Kaspersky Endpoint Security 12.4 for Windows

Working with active threats

Kaspersky Endpoint Security logs information about files that it has not processed for some reason. This information is recorded in the form of events in the list of active threats (see the figure below). To work with active threats, Kaspersky Endpoint Security uses the Advanced Disinfection technology. Advanced Disinfection works differently for workstations and servers. You can configure advanced disinfection in Malware Scan task settings and in application settings.

A window with the list of detected objects. Information about the object is displayed. The user can resolve or remove the object.

A list of active threats

In this section

Disinfection of active threats on workstations

Disinfection of active threats on servers

Enabling or disabling Advanced Disinfection technology

Processing of active threats

Page top
[Topic 128103]

Disinfection of active threats on workstations

To work with active threats on workstations, enable the Advanced Disinfection technology in the application settings. Next, configure the user experience in the Malware Scan task properties. There is a Run Advanced Disinfection immediately check box in the task properties. If the flag is set, Kaspersky Endpoint Security will perform disinfection without notifying the user. When the disinfection is complete, the computer will be rebooted. If the flag is unset, Kaspersky Endpoint Security will display a notification about active threats (see the figure below). You cannot close this notification without processing the file.

Advanced Disinfection during a virus scan task on a computer is performed only if the Advanced Disinfection feature is enabled in the properties of the policy applied to this computer.

Malware detection notification. User can perform disinfection with or without computer restart.

Notification about active threat

Page top
[Topic 224289]

Disinfection of active threats on servers

To work with active threats on servers, you need to do the following:

If Kaspersky Endpoint Security is installed on a computer running Windows for Servers, Kaspersky Endpoint Security does not show the notification. Therefore, the user cannot select an action to disinfect an active threat. To disinfect a threat, you need to enable Advanced Disinfection technology in application settings and enable immediate Advanced Disinfection in Malware Scan task settings. Then you need to start a Malware Scan task.

Page top
[Topic 224294]

Enabling or disabling Advanced Disinfection technology

If Kaspersky Endpoint Security cannot halt the execution of a piece of malware, you can use the Advanced Disinfection technology. By default, Advanced Disinfection is disabled because this technology uses a significant amount of computing resources. Therefore, you can enable Advanced Disinfection only when working with active threats.

Advanced Disinfection works differently for workstations and servers. To use the technology on servers, you must enable immediate advanced disinfection in the properties of the Malware Scan task. This prerequisite is not necessary to use the technology on workstations.

How to enable or disable the Advanced Disinfection technology in the Administration Console (MMC)

  1. Open the Kaspersky Security Center Administration Console.
  2. In the console tree, select Policies.
  3. Select the necessary policy and double-click to open the policy properties.
  4. In the policy window, select General settingsApplication settings.
  5. In the Operating mode block, select or clear the Enable Advanced Disinfection technology check box to enable or disable Advanced Disinfection technology.
  6. Save your changes.

How to enable or disable the Advanced Disinfection technology in the Web Console and Cloud Console

  1. In the main window of the Web Console, select DevicesPolicies & profiles.
  2. Click the name of the Kaspersky Endpoint Security policy.

    The policy properties window opens.

  3. Select the Application settings tab.
  4. Select General settingsApplication Settings.
  5. In the Operating mode block, select or clear the Enable Advanced Disinfection technology check box to enable or disable Advanced Disinfection technology.
  6. Save your changes.

How to enable or disable the Advanced Disinfection technology in the application interface

  1. In the main application window, click the Application settings icon in the form of a gear wheel. button.
  2. In the application settings window, select General settingsApplication settings.

    Application settings window. The user can configure performance, self-defense and other settings.

    Kaspersky Endpoint Security for Windows settings

  3. In the Operating mode block, select or clear the Use Advanced Disinfection technology (requires considerable computer resources) check box to enable or disable Advanced Disinfection technology.
  4. Save your changes.

As a result, the user cannot use most operating system features while Advanced Disinfection is in progress. When the disinfection is complete, the computer will be rebooted.

Page top
[Topic 128147]

Processing of active threats

An infected file is considered processed if Kaspersky Endpoint Security disinfected the file or removed the threat as part of scanning the computer for viruses and other malware.

Kaspersky Endpoint Security moves the file to the list of active threats if, for any reason, Kaspersky Endpoint Security failed to perform an action on this file according to the specified application settings while scanning the computer for viruses and other threats.

This situation is possible in the following cases:

  • The scanned file is unavailable (for example, it is located on a network drive or on a removable drive without write privileges).
  • In the Malware Scan task settings, the action on threat detection is set to Inform. Then, when the infected file notification was displayed on the screen, the user selected Ignore.

If there are any unprocessed threats, Kaspersky Endpoint Security changes the icon to Application icon with the "Warning" status.. In the main application window, the threat notification is displayed (see the figure below). In the Kaspersky Security Center console, the status of the computer is changed to CriticalCritical event icon..

How to process a threat in the Administration Console (MMC)

  1. In the Administration Console, go to the folder Administration ServerAdditionalRepositoriesActive threats.

    The list of active threats opens.

  2. Select the object that you want to process.
  3. Choose how you want to handle the threat:
    • Disinfect. If this option is selected, the application automatically attempts to disinfect all infected files that are detected. If disinfection fails, the application deletes the files.
    • Delete.

How to process a threat in the Web Console and Cloud Console

  1. In the main window of the Web Console, select OperationsRepositoriesActive threats.

    The list of active threats opens.

  2. Select the object that you want to process.
  3. Choose how you want to handle the threat:
    • Disinfect. If this option is selected, the application automatically attempts to disinfect all infected files that are detected. If disinfection fails, the application deletes the files.
    • Delete.

How to process a threat in the application interface

  1. In the main application window, in the Monitoring section, click the Protection is at risk tile.

    The list of active threats opens.

  2. Select the object that you want to process.
  3. Choose how you want to handle the threat:
    • Resolve. If this option is selected, the application automatically attempts to disinfect all infected files that are detected. If disinfection fails, the application deletes the files.
    • Add to exclusions. If this action is selected, Kaspersky Endpoint Security suggests adding the file to the list of scan exclusions. Settings of the exclusion are configured automatically. If adding an exclusion is not available, it means that the administrator has disabled adding exclusions in policy settings.
    • Ignore. If this option is selected, Kaspersky Endpoint Security deletes the entry from the list of active threats. If there are no active threats remaining on the list, the computer status will be changed to OK. If the object is detected again, Kaspersky Endpoint Security will add a new entry to the list of active threats.
    • Open containing folder. If this option is selected, Kaspersky Endpoint Security opens the folder containing the object in the file manager. You can then manually delete the object or move the object to a folder that is not within the protection scope.
    • Learn more. If this option is selected, Kaspersky Endpoint Security opens the Kaspersky Virus Encyclopedia website.

Main application window when there are unprocessed threats. The "Security is at risk" message is displayed.

Main application window when a threat is detected

Page top
[Topic 224297]