File Threat Protection task (File_Threat_Protection, ID:1)

File Threat Protection prevents infection of the device's file system. The File Threat Protection task is created automatically with default settings when you install Kaspersky Endpoint Security application on your device. By default, the File Threat Protection task starts automatically when the application starts. The task resides in the device's RAM and scans all opened, saved, and active files.

Administrator role privileges are required to start and stop the File Threat Protection task from the command line.

Upon detecting malware, Kaspersky Endpoint Security may remove the infected file and terminate the malware process started from this file.

While the File Threat Protection task is running, the application scans all namespaces and containers on all supported operating systems if the value of the NamespaceMonitoring setting in the general application settings is set to Yes. Additionally, for Astra Linux, a custom virus scan task (Scan_File) allows files from other namespaces to be scanned (as part of a mandatory scan). You can separately configure general settings for scanning containers and namespaces.

The application does not scan namespaces and containers unless components for working with containers and namespaces are installed in the operating system. Moreover, when viewing application information in the Container Monitoring row, "The task is available and not running" is displayed.

File Threat Protection user tasks cannot be created. You can modify the settings of the default File Threat Protection task.

If InterceptorProtectionMode is set to Notify in the general application settings, then when infected objects are detected, the application does not perform the actions specified in the FirstAction and SecondAction settings of the File Threat Protection task.