Kaspersky Security lets you run a virus scan on the files of virtual machines on a VMware ESXi hypervisor. Virtual machine files need to be scanned regularly with new anti-virus databases to prevent the spread of malicious objects.
The settings that Kaspersky Security applies while scanning virtual machines are defined by using scan tasks. Kaspersky Security uses the following scan tasks:
You can set a schedule for running scan tasks, manually run a scan task, and view information about the progress and results of tasks.
If viruses or other malware are detected in a file during scanning of virtual machine files, Kaspersky Security assigns the Infected status to the file. If the scan cannot conclusively determine whether or not the file is infected (the file may contain a code sequence that is characteristic of viruses or other malware, or contain modified code from a known virus), Kaspersky Security also assigns the Infected status to the file.
The Signature analysis and machine learning scan method is used when scanning virtual machines. Scanning using signature analysis and machine learning provides the minimum acceptable security level. Kaspersky Security uses application databases containing information about known threats and about the methods to neutralize them. Based on the recommendations of Kaspersky experts, the Signature analysis and machine learning scan method is always enabled.
When scanning virtual machines, Heuristic analysis is used. This is a technology designed for detecting threats that cannot be detected with the aid of Kaspersky application databases. Heuristic analysis detects files that could be infected with malware for which there are not yet any database signatures or infected with a new variety of a known virus. Files in which a threat is detected during heuristic analysis are marked as Infected.
The deep heuristic analysis level is always used during virtual machine scanning irrespective of the selected security level. Heuristic Analyzer performs the maximum number of instructions in executable file, which raises the probability of threat detection.
If an application that collects information and sends it to be processed is installed on a virtual machine, Kaspersky Security may classify this application as malware. To avoid this, you can exclude the application from the scan scope.
Special considerations for scanning virtual machines:
When scanning virtual machines running Linux operating systems, Kaspersky Security scans files in CIFS network file systems if the directories in which the CIFS network file systems are mounted are included in the task scan scope. Scanning files in NFS network file systems is not supported.
After a scan task finishes, you are advised to view the list of files that are blocked as a result of the scan task and manage them manually. For example, you can save file copies in a location that is inaccessible for a virtual machine user or delete the files. You must first exclude the blocked files from protection in the settings of the protection profile assigned to the virtual machines, or temporarily disable protection of the virtual machines on which these files were blocked. You can view the details of blocked files by filtering events by the File blocked event (for more details, please refer to the Kaspersky Security Center documentation).