File Threat Protection

for Windows, macOS and Linux

The File Threat Protection component lets you prevent infection of the file system of the computer. By default, the File Threat Protection component resides permanently in the computer's RAM and scans all files that are opened, saved, or run in real time. The component scans files on all computer drives, including connected drives. The component provides computer protection with the help of anti-virus databases, the Kaspersky Security Network cloud service, and heuristic analysis.

The component scans the files accessed by the user or application. If a malicious file is detected, Kaspersky Endpoint Security blocks the file operation. The application then disinfects or deletes the malicious file, depending on the settings of the File Threat Protection component.

When attempting to access a file whose contents reside in OneDrive cloud storage, Kaspersky Endpoint Security downloads and scans the file contents.

File Threat Protection settings for Pro View

Parameter	OS	Description
Scan exclusions	`Windows` `macOS` `Linux`	A scan exclusion is a set of conditions that must be fulfilled so that Kaspersky Endpoint Security will not scan a particular object for viruses and other threats. Scan exclusions make it possible to safely use legitimate software that can be exploited by criminals to damage the computer or user data. Although they do not have any malicious functions, such applications can be exploited by intruders. For details on legitimate software that can be used by intruders to damage your computer or personal data, please refer to the Kaspersky IT Encyclopedia website. Kaspersky Endpoint Security supports environment variables and the `*` and `?` characters when entering a mask.
Security level	`Windows` `macOS` `Linux`	For File Threat Protection, Kaspersky Endpoint Security can apply different groups of settings. These groups of settings that are stored in the application are called security levels: Max protection. When this file security level is selected, the File Threat Protection component enforces the strictest control over file activity. The File Threat Protection component scans all file types on all hard drives and removable drives of the computer. It also scans archives, installation packages, mail format files, and embedded OLE objects. Recommended. This file security level is recommended by Kaspersky Lab experts. The File Threat Protection component scans files by format, not by extension. The component scans files on all hard and removable drives of the computer, as well as mail format files and embedded OLE objects. The File Threat Protection component does not scan archives and installation packages. Max performance. The settings of this file security level ensure maximum scanning speed. The File Threat Protection component scans files by extension, not by format. The component scans files on all hard and removable drives of the computer. The File Threat Protection component does not scan compound files.
File types	`Windows` `macOS` `Linux`	The value of this parameter depends on the selected security level. All files. If this setting is enabled, Kaspersky Endpoint Security checks all files without exception (all formats and extensions). Files scanned by extension. If this setting is enabled, the application scans infectable files only. Before scanning a file for malicious code, the internal header of the file is analyzed to determine the format of the file (for example, .txt, .doc, or .exe). The scan also looks for files with particular file extensions. A file which, due to its structure or format, can be used by intruders as a "container" to store and spread malicious code. As a rule, these are executable files, with such file extensions as .com, .exe, and .dll. There is a fairly high risk of intrusion of malicious code in such files. Files scanned by format. If this setting is enabled, the application scans infectable files only. The file format is then determined based on the file's extension.
Protection scope	`Windows` `macOS` `Linux`	Contains objects that are scanned by the File Threat Protection component. All hard drives and removable drives are scanned. It is not possible to change the protection scope.
Scan of compound files	`Windows` `macOS` `Linux`	The value of this parameter depends on the selected security level. A common technique of concealing viruses and other malware is to implant them in compound files, such as archives or databases. To detect viruses and other malware that are hidden in this way, the compound file must be unpacked, which may slow down scanning. Archives. Scanning ZIP, GZIP, BZIP, RAR, TAR, ARJ, CAB, LHA, JAR, ICE, and other archives. The application scans archives not only by extension, but also by format. When checking archives, the application performs a recursive unpacking. This allows to detect threats inside multi-level archives (archive within an archive). Distribution packages. Scanning distribution packages of third-party applications. Embedded OLE objects. Scanning files for embedded objects (for example, Excel tables, macros, attachments in email messages). Mail format files. Scanning email message files in plain text format.
Network Drives Scan	`Windows` `Linux`	Scanning network drives by Kaspersky Endpoint Security. The scan can place a significant load on the CPU. It is more convenient to perform indirect scanning on file servers.
Background Scan	`Windows`	Background Scan is a scan mode of Kaspersky Endpoint Security that does not display notifications for the user. Background scan requires less computer resources than other types of scans (such as a full scan). In this mode, Kaspersky Endpoint Security scans startup objects, the boot sector, system memory, and the system partition.

Page top