Critical Areas Scan

When performing a critical areas scan, Kaspersky Endpoint Security can scan boot sectors, startup objects, process memory, and kernel memory.

Upon detecting malware, the application can remove the infected file and terminate the malware process started from this file.

If the root user does not have access to a remote directory mounted on the device over the NFSv4 protocol, the application blocks access to such a file for all users.

You can start a critical areas scan and configure the settings of the scan:

• Select the operating system objects to be scanned. Scanning of boot sectors, process memory and kernel memory, startup objects and archives is enabled by default. By default, files are not scanned during the critical areas scan.
• Limit the size of an object to be scanned and the duration of the object scan.
• Select the actions to be performed by the application on the infected objects.
• Configure exclusions of objects from scans:
  • by name or mask
  • by the name of the threats detected in the objects

  When running on operating systems that use the special-purpose parsecfs file system (Astra Linux Special Edition) we recommend adding mounting paths of this file system to exclusions from scanning.

• Enable or disable global exclusions and File Threat Protection exclusions when scanning.
• Enable the logging of information about scanned non-infected objects, about scanning objects in archives, and about unprocessed objects.
• Configure the use of the heuristic analyzer and iChecker technology during a scan.
• Limit the set of devices whose boot sectors need to be scanned.
• Configure scan scopes and scan exclusion scopes.

In this Help section Critical Areas Scan in the Web Console Critical Areas Scan in the Administration Console Critical Areas Scan in the command line

Page top