Configuring actions

To configure actions on infected and other detected objects during the Real-Time File Protection task:

1. Open the Real-time file protection settings window.
2. Select the Actions tab.
3. Select the action to be performed on infected and other detected objects:
   • Notify only.
     

     When this mode is selected, Kaspersky Security for Windows Server does not block access to nor perform any actions on infected or other detected objects. The following event is recorded in the task log: Object not disinfected. Reason: no action was taken to neutralize detected object due to user-defined settings. The event specifies all available information about the detected object.

     Notify only mode should be separately configured for each protection or scan area. This mode is not used by default in any of the security levels. If you select this mode, Kaspersky Security for Windows Server automatically changes the security level to Custom.

   • Block access.
     

     When this option is selected, Kaspersky Security for Windows Server blocks access to the detected or probably infected object. In the drop-down list, you can select an additional action to perform on blocked objects.

   • Perform additional action.

     Select the action from the drop-down list:

     • Disinfect.
     • Disinfect. Remove if disinfection fails.
     • Remove.
       

       Kaspersky Security for Windows Server deletes the object and places a copy of it in Backup.

     • Recommended.
       

       Kaspersky Security for Windows Server performs an action recommended by Kaspersky experts.

4. Select the action to be performed on probably infected objects:
   • Notify only.
   • Block access.
   • Perform additional action.

     Select the action from the drop-down list:

     • Quarantine.
     • Remove.
     • Recommended.
5. Configure actions to be performed on objects depending on the type of object detected:
   1. Clear or select the Perform actions depending on the type of object detected check box.
      

      If the check box is selected, you can independently set primary and secondary actions for each type of detected object by clicking the Settings button next to the check box. However, Kaspersky Security for Windows Server will not allow to open or execute an infected object regardless of your choice.

      If the check box is cleared, Kaspersky Security for Windows Server performs actions that are selected in the Action to perform on infected and other objects and Action to perform on probably infected objects sections for named object types respectively.

      The check box is cleared by default.

   2. Click the Settings button.
   3. In the window that opens, select a primary action and a secondary action (to be performed if the primary action fails) for each type of detected object.
   4. Click OK.
6. Select the action to perform on unmodifiable compound files: select or clear the Entirely remove compound file that cannot be modified by the application in case of embedded object detection check box.
   

   This check box enables or disables forced removal of the parent compound file when a malicious, probably infected or other detectable embedded child object is detected.

   If the check box is selected and the task is configured to remove infected and probably infected objects, Kaspersky Security for Windows Server forcibly removes the entire parent compound object when a malicious or other embedded object is detected. The parent file along with all of its contents are forcibly removed if the application cannot remove only the detected child object (for example, if the parent object cannot be modified).

   If this check box is cleared and the task is configured to remove infected and probably infected objects, Kaspersky Security for Windows Server does not perform the selected action if the parent object cannot be modified.

7. Click Save.

The new task configuration will be saved.