About the Real-Time File Protection task
When the Real-Time File Protection task is running, Kaspersky Security for Windows Server scans the following protected device objects when they are accessed:
- Files.
- NTFS alternate data streams.
- Master boot records and boot sectors on local hard drives and external devices.
- Windows Server 2016 and Windows Server 2019 container files.
When any application writes a file to the protected device or reads a file from it, Kaspersky Security for Windows Server intercepts the file, scans it for threats, and, if a threat is detected, performs a default action or an action you have specified: try to disinfect, move to Quarantine, or delete it. Before disinfection or deletion, Kaspersky Security for Windows Server saves an encrypted copy of the source file to the Backup folder.
Kaspersky Security for Windows Server intercepts file operations, executed in Windows Server 2016 and Windows Server 2019 containers.
A container is an isolated environment, which allows applications to run without direct interaction with the operating system. If container is located in task the task protection scope, Kaspersky Security for Windows Server scans container files, which are being accessed by users, for computer threats. When a threat is detected, the application attempts to disinfect the container. If the attempt is successful, the container continues to work; if disinfection fails, the container is shut down.
Kaspersky Security for Windows Server also detects malware for processes running under Windows Subsystem for Linux®. For such processes, the Real-Time File Protection task applies action defined by the current configuration.
