File Threat Protection

File Threat Protection enabled / disabled

This toggle button enables or disables File Threat Protection on all managed devices.

The toggle button is switched on by default.

File Threat Protection mode

In this drop-down list, you can select the File Threat Protection mode:

• Smart check scans a file on the attempt to open it and scans it again on the attempt to close it, if the file has been modified. If a process accesses and modifies a file multiple times in a certain period, the application scans the file again only when the process closes it for the last time.
• On access scans the file on the attempt to open it for reading, execution, or modification.
• On access and modification scans a file on the attempt to open it, and scans it again on the attempt to close it, if the file has been modified.

  The Smart check action is selected by default.

First action

In this drop-down list, you can select the first action to be performed by Kaspersky Endpoint Security on an infected object that has been detected:

• Cure the object. A copy of the infected object will be saved in the Storage.
• Remove the object. A copy of the infected object will be saved in the Storage.
• Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it.
• Block access to the object.

  Perform recommended action is selected by default.

Second action

In this drop-down list, you can select the second action to be performed by Kaspersky Endpoint Security on an infected object, in case the first action is unsuccessful:

• Cure the object. A copy of the infected object will be saved in the Storage.
• Remove the object. A copy of the infected object will be saved in the Storage.
• Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it.
• Block access to the object.

  The Block action is selected by default.

Scan scopes

Contains objects that are scanned by File Threat Protection.

Clicking the Configure scan scopes link opens the Scan scopes window. This window lets you configure the scan scopes.

The table contains the following columns:

• Scope name. This column contains the scan scope names.
• Path. This column contains paths to the scan scopes.
• Status. This column displays whether the scope is scanned. The Enabled status means that Kaspersky Endpoint Security scans this scope when running the task. The Disabled status means that Kaspersky Endpoint Security does not scan this scope when running the task.

To create a task, you need to add at least one scan scope.

Kaspersky Endpoint Security scans objects in the specified scopes in the order in which you enumerate these scan scopes in the list of scan scopes. To configure security settings for a subdirectory that are different from the security settings of the parent directory, place the subdirectory in the list higher than its parent directory.

By default, the table contains one scan scope with the default settings: scan all objects located on local drives of the computer, as well as all mounted and shared directories that are accessed via the SMB and NFS protocols, with the recommended security settings.

You can add, configure, delete, move up, or move down scan scopes in the table.

Clicking the Move down button moves the selected item down in the table.

Kaspersky Endpoint Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table.

This button is available if only one item is selected in the table.

Clicking the Move up button moves the selected item up in the table.

Kaspersky Endpoint Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table.

This button is available if only one item is selected in the table.

Clicking the Delete button excludes the selected scope from scanning.

This button is available if at least one scan scope is selected in the table.

Clicking the scan scope name opens the <scan scope> window. In this window, you can modify the settings of the selected scan scope.

Clicking the Add button opens the <New scan scope> window. In this window, you can define a new scan scope.

Scan archives

This check box enables or disables scan of archives.

If this check box is selected, Kaspersky Endpoint Security scans archives. The application detects infected objects in archives, but does not disinfect them. Select this action for a more detailed scan.

To scan an archive, the application has to unpack it first, which may slow down scanning. You can reduce the archive scan duration by enabling and configuring the Skip object if scan takes longer than (sec) and/or Skip objects larger than (MB) parameters.

If this check box is cleared, Kaspersky Endpoint Security does not scan archives.

This check box is cleared by default.

Scan SFX archives

This check box enables or disables scanning of self-extracting archives. Self-extracting archives are archives that contain an executable extraction module.

If this check box is selected, Kaspersky Endpoint Security scans self-extracting archives.

If this check box is cleared, Kaspersky Endpoint Security does not scan self-extracting archives.

This check box is available if the Scan archives check box is cleared.

This check box is cleared by default.

Scan mail databases

This check box enables or disables scan of mail databases of Microsoft Outlook, Outlook Express, The Bat!, and other mail applications.

If this check box is selected, Kaspersky Endpoint Security scans mail database files.

If this check box is cleared, Kaspersky Endpoint Security does not scan mail database files.

This check box is cleared by default.

Scan mail formats

This check box enables or disables scan of files of plain-text email messages.

If this check box is selected, Kaspersky Endpoint Security scans plain-text messages.

If this check box is cleared, Kaspersky Endpoint Security does not scan plain-text messages.

This check box is cleared by default.

Skip object if scan takes longer than (sec)

The field for specifying the maximum time to scan an object, in seconds. After the specified time is reached, Kaspersky Endpoint Security stops scanning the object.

Available values: 0 – 9999. If the value is set to 0, the scan time is unlimited.

Default value: 60.

Skip objects larger than (MB)

The field for specifying the maximum size of an archive to scan, in megabytes.

Available values: 0 – 999,999. If the value is set to 0, Kaspersky Endpoint Security scans objects of any size.

Default value: 0.

Log clean objects

This check box enables or disables logging the events of the ObjectProcessed type.

If this check box is selected, Kaspersky Endpoint Security logs the events of the ObjectProcessed type for any scanned object.

If this check box is cleared, Kaspersky Endpoint Security does not log the events of the ObjectProcessed type for any scanned object.

This check box is cleared by default.

Log unprocessed objects

This check box enables or disables logging the events of the ObjectNotProcessed type if a file cannot be processed during the scan.

If this check box is selected, Kaspersky Endpoint Security logs the events of the ObjectNotProcessed type.

If this check box is cleared, Kaspersky Endpoint Security does not log the events of the ObjectNotProcessed type.

This check box is cleared by default.

Log packed objects

This check box enables or disables logging the events of the PackedObjectDetected type about any packed objects that are detected.

If this check box is selected, Kaspersky Endpoint Security logs the events of the PackedObjectDetected type.

If this check box is cleared, Kaspersky Endpoint Security does not log the events of the PackedObjectDetected type.

This check box is cleared by default.

Use iChecker technology

This check box enables or disables scan of only new and modified since the last scan files.

If the check box is selected, Kaspersky Endpoint Security scans only new or modified since the last scan files.

If the check box is cleared, Kaspersky Endpoint Security scans files regardless to the date of creation or modification.

This check box is selected by default.

Use heuristic analysis

This check box enables or disables heuristic analysis during an object scan.

This check box is selected by default.

Heuristic analysis level

If the Use heuristic analysis check box is selected, you can select the heuristic analysis level in the drop-down list:

• Light is the least detailed scan, minimum system load.
• Medium is a medium scan, balanced system load.
• Deep is the most detailed scan, maximum system load.
• Recommended is the optimal level recommended by Kaspersky's experts. It ensures an optimal combination of quality of protection and impact on the performance of protected servers.

  The Recommended option is selected by default.