Threats and Exclusions

Settings

Description

Types of detected objects

The application detects various types of objects, such as viruses and worms, Trojans, and adware. For details, please refer to the Kaspersky Encyclopedia.

You can disable detection of the following types of objects:

  • Other software that can be used by criminals to damage your computer or personal data. This software includes remote administration applications that system administrators can use to access the interface of a remote computer for monitoring or management purposes.
  • Multi-packed files. Files that are packed multiple times, including by various packers. Multi-packing makes it more difficult to scan objects.

Manage exclusions

Clicking this link opens the Exclusions window containing a list of scan exclusions. A scan exclusion is a set of conditions that, when fulfilled, cause the application to not scan a particular object for viruses and other threats.

You can add, edit, or delete exclusions from the list.

In the window for adding or editing an exclusion, you can define specific conditions that, when fulfilled, will prevent objects from being scanned (the application will not scan them):

  • File or folder that should be excluded from scans (you can also exclude executable files of applications and processes). You can use masks in accordance with the following rules:
    • The * (asterisk) character, which takes the place of any set of characters, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\*\*.txt will include all paths to files with the TXT extension located in folders on the C: drive, but not in subfolders.
    • Two consecutive * characters take the place of any set of characters (including an empty set) in the file or folder name, including the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\**\*.txt will include all paths to files with the TXT extension located in the folder named Folder except for the Folder itself. The mask must include at least one nesting level. The mask C:\**\*.txt is not a valid mask.
    • The ? (question mark) character, which takes the place of any single character, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\???.txt will include paths to all files residing in the folder named Folder that have the TXT extension and a name consisting of three characters.
  • Type of objects that must be excluded from scans. Enter the name of the object type according to the classification of the Kaspersky Encyclopedia (for example, Email-Worm, Rootkit or RemoteAdmin). You can use masks with the ? character (replaces any single character) and the * character (replaces any number of characters). For example, if the Client* mask is specified, the application excludes Client-IRC, Client-P2P and Client-SMTP objects from scans.
  • Object checksum. Comparing the checksum of an object with the checksum indicated in this setting enables the scan to exclude an object that has not been modified since the last scan.
  • Protection components for which the exclusion is applied.

Instead of deleting an exclusion from the list, you can change the status of an en exclusion to Inactive (in the window for adding or editing an exclusion). When inactive, the exclusion will not be applied.

Specify trusted applications

Clicking this link opens a window with the list of trusted applications. The Kaspersky application does not monitor file activity and network activity of trusted applications (including malicious ones), and does not monitor these applications' queries to the system registry.

You can add, edit, or delete trusted applications from the list.

Even if an application is on the trusted list, the Kaspersky application continues to scan the executable file and process of this application for viruses and other threats. If you do not want to scan the executable file and process of a trusted application, add the application to the list of exclusions.

When adding or editing a trusted application, in the Exclusions for application window you can specify rules that will be used by the Kaspersky application to monitor the activity of the trusted application.

In the Exclusions for application window, the following rules are available:

  • Do not scan opened files.
  • Do not monitor application activity. Intrusion Prevention does not monitor any application activity.
  • Do not inherit restrictions from the (application’s) parent process. If restrictions of a parent process or application are not inherited, application activity is monitored according to your defined rules or according to the rules of the trust group to which the application belongs.
  • Do not monitor the activity of child applications.
  • Do not block interaction with the Kaspersky application interface. The application is allowed to manage the Kaspersky application by using its graphical interface. You may need to allow the application to manage the interface of the Kaspersky application when using a remote desktop connection application or an application supporting the operation of a data input device. Examples of such devices include touch pads and graphic tablets.
  • Do not scan all traffic (or encrypted traffic). Depending on the selected option (Do not scan all traffic or Do not scan encrypted traffic), the Kaspersky application excludes all network traffic of the application or traffic transmitted over SSL from being scanned. The value of this setting does not affect Firewall operation: Firewall scans application traffic in accordance with Firewall settings. Exclusions affect Mail Anti-Virus, Safe Browsing, and Anti-Spam. You can specify the IP addresses or network ports to which the traffic control restriction must apply.

If you change the status of an application to Inactive in the Exclusions for application window, the Kaspersky application does not treat the application as a trusted application. This way, you can temporarily exclude an application from the trusted list without actually deleting it from the list.

Trusted system certificate store

If one of the trusted system certificate stores is selected, the Kaspersky application excludes applications signed with a trusted digital signature from scans. Kaspersky automatically assigns such applications to the Trusted group.

If Do not use is selected, Kaspersky scans applications regardless of whether or not they have a digital signature. The Kaspersky application places an application in a trust group depending on the level of danger that this application may pose to the computer.

Page top