Configuring the scan scope in a scan task

The scan scope refers to the locations and extensions of files of virtual machines that are scanned by Kaspersky Security when it performs a scan task.

If a scan scope has not been configured, Kaspersky Security scans all files of virtual machines.

When scanning virtual machines running Windows operating systems, Kaspersky Security does not scan files in network folders. Kaspersky Security is able to scan files in network folders only when the user or an application accesses those files. If you want to scan files in network folders regularly, you must create a task for scanning virtual machines that have shared files and folders, and include those files and folders into the scan task scope.

When scanning virtual machines running Linux operating systems, Kaspersky Security scans files in CIFS network file systems if the directories in which the CIFS network file systems are mounted are included in the task scan scope. Scanning files in NFS network file systems is not supported.

You can define the scan scope of a task while creating the task (the Defining the scan scope step) or in the task properties after it is created (the Scan scope section).

To configure the scan scope of the task:

1. Select one of the following options:
   • Scan all files and folders except for those specified
   • Scan specified files and folders only
2. If you selected the Scan all files and folders except for those specified option, you can create a list of objects that must be excluded from the scan scope by using the Add, Change and Delete buttons.

   You can exclude objects of the following types from the scan scope:

   • Folders. Files stored in folders at the specified path are excluded from the scan scope. For each folder, you can specify whether to apply the exclusion to subfolders.

     The * and ? characters in the paths to excluded folders are not supported. The folder path must be absolute.

   • Files by mask. Files located at the specified path, or files matching the specified mask are excluded from the scan scope.

     Consider the following rules when specifying the file mask:

     • The file path must be absolute.
     • The * character replaces any sequence of zero or more characters except for : \ /.
     • The use of the * character at the beginning of a path is not supported.
     • The ? character can replace any one character except for : \ /.

     Examples of masks:

     • C:\dir\* – all files in the dir folder.
     • C:\dir\*.zip – all files with the zip extension in the dir folder.
     • C:\dir\*.zi? – all files with the zi? extension, where ? can be any single character.
     • C:\dir\??st\*.com – all files with the COM extension in the folder whose name consists of four characters and ends with st, for example, the C:\dir\test\good.com file.

   Kaspersky Security ignores the case of characters in paths to files and folders that are excluded from the scan scope.

   You can save a configured list of exclusions to file using the Export button or load a previously saved list of exclusions from file using the Import button. To import or export a list of exclusions, you can use a file in XML format. You can also import a list of exclusions from a file in DAT format. Using a file in DAT format, you can import a list of exclusions that was generated in other Kaspersky applications.

   The application distribution kit includes the microsoft_file_exclusions.xml file with the list of exclusions recommended by Microsoft Corporation (see the Microsoft website for the list of exclusions recommended by Microsoft). The microsoft_file_exclusions.xml file is located in the setup folder of the Kaspersky Security administration plug-in on the computer on which the Kaspersky Security Center Administration Console is installed. You can import this file into exclusions of the scan task. After the import is completed, Kaspersky Security does not scan the objects recommended by Microsoft when it performs a scan task. You can view and edit the list of these objects in the Files and folders table.

   If your exclusions list uses an environment variable that has multiple values depending on the bit rate of the application that uses it, in 64-bit Windows operating systems, objects corresponding to all values of the variable are excluded from the scan scope. For example, if you use the %ProgramFiles% variable, objects located in the C:\Program Files folder and in the C:\Program Files (x86) folder are excluded from the scan scope.

3. If you selected the Scan all files and folders except for those specified option, in the File extensions section you can specify the extensions of files that should be included in the scan scope or excluded from the scan scope.

   To do so, select one of the options below:

   • Scan all except files with the following extensions. In the text box, specify a list of extensions of files to not scan during a scan task. Kaspersky Security ignores the case of characters in the extensions of files that are to be excluded from the scan scope.
   • Scan files with the following extensions only. In the text box, specify a list of extensions of files to scan during a scan task. When scanning virtual machines running Linux operating systems, Kaspersky Security is case sensitive regarding the characters in the extensions of files to be included in the scan scope. When scanning virtual machines running Windows operating systems, the application ignores the cases of characters in file extensions.

     You can type file extensions in the field by separating them with a blank space, or by typing each extension in a new line. File extensions may contain any characters except . * | \ : " < > ? /. If an extension includes a blank space, the extension should be typed inside quotation marks: "doc x".

     If you have selected Scan files with the following extensions only in the drop-down list but have not specified the extensions of files to scan, Kaspersky Security scans all files.

   Folders excluded from the scan have a higher priority than file extensions that are included in the scan scope. If a file is located in a folder that is excluded from the scan, the application skips this file even if its extension is included in the scan scope.

4. If you selected the Scan specified files and folders only option, use the Add, Change, and Delete buttons to create a list of virtual machine files and folders to scan during the scan task.

   When scanning virtual machines running Linux operating systems, Kaspersky Security is case sensitive regarding the characters in paths to files and directories included in the scan scope. When scanning virtual machines running Windows operating systems, paths to files and folders are not case sensitive.

   If your list of objects requiring scanning uses an environment variable that has multiple values depending on the bit rate of the application that uses it, in 64-bit Windows operating systems, objects corresponding to all values of the variable are included in the scan scope. For example, if you use the %ProgramFiles% variable, objects located in the C:\Program Files folder and in the C:\Program Files (x86) folder are included in the scan scope.

5. Save the changes by clicking Next (in the New Task Wizard) or Apply (in the task properties).

Page top