Scanning compound files

A common technique of concealing viruses and other malware is to implant them in compound files, such as archives or databases. To detect viruses and other malware that are hidden in this way, the compound file must be unpacked, which may slow down scanning. You can limit the types of compound files to be scanned and thereby speed up scanning.

The method used to process an infected compound file (disinfection or deletion) depends on the type of file.

The File Threat Protection component disinfects compound files in the RAR, ARJ, ZIP, CAB, and LHA formats and deletes files in all other formats (except mail databases).

To configure scanning of compound files:

  1. In the main application window, click the button icon_settings.
  2. In the application settings window, select Essential Threat ProtectionFile Threat Protection.
  3. Click the Advanced settings button.
  4. In the Scan of compound files section, specify the types of compound files that you want to scan: archives, installation packages, or files in office formats.
  5. If scanning only new and modified files is disabled, configure the settings for scanning each type of compound file: scan all files of this type or only new files.

    If scanning only new and modified files is enabled, Kaspersky Endpoint Security scans only new and modified files of all types of compound files.

  6. Configure the advanced settings for scanning compound files.
    • Do not unpack large compound files.

      If this check box is selected, Kaspersky Endpoint Security does not scan compound files if their size exceeds the specified value.

      If this check box is cleared, Kaspersky Endpoint Security scans compound files of all sizes.

      Kaspersky Endpoint Security scans large files that are extracted from archives, regardless of whether the Do not unpack large compound files check box is selected.

    • Unpack compound files in the background.

      If the check box is selected, Kaspersky Endpoint Security provides access to compound files that are larger than the specified value before these files are scanned. In this case, Kaspersky Endpoint Security unpacks and scans compound files in the background.

      Kaspersky Endpoint Security provides access to compound files that are smaller than this value only after unpacking and scanning these files.

      If the check box is not selected, Kaspersky Endpoint Security provides access to compound files only after unpacking and scanning files of any size.

  7. Save your changes.
Page top