Security level

Kaspersky Endpoint Security can use different groups of settings for running a scan. These groups of settings that are stored in the application are called security levels:

• High. Kaspersky Endpoint Security scans all types of files. When scanning compound files, Kaspersky Endpoint Security also scans mail-format files.
• Recommended. Kaspersky Endpoint Security scans only the specified file formats on all hard drives, network drives, and removable storage media of the computer, and also embedded OLE objects. Kaspersky Endpoint Security does not scan archives or installation packages.
• Low. Kaspersky Endpoint Security scans only new or modified files with the specified extensions on all hard drives, removable drives, and network drives of the computer. Kaspersky Endpoint Security does not scan compound files.

You can select one of the preset security levels or manually configure security level settings. If you change the security level settings, you can always revert back to the recommended security level settings.

Action on threat detection

Disinfect; delete if disinfection fails. If this option is selected, Kaspersky Endpoint Security automatically attempts to disinfect all infected files that are detected. If disinfection fails, Kaspersky Endpoint Security deletes the files.

Disinfect; block if disinfection fails. If this option is selected, Kaspersky Endpoint Security automatically attempts to disinfect all infected files that are detected. If disinfection is not possible, Kaspersky Endpoint Security adds the information about the infected files that are detected to the list of active threats.

Notify. If this option is selected, Kaspersky Endpoint Security adds the information about infected files to the list of active threats on detection of these files.

Before attempting to disinfect or delete an infected file, Kaspersky Endpoint Security creates a backup copy of the file in case you need to restore the file or if it can be disinfected in the future.

On detection of infected files that are part of the Windows Store application, Kaspersky Endpoint Security attempts to delete the file.

Run Advanced Disinfection immediately

(available only in the Kaspersky Security Center Console)

Advanced Disinfection during a virus scan task on a computer is performed only if the Advanced Disinfection feature is enabled in the properties of the policy applied to this computer.

If the check box is selected, Kaspersky Endpoint Security disinfects the active infection immediately after it is detected during the execution of the virus scan task. After the active infection is disinfected, Kaspersky Endpoint Security reboots the computer without prompting the user.

If the check box is cleared, Kaspersky Endpoint Security does not disinfect the active infection immediately after it is detected during the execution of the virus scan task. Kaspersky Endpoint Security generates active infection events in local application reports and on the Kaspersky Security Center side. The active infection can be disinfected when the virus scan task is run again with the Advanced Disinfection feature turned on. In this way, the system administrator can choose the appropriate time to do Advanced Disinfection and subsequently reboot the computers automatically.

Scan scope

List of objects that Kaspersky Endpoint Security scans while performing a scan task. Objects within the scan scope can include the kernel memory, running processes, boot sectors, system backup storage, mail databases, hard drive, removable drive or network drive, folder or file.

Scan schedule

Manually. Run mode in which you can start scan manually at a time when it is convenient for you.

By schedule. In this scan task run mode, Kaspersky Endpoint Security starts the scan task in accordance with the schedule that you create. If this scan task run mode is selected, you can also start the scan task manually.

Postpone running after application startup for N minutes

Postponed start of the scan task after application startup. At operating system startup, many processes are running, therefore it is advantageous to postpone running the scan task instead of running it immediately after Kaspersky Endpoint Security startup.

Run skipped tasks

If the check box is selected, Kaspersky Endpoint Security starts the skipped scan task as soon as it becomes possible. The scan task may be skipped, for example, if the computer was off at the scheduled scan task start time. If the check box is cleared, Kaspersky Endpoint Security does not run skipped scan tasks. Instead, it carries out the next scan task in accordance with the current schedule.

Run only when the computer is idle

Postponed start of the scan task when computer resources are busy. Kaspersky Endpoint Security starts the scan task if the computer is locked or if the screen saver is on. If you have interrupted the execution of the task, for example by unlocking the computer, Kaspersky Endpoint Security automatically runs the task, continuing from the point where it was interrupted.

Run scan as

By default the scan task is run in the name of the user with whose rights you are registered in the operating system. The protection scope may include network drives or other objects that require special rights to access. You can specify a user that has the required rights in the Kaspersky Endpoint Security settings and run the scan task under this user's account.

File types

Kaspersky Endpoint Security considers files without an extension as executable ones. Kaspersky Endpoint Security always scans executable files regardless of the file types that you select for scanning.

