File Threat Protection

File Threat Protection component prevents infection of the device file system. The component is enabled automatically with the default settings when Kaspersky Endpoint Security starts. It resides in the device operating memory and scans all files that are opened, saved, and launched in real time.

Upon detecting malware, Kaspersky Endpoint Security may remove the infected file and terminate the malware process started from this file.

The operation of the component is affected by the file operation interception mode, which you can select in the general settings of the application. By default, access to the file is blocked for the duration of the scan.

If File Threat Protection is enabled and Container monitoring is enabled, the application also scans all namespaces and containers on all supported operating systems.

You can enable or disable File Threat Protection, and also configure the protection settings:

• Select the file scan mode (when opened, or when opened and modified).
• Enable or disable scanning of archives, mail databases, email messages in text format.
• Temporarily exclude files in text format from rescans.
• Limit the size of an object to be scanned and the duration of the object scan.
• Select the actions to be performed by the application on the infected objects.
• Configure the scan scopes. The application will scan objects in the specified area of the file system.
• Configure exclusions of objects from scans. Scan exclusion is a set of conditions. When these conditions are met, the application does not scan the objects for viruses and other malware. You can exclude from scans:
  • Objects by name or mask
  • Objects by the name of the threats detected in them
  • Files and directories in specified areas of the file system
  • Processes and files being modified by the specified process
• Configure the use of the heuristic analyzer and iChecker technology during a scan.
• Enable or disable the logging of information about scanned non-infected objects, about scanning objects in archives, and about unprocessed objects.

To optimize the File Threat Protection component, you can exclude from scans any files being copied from network directories. Files are scanned only after the process of copying to a local directory is finished. To exclude files located in network directories from scans, configure exclusion based on processes for the utility used for copying from network directories (for example, for the cp utility). If you manage the application using Kaspersky Security Center, you can configure exclusion based on processes in the Web Console or the Administration Console. If you are administering the application using the command line, you can configure an exclusion by process by adding an [ExcludedForProgram.item_ #] section to the settings of the OAS task.