When Anti-Malware is running, a threat detected in the external memory of the device (such as an SD card) cannot be neutralized automatically in the Work profile (Applications with a briefcase icon, Configuring the Android work profile). Kaspersky Endpoint Security for Android does not have access to external memory in the Work profile. Information about detected objects is displayed in app notifications. To neutralize objects detected in the external memory, the object files have to be deleted manually and the device scan restarted.
Due to technical limitations, Kaspersky Endpoint Security for Android cannot scan files with a size of 2 GB or more. During a scan, the app skips such files without notifying you that such files were skipped.
On devices running Android 11 or later, the Kaspersky Endpoint Security for Android app can't scan the "Android/data" and "Android/obb" folders and detect malware in them due to technical limitations.
To start a device scan:
In the main window of Kaspersky Endpoint Security, tap Settings → App settings → Anti-Malware → Start scan.
Select the device scan scope:
Scan entire device. The app scans the entire file system of the device.
Scan installed apps. The app scans only installed apps.
Custom Scan. The app scans the selected folder or individual file. You can select an individual object (folder or file) or one of the following partitions of device memory:
Device memory. Read-accessible memory of the entire device. This also includes the system memory partition that stores operating system files.
Internal memory. Device memory partition intended for installation of apps and storage of media content, documents, and other files.
External memory. External SD card memory. If no external SD card is installed, this option is hidden.
Access to malware scan settings may be restricted by your administrator.
To configure the malware scan:
In the main window of Kaspersky Endpoint Security, tap Settings → App settings → Anti-Malware → Scan settings.
If you want the app to detect adware and apps that could be used by hackers to cause harm to your device or data when the app performs a scan, switch on the Adware, dialers, and other toggle button.
Click Action on threat detection, and then select the action taken by the app by default:
Quarantine
Quarantine stores files as archives, so they cannot harm the device. The Quarantine lets you delete or restore the files that were moved to isolated storage.
Request action
The app prompts you to select an action for each detected object: skip, quarantine, or delete. When multiple objects are detected, you can apply a selected action to all objects.
Delete
Detected objects will be automatically deleted. No additional actions are required. Prior to deleting an object, Kaspersky Endpoint Security will display a temporary notification about the detection of the object.
Skip
If the detected objects have been skipped, Kaspersky Endpoint Security warns you about problems in device protection. For each skipped threat, the app provides actions that you can perform to eliminate the threat. The list of skipped objects may change, for example, if a malicious file was deleted or moved. To receive an up-to-date list of threats, run a full device scan. To ensure reliable protection of your data, eliminate all detected objects.
Information about detected threats and the actions taken on them is logged in app reports (Settings → Reports). You can choose to display reports on Anti-Malware operations.