File Anti-Virus settings

Settings	Description
Security level	Kaspersky Total Security uses various groups of settings to run File Anti-Virus. The sets of settings that are stored in the application are called security levels: High. When this file security level is selected, the File Anti-Virus component takes the strictest control of all files that are opened, saved, and started. The File Anti-Virus component scans all file types on all hard drives, network drives, and removable storage media of the computer. It also scans archives, installation packages, and embedded OLE objects. Recommended. This file security level is recommended by Kaspersky Lab experts. The File Anti-Virus component scans only the specified file formats on all hard drives, network drives, and removable storage media of the computer, and embedded OLE objects. The File Anti-Virus component does not scan archives or installation packages. Low. The settings of this file security level ensure maximum scanning speed. The File Anti-Virus component scans only files with the specified extensions on all hard drives, network drives, and removable storage media of the computer. The File Anti-Virus component does not scan compound files.
Action on threat detection	Ask user. File Anti-Virus informs you of detection of an infected or probably infected object and prompts you for the action to take on it. This option is available if the Perform recommended actions automatically check box is cleared under Settings → General. Select action automatically Upon detection of an infected or probably infected object, File Anti-Virus automatically performs the action recommended by Kaspersky experts on the object. For infected objects, this action is Disinfect. This value is selected by default. Before attempting to disinfect or delete an infected object, File Anti-Virus creates its backup copy for subsequent restoration or disinfection. This option is available if the Perform recommended actions automatically check box is selected under Settings → General. Disinfect, if not possible – delete. If you select this action, then Kaspersky Total Security will automatically try to disinfect all infected files that it finds. If disinfection fails, Kaspersky Total Security deletes the objects. Disinfect, if not possible – block. If you select this action, then Kaspersky Total Security will automatically try to disinfect all infected files that it finds. If disinfection fails, Kaspersky Total Security will add information about the infected files that it finds to the list of detected objects. Block. If this option is selected, the File Anti-Virus component automatically blocks all infected files without attempting to disinfect them. Before attempting to disinfect or delete an infected file, Kaspersky Total Security creates a backup copy in case you subsequently need to restore the file or it becomes possible to disinfect it later.
File types	All files. If this setting is enabled, Kaspersky Total Security scans all files without exception (all formats and extensions). Files scanned by format. If you select this setting, Kaspersky Total Security will scan only potentially infected files. Before searching for malicious code in a file, its internal header is analyzed to determine the file format (for example, TXT, DOC, EXE). The scan also looks for files with particular file extensions. A file that, due to its structure or format, can be used by criminals as a "container" to store and spread malicious code. As a rule, they are executable files, for example, files with the extensions COM, EXE, DLL, etc. The risk of penetration of malicious code into such files is quite high. Files scanned by extension. If you select this setting, Kaspersky Total Security will scan only potentially infected files. The file format is determined based on the extension of a file.
Edit protection scope	Clicking this link opens the File Anti-Virus protection scope window, which contains a list of objects that are scanned by File Anti-Virus. You can add objects to the list or delete the objects that you add. To remove an object from the scan, you do not have to delete the object from the list. All you need to do is untick the box next to the object name.
Heuristic analysis	A technique for detecting threats that cannot be identified using the current version of the Kaspersky application databases. It allows you to find files that may contain unknown malware or a new modification of a known malware program. When scanning files for malicious code, the heuristic analyzer executes instructions in the executable files. The number of instructions that are executed by the heuristic analyzer depends on the level that is specified for the heuristic analyzer. The heuristic analysis level sets the balance between the thoroughness of searches for new threats, the load on the operating system resources, and the time required for heuristic analysis.
Scan only new and changed files	Scans only new files and those files that have been modified since the last time they were scanned. This will allow you to save time performing the scan. This scan mode applies both to simple and compound files.
Scan archives	Scans archives in the following formats: RAR, ARJ, ZIP, CAB, LHA, JAR, and ICE.
Scan installation packages	The check box enables/disables the scanning of third-party distribution packages.
Scan files in Microsoft Office formats	Scans Microsoft Office files (DOC, DOCX, XLS, PPT and other Microsoft extensions). Microsoft Office files also include OLE objects.
Do not unpack large compound files Maximum file size	If the check box is ticked, then Kaspersky Total Security does not scan compound files that are larger than the specified value. If this check box is cleared, Kaspersky Total Security scans compound files of all sizes. Kaspersky Total Security scans large files that are extracted from archives regardless of whether the check box is ticked or not.
Extract compound files in the background Maximum file size	If this check box is selected, Kaspersky Total Security provides access to compound files that are larger than the specified value before these files are scanned. In this case, Kaspersky Total Security unpacks and scans compound files in the background. Kaspersky Total Security provides access to compound files that are smaller than this value only after unpacking and scanning these files. If this check box is cleared, Kaspersky Total Security provides access to compound files only after unpacking and scanning files, regardless of their size.
Scan mode	Smart mode. In this mode, File Anti-Virus scans an object based on an analysis of actions taken on the object. For example, when working with a Microsoft Office document, Kaspersky Total Security scans the file the first time it is opened and the last time it is closed. Intermediate operations that overwrite the file do not cause it to be scanned. On access and modification. In this mode, File Anti-Virus scans objects whenever there is an attempt to open or modify them. On access. In this mode, File Anti-Virus scans objects only upon an attempt to open them. On execution. In this mode, File Anti-Virus only scans objects upon an attempt to run them.
iSwift Technology	This technology is a development of the iChecker technology for computers using the NTFS file system. There are limitations to iSwift Technology: it is bound to a specific file's location in the file system and works only with objects in the NTFS file system.
iChecker Technology	This technology allows increasing scan speed by excluding certain files from scanning. Files are excluded from the scan using a special algorithm that takes into account the release date of Kaspersky Total Security databases, the date when the file was scanned last, and any changes made to the scan settings. There are limitations to iChecker Technology: it does not work with large files and applies only to files with a structure that the application recognizes (for example, EXE, DLL, LNK, TTF, INF, SYS, COM, CHM, ZIP, and RAR).
Exclusions	Objects excluded from scans. To specify exclusions, click the Manage exclusions link in the Exclusions window.
Pause File Anti-Virus	This temporarily and automatically pauses operation of File Anti-Virus at the specified time or when working with the specified applications. This is configured by clicking the Pause File Anti-Virus link.