All files. If this setting is enabled, Kaspersky Endpoint Security checks all files without exception (all formats and extensions).

Files scanned by format. If this setting is enabled, Kaspersky Endpoint Security scans infectable files only. Before scanning a file for malicious code, the internal header of the file is analyzed to determine the format of the file (for example, .txt, .doc, or .exe). The scan also looks for files with particular file extensions.

Files scanned by extension. If this setting is enabled, Kaspersky Endpoint Security scans infectable files only. The file format is then determined based on the file's extension.

By default, Kaspersky Endpoint Security scans files by their format. Scanning files by extension is less safe because a malicious file can have an extension that is not on the list of potentially infectable (for example, .123).

Scan only new and changed files

Scans only new files and those files that have been modified since the last time they were scanned. This helps reduce the duration of a scan. This mode applies both to simple and to compound files.

Skip objects scanned longer than N seconds

Limits the duration for scanning a single object. After the specified amount of time, Kaspersky Endpoint Security stops scanning a file. This helps reduce the duration of a scan.

Scan archives

Scanning ZIP, GZIP, BZIP, RAR, TAR, ARJ, CAB, LHA, JAR, ICE, and other archive formats.

Scan distribution packages

This check box enables/disables scanning of third-party distribution packages.

Scan files in Microsoft Office formats

Scans Microsoft Office files (DOC, DOCX, XLS, PPT and other Microsoft extensions). Office format files include OLE objects as well.

Scan email formats

Scanning email format files and the email database. The application scans PST and OST files used by MS Outlook and Windows Mail/Outlook Express mail clients as well as EML files.

Kaspersky Endpoint Security does not support the 64-bit version of MS Outlook email client. This means that Kaspersky Endpoint Security does not scan MS Outlook files (PST and OST files) if a 64-bit version of MS Outlook is installed on the computer, even if mail is included in the scan scope.

If the check box is selected, Kaspersky Endpoint Security splits the mail-format file into its components (header, body, attachments) and scans them for threats.

If this check box is cleared, Kaspersky Endpoint Security scans the mail-format file as a single file.

Scan password-protected archives

If the check box is selected, Kaspersky Endpoint Security scans password-protected archives. Before files in an archive can be scanned, you are prompted to enter the password.

If the check box is cleared, Kaspersky Endpoint Security skips scanning of password-protected archives.

Do not unpack large compound files

If this check box is selected, Kaspersky Endpoint Security does not scan compound files if their size exceeds the specified value.

If this check box is cleared, Kaspersky Endpoint Security scans compound files of all sizes.

Kaspersky Endpoint Security scans large files that are extracted from archives regardless of whether the check box is ticked or not.

Machine learning and signature analysis

The machine learning and signature analysis method uses the Kaspersky Endpoint Security databases that contain descriptions of known threats and ways to neutralize them. Protection that uses this method provides the minimum acceptable security level.

Based on the recommendations of Kaspersky experts, machine learning and signature analysis is always enabled.

Heuristic Analysis

The technology was developed for detecting threats that cannot be detected by using the current version of Kaspersky application databases. It detects files that may be infected with an unknown virus or a new variety of a known virus.

When scanning files for malicious code, the heuristic analyzer executes instructions in the executable files. The number of instructions that are executed by the heuristic analyzer depends on the level that is specified for the heuristic analyzer. The heuristic analysis level ensures a balance between the thoroughness of searching for new threats, the load on the resources of the operating system, and the duration of heuristic analysis.

iSwift Technology

(available only in the Administration Console (MMC) and in the Kaspersky Endpoint Security interface)

This technology allows increasing scan speed by excluding certain files from scanning. Files are excluded from scanning by using a special algorithm that takes into account the release date of Kaspersky Endpoint Security databases, the date that the file was last scanned on, and any modifications to the scanning settings. The iSwift technology is an advancement of the iChecker technology for the NTFS file system.

iChecker Technology

(available only in the Administration Console (MMC) and in the Kaspersky Endpoint Security interface)

This technology allows increasing scan speed by excluding certain files from scanning. Files are excluded from scans by using a special algorithm that takes into account the release date of Kaspersky Endpoint Security databases, the date when the file was last scanned, and any modifications to the scan settings. There are limitations to iChecker Technology: it does not work with large files and applies only to files with a structure that the application recognizes (for example, EXE, DLL, LNK, TTF, INF, SYS, COM, CHM, ZIP, and RAR).