Configuring malware protection

The following protection settings affect all incoming traffic. However, the selected actions on infected and other detected objects are performed only for mail attachments.

To configure heuristic analysis to detect viruses and other computer security threats that are transferred via web traffic:

Open the Task settings window.
On the Malware protection tab:
- Select the Use heuristic analyzer check box.
- Set the required level of heuristic analysis for malware scanning.
- Select the protection level from the drop-down list:
  - Recommended
  - Maximum protection
  - Maximum performance
  - Custom
On the Description tab below you can review the settings of the selected protection level.
Open the General tab and in the Objects protection section, specify the objects that you want to include in the scan scope:
- All objects
  Kaspersky Security for Windows Server scans all objects.
- Objects scanned by format
  Kaspersky Security for Windows Server scans only infectable objects based on file format.
  
  Kaspersky compiles the list of formats. It is included in the Kaspersky Security for Windows Server databases.
- Objects scanned according to list of extensions specified in anti-virus database
  Kaspersky Security for Windows Server scans only infectable objects based on file extension.
  
  Kaspersky compiles the list of extensions. It is included in the Kaspersky Security for Windows Server databases.
- Objects scanned by specified list of extensions
  Kaspersky Security for Windows Server scans files based on file extension. The list of file extensions can be manually customized in the List of extensions window, which can be opened by clicking the Modify button.
  1. Click the Modify button to edit the list of extensions.
  2. In the window that opens, specify an extension.
  3. Click Add.
  Click the By default button to populate the list with the preset list of excluded extensions.
In the Compound objects protection section, specify the compound objects that you want to include in the scan scope:
- Archives
  Scanning of ZIP, CAB, RAR, and ARJ archives and other archive formats.
  
  If this check box is selected, Kaspersky Security for Windows Server scans archives.
  
  If this check box is cleared, Kaspersky Security for Windows Server skips archives during scanning.
  
  The default value depends on the selected protection level.
- SFX archives
  Scanning of self-extracting archives.
  
  If this check box is selected, Kaspersky Security for Windows Server scans SFX archives.
  
  If this check box is cleared, Kaspersky Security for Windows Server skips SFX archives during scanning.
  
  The default value depends on the selected protection level.
  
  This option is active when the Archives check box is cleared.
- Packed objects
  Scanning of executable files packed by binary code packers, such as UPX or ASPack.
  
  If this check box is selected, Kaspersky Security for Windows Server scans executable files packed by packers.
  
  If this check box is cleared, Kaspersky Security for Windows Server skips executable files packed by packers during scanning.
  
  The default value depends on the selected protection level.
- Embedded OLE objects
  Scanning of objects embedded in files (such as Microsoft Word macros, or email message attachments).
  
  If this check box is selected, Kaspersky Security for Windows Server scans objects embedded in files.
  
  If this check box is cleared, Kaspersky Security for Windows Server skips objects embedded in files during scanning.
  
  The default value depends on the selected protection level.
On the Actions tab, select an action to be performed on infected and other detected objects:
- Block
  Kaspersky Security for Windows Server blocks loading of a web page if malicious content is detected. The reason for blocking the requested web page is displayed instead of the web page.
  
  Kaspersky Security for Windows Server permanently deletes infected attachments from email messages. Additionally, events about the discovered threats are registered in the Traffic Security task log.
- Allow
  Kaspersky Security for Windows Server does not block the requested web page. Instead, it logs an event about the detection of malicious content.
  
  Kaspersky Security for Windows Server does not delete infected attachments from email messages. However, events about the discovered threats are registered in the Traffic Security task log.
On the Performance tab, configure the following settings:
- In the Exclusions section select or clear the Do not detect check box. To configure the list of objects to exclude:
  Objects are excluded from scanning by the name or name mask of the detectable object. The list of names of detectable objects is available on the Virus Encyclopedia website.
  
  If this check box is selected, Kaspersky Security for Windows Server skips specified detectable objects during scanning.
  
  If the check box is cleared, Kaspersky Security for Windows Server detects all objects specified in the application by default.
  
  The check box is cleared by default.
  1. Click the Modify button.
  2. In the window that opens, specify an object name or mask.
  3. Click Add.
- In the Advanced settings section, restrict the scanning time and object size:
  - Stop scanning if it takes longer than (sec.)
    Limits the duration of object scanning. The default value is 60 seconds.
    
    If the check box is selected, scanning is limited to the specified maximum duration.
    
    If the check box is cleared, scanning is unlimited.
    
    By default, the check box for the Maximum performance security level is selected.
  - Do not scan objects larger than (MB)
    Excludes objects larger than the specified size from scanning.
    
    Kaspersky Security for Windows Server skips objects whose size exceeds the specified limit during a virus scan.
    
    By default, the value is set to 20 MB.
Click OK in the Task settings window.

The protection level configuration is saved.

Page top