Scanning of compound files by File Anti-Virus

A common technique of concealing viruses and other malware is to implant them in compound files, such as archives or databases. To detect viruses and other malware that are hidden in this way, the compound file has to be unpacked, which may slow down scanning. You can limit the set of compound files to be scanned, thus speeding up scanning.

To configure scanning of compound files using Kaspersky Security Center:

1. Open Kaspersky Security Center Administration Console.
2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
3. In the workspace, select the Policies tab.
4. Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
5. In the policy properties window, select the File Anti-Virus section in the list on the left.
6. In the right part of the window, in the Security level section, click the Settings button.
7. In the File Anti-Virus window that opens, on the Performance tab, in the Scan compound files section, specify the types of compound files that you want to scan: archives, self-extracting archives, or embedded OLE objects by selecting the corresponding check boxes.
8. If you want File Anti-Virus to scan only new and changed compound files of all types, in the Scan optimization section, select the Scan only new and modified files check box.

   If the Scan only new and modified files check box is not selected, in the Scan compound files section you can specify for each type of compound file whether to scan all files of this type or only new ones. To make your choice, click the all / new link next to the name of a type of compound file. This link changes its value after you click it.

9. Click the Additional button.
10. In the Compound files window that opens, in the Background scan section, do one of the following:
    • If you want File Anti-Virus to unpack large-sized compound files in background mode, select the Unpack compound files in background mode check box and specify the required value in the Minimum file size field.
    • If you do not want File Anti-Virus to unpack compound files in background mode, clear the Unpack compound files in background mode check box.
11. In the Size limit section, do one of the following:
    • If you want File Anti-Virus to unpack large-sized compound files, clear the Do not unpack large compound files check box.
    • If you do not want File Anti-Virus to unpack large-sized compound files, select the Do not unpack large compound files check box and specify the required value in the Maximum file size field.

    A file is considered large if its size exceeds the value in the Maximum file size field.

    File Anti-Virus scans large-sized files that are extracted from archives, regardless of whether or not the Do not unpack large compound files check box is set.

12. In the Compound files window, click OK.
13. Click OK in the File Anti-Virus window.
14. Click the Apply button.

To configure scanning of compound files in the local interface:

1. On the protected virtual machine, open the application settings window.
2. In the left part of the window, in the Anti-Virus protection section, select File Anti-Virus.

   In the right part of the window, the File Anti-Virus component's settings are displayed.

   If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.

3. Complete steps 6–13 of the previous instructions.
4. To save changes, click the Save button.