Configuring main protection profile settings

The main protection profile is automatically generated during creation of the main policy and tenant policy. You can configure the settings of the main protection profile while creating a policy (during the Configure main protection profile settings step) or in the properties of the policy after it is created (in the Main protection profile subsection in the File Threat Protection section).

To configure main protection profile settings:

In the Security level section, select the security level at which Kaspersky Security scans virtual machines:
- If you want to install one of the pre-installed security levels (High, Recommended, or Low), use the slider to select one.
- To change the security level to Recommended, click the Default button.
- If you want to configure the security level on your own, click the Settings button. In the Security level settings window that opens:
1. In the Scanning archives and compound files section, specify the values of the following settings:
  - Scan archives
    Enable / disable scanning of archives.
    
    This check box is cleared by default.
  - Delete archives if disinfection fails
    Enable / disable the feature of deleting archives that could not be disinfected.
    
    If this check box is selected, Kaspersky Security deletes archives that could not be disinfected.
    
    If this check box is cleared, the application does not delete archives that could not be disinfected. Kaspersky Security relays information that the infected file has not been deleted to the Administration Server of Kaspersky Security Center.
    
    This check box is available when the Scan archives check box is selected.
    
    This check box is cleared by default.
  - Scan self-extracting archives
    Enables / disables the scanning of self-extracting archives.
    
    By default, this check box is cleared for protection profiles and selected for scan tasks.
  - Scan embedded OLE-objects
    Enables/disables the scanning of objects that are embedded inside a file.
    
    This check box is set by default.
  - Do not unpack large compound files
    If this check box is set, Kaspersky Security does not scan compound files whose size exceeds the value that is specified in the Maximum size of a scanned compound file is N MB field.
    
    If this check box is cleared, Kaspersky Security scans compound files of all sizes.
    
    Kaspersky Security scans large files that are extracted from archives, regardless of whether the Do not unpack large compound files check box is selected.
    
    This check box is set by default.
  - Maximum size of a scanned compound file N MB
    Maximum size of compound files that are subject to scanning (in megabytes). Kaspersky Security does not unpack and scan objects whose size is larger than the specified value.
    
    This setting can be edited if the Do not unpack large compound files check box is selected.
    
    You can specify a value in the range of 1 to 999999 in this field. The default value is 8 MB.
2. In the Performance section, specify the values of the following settings:
  - Limit file scan time
    Enables / disables the file scan time limit.
    
    If this check box is selected, Kaspersky Security stops scanning a file when the scan duration reaches the value that is specified in the Scan files for no longer than N second(s) field and skips this file.
    
    If this check box is cleared, Kaspersky Security does not limit the duration of file scanning.
    
    By default, this check box is selected for protection profiles and cleared for scan tasks.
  - Scan files for no longer than N second(s)
    Maximum duration of file scanning (in seconds). Kaspersky Security stops scanning a file if scanning takes longer than the time value specified.
    
    This setting can be edited if the Limit file scan time check box is selected.
    
    You can specify a value in the range of 1 to 3600 in this field. The default value is 60 seconds.
3. In the Objects to detect section, click the Settings button. In the Objects to detect window that opens, specify the values of the following settings:
  - Malicious tools
    Enables/disables protection against malicious tools.
    
    Malicious tools do not perform their actions right after they are started. Instead, they can be stealthily stored and run on the virtual machine. Intruders often use the features of malicious tools to create viruses, worms, and Trojans, perpetrate network attacks on remote servers, or perform other malicious actions.
    
    If this check box is set, protection against malicious tools is enabled.
    
    If this check box is cleared, protection against malicious tools is disabled.
    
    This check box is set by default.
  - Auto-dialers
    Enables/disables protection against auto-dialers.
    
    If this check box is selected, protection against auto-dialers is enabled.
    
    If this check box is cleared, protection against auto-dialers is disabled.
    
    This check box is set by default.
  - Adware
    Enables/disables protection against adware.
    
    The function of adware is to display advertising information to the user. For example, it displays banner ads in the interfaces of other programs and redirects search queries to advertising websites. Some varieties of adware collect marketing information about the user and send it to the developer: this information may include the names of the websites that are visited by the user or the content of the user's search queries. Unlike Trojan-Spy–type programs, adware sends this information to the developer with the user's permission.
    
    If this check box is set, protection against adware is enabled.
    
    If this check box is cleared, protection against adware is disabled.
    
    This check box is set by default.
  - Other
    Enables / disables protection against legitimate software that could be exploited by criminals to harm a virtual machine or user data.
    
    Most of these programs are useful, so many users run them. These programs include IRC clients, file downloaders, remote administration programs, user activity monitoring programs, password utilities, and Internet servers for FTP, HTTP, and Telnet. However, if criminals gain access to these programs, some program features could be used to harm a virtual machine or user data.
    
    Selecting this check box enables protection against legitimate software that could be used by criminals to harm a virtual machine or user data.
    
    If this check box is cleared, protection against such software is disabled.
    
    This check box is cleared by default.
  - Multi-packed files
    Enables/disables scanning of files that have been packed using one or several packers three or more times.
    
