Scanning settings

This section describes the Scanning section of the Settings page.

If an error occurred during loading of the web page and the settings are unavailable, reload the page.

The Scanning section contains the following settings:

• Enable reputation checking—Indicates whether Kaspersky Security Network (KSN) must be used.

  If this toggle switch is turned to On and the End-User License Agreement (EULA) for KSN is not accepted, the EULA will be displayed and you must accept it in order to use KSN.

• Enable Phishing Protection—Indicates whether the anti-phishing protection is turned On or Off.
• Object scan timeout—Timeout period, in milliseconds, for scanning a single object
• Heuristic analysis level—Drop-down list provides levels of heuristic analysis

  The level can be one of the following:

  • Off
  • Low
  • Medium
  • High
• Actions on detected objects—To be performed after a threat or legitimate software that can be used by intruders is detected

  This setting is available if Kaspersky Anti-Virus Engine is initialized in HTTP mode. You can select one of the following actions:

  • Disinfect and delete if cannot be disinfected
  • Disinfect and skip if cannot be disinfected
  • Delete

  The above actions will be performed only if Kaspersky Anti-Virus Engine detects a threat while processing a scanfile request. In all other cases, Kaspersky Scan Engine will only send a notification if the specified actions can be applied to the detected object.

  • Skip
• Maximum depth—Specifies the maximum depth of nested archives to be unpacked during scanning.

  This parameter is available only if the Archives check box is selected in the Types of files to scan section below.

• Under Types of files to scan, you will find check boxes for the following settings:
  • Packed objects—Indicates whether packed objects must be scanned
  • Archives—Indicates whether archives must be scanned
  • Email databases—Indicates whether email clients' databases must be scanned
  • Emails—Indicates whether email messages must be scanned
  • Macros in Microsoft Office documents—Indicates whether Microsoft Office macros and documents must be scanned
• Types of objects that must be scanned in request modification (REQMOD) mode

  This setting is available if KAV Engine is initialized in ICAP mode. You can select one of the following object types:

  • URLs
  • Files
• Types of objects that must be scanned in response modification (RESPMOD) mode

  This setting is available if KAV Engine is initialized in ICAP mode. You can select one of the following object types:

  • URLs
  • Files
• Formats of objects that must not be scanned

  Clicking the Exclusions by file formats link opens the File formats to exclude window.

• Types of objects that must not be scanned

  This setting is available if KAV Engine is initialized in ICAP mode. To specify exclusions by object type:

  1. Click the Object types to exclude link.

     The Object types to exclude window opens.

  2. Set the object types that must not be scanned.

     Kaspersky Scan Engine matches the Content-Type HTTP header to the values of this exclusion rule. If the Content-Type HTTP header contains the specified value, the ICAP plugin does not scan this object.

  3. Click Add, if you need to add another exclusion rule.
  4. Click Save to apply this setting.

  To apply this setting, you have to configure a proxy server to send previews to the ICAP server.

• URLs that must not be scanned

  This setting is available if KAV Engine is initialized in ICAP mode. To specify exclusions by URL:

  1. Click the Exclusions by URL link.

     The Exclusions by URL window opens.

  2. Set the URLs to skip.

     Kaspersky Scan Engine will skip these URLs. Specified URLs must not include scheme, query, and fragment components.

     It is allowed to use masks. You can specify the asterisk (*) wildcard character as a substitute for a sequence of characters that constitute an entire domain name from the third level of the domain and above. For example, *.domain.com. This value includes all subdomains of domain.com. The asterisk (*) and question mark (?) wildcard characters can be used in a path component of the URL to substitute for any sequence of characters, or a single character, respectively. For example, domain.com/test/page/*.

  3. Click Add, if you need to add another exclusion rule.
  4. Click Save to apply this setting.

  To apply this setting, you have to configure a proxy server to send previews to the ICAP server.

• Maximum object size that can be scanned

  This setting is available if KAV Engine is initialized in ICAP mode. To specify exclusions by object size:

  1. Click the Skip large objects toggle button.
  2. Set the maximum object size that can be scanned in kilobytes (KB).

     If this setting is specified, Kaspersky Scan Engine expects to receive previews and compares the value of the Content-Length HTTP header to the value of this setting and also checks the actual object size. If either the header value or the actual object size is greater than the specified value, the ICAP plugin does not scan the object. This applies both to requests made in preview mode and regular requests.

  To apply this setting, you have to configure a proxy server to send previews to the ICAP server.

When you apply new scanning settings, KAV Engine restarts.

Page top