File Threat Protection
January 20, 2022
ID 208771
File Threat Protection prevents infection of the file system of the computer. The File Threat Protection task is automatically created with the default settings when you install Kaspersky Endpoint Security to the computer. By default, the File Threat Protection task starts automatically when Kaspersky Endpoint Security starts. The task resides in the computer's RAM and scans all opened, saved, and active files.
While File Threat Protection task is running, Kaspersky Endpoint Security scans all namespaces on all supported operating systems if the general application setting NamespaceMonitoring
is set to Yes
.
Additionally for Astra Linux, a custom virus scan task (Scan_File) allows scanning files from another namespaces (within mandatory sessions).
You cannot create custom File Threat Protection tasks. You can modify the settings of the predefined File Threat Protection task.
File Threat Protection settings
Setting | Description |
---|---|
File Threat Protection enabled / disabled | This toggle button enables or disables File Threat Protection on all managed devices. The toggle button is switched on by default. |
File Threat Protection mode | In this drop-down list, you can select the File Threat Protection mode:
|
First action | In this drop-down list, you can select the first action to be performed by Kaspersky Endpoint Security on an infected object that has been detected:
|
Second action | In this drop-down list, you can select the second action to be performed by Kaspersky Endpoint Security on an infected object, in case the first action is unsuccessful:
|
Scan scopes | Contains objects that are scanned by File Threat Protection. Clicking the Configure scan scopes link opens the Scan scopes window. This window lets you configure the scan scopes. You can add, configure, delete, move up, or move down scan scopes in the table. |
Scan archives | This check box enables or disables scan of archives. If this check box is selected, Kaspersky Endpoint Security scans archives. The application detects infected objects in archives, but does not disinfect them. Select this action for a more detailed scan. To scan an archive, the application has to unpack it first, which may slow down scanning. You can reduce the archive scan duration by enabling and configuring the Skip object if scan takes longer than (sec) and/or Skip objects larger than (MB) parameters. If this check box is cleared, Kaspersky Endpoint Security does not scan archives. This check box is cleared by default. |
Scan SFX archives | This check box enables or disables scanning of self-extracting archives. Self-extracting archives are archives that contain an executable extraction module. If this check box is selected, Kaspersky Endpoint Security scans self-extracting archives. If this check box is cleared, Kaspersky Endpoint Security does not scan self-extracting archives. This check box is available if the Scan archives check box is cleared. This check box is cleared by default. |
Scan mail databases | This check box enables or disables scan of mail databases of Microsoft Outlook, Outlook Express, The Bat!, and other mail applications. If this check box is selected, Kaspersky Endpoint Security scans mail database files. If this check box is cleared, Kaspersky Endpoint Security does not scan mail database files. This check box is cleared by default. |
Scan mail formats | This check box enables or disables scan of files of plain-text email messages. If this check box is selected, Kaspersky Endpoint Security scans plain-text messages. If this check box is cleared, Kaspersky Endpoint Security does not scan plain-text messages. This check box is cleared by default. |
Skip object if scan takes longer than (sec) | The field for specifying the maximum time to scan an object, in seconds. After the specified time is reached, Kaspersky Endpoint Security stops scanning the object. Available values: Default value: |
Skip objects larger than (MB) | The field for specifying the maximum size of an archive to scan, in megabytes. Available values: Default value: |
Log clean objects | This check box enables or disables logging the events of the If this check box is selected, Kaspersky Endpoint Security logs the events of the If this check box is cleared, Kaspersky Endpoint Security does not log the events of the This check box is cleared by default. |
Log unprocessed objects | This check box enables or disables logging the events of the If this check box is selected, Kaspersky Endpoint Security logs the events of the If this check box is cleared, Kaspersky Endpoint Security does not log the events of the This check box is cleared by default. |
Log packed objects | This check box enables or disables logging the events of the If this check box is selected, Kaspersky Endpoint Security logs the events of the If this check box is cleared, Kaspersky Endpoint Security does not log the events of the This check box is cleared by default. |
Use iChecker technology | This check box enables or disables scan of only new and modified since the last scan files. If the check box is selected, Kaspersky Endpoint Security scans only new or modified since the last scan files. If the check box is cleared, Kaspersky Endpoint Security scans files regardless to the date of creation or modification. This check box is selected by default. |
Use heuristic analysis | This check box enables or disables heuristic analysis during an object scan. This check box is selected by default. |
Heuristic analysis level | If the Use heuristic analysis check box is selected, you can select the heuristic analysis level in the drop-down list:
|