Key functions of Kaspersky Scan Engine

June 28, 2024

ID 184797

Kaspersky Scan Engine can work in one of two modes:

  • HTTP mode

    In this mode, Kaspersky Scan Engine works as a REST-like service that receives HTTP requests from client applications, scans the objects passed in these requests, and sends back HTTP responses with the scan results.

  • ICAP mode

    This mode is available only for Linux operating systems.

    In this mode, Kaspersky Scan Engine works as an ICAP server that scans the HTTP traffic that passes through a proxy server and the URLs that are requested by users, and filters out web pages that contain malicious content.

Kaspersky Scan Engine also includes a graphical user interface that allows you to easily configure the behavior of Kaspersky Scan Engine, review its service events, and scan results.

Usage scenarios:

Threat Protection

Kaspersky Scan Engine can scan files and blocks of random access memory (RAM) by using the Kaspersky anti-virus database and the advanced heuristics module. Scanning of compressed executables, archives, Microsoft Office macros, email messages, and email databases is supported.

Web Filtering

Kaspersky Scan Engine can scan specific URLs (in HTTP mode) or URLs that users request from a proxy server (in ICAP mode). In ICAP mode, Kaspersky Scan Engine can return a user-specified HTML page instead of malicious web pages.

File and URL Reputation Checking

Kaspersky Scan Engine can receive information about the reputation of the scanned files and URLs from Kaspersky Security Network (KSN).

Graphical User Interface

The graphical user interface (GUI) allows you to configure Kaspersky Scan Engine, check the status of a Kaspersky Scan Engine key file or activation code, review service events, and scan results.

Key functionality:

  • Award-wining Kaspersky anti-malware technology provides the best-in-class malware detection rates and can instantaneously react to emerging threats.
  • Kaspersky Security Network provides information about the reputation of files and Internet resources, ensures that Kaspersky applications react to threats faster without waiting for an application database update, and reduces the likelihood of false positives.
  • Filters out malicious, phishing, and adware URLs.
  • Detection of multi-packed objects and objects packed using "grey" compression utilities (frequently used for hiding malicious programs from anti-virus software).
  • Advanced heuristics analyzer and machine learning-based detection technologies.
  • Disinfection of infected files, archives, and encoded objects.
  • Updatable Anti-Virus engine: detection technologies and processing logic can be upgraded or modified through regular updates of the anti-virus database.
  • Kaspersky Scan Engine natively supports multithreading and can process several tasks simultaneously. You can adjust the number of scanning processes and threads to increase performance of Kaspersky Scan Engine.
  • An additional filtering layer is made possible by the Format Recognizer component. You can use this component to recognize and skip certain file formats during the scanning process. Dozens of formats are supported, including executable, document files, media files, and archives.
  • Graphical user interface (GUI) for management and monitoring:
    • Lets you configure application settings and manage the application.
    • Lets you monitor the application operating status, status of the used key file or activation code, and the number of scanned and detected objects.
    • Provides a dashboard with information about all scanned objects. Scan results can be exported in CSV format.
  • Ease of installation and configuration, and no development is needed with this out-of-the box installation. The solution will be running within minutes.
  • Reporting features:
    • Important application events are sent to Syslog in the CEF format.
    • All service events are visible on the GUI dashboard.
  • Maintenance features:
    • Anti-virus database updates are automatic. Kaspersky Scan Engine automatically restores corrupted databases.
    • Easy collection of product traces by using the GUI.
    • Option to use online activation. With online activation, licensing information for Kaspersky Scan Engine is updated automatically.
  • Fault-tolerant and resilient architecture.
  • Source code for HTTP client and ICAP service are provided in the distribution kit for customization.
  • Comprehensive documentation and cross-platform API support. Similar APIs for Linux/UNIX and Windows versions.
  • Option to minimize external traffic by creating local mirror server for the anti-virus database (additional tool needed).
  • Kaspersky Scan Engine supports cluster architecture. This feature allows you to do the following:
    • Centralized instance management: you can apply unified settings to multiple instances in a cluster
    • View service events from each clustered instance
    • View scan results with statistics for each clustered instance
    • View information about the status of Kaspersky Scan Engine for each clustered instance (current status of Kaspersky Scan Engine, version, information about the anti-virus database, etc.)

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.