A common technique of concealing viruses and other malware is to implant them in compound files, such as archives or databases. To detect viruses and other malware that are hidden in this way, the compound file must be unpacked, which may slow down scanning. You can limit the types of compound files to be scanned and thereby speed up scanning.
The method used to process an infected compound file (disinfection or deletion) depends on the type of file.
The File Threat Protection component disinfects compound files in the ZIP, GZIP, BZIP, RAR, TAR, ARJ, CAB, LHA, JAR and ICE formats and deletes files in all other formats (except mail databases).
To configure scanning of compound files:
If scanning only new and modified files is enabled, Kaspersky Endpoint Security scans only new and modified files of all types of compound files.
If this check box is selected, Kaspersky Endpoint Security does not scan compound files if their size exceeds the specified value.
If this check box is cleared, Kaspersky Endpoint Security scans compound files of all sizes.
Kaspersky Endpoint Security scans large files that are extracted from archives, regardless of whether the Do not unpack large compound files check box is selected.
If the check box is selected, Kaspersky Endpoint Security provides access to compound files that are larger than the specified value before these files are scanned. In this case, Kaspersky Endpoint Security unpacks and scans compound files in the background.
Kaspersky Endpoint Security provides access to compound files that are smaller than this value only after unpacking and scanning these files.
If the check box is not selected, Kaspersky Endpoint Security provides access to compound files only after unpacking and scanning files of any size.