Anti-virus scanning for threats algorithm

Kaspersky Anti-Virus analyzes an object for threats according to the following algorithm:

1. Objects are scanned on the basis of records in the anti-virus databases. Kaspersky Anti-Virus compares objects with database records and determines whether they are harmful, which category of dangerous programs they belong to and which treatment methods should be applied.

   Anti-virus databases contain descriptions of all know malware and programs that, while not malicious, can be used to develop malware, and also ways to neutralize them.

   Based on the scan results, the object is assigned one of the following statuses:

   • not infected – the object does not contain any threats;
   • infected – the object contains a threat that matches a signature in Kaspersky Lab anti-virus databases; the disinfection operation is applied to such objects;
   • not scanned – Kaspersky Anti-Virus was unable to scan the object; the object scan may have returned an error or the time allocated for scanning has elapsed;
   • protected – the object is a password-protected archive.
2. Objects classified as uninfected after the scan using updated databases are then scanned by the heuristic analyzer. Kaspersky Anti-Virus analyzes the system activity of the object being scanned by means of Heuristic Analyzer. If such activity is typical of malicious objects, the object is labeled as infected.