Real-time protection is an operation mode of Kaspersky Security in which objects are scanned for malicious code and web objects are scanned for unwanted web content in real-time mode. The application scans objects when they are transferred to a Server, modified, or downloaded from a Server to a user's computer.
Kaspersky Security scans the following objects:
Files uploaded by the user to the SharePoint server;
Files copied from the SharePoint server to the computer;
SharePoint web objects (such as wiki pages and forums hosted on the SharePoint server) when they are created or modified.
When the real-time protection is enabled, Kaspersky Security performs the following actions:
Performs anti-virus scan of the file in accordance with the scan exclusion settings
Searches for unwanted file formats and unwanted file names.
If a file was blocked during Content filtering, the application does not perform a virus scan on this file.
If a file was blocked during a virus scan, the application does not scan its contents.
Non-infected objects are allowed in to the user, while objects that contain threats or are possibly infected will be processed in accordance with the protection settings defined.
Status labels assigned to files following on-access scan
Based on the results of on-access scanning, the application assigns one of the following status labels to the file:
Not infected. No threats detected in the file.
Infected. A file a segment of whose code fully matches a code segment of a known threat.
Probably infected. A file whose code contains a modified segment of code of a known threat, or a file resembling a threat in the way it behaves.
Password-protected. A password-protected archive.
Corrupted. The file cannot be read by Kaspersky Security.
Based on the results of content filtering, the application assigns one of the following status labels to the file:
Allowed. There is no unwanted content in the file.
Forbidden format. The file has an unwanted format.
Forbidden mask. The file name contains an unwanted mask.
Forbidden content. The file has been found to contain unwanted words and phrases.
Based on the results of content filtering, the application assigns one of the following status labels to the SharePoint web part:
Allowed. The SharePoint web object does not contain unwanted content, malicious or phishing URLs.
Forbidden content. The SharePoint web object has been found to contain malicious / phishing URLs or unwanted content.