File Threat Protection prevents infection of the device's file system. The File Threat Protection task is created automatically with default settings when you install Kaspersky Endpoint Security application on your device. By default, the File Threat Protection task starts automatically when the application starts. The task resides in the device's RAM and scans all opened, saved, and active files.
Upon detecting malware, Kaspersky Endpoint Security may remove the infected file and terminate the malware process started from this file.
When the File Threat Protection task is running, the application scans all namespaces and containers in all supported operating systems if NamespaceMonitoring is set to Yes in the general application settings. Additionally, for Astra Linux, a custom virus scan task (Scan_File) allows files from other namespaces to be scanned (as part of a mandatory scan). You can separately configure general scan settings for containers and namespaces.
Administrator role privileges are required to start and stop the File Threat Protection task from the command line.
File Threat Protection user tasks cannot be created. You can modify the settings of the default File Threat Protection task.
If InterceptorProtectionMode is set to Notify in the general application settings, then when infected objects are detected, the application does not perform the actions specified in the FirstAction and SecondAction settings of the File Threat Protection task.