Exclusions and actions on object detection

Perform recommended actions automatically

If the check box is cleared, main components of the Kaspersky application work in interactive mode. This means that the Kaspersky application asks you to decide which action to take on detected objects and threats if the Ask user option is selected in the settings of File Anti-Virus, Safe Browsing, Mail Anti-Virus, System Watcher, and Intrusion Prevention.

If the check box is selected, the Kaspersky application automatically chooses the action based on rules defined by Kaspersky experts.

Delete malicious tools, adware, auto-dialers and suspicious packers

If the check box is selected, the Kaspersky application deletes malicious tools, adware, auto-dialers and suspicious packers in automatic protection mode.

The function is available if the Perform recommended actions automatically check box is selected.

Use Advanced Disinfection technology (requires considerable computer resources)

If the check box is selected, a pop-up notification appears on the screen when malicious activity is detected in the operating system. In its notification, the Kaspersky application offers the user to perform Advanced Disinfection of the computer. After the user approves this procedure, the Kaspersky application neutralizes the threat. After completing the advanced disinfection procedure, the Kaspersky application restarts the computer. The advanced disinfection technology uses considerable computing resources, which may slow down other applications.

While the application is detecting an active infection, some operating system functionality may not be available. Availability of the operating system is restored after Advanced Disinfection is complete and the computer is restarted.

Types of detected objects

The application detects various types of objects, such as viruses and worms, Trojans, and adware. For details, please refer to the Kaspersky Encyclopedia.

Detect stalkerware

If this check box is selected, the Kaspersky application detects stalkerware applications that help criminals gain access to your location, messages, or websites and social networks you visit.

Detect legitimate apps that intruders can use to damage your computer or personal data

If the check box is selected, the Kaspersky application detects legitimate software that can be used by criminals to damage your computer or personal data. This software includes remote administration applications that system administrators can use to access the interface of a remote computer for monitoring or management purposes.

Multi-packed objects

If this check box is selected, the Kaspersky application detects files that are packed multiple times, including by various packers. Multi-packing makes it more difficult to scan objects.

Manage exclusions

Clicking this link opens the Exclusions window containing a list of scan exclusions. A scan exclusion is a set of conditions that, when fulfilled, cause the application to not scan a particular object for viruses and other threats.

You can add, edit, or delete exclusions from the list.

In the window for adding or editing an exclusion, you can define specific conditions that, when fulfilled, will prevent objects from being scanned (the application will not scan them):

• File or folder that should be excluded from scans (you can also exclude executable files of applications and processes). You can use masks in accordance with the following rules:
  • The * (asterisk) character, which takes the place of any set of characters, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\*\*.txt will include all paths to files with the TXT extension located in folders on the C: drive, but not in subfolders.
  • Two consecutive * characters take the place of any set of characters (including an empty set) in the file or folder name, including the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\**\*.txt will include all paths to files with the TXT extension located in the folder named Folder except for the Folder itself. The mask must include at least one nesting level. The mask C:\**\*.txt is not a valid mask.
  • The ? (question mark) character, which takes the place of any single character, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\???.txt will include paths to all files residing in the folder named Folder that have the TXT extension and a name consisting of three characters.
• Type of objects that must be excluded from scans. Enter the name of the object type according to the classification of the Kaspersky Encyclopedia (for example, Email-Worm, Rootkit or RemoteAdmin). You can use masks with the ? character (replaces any single character) and the * character (replaces any number of characters). For example, if the Client* mask is specified, the application excludes Client-IRC, Client-P2P and Client-SMTP objects from scans.
• Object checksum. Comparing the checksum of an object with the checksum indicated in this setting enables the scan to exclude an object that has not been modified since the last scan.
• Protection components for which the exclusion is applied.

Instead of deleting an exclusion from the list, you can change the status of an en exclusion to Inactive (in the window for adding or editing an exclusion). When inactive, the exclusion will not be applied.

Specify trusted applications

Clicking this link opens a window with the list of trusted applications. The Kaspersky application does not monitor file activity and network activity of trusted applications (including malicious ones), and does not monitor these applications' queries to the system registry.

You can add, edit, or delete trusted applications from the list.

Even if an application is on the trusted list, the Kaspersky application continues to scan the executable file and process of this application for viruses and other threats. If you do not want to scan the executable file and process of a trusted application, add the application to the list of exclusions.

When adding or editing a trusted application, in the Exclusions for application window you can specify rules that will be used by the Kaspersky application to monitor the activity of the trusted application.

In the Exclusions for application window, the following rules are available:

• Do not scan opened files.
• Do not monitor application activity. Intrusion Prevention does not monitor any application activity.
• Do not inherit restrictions from the (application’s) parent process. If restrictions of a parent process or application are not inherited, application activity is monitored according to your defined rules or according to the rules of the trust group to which the application belongs.
• Do not monitor the activity of child applications.
• Do not block interaction with the Kaspersky application interface. The application is allowed to manage the Kaspersky application by using its graphical interface. You may need to allow the application to manage the interface of the Kaspersky application when using a remote desktop connection application or an application supporting the operation of a data input device. Examples of such devices include touch pads and graphic tablets.
• Do not scan all traffic (or encrypted traffic). Depending on the selected option (Do not scan all traffic or Do not scan encrypted traffic), the Kaspersky application excludes all network traffic of the application or traffic transmitted over SSL from being scanned. The value of this setting does not affect Firewall operation: Firewall scans application traffic in accordance with Firewall settings. Exclusions affect Mail Anti-Virus, Safe Browsing, and Anti-Spam. You can specify the IP addresses or network ports to which the traffic control restriction must apply.

If you change the status of an application to Inactive in the Exclusions for application window, the Kaspersky application does not treat the application as a trusted application. This way, you can temporarily exclude an application from the trusted list without actually deleting it from the list.