On-demand scan of containers and images

When the Container Scan task is running, Kaspersky Endpoint Security scans containers and images for viruses and other malware. The application can run multiple Container Scan tasks simultaneously.

Integration with Docker container management system, CRI-O framework, and Podman and runc utilities is supported.

To use the task, a license that includes the corresponding function is required.

You can start a Container Scan and configure the settings of the scan:

• Specify the containers and images to be scanned by name or name mask.
• Enables scanning of all layers of images and containers.
• Select the action that the application will perform on the container and the action that the application will perform on the image when an infected object is detected.
• Configure settings for scanning objects inside containers or images:
  • Enable or disable scanning of archives, mail databases, email messages in text format.
  • Limit the size of an object to be scanned and the duration of the object scan.
  • Select the actions to be performed by the application on the infected objects.
  • Configure exclusions of objects from scans:
    • by name or mask
    • by the name of the threats detected in the objects
  • Enable or disable the use of global exclusions when scanning.
  • Configure the use of the heuristic analyzer and iChecker technology during a scan.
  • Enable or disable the logging of information about scanned non-infected objects, about scanning objects in archives, and about unprocessed objects.