Special considerations for scanning symbolic links and hard links
December 12, 2023
ID 197963
Kaspersky Endpoint Security lets you scan symbolic links and hard links to files.
Scanning symbolic links
The application scans symbolic links only if the file referenced by the symbolic link is within the protection scope of the File Threat Protection task.
If the file referenced by the symbolic link is not within the File Threat Protection task, the application does not scan this file. However, if the file contains malicious code, the security of the device is at risk.
Scanning hard links
When processing a file with more than one hard link, the application chooses an action depending on the specified action on objects:
- If the Perform recommended action option is selected, the application automatically selects and performs an action on an object based on data about the danger level of the threat detected in the object and the possibility of disinfecting it.
- If the Remove action is selected, the application removes the hard link being processed. The remaining hard links to this file will not be processed.
- If the Disinfect action is selected, the application disinfects the source file. If disinfection fails, the application deletes the hard link and creates in its place a copy of the source file with the name of the deleted hard link.
When you restore a file with a hard link from the Storage, the application creates a copy of the source file with the name of the hard link that was moved to the Storage. Connections with the remaining hard links to the source file will not be restored.
