Kaspersky Security can scan symbolic and hard links to files.
Scanning symbolic links
When real-time protection is enabled, Kaspersky Security scans the file that is accessed via a symbolic link only if this file is included in the real-time protection scope.
If the file, which is accessed via a symbolic link, is not included in the real-time protection scope, the application does not scan this file. If such file contains malicious code, virtual machine security is at risk.
The scan task scans the file that is being accessed via a symbolic link irrespective of the file location. Upon detecting an infected file that is being accessed via a symbolic link, the application disinfects the original file. If disinfection fails, the application deletes the infected file and keeps the symbolic link.
Scanning hard links with the Light Agent for Linux component
Upon detecting an infected file with more than one hard link, Light Agent for Linux disinfects the original file. If disinfection fails, Light Agent for Linux deletes the hard link to the file that is being scanned. And other hard links to this file are not scanned.
When restoring the file with a hard link from Backup, the application creates a copy of the source file with the name of the hard link that was placed in Backup. Connections to other hard links to the source file are not restored.
Scanning hard links with the Light Agent for Windows component
When Light Agent for Windows processes a file which has more than one hard link, the following scenarios are possible depending on the action selected: