Trusted zone: Anti-Virus scan exclusions in Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition

 

Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition

 
 
 

Trusted zone: Anti-Virus scan exclusions in Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition

Back to "Settings / How to"
2012 Jan 23 ID: 4554
 
 
 
 

Trusted zone is a list of objects that can be excluded from an Anti-Virus scan. Excludable objects are processes, scripts, files, disk areas, particular threats.

Kaspersky Anti-Virus trust zone may include the following objects:

  • files accessed by software sensitive to file intercepts (trusted processes);
  • files accessed by backup operations (backup copy creation processes);
  • user-defined files and scripts by location and/or detected threat (exclusion rules).
By default the trusted zone is used by tasks Real-time file protection and Script monitoring, newly created user on-demand-scan tasks, as well as all system on-demand-scan tasks except the task Scan Quarantine objects.

Trusted processes

Some software may not function correctly on a server, if antivirus application intercepts files accessed by it. Among such software are domain controller system applications, e.g.

Resident protection of files accessed by running processes of these applications may be disabled to avoid disturbing its normal operation by creating a list of trusted processes in the trusted zone.

Microsoft recommends excluding certain files of MS Windows operating system and other MS software from resident protection as uninfectable. Some of them are listed on Microsoft web site (KB822158).

You can add a process into the trusted list one of the following ways:

  • by selecting a process from the list of processes currently running on the protected server;
  • by selecting a process executable file at any time, even when the process is not running;

If a process executable file changes (has been updated e.g.), Kaspersky Anti-Virus will remove this process from the trusted list.

Backup operations

This type of objects is used in the task Real-time file protection only.

You can disable resident protection of files accessed by backup operations for duration of such tasks. Kaspersky Anti-Virus does not scan files read by backup software with the mark  FILE_FLAG_BACKUP_SEMANTICS:
  1. Right-click the console node Kaspersky Anti-Virus and select the option Configure trusted zone.
  2. Go to the tab Trusted processes and enable the option Do not check files backup operations.



  3. Click OK to apply the changes.
  4. Make sure that the trusted zone is enabled in the task Real-time file protection.

Exclusion rules

Objects can be excluded from any particular tasks without using the trusted zone. You can also generate a common trusted zone exclusion list and apply these exclusions in selected on-demand-scan and Real-time file protection tasks as necessary.

An object can be added into the trusted zone by its location on the server, by detected threat, or by a combination of both.

When adding a new trusted zone exclusion rule, you configure a rule for it (signs used by Kaspersky Anti-Virus to identify the object to be ignored) and specify the tasks ( Real-time file protection or On-demand-scan) affected by it.

According to a rule, selected Kaspersky Anti-Virus tasks can ignore the following types of suspicious objects:

  • particular threats in particular server areas;
  • all areas in particular server areas;
  • particular threats in all scan areas.

If you chose to add exclusion rules for remote management applications and files recommended by Microsoft during Kaspersky Anti-Virus installation, these exclusion rules apply to the task Real-time file protection, as well as all system on-demand-scan tasks except the task Scan Quarantine objects.

 
 
 
 
Was this information helpful?
Yes No
Thank you
 

 
 

How can we improve this article?

Your feedback will be used for content improvement purposes only. If you need assistance, please contact technical support.

Submit Submit

Thank you for your feedback!

Your suggestions will help improve this article.

OK