Settings

Description

Security level

Kaspersky Total Security uses various groups of settings to run File Anti-Virus. The sets of settings that are stored in the application are called security levels:

High. When this file security level is selected, the File Anti-Virus component takes the strictest control of all files that are opened, saved, and started. The File Anti-Virus component scans all file types on all hard drives, network drives, and removable storage media of the computer. It also scans archives, installation packages, and embedded OLE objects.
Recommended. This file security level is recommended by Kaspersky Lab experts. The File Anti-Virus component scans only the specified file formats on all hard drives, network drives, and removable storage media of the computer, and embedded OLE objects. The File Anti-Virus component does not scan archives or installation packages.
Low. The settings of this file security level ensure maximum scanning speed. The File Anti-Virus component scans only files with the specified extensions on all hard drives, network drives, and removable storage media of the computer. The File Anti-Virus component does not scan compound files.

Action on threat detection

Ask user. File Anti-Virus informs you of detection of an infected or probably infected object and prompts you for the action to take on it.
This option is available if the Perform recommended actions automatically check box is cleared under Settings → General.
Select action automatically Upon detection of an infected or probably infected object, File Anti-Virus automatically performs the action recommended by Kaspersky experts on the object. For infected objects, this action is Disinfect. This value is selected by default.
Before attempting to disinfect or delete an infected object, File Anti-Virus creates its backup copy for subsequent restoration or disinfection.

This option is available if the Perform recommended actions automatically check box is selected under Settings → General.
Disinfect, if not possible – delete. If you select this action, then Kaspersky Total Security will automatically try to disinfect all infected files that it finds. If disinfection fails, Kaspersky Total Security deletes the objects.
Disinfect, if not possible – block. If you select this action, then Kaspersky Total Security will automatically try to disinfect all infected files that it finds. If disinfection fails, Kaspersky Total Security will add information about the infected files that it finds to the list of detected objects.
Block. If this option is selected, the File Anti-Virus component automatically blocks all infected files without attempting to disinfect them.

