About the operating modes of the application

To optimize resource usage by the application, during installation of the application, you can select the operating mode that the application will enter immediately after installation. The following operating modes are available:

• Protection is disabled (PROTECTION_MODE=Disabled). When the application is started after installation, all components of the application are disabled by default. Only service tasks that handle application activation and the functioning of Backup are started.
• Only File Threat Protection in "Notify only" mode (PROTECTION_MODE=OAS_Notify) is enabled. When the application is started after installation, only the File Threat Protection component and service tasks that handle application activation and the functioning of Backup are automatically started. The File Threat Protection component operates in "Notify only" mode. The Notify-only mode is an operation mode for the application in which, if a threat is detected, application components and tasks do not attempt to disinfect or delete malicious objects, deny access or block the activity of applications. Instead, the application only informs the user about the detected threat.
• Only File Threat Protection (PROTECTION_MODE=OAS_Block). When the application is started after installation, only the File Threat Protection component and service tasks that handle application activation and the functioning of Backup are automatically started. When a threat is detected, the application performs the actions specified in the File Threat Protection settings.

You can select an operating mode for the application in the following ways depending on how you installed the application:

• When installing using the Kaspersky Security Center Web Console or the Administration Console, you can select the mode of the application in the installation package properties (this method is available only in the Web Console) or in the autoinstall.ini configuration file that is included in the application installation package.
• When installing using the command line, you can select the operating mode during the initial configuration of the application in automatic mode.

If you are performing initial configuration by running the initial configuration script, you cannot select the operating mode.

If you did not select an operating mode, by default, the installed application runs in Protection is disabled mode.

After installation, you must enable the application components you need and configure the relevant tasks. If the application runs in Protection is disabled mode, your devices are at risk.

You can enable components, configure and run tasks using Kaspersky Security Center or the command line.

By default, the application components and tasks are configured to work in "Notify only" mode:

• File Threat Protection: First action is Skip (FirstAction=Skip).
• Scan tasks (Malware Scan, Critical Areas Scan, Custom Scan of files and directories): First action is Skip (FirstAction=Skip).
• Container Monitoring: Action with container upon threat detection is Skip container (OnAccessContainerScanAction=Skip).
• Container Scan task: First action is Skip (FirstAction=Skip).
• Removable Drives Scan: the Block access to the removable drive while scanning check box is cleared (BlockDuringScan=No).
• Web Threat Protection: Action on threat detection is Inform (ActionOnDetect=Notify).
• Network Threat Protection: Action on threat detection is Inform (ActionOnDetect=Notify).
• Anti-Cryptor: Action on encryption detection is Inform (ActionOnDetect=Notify).
• Application Control component: Application Control mode is Inform (AppControlRulesAction=Notify).
• Device Control: Device Control operating mode is Inform (OperationMode=Notify).
• Web Control: Default rule is Allow everything not specified in the list of rules (WebControlDefaultAction=Allow).
• Behavior Detection: Action on malware activity detection is Inform (TaskMode=Notify).
• File operation interception mode: the Block access to files during scans check box is cleared (FileBlockDuringScan=No).

If, while installing the application, you selected the Only File Threat Protection mode, different default values are applied to some settings:

• File Threat Protection: First action is Skip (FirstAction=Recommended).
• Container Monitoring: Action with container upon threat detection is Skip container (OnAccessContainerScanAction=StopContainerIfFailed).
• File operation interception mode: the Block access to files during scans check box is selected (FileBlockDuringScan=Yes).

After installation, you can configure the actions that the application performs using Kaspersky Security Center or the command line. The settings are configured separately for each component and task; there is no control that sets the mode for the whole application.

Page top