File Threat Protection

Support

Support for business applications

Kaspersky Endpoint Security 11 for Linux

Remote application administration using Kaspersky Security Center Web Console and Kaspersky Security Center Cloud Console

Policy settings

File Threat Protection

December 12, 2023

ID 236891

File Threat Protection prevents infection of the file system on the user device. File Threat Protection starts automatically with the default settings upon Kaspersky Endpoint Security start. It resides in the device operating memory and scans all files that are opened, saved, and launched.

File Threat Protection settings

Setting	Description
File Threat Protection enabled / disabled	This toggle button enables or disables File Threat Protection on all managed devices. The check toggle button is switched on by default.
File Threat Protection mode	In this drop-down list, you can select the File Threat Protection mode: Smart check (default value) – scan a file when there is an attempt to open it and scan it again when there is an attempt to close it if the file has been modified. If a process accesses and modifies a file multiple times in a certain period, the application scans the file again only when the process closes it for the last time. When opened – scan the file on an attempt to open it for reading, execution, or modification. When opened and modified – scan a file on an attempt to open it, and scan it again on an attempt to close it if the file has been modified.
First action	In this drop-down list, you can select the first action to be performed by the application on an infected object that has been detected: Disinfect the object. A copy of the infected object will be moved to the Storage. Remove the object. A copy of the infected object will be moved to the Storage. Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it (default value). Block access to the object.
Second action	In this drop-down list, you can select the second action to be performed by the application on an infected object, in case the first action is unsuccessful: Disinfect the object. A copy of the infected object will be moved to the Storage. Remove the object. A copy of the infected object will be moved to the Storage. Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it. Block access to the object (default value).
Scan scopes	Clicking the Configure scan exclusions link opens the Scan scopes window.
Scan archives	This check box enables or disables scan of archives. If the check box is selected, the application scans the archives. To scan an archive, the application has to unpack it first, which may slow down scanning. You can reduce the archive scan duration by enabling and configuring the Skip object if scan takes longer than (sec) and Skip objects larger than (MB) settings. If the check box is cleared, the application does not scan the archives. This check box is cleared by default.
Scan SFX archives	This check box enables or disables self-extracting archive scans. Self-extracting archives are archives that contain an executable extraction module. If the check box is selected, the application scans self-extracting archives. If the check box is cleared, the application does not scan self-extracting archives. This check box is available if the Scan archives check box is unchecked. This check box is cleared by default.
Scan mail databases	This check box enables or disables scans of mail databases of Microsoft Outlook, Outlook Express, The Bat!, and other mail applications. If the check box is selected, the application scans mail database files. If the check box is cleared, the application does not scan mail database files. This check box is cleared by default.
Scan mail format files	This check box enables or disables scan of files of plain-text email messages. If this check box is selected, the application scans plain-text messages. If this check box is cleared, the application does not scan plain-text messages. This check box is cleared by default.
Skip text files	Temporary exclusion of files in text format from scans. If the checkbox is selected, Kaspersky Endpoint Security does not scan text files if they are reused by the same process for 10 minutes after the most recent scan. This setting makes it possible to optimize scans of application logs. If this check box is unselected, Kaspersky Endpoint Security scans text files. This check box is cleared by default.
Skip object if scan takes longer than (sec)	A field for specifying the maximum time to scan an object, in seconds. After the specified time, the application stops scanning the object. Available values: `0–9999`. If the value is set to `0`, the scan time is unlimited. The default value is `60`.
Skip objects larger than (MB)	The field for specifying the maximum size of an archive to scan, in megabytes. Available values: `0–999999`. If the value is set to `0`, the application scans objects of any size. The default value is `0`.
Log clean objects	This check box enables or disables logging of the ObjectProcessed event. If this check box is selected, the application logs the ObjectProcessed event for all scanned objects. If the check box is cleared, the application does not log the event. This check box is cleared by default.
Log unprocessed objects	This check box enables or disables logging of the ObjectNotProcessed event if a file cannot be processed during scan. If this check box is selected, the application logs the ObjectNotProcessed event. If the check box is cleared, the application does not log the event. This check box is cleared by default.
Log packed objects	This check box enables or disables logging of the PackedObjectDetected event for all packed objects that are detected. If this check box is selected, the application logs the PackedObjectDetected event. If the check box is cleared, the application does not log the event. This check box is cleared by default.
Use iChecker technology	This check box enables or disables scan of only new and modified since the last scan files. If the check box is selected, the application scans only new files or the files modified since the last scan. If the check box is cleared, the application scans the files regardless of the creation or modification date. The check box is selected by default.
Use heuristic analysis	This check box enables or disables heuristic analysis during an object scan. The check box is selected by default.
Heuristic analysis level	If the Use heuristic analysis check box is selected, you can select the heuristic analysis level in the drop-down list: Light is the least detailed scan with minimal system load. Medium is a medium scan with balanced system load. Deep is the most detailed scan with maximum system load. Recommended (default value) is the optimal level recommended by Kaspersky experts. It ensures an optimal combination of quality of protection and impact on the performance of protected servers.

Kaspersky Endpoint Security for Linux: High protection without performance compromising

Detects and blocks advanced threats. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.