Before attempting to disinfect or delete an infected file, Kaspersky Total Security creates a backup copy in case you subsequently need to restore the file or it becomes possible to disinfect it later.

File types

All files. If this setting is enabled, Kaspersky Total Security scans all files without exception (all formats and extensions).

Files scanned by format. If you select this setting, Kaspersky Total Security will scan only potentially infected files. Before searching for malicious code in a file, its internal header is analyzed to determine the file format (for example, TXT, DOC, EXE). The scan also looks for files with particular file extensions.

Files scanned by extension. If you select this setting, Kaspersky Total Security will scan only potentially infected files. The file format is determined based on the extension of a file.

Edit protection scope

Clicking this link opens the File Anti-Virus protection scope window, which contains a list of objects that are scanned by File Anti-Virus.

You can add objects to the list or delete the objects that you add.

To remove an object from the scan, you do not have to delete the object from the list. All you need to do is untick the box next to the object name.

Heuristic analysis

A technique for detecting threats that cannot be identified using the current version of the Kaspersky application databases. It allows you to find files that may contain unknown malware or a new modification of a known malware program.

When scanning files for malicious code, the heuristic analyzer executes instructions in the executable files. The number of instructions that are executed by the heuristic analyzer depends on the level that is specified for the heuristic analyzer. The heuristic analysis level sets the balance between the thoroughness of searches for new threats, the load on the operating system resources, and the time required for heuristic analysis.

Scan only new and changed files

Scans only new files and those files that have been modified since the last time they were scanned. This will allow you to save time performing the scan. This scan mode applies both to simple and compound files.

Scan archives

Scans archives in the following formats: RAR, ARJ, ZIP, CAB, LHA, JAR, and ICE.

Scan installation packages

The check box enables/disables the scanning of third-party distribution packages.

Scan files in Microsoft Office formats

Scans Microsoft Office files (DOC, DOCX, XLS, PPT and other Microsoft extensions). Microsoft Office files also include OLE objects.

Do not unpack large compound files

Maximum file size

If the check box is ticked, then Kaspersky Total Security does not scan compound files that are larger than the specified value.

If this check box is cleared, Kaspersky Total Security scans compound files of all sizes.

Kaspersky Total Security scans large files that are extracted from archives regardless of whether the check box is ticked or not.

Extract compound files in the background

Maximum file size

If this check box is selected, Kaspersky Total Security provides access to compound files that are larger than the specified value before these files are scanned. In this case, Kaspersky Total Security unpacks and scans compound files in the background.

Kaspersky Total Security provides access to compound files that are smaller than this value only after unpacking and scanning these files.

If this check box is cleared, Kaspersky Total Security provides access to compound files only after unpacking and scanning files, regardless of their size.

Scan mode

Smart mode. In this mode, File Anti-Virus scans an object based on an analysis of actions taken on the object. For example, when working with a Microsoft Office document, Kaspersky Total Security scans the file the first time it is opened and the last time it is closed. Intermediate operations that overwrite the file do not cause it to be scanned.

On access and modification. In this mode, File Anti-Virus scans objects whenever there is an attempt to open or modify them.

On access. In this mode, File Anti-Virus scans objects only upon an attempt to open them.

On execution. In this mode, File Anti-Virus only scans objects upon an attempt to run them.

iSwift Technology

This technology is a development of the iChecker technology for computers using the NTFS file system.

There are limitations to iSwift Technology: it is bound to a specific file's location in the file system and works only with objects in the NTFS file system.

iChecker Technology

This technology allows increasing scan speed by excluding certain files from scanning. Files are excluded from the scan using a special algorithm that takes into account the release date of Kaspersky Total Security databases, the date when the file was scanned last, and any changes made to the scan settings. There are limitations to iChecker Technology: it does not work with large files and applies only to files with a structure that the application recognizes (for example, EXE, DLL, LNK, TTF, INF, SYS, COM, CHM, ZIP, and RAR).

Exclusions

Objects excluded from scans.

To specify exclusions, click the Manage exclusions link in the Exclusions window.

Pause File Anti-Virus

This temporarily and automatically pauses operation of File Anti-Virus at the specified time or when working with the specified applications.

This is configured by clicking the Pause File Anti-Virus link.

Page top