File Anti-Virus settings

Settings

Description

Security level

 

Kaspersky application uses various groups of settings to run File Anti-Virus. The sets of settings that are stored in the application are called security levels:

  • Extreme. When this file security level is selected, the File Anti-Virus component takes the strictest control of all files that are opened, saved, and started. The File Anti-Virus component scans all file types on all hard drives, network drives, and removable storage media of the computer. It also scans archives, installation packages, and embedded OLE objects.
  • Optimal. This file security level is recommended by Kaspersky Lab experts. The File Anti-Virus component scans only the specified file formats on all hard drives, network drives, and removable storage media of the computer, and embedded OLE objects. The File Anti-Virus component does not scan archives or installation packages.
  • Low. The settings of this file security level ensure maximum scanning speed. The File Anti-Virus component scans only files with the specified extensions on all hard drives, network drives, and removable storage media of the computer. The File Anti-Virus component does not scan compound files.

Action on threat detection

  • Ask user. File Anti-Virus informs you of detection of an infected or probably infected object and prompts you for the action to take on it.

    This option is available if the Perform recommended actions automatically check box is cleared under SettingsSecurity settingsExclusions and actions on object detection.

  • Select action automatically. Upon detection of an infected or probably infected object, File Anti-Virus automatically performs the action recommended by Kaspersky experts on the object. For infected objects, this action is Disinfect. This value is selected by default.

    Before attempting to disinfect or delete an infected object, File Anti-Virus creates its backup copy for subsequent restoration or disinfection.

    This option is available if the Perform recommended actions automatically check box is selected under SettingsSecurity settingsExclusions and actions on object detection.

  • Disinfect, delete if disinfection fails. If this option is selected, the application automatically attempts to disinfect all infected files that are detected. If disinfection fails, the application deletes the objects.
  • Disinfect, block if disinfection fails. If this option is selected, the application automatically attempts to disinfect all infected files that are detected. If disinfection fails, the application will add information about the infected files that it finds to the list of detected objects.
  • Block. If this option is selected, the File Anti-Virus component automatically blocks all infected files without attempting to disinfect them.

Before attempting to disinfect or delete an infected file, the application creates a backup copy in case you subsequently need to restore the file or it becomes possible to disinfect it later.

File types

 

All files. If this setting is enabled, the application scans all files without exception (all formats and extensions).

Files scanned by format. If you select this setting, the application will scan only potentially infected files. Before searching for malicious code in a file, its internal header is analyzed to determine the file format (for example, TXT, DOC, EXE). The scan also looks for files with particular file extensions.

Files scanned by extension. If you select this setting, the application will scan only potentially infected files. The file format is determined based on the extension of a file.

Edit protection scope

Clicking this link opens the File Anti-Virus protection scope window, which contains a list of objects that are scanned by File Anti-Virus.

You can add objects to the list or delete the objects that you add.

To remove an object from the scan, you do not have to delete the object from the list. All you need to do is clear the check box next to the object name.

Machine learning and signature analysis

The signature analysis method uses Kaspersky application databases that contain descriptions of known threats and ways to neutralize them. Protection that uses this method provides the minimum acceptable security level.

Based on the recommendations of Kaspersky experts, signature analysis is always enabled.

Heuristic Analysis

A technique for detecting threats that cannot be identified using the current version of Kaspersky application databases. It allows you to find files that may contain unknown malware or a new modification of a known malware program.

When scanning files for malicious code, the heuristic analyzer executes instructions in the executable files. The number of instructions that are executed by the heuristic analyzer depends on the level that is specified for the heuristic analyzer. The heuristic analysis level sets the balance between the thoroughness of searches for new threats, the load on the operating system resources, and the time required for heuristic analysis.

Scan only new and modified files

Scans only new files and those files that have been modified since the last time they were scanned. This will allow you to save time performing the scan. This scan mode applies both to simple and compound files.

Scan archives

Scan ZIP, GZIP, BZIP, RAR, TAR, ARJ, CAB, LHA, JAR, ICE and other archives. The application scans archives not only by their extension, but by their format as well. When checking archives, the application performs a recursive unpacking. This allows to detect threats inside multi-level archives (archive within an archive).

Scan distribution packages

The check box enables/disables the scanning of third-party distribution packages.

Scan files in Microsoft Office formats

Scans Microsoft Office files (DOC, DOCX, XLS, PPT and other Microsoft extensions). Office format files also include OLE objects. Kaspersky application scans office format files that are smaller than 1 MB, regardless of whether the check box is selected or not.

Do not unpack large compound files

Maximum file size

If the check box is selected, the application does not scan compound files that are larger than the specified value.

If this check box is cleared, the application scans compound files of all sizes.

The application scans large files that are extracted from archives regardless of whether the check box is selected or not.

Unpack compound files in the background

Minimum file size

If this check box is selected, the application provides access to compound files that are larger than the specified value before these files are scanned. In this case, Kaspersky application unpacks and scans compound files in the background.

The application provides access to compound files that are smaller than this value only after unpacking and scanning these files.

If this check box is cleared, the application provides access to compound files only after unpacking and scanning files, regardless of their size.

Scan mode

 

Smart mode. In this mode, File Anti-Virus scans an object based on an analysis of actions taken on the object. For example, when working with a Microsoft Office document, Kaspersky application scans the file the first time it is opened and the last time it is closed. Intermediate operations that overwrite the file do not cause it to be scanned.

On access and modification. In this mode, File Anti-Virus scans objects whenever there is an attempt to open or modify them.

On access. In this mode, File Anti-Virus scans objects only upon an attempt to open them.

On execution. In this mode, File Anti-Virus only scans objects upon an attempt to run them.

Use iSwift technology

 

This technology is a development of the iChecker technology for computers using the NTFS file system.

There are limitations to iSwift Technology: it is bound to a specific file's location in the file system and works only with objects in the NTFS file system.

When you upgrade Kaspersky application to a new version, the iSwift technology is enabled for all scan types, even if it was previously disabled.

Use iChecker technology

 

This technology allows increasing scan speed by excluding certain files from scanning. Files are excluded from the scan using a special algorithm that takes into account the release date of Kaspersky application databases, the date when the file was scanned last, and any changes made to the scan settings. There are limitations to iChecker Technology: it does not work with large files and applies only to files with a structure that the application recognizes (for example, EXE, DLL, LNK, TTF, INF, SYS, COM, CHM, ZIP, and RAR).

Exclusions

Objects excluded from scans.

To specify exclusions, click the Manage exclusions link in the Exclusions window.

Pause File Anti-Virus

This temporarily and automatically pauses operation of File Anti-Virus at the specified time or when working with the specified applications.

This is configured by clicking the Pause File Anti-Virus link.

Page top