Contents
Working with active threats
Kaspersky Endpoint Security logs information about files that it has not processed for some reason. This information is recorded in the form of events in the list of active threats (see the figure below). To work with active threats, Kaspersky Endpoint Security uses the Advanced Disinfection technology. Advanced Disinfection works differently for workstations and servers. You can configure advanced disinfection in Malware Scan task settings and in application settings.
A list of active threats
Disinfection of active threats on workstations
To work with active threats on workstations, enable the Advanced Disinfection technology in the application settings. Next, configure the user experience in the Malware Scan task properties. There is a Run Advanced Disinfection immediately check box in the task properties. If the flag is set, Kaspersky Endpoint Security will perform disinfection without notifying the user. When the disinfection is complete, the computer will be rebooted. If the flag is unset, Kaspersky Endpoint Security will display a notification about active threats (see the figure below). You cannot close this notification without processing the file.
Advanced Disinfection during a virus scan task on a computer is performed only if the Advanced Disinfection feature is enabled in the properties of the policy applied to this computer.
Notification about active threat
Page topDisinfection of active threats on servers
To work with active threats on servers, you need to do the following:
- enable the Advanced Disinfection technology in the application settings;
- enable immediate Advanced Disinfection in the Malware Scan task properties.
If Kaspersky Endpoint Security is installed on a computer running Windows for Servers, Kaspersky Endpoint Security does not show the notification. Therefore, the user cannot select an action to disinfect an active threat. To disinfect a threat, you need to enable Advanced Disinfection technology in application settings and enable immediate Advanced Disinfection in Malware Scan task settings. Then you need to start a Malware Scan task.
Page topEnabling or disabling Advanced Disinfection technology
If Kaspersky Endpoint Security cannot halt the execution of a piece of malware, you can use the Advanced Disinfection technology. By default, Advanced Disinfection is disabled because this technology uses a significant amount of computing resources. Therefore, you can enable Advanced Disinfection only when working with active threats.
Advanced Disinfection works differently for workstations and servers. To use the technology on servers, you must enable immediate advanced disinfection in the properties of the Malware Scan task. This prerequisite is not necessary to use the technology on workstations.
How to enable or disable the Advanced Disinfection technology in the Administration Console (MMC)
How to enable or disable the Advanced Disinfection technology in the Web Console and Cloud Console
How to enable or disable the Advanced Disinfection technology in the application interface
As a result, the user cannot use most operating system features while Advanced Disinfection is in progress. When the disinfection is complete, the computer will be rebooted.
Page topProcessing of active threats
An infected file is considered processed if Kaspersky Endpoint Security disinfected the file or removed the threat as part of scanning the computer for viruses and other malware.
Kaspersky Endpoint Security moves the file to the list of active threats if, for any reason, Kaspersky Endpoint Security failed to perform an action on this file according to the specified application settings while scanning the computer for viruses and other threats.
This situation is possible in the following cases:
- The scanned file is unavailable (for example, it is located on a network drive or on a removable drive without write privileges).
- In the Malware Scan task settings, the action on threat detection is set to Inform. Then, when the infected file notification was displayed on the screen, the user selected Ignore.
If there are any unprocessed threats, Kaspersky Endpoint Security changes the icon to . In the main application window, the threat notification is displayed (see the figure below). In the Kaspersky Security Center console, the status of the computer is changed to Critical –
.
How to process a threat in the Administration Console (MMC)
How to process a threat in the Web Console and Cloud Console
How to process a threat in the application interface
Main application window when a threat is detected
Page top