Configuring the task scan scope

Support

Support for business applications

Kaspersky Security 11.x for Windows Server

On-Demand Scan

Managing On-Demand Scan tasks via the Web Plug-in

Configuring the task scan scope

June 10, 2022

ID 202522

Save as PDF

To configure a scan scope for an existing On-Demand Scan task:

Open the On-Demand Scan task properties.
Select the Scan scope section.
Do one of the following:
- Click Add button to add a new rule.
- Select an existing rule and click Edit button.
The Edit scope window opens.
Switch the toggle button to Active and select an object type.
In the Objects protection section, configure the following settings:
- Objects protection mode:
  - All objects
    Kaspersky Security for Windows Server scans all objects.
  - Objects scanned by format
    Kaspersky Security for Windows Server scans only infectable objects based on file format.
    
    Kaspersky compiles the list of formats. It is included in the Kaspersky Security for Windows Server databases.
  - Objects scanned according to list of extensions specified in anti-virus database
    Kaspersky Security for Windows Server scans only infectable objects based on file extension.
    
    Kaspersky compiles the list of extensions. It is included in the Kaspersky Security for Windows Server databases.
  - Objects scanned by specified list of extensions
    Kaspersky Security for Windows Server scans files based on file extension. The list of file extensions can be manually customized in the List of extensions window, which can be opened by clicking the Modify button.
- Subfolders
- Subfiles
- Scan disk boot sectors and MBR
  Enables protection of boot sectors and master boot records.
  
  If the check box is selected, Kaspersky Security for Windows Server scans boot sectors and master boot records on hard drives and removable drives of the protected device.
  
  The check box is selected by default.
- Scan alternate NTFS streams
  Scanning of alternative file and folder streams on drives with the NTFS file system.
  
  If the check box is selected, the application scans a probably infected object and all NTFS streams associated with that object.
  
  If the check box is cleared, the application scans only the object that was detected and considered as probably infected.
  
  The check box is selected by default.
- Protect only new and modified files
  This check box enables / disables scanning and protection of files that have been recognized by Kaspersky Security for Windows Server as new or modified since the last scan.
  
  If the check box is selected, Kaspersky Security for Windows Server scans and protects only the files that it has recognized as new or modified since the last scan.
  
  If the check box is cleared, Kaspersky Security for Windows Server scans and protects files regardless of their modification status.
  
  By default, the check box for the Maximum performance security level is selected. If the Maximum protection or Recommended security levels are set, the check box is cleared.
In the Compound objects protection section, specify the compound objects that you want to include in the scan scope:
- Archives
  Scanning of ZIP, CAB, RAR, and ARJ archives and other archive formats.
  
  If this check box is selected, Kaspersky Security for Windows Server scans archives.
  
  If this check box is cleared, Kaspersky Security for Windows Server skips archives during scanning.
  
  The default value depends on the selected protection level.
- SFX archives
  Scanning of self-extracting archives.
  
  If this check box is selected, Kaspersky Security for Windows Server scans SFX archives.
  
  If this check box is cleared, Kaspersky Security for Windows Server skips SFX archives during scanning.
  
  The default value depends on the selected protection level.
  
  This option is active when the Archives check box is cleared.
- Packed objects
  Scanning of executable files packed by binary code packers, such as UPX or ASPack.
  
  If this check box is selected, Kaspersky Security for Windows Server scans executable files packed by packers.
  
  If this check box is cleared, Kaspersky Security for Windows Server skips executable files packed by packers during scanning.
  
  The default value depends on the selected protection level.
- Email databases
  Scanning of Microsoft Outlook® and Microsoft Outlook Express mail database files.
  
  If this check box is selected, Kaspersky Security for Windows Server scans mail database files.
  
  If this check box is cleared, Kaspersky Security for Windows Server skips mail database files during scanning.
  
  The default value depends on the selected security level.
- Plain email
  Scanning of files in mail formats, such as Microsoft Outlook and Microsoft Outlook Express messages.
  
  If this check box is selected, Kaspersky Security for Windows Server scans files in mail formats.
  
  If this check box is cleared, Kaspersky Security for Windows Server skips files in mail formats during scanning.
  
  The default value depends on the selected security level.
- Embedded OLE objects
  Scanning of objects embedded in files (such as Microsoft Word macros, or email message attachments).
  
  If this check box is selected, Kaspersky Security for Windows Server scans objects embedded in files.
  
  If this check box is cleared, Kaspersky Security for Windows Server skips objects embedded in files during scanning.
  
  The default value depends on the selected protection level.
In the Action to perform on infected and other objects section, select the action to be performed on infected and other detected objects:
- Notify only.
  When this mode is selected, Kaspersky Security for Windows Server does not block access to nor perform any actions on infected or other detected objects. The following event is recorded in the task log: Object not disinfected. Reason: no action was taken to neutralize detected object due to user-defined settings. The event specifies all available information about the detected object.
  
  Notify only mode should be separately configured for each protection or scan area. This mode is not used by default in any of the security levels. If you select this mode, Kaspersky Security for Windows Server automatically changes the security