In this section, SVM refers to an SVM with the File Anti-Virus component installed.
An SVM with the File Anti-Virus component installed protects virtual machines on the VMware ESXi hypervisor. Kaspersky Security starts protecting virtual machines only after you have enabled protection by using a policy.
If the application is not activated or the application databases are missing on SVMs, Kaspersky Security does not protect the virtual machines.
Kaspersky Security protects only powered on virtual machines that meet all the conditions for virtual machine protection.
When a user or program attempts to access a virtual machine file, Kaspersky Security scans this file.
Kaspersky Security then performs the action that is specified in the protection profile of the virtual machine; for example, it disinfects or blocks the file.
If an application that collects information and sends it to be processed is installed on a virtual machine, Kaspersky Security may classify this application as malware. To avoid this, you can exclude the application from protection. The list of exclusions is configured in the protection profile settings.
Signature and heuristic analysis is used during protection of virtual machines. Signature analysis uses Kaspersky Security databases that contain information about known threats and ways to neutralize them. Protection that uses signature analysis provides a minimally acceptable security level. In accordance with the recommendations of Kaspersky Lab experts, this method is always enabled.
Heuristic analysis is a technology designed for detecting threats that cannot be detected with the aid of Kaspersky Lab application databases. Heuristic analysis detects files that could be infected with malware for which there are not yet any database signatures or infected with a new variety of a known virus. Files in which a threat is detected during heuristic analysis are marked as Infected.
The heuristic analysis level depends on the selected security level:
Information about all events that occur during protection of virtual machines is logged in a report.
You are advised to regularly view the list of files blocked in the course of virtual machine protection and manage them. For example, you can save file copies to a location that is inaccessible to a virtual machine user or delete the files. You can view the details of blocked files in the threats report or by filtering events by the File blocked event (please refer to the Kaspersky Security Center documentation).
To gain access to files that were blocked as a result of virtual machine protection, you must exclude these files from protection in the settings of the profile assigned to the virtual machines, or temporarily disable the protection of these virtual machines.