Configuring the trusted zone
January 10, 2024
A trusted zone is a custom list of objects and applications that Kaspersky Security does not monitor when active.
You form a trusted zone based on the specifics of the objects that you need to manage and the applications that are installed in the guest operating system of the protected virtual machine. It may be necessary to include objects and applications in the trusted zone when Kaspersky Security blocks access to a certain object or application, if you are sure that the object or application is harmless.
Exclusions from protection and scanning
Exclusion is a combination of conditions that describe an object or application. If the object satisfies these conditions, Kaspersky Security does not scan this object for viruses or other malware.
Some legitimate applications can be used by criminals to compromise your virtual machine or personal data. Although they do not have any malicious functions, such applications can be used as an auxiliary component in malware. Examples of such applications include remote administration tools, IRC clients, FTP servers, various utilities for suspending or concealing processes, keyloggers, password crackers, and auto-dialers. Such applications are not categorized as viruses. For details on legitimate software that could be used by intruders to harm the device or personal data of a user, please visit the Kaspersky Virus Encyclopedia website.
Such applications may be blocked by Kaspersky Security. To prevent them from being blocked, you can configure scan and protection exclusions. To do so, add the name or name mask that is listed in the Kaspersky Virus Encyclopedia to the trusted zone. For example, you may frequently use the Remote Administrator program. This is a remote access application that gives you control over a remote device. To prevent this application from being blocked, create an exclusion with the name or name mask that is listed in the Kaspersky Virus Encyclopedia.
You can exclude objects of the following types from scanning:
- Files of certain formats
- Files and folders that are selected by a mask
- Files based on their hashes calculated by the SHA-256 algorithm
- Individual files and folders
- Application processes
- Objects according to the classification of Kaspersky Virus Encyclopedia
By default, the /sys, /proc and /.snapshots file system objects are excluded from protection and scans by Light Agent for Linux. You can remove these exceptions or suspend using them.
Protection exclusions can be used by the following application components and tasks:
- File Anti-Virus.
- Mail Anti-Virus.
- Web Anti-Virus.
- AMSI Protection.
- System Watcher.
- Application Privilege Control.
- Scan tasks.
Moreover, you can create an exclusion category containing exclusions for Light Agent for Windows whereby Kaspersky Security will not scan files or folders in the category and/or objects with the specified name.
List of trusted applications
The list of trusted applications is a list of applications whose file and network activity (including suspicious activity) and access to the system registry are not monitored by Kaspersky Security. By default, Kaspersky Security scans objects that are opened, executed, or saved by any application process and controls the activity of all applications and network traffic that is generated by them. Applications that are added to the list of trusted applications are excluded from scanning.
For example, if you consider objects that are used by the standard Microsoft Windows Notepad application to be safe without scanning, meaning that you trust this application, you can add Microsoft Windows Notepad to the list of trusted applications. Scanning then skips objects that are used by this application.
In addition, certain actions that are classified by Kaspersky Security as dangerous may be safe within the context of the functionality of a number of applications. For example, the interception of text that is typed from the keyboard is a routine process for automatic keyboard layout switchers (such as Punto Switcher). To take account of the specifics of such applications and exclude their activity from monitoring, we recommend that you add such applications to the trusted applications list.
Excluding trusted applications from scanning lets you avoid compatibility conflicts between Kaspersky Security applications and other programs (for example, the problem of double-scanning of the network traffic of a third-party device by Kaspersky Security and by another anti-virus application), and also increases the virtual machine's performance, which is critical when using server applications.
At the same time, the executable file and process of the trusted application are still scanned for viruses and other malware. To fully exclude an application from scanning and protection, create the exclusion for this application.
If an application that collects information and sends it to be processed is installed on your virtual machine, Kaspersky Security may classify this application as malware. To avoid this, you can exclude the application from scanning by adding it to the list of exclusions.