Today's malicious programs can penetrate the lowest levels of an operating system, which makes them virtually impossible to eliminate. After detecting malicious activity on a protected virtual machine running a Windows desktop operating system, Kaspersky Security performs an extended disinfection procedure that uses special advanced disinfection technology.
Advanced disinfection technology is aimed at purging the Windows operating system of malicious programs that have already started their processes in RAM and that prevent Kaspersky Security from removing them by using other methods. The threat is neutralized when Advanced Disinfection technology is applied. While Advanced Disinfection is in progress, you are advised to refrain from starting new processes or editing the Windows operating system registry.
In the local interface of Light Agent for Windows, Advanced Disinfection technology is enabled by default. You can disable it if necessary. In a Light Agent for Windows policy, Advanced Disinfection technology is disabled by default. You can enable it if necessary.
The advanced disinfection technology uses considerable Windows operating system resources, which may slow down other applications.
After the Advanced Disinfection procedure is completed, the application restarts the protected virtual machine. After reboot, the application deletes malware files and starts a "lite" full scan of the protected virtual machine.
An unplanned reboot of a server operating system can lead to problems involving temporary denial of access to operating system data or loss of unsaved data. For this reason, Advanced Disinfection technology is not used on protected virtual machines running Windows server operating systems.
When Light Agent runs on a temporary virtual machine, Advanced Disinfection technology is not used. When an active infection is detected on the temporary virtual machine, scan the virtual machine template from which it has been created for viruses and other malware and create the temporary virtual machine anew.