File Anti-Virus prevents infection of the computer's file system. The component starts during startup of the operating system, remains in the RAM of the computer, and scans all files that are opened, saved, or run on your computer and on all connected drives for viruses and other malware. If you disable File Anti-Virus, it will not start at operating system startup. You will have to re-enable File Anti-Virus manually.
Enable/disable File Anti-Virus
- In the menu bar, click the application icon.
- In the menu that appears, choose Preferences.
The application preferences window opens.
- On the Protection tab, in the File Anti-Virus section, select/deselect the Enable File Anti-Virus checkbox.
You can also enable File Anti-Virus in Protection Center. Disabling computer protection or disabling protection components puts your computer at much higher risk of infection. This is why Protection Center informs when protection is disabled.
You can create a protection scope for File Anti-Virus.
Add/remove a file or folder to/from the protection scope
- In the menu bar, click the application icon.
- In the menu that appears, choose Preferences.
The application preferences window opens.
- On the Protection tab, in the File Anti-Virus section, click the Protection Scope button.
A window with a list of objects that File Anti-Virus scans opens. By default, all objects that are located on internal, removable, and network drives connected to your computer are scanned.
- Add/remove the objects in the protection scope:
- To add a file or folder to the protection scope:
- Click the
button.A drop-down list where you can select objects to add to the protection scope opens.
- In the drop-down list, choose the Files and Folders item.
The window where you can select a file or a folder opens.
- Select a file or folder that you want to add to the protection scope.
- Click the Open button.
- To remove a file or folder from the protection scope:
- Select an object in the list of protection scope objects.
- Drag the selected object from the window or click the
button.
- Click the Save button.
Add an object from the default protection objects list to the protection scope
- In the menu bar, click the application icon.
- In the menu that appears, choose Preferences.
The application preferences window opens.
- On the Protection tab, in the File Anti-Virus section, click the Protection Scope button.
A window with a list of objects that File Anti-Virus scans opens. By default, all objects that are located on internal, removable, and network drives connected to your computer are scanned.
- Click the
button.
A drop-down list where you can select objects to add to the protection scope opens.
- In the drop-down list, select an object that you want to add to the protection scope (for example, Memory).
- Click the Save button.
Disable protection of an object in the protection scope
- In the menu bar, click the application icon.
- In the menu that appears, choose Preferences.
The application preferences window opens.
- On the Protection tab, in the File Anti-Virus section, click the Protection Scope button.
A window with a list of objects that File Anti-Virus scans opens. By default, all objects that are located on internal, removable, and network drives connected to your computer are scanned.
- Deselect the checkbox next to an object in the list of protection scope objects.
- Click the Save button.
When the user or an application attempts to access a protected file, File Anti-Virus checks the iSwift databases for information about the file, and uses this information for deciding whether to scan the file.
Recognizing malicious objects is possible thanks to the use of signature analysis, a way of searching for threats based on threat descriptions included in the anti-virus databases of the application. In addition to signature analysis, File Anti-Virus uses heuristic analysis and other scanning technologies.
If a threat is detected in a file, Kaspersky Internet Security assigns one of the following status labels to the file:
- A status that indicates the type of the malicious program detected (for example, virus or Trojan).
- Probably infected status, if the scan cannot determine whether or not the file is infected. The file may contain a code sequence that is typical of viruses and other malware, or modified code from a known virus.
After assigning a status the application displays a notification about the detected object and takes the action on the object based on your File Anti-Virus preferences.
Select the action that File Anti-Virus performs after detecting an infected or probably infected file
- In the menu bar, click the application icon.
- In the menu that appears, choose Preferences.
The application preferences window opens.
- On the Protection tab, in the File Anti-Virus section, select the action that File Anti-Virus performs after detecting an infected or probably infected file.
Before attempting to disinfect or delete an infected file, Kaspersky Internet Security saves a backup copy for subsequent restoration or disinfection. A file copy is moved to Quarantine. Probably infected files are also placed in Quarantine. You can try to disinfect those files later by using updated anti-virus databases.
Information about File Anti-Virus operation and all detected objects is logged in a report.
View the File Anti-Virus report
- Open the Protection pull-down menu.
- In the pull-down menu, choose Reports.
The Kaspersky Internet Security reports window opens.
- Open the File Anti-Virus tab.
Note: If File Anti-Virus stops running with an error, you can view the report and try to start the component again. If the problem is not solved, you can contact Technical Support at Kaspersky Lab.
You can also view overall statistics for File Anti-Virus (number of objects scanned since last startup of the component, number of malicious objects detected and disinfected) in Protection Center by clicking the Show Details button in the right pane of the main application window.
Article ID: 58171, Last review: Feb 17, 2022