    If a file was packed by one or several packers three or more times, the file probably contains malware or legitimate software that can be used by criminals to damage your computer or personal data.
    
    If this check box is selected, protection against multi-packed files is enabled, and the scanning of such files is allowed.
    
    If this check box is cleared, protection against multi-packed files is disabled.
    
    This check box is set by default.
    
    Kaspersky Security always scans virtual machine files for viruses, worms, and Trojans. That is why the Viruses and worms and Trojans settings in the Malware section cannot be changed.
4. In the Objects to detect window, click OK.
5. In the Security level settings window, click OK.
  If you have changed security level settings, the application creates a custom security level. The name of the security level in the Security level section changes to Custom.
In the Action on threat detection section, select an action in the drop-down list.
This drop-down list contains the actions that can be taken by Kaspersky Security when it detects infected files:
- Disinfect. Block if disinfection fails. Kaspersky Security automatically attempts to disinfect infected files. If disinfection fails, Kaspersky Security blocks such files.
- Disinfect. Delete if disinfection fails. Kaspersky Security automatically attempts to disinfect infected files. If disinfection fails, the application deletes such files. If deletion fails, Kaspersky Security blocks the infected files.
  This action is selected by default.
  
  Kaspersky Security deletes infected archives that could not be disinfected only if the Delete archives if disinfection fails check box is selected in the security level settings.
- Delete. Block if deletion fails. Kaspersky Security automatically deletes infected files without attempting to disinfect them. If deletion fails, Kaspersky Security blocks such files.
- Block. Kaspersky Security automatically blocks infected files without attempting to disinfect them.
If you do not want Kaspersky Security to scan files on network drives when protecting virtual machines running Windows operating systems, clear the Scan network drives check box in the Protection scope section. By default, when protecting virtual machines running Windows operating systems, the application scans all files that have not been excluded from protection on network drives.
When protecting virtual machines running Linux operating systems, Kaspersky Security always scans files of supported network file systems (NFS and CIFS). If you want to exclude files of network file systems from the protection scope, you must configure a protection exclusion for the directory in which the network file system is mounted.

Kaspersky Security always scans files on removable and hard drives. For this reason the Scan all removable drives and hard drives setting in the Protection scope section cannot be edited.
To exclude certain files of virtual machines from protection, in the Exclusions from protection section, click the Settings button.
In the Exclusions from protection window that opens, specify the following settings:
1. In the File extensions section, choose one of the following options:
  - Scan all except files with the following extensions. In the text box, specify a list of extensions of files to not scan when a virtual machine is being protected. Kaspersky Security ignores the case of characters in the extensions of files that are to be excluded from the protection scope.
  - Scan files with the following extensions only. In the text box, specify a list of extensions of files to scan when the virtual machine is being protected. When protecting virtual machines running Linux operating systems, Kaspersky Security is case sensitive regarding the characters in the extensions of files that are to be included in the protection scope. When protecting virtual machines running Windows operating systems, the application ignores the cases of characters in file extensions.
  You can type file extensions in the field by separating them with a blank space, or by typing each extension in a new line. File extensions may contain any characters except . * | \ : " < > ? /. If an extension includes a blank space, the extension should be typed inside quotation marks: "doc x".
  
  If you have selected Scan files with the following extensions only in the drop-down list but have not specified the extensions of files to scan, Kaspersky Security scans all files.
2. In the Files and folders table, use the Add, Change, and Delete buttons to create the list of objects to be excluded from protection.
  By default, the list of exclusions includes the objects recommended by Microsoft (please refer to the list of recommended exclusions on the Microsoft website). Kaspersky Security excludes these objects from protection on all virtual machines to which the main protection profile has been assigned. You can view and edit the list of these objects in the Files and folders table.
  
  You can exclude objects of the following types from protection:
  - Folders. Files stored in folders at the specified path are excluded from protection. For each folder, you can specify whether to apply the exclusion from protection to subfolders.
  - Files by mask. Files with the specified name, files located at the specified path, or files matching the specified mask are excluded from protection.
    You can use the * and ? symbols to specify a file mask.
  Kaspersky Security ignores the case of characters in paths to files and folders that are excluded from protection.
  
  You can save a configured list of exclusions to a file using the Export button or load a previously saved list of exclusions from a file using the Import button. To import or export a list of exclusions, you can use a file in XML format. You can also import a list of exclusions from a file in DAT format. Using a file in DAT format, you can import a list of exclusions that was generated in other Kaspersky applications.
If your exclusions list uses an environment variable that has multiple values depending on the bit rate of the application that uses it, in 64-bit Windows operating systems, objects corresponding to all values of the variable are excluded from protection. For example, if you are using the variable %ProgramFiles%, objects located in the folder C:\Program files and in the folder C:\Program files (х86) are excluded from protection.
In the Exclusions from protection window, click OK.
Save the changes by clicking Next (in the New Policy Wizard) or Apply (in the policy properties).

The new protection profile settings are applied after data is synchronized between Kaspersky Security Center and the SVMs.

Page top