Processing of active threats
An infected file is considered processed if Kaspersky Endpoint Security disinfected the file or removed the threat as part of scanning the computer for viruses and other malware.
Kaspersky Endpoint Security moves the file to the list of active threats if, for any reason, Kaspersky Endpoint Security failed to perform an action on this file according to the specified application settings while scanning the computer for viruses and other threats.
This situation is possible in the following cases:
- The scanned file is unavailable (for example, it is located on a network drive or on a removable drive without write privileges).
- In the Malware Scan task settings, the action on threat detection is set to Inform. Then, when the infected file notification was displayed on the screen, the user selected Ignore.
If there are any unprocessed threats, Kaspersky Endpoint Security changes the icon to
. In the main application window, the threat notification is displayed (see the figure below). In the Kaspersky Security Center console, the status of the computer is changed to Critical –
.
How to process a threat in the Administration Console (MMC)
- In the Administration Console, go to the folder Administration Server → Advanced → Repositories → Active threats.
The list of active threats opens.
- Select the object that you want to process.
- Choose how you want to handle the threat:
- Disinfect. If this option is selected, the application automatically attempts to disinfect all infected files that are detected. If disinfection fails, the application deletes the files.
- Delete. If this option is selected, the application deletes detected infected files from the repository and computer memory where the file was detected.
How to process a threat in the Web Console and Cloud Console
- In the main window of the Web Console, select Operations → Repositories → Active threats.
The list of active threats opens.
- Select the object that you want to process.
- Choose how you want to handle the threat:
- Disinfect. If this option is selected, the application automatically attempts to disinfect all infected files that are detected. If disinfection fails, the application deletes the files.
- Delete. If this option is selected, the application deletes detected infected files from the repository and computer memory where the file was detected.
How to process a threat in the application interface
- In the main application window, in the Monitoring section, click the Protection is at risk tile.
The list of active threats opens.
- Select the object that you want to process.
- Choose how you want to handle the threat:
- Resolve. If this option is selected, the application automatically attempts to disinfect all infected files that are detected. If disinfection fails, the application deletes the files.
- Add to exclusions. If this action is selected, Kaspersky Endpoint Security suggests adding the file to the list of scan exclusions. Settings of the exclusion are configured automatically. If adding an exclusion is not available, it means that the administrator has disabled adding exclusions in policy settings.
- Ignore. If this option is selected, Kaspersky Endpoint Security deletes the entry from the list of active threats. If there are no active threats remaining on the list, the computer status will be changed to OK. If the object is detected again, Kaspersky Endpoint Security will add a new entry to the list of active threats.
- Open containing folder. If this option is selected, Kaspersky Endpoint Security opens the folder containing the object in the file manager. You can then manually delete the object or move the object to a folder that is not within the protection scope.
- Learn more. If this option is selected, Kaspersky Endpoint Security opens the Kaspersky Virus Encyclopedia website.
To process active threats in the Kaspersky Security Center console, you must enable the transfer of information about unprocessed files to Administration Server. Data transfer is enabled by default.
How to enable the transfer of unprocessed file data in the Administration Console (MMC)
- Open the Kaspersky Security Center Administration Console.
- In the console tree, select Policies.
- Select the necessary policy and double-click to open the policy properties.
- In the policy window, select General settings → Reports and Storage.
- In the Data transfer to Administration Server block, click the Settings button.
- Select the About unprocessed files check box.
- Save your changes.
How to enable the transfer of unprocessed file data in the Web Console
- In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
- Click the name of the Kaspersky Endpoint Security policy.
The policy properties window opens.
- Select the Application settings tab.
- Go to General settings → Reports and Storage.
- In the Data transfer to Administration Server block, select the About unprocessed files check box.
- Save your changes.

Main application window when a threat is detected
Page top