com, .exe, and .dll. There is a fairly high risk of intrusion of malicious code in such files.
When selecting the type of files to scan, consider the following:
There is a low probability of introducing malicious code into files of certain formats and its subsequent activation (for example, TXT format). At the same time, there are file formats that contain executable code (such as .exe, .dll). The executable code may also be contained in files of formats that are not intended for this purpose (for example, the DOC format). The risk of intrusion and activation of malicious code in such files is high.
An intruder may send a virus or another malicious application to your computer in an executable file that has been renamed with the .txt extension. If you select scanning of files by extension, the application skips this file during scanning. If scanning of files by format is selected, Kaspersky Endpoint Security analyzes the file header regardless of its extension. If this analysis reveals that the file has the format of an executable file (for example, EXE), the application scans it.
To create the protection scope:
In the main application window, click the button .
In the application settings window, select Essential Threat Protection → File Threat Protection.
Click the Advanced settings button.
In the File types section, specify the type of files that you want the File Threat Protection component to scan:
All files. If this setting is enabled, Kaspersky Endpoint Security checks all files without exception (all formats and extensions).
Files scanned by format. If this setting is enabled, Kaspersky Endpoint Security scans infectable files only. Before scanning a file for malicious code, the internal header of the file is analyzed to determine the format of the file (for example, .txt, .doc, or .exe). The scan also looks for files with particular file extensions.
Files scanned by extension. If this setting is enabled, Kaspersky Endpoint Security scans infectable files only. The file format is then determined based on the file's extension.
Click the Edit protection scope link.
In the opened window, select the objects that you want to add to the protection scope or exclude from it.
You cannot remove or edit objects that are included in the default protection scope.
If you want to add a new object to the protection scope:
Click the Add button.
The folder tree opens.
Select the object and click Select.
You can exclude an object from scans without deleting it from the list of objects in the scan scope. To do so, clear the check box next to the object.