After the scan is complete, a Results folder is created in the Kavscan folder. It has the following structure:
<scanned device name>: a folder named after the device being scanned and containing the following subfolders:
<date_time>: a folder whose name includes the date and time of the device scan in the format YYYY-MM-DD_HH-MM-SS. Depending on the scan settings, it may contain the following subfolders:
Backup: a folder containing backup copies of the original files that the system attempted to disinfect. Each file contains the path in its name, where the file was located on the scanned device. Each file is packed into a password-protected .ZIP archive. Use infected as a password to get access to the files.
Detects: a folder containing service information about detections. The contents of the folder are necessary for displaying alert details in Kaspersky Industrial CyberSecurity for Networks.
Dump: a folder containing memory dumps. This folder is created if the scan was started in memory dumping mode and a critical error occurred during the scan.
Network: a folder containing dumps of inbound and outbound traffic from the device. This folder is created if the scan was started in traffic logging mode.
Oval: a folder containing a ZIP archive with an XML and HTML report for each source of audit security rules. This folder is created if the scan included a security audit.
Report: a folder containing a report.txt file with a scan report.
Results: a folder containing a results_<scanned device name>_<scan date_time>.zip archive with artifacts containing the results of the completed scan. This archive is necessary for importing scan results into Kaspersky Industrial CyberSecurity for Networks.
Temp: a folder containing temporary data created during the scan.
Trace: a folder containing trace log files. This folder is created if the scanner was started in trace mode.