File Anti-Virus operation algorithm in Kaspersky Lab 2011 products



Kaspersky Anti-Virus 2011


File Anti-Virus operation algorithm in Kaspersky Lab 2011 products

Retour vers la section "Tous les articles"
2012 nov. 06 Article ID: 4069

Cet article n'est pas encore disponible en français. Merci de votre patience et de votre compréhension.

Applies to:
  • Kaspersky Internet Security 2011
  • Kaspersky Anti-Virus 2011
  • File Anti-Virus  loads when you start your operating system and runs in your computer's RAM, scanning all files that are opened, saved or executed.

    By default, File Anti-Virus only scans new or modified files; in other words, files that have been added or modified since the previous scan.

    Files are scanned according to the following algorithm:

    • The component intercepts every attempt by the user or by any program to access any file.
    • File Anti-Virus scans iChecker and iSwift databases for information about the intercepted file, and determines if it should scan the file, based on the information retrieved.

    The following operations are performed when scanning:

    1. The file is scanned for viruses. Malicious objects are recognized based on Kaspersky Internet Security databases. The database contains descriptions of all malicious programs and threats currently known, and methods for processing them.
    2. After the analysis you have the following available courses of action for Kaspersky Internet Security:
      • If malicious code is detected in the file, File Anti-Virus blocks the file, creates a backup copy and attempts to perform disinfection. If the file is successfully disinfected, it becomes available again. If disinfection fails, the file is deleted.
      • If potentially malicious code is detected in the file (but the maliciousness is not absolutely guaranteed), the file proceeds to disinfection and then is sent to the special storage area called Quarantine.
      • If no malicious code is discovered in the file, it is immediately restored.

    The application will notify you when an infected or a possibly infected file is detected. If an infected or potentially infected object is detected, a notification with a request for further actions will be displayed onscreen.

    You will be offered the following:

    • quarantine the object, allowing the new threat to be scanned and processed later using updated databases;
    • delete the object;
    • skip the object if you are absolutely sure that it is not malicious.
    Ces informations vous ont-elles été utiles ?
    Oui Non


    Vos commentaires sur le site du Support Technique

    Signalez-nous si vous n'avez pas trouvé des informations nécessaires ou laissez vos commentaires sur le site pour que nous puissions l'améliorer :

    Envoyer mon avis sur le site Envoyer mon avis sur le site

    Merci !

    Nous vous remercions d'avoir pris
    le temps de nous faire part de vos commentaires.
    Nous les analyserons et utiliserons pour nous aider à
    améliorer le site du Support Technique de Kaspersky Lab.