Scan settings section (Container Scan)
January 23, 2024
ID 246680
Container scan task settings
Setting | Description |
|---|---|
Scan archives | This check box enables or disables scan of archives. If the check box is selected, the application scans the archives. To scan an archive, the application has to unpack it first, which may slow down scanning. You can reduce the duration of archive scans by configuring the Skip file if scan takes longer than (sec) and Skip file larger than (MB) settings in the General scan settings section. If the check box is cleared, the application does not scan the archives. The check box is selected by default. |
Scan SFX archives | This check box enables or disables self-extracting archive scans. Self-extracting archives are the archives that contain an executable extraction module. If the check box is selected, the application scans self-extracting archives. If the check box is cleared, the application does not scan self-extracting archives. This check box is available if the Scan archives check box is unchecked. The check box is selected by default. |
Scan mail databases | This check box enables or disables scans of mail databases of Microsoft Outlook, Outlook Express, The Bat!, and other mail applications. If the check box is selected, the application scans mail database files. If the check box is cleared, the application does not scan mail database files. This check box is cleared by default. |
Scan mail format files | This check box enables or disables scan of files of plain-text email messages. If this check box is selected, the application scans plain-text messages. If this check box is cleared, the application does not scan plain-text messages. This check box is cleared by default. |
Skip file if scan takes longer than (sec) | In this field, you can specify the maximum time to scan a file, in seconds. After the specified time, the application stops scanning the file. Available values: 0–9999. If the value is set to 0, the scan time is unlimited. Default value: 0. |
Skip file larger than (MB) | In this field, you can specify the maximum size of a file to scan, in megabytes. Available values: 0–999999. If the value is set to 0, the application scans files of any size. Default value: 0. |
Log clean objects | This check box enables or disables the logging of ObjectProcessed type events. If this check box is selected, the application logs events of the ObjectProcessed type for all scanned objects. If this check box is cleared, the application does not log events of the ObjectProcessed type for any scanned object. This check box is cleared by default. |
Log unprocessed objects | This check box enables or disables the logging ObjectNotProcessed type events if a file cannot be processed during a scan. If this check box is selected, the application logs the events of the ObjectNotProcessed type. If this check box is cleared, the application does not log the events of the ObjectNotProcessed type. This check box is cleared by default. |
Log packed objects | This check box enables or disables the logging of PackedObjectDetected type events for all packed objects that are detected. If this check box is selected, the application logs the events of the PackedObjectDetected type. If this check box is cleared, the application does not log the events of the PackedObjectDetected type. This check box is cleared by default. |
Use iChecker technology | This check box enables or disables scan of only new and modified since the last scan files. If the check box is selected, the application scans only new files or the files modified since the last scan. If the check box is cleared, the application scans the files regardless of the creation or modification date. The check box is selected by default. If Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments, use of iChecker technology is not supported. Scan optimization is implemented by means of the Protection Server. |
Use heuristic analysis | This check box enables or disables heuristic analysis during file scans. The check box is selected by default. |
Heuristic analysis level | If the Use heuristic analysis check box is selected, you can select the heuristic analysis level in the drop-down list:
|
First action | In this drop-down list, you can select the first action to be performed by the application on an infected object that has been detected:
|
Second action | In this drop-down list, you can select the second action to be performed by the application on an infected object, in case the first action is unsuccessful:
|
Scan containers | This check box enables or disables container scans. If the check box is selected, you can specify a name or a name mask for containers to be scanned. The check box is selected by default. |
Name mask | Entry field for a name or a name mask for containers to be scanned. By default, the * mask is specified – all containers will be scanned. |
Action on threat detection | You can select the action that the application performs on a container when it detects an infected object:
Due to the way a CRI-O environment works, an infected object is not disinfected or deleted in a container in a CRI-O environment. We recommend to select the Stop container action. |
Scan images | This check box enables or disables the image scan. If the check box is selected, you can specify a name or a name mask for images to be scanned. The check box is selected by default. |
Name mask | Entry field for a name or a name mask for images to be scanned. By default, the * mask is specified (all images are scanned). |
Action on threat detection | You can select the action that the application performs on a container when it detects an infected object:
|
Scan each layer | This check box enables or disables the scanning of all layers of images and running containers. This check box is cleared by default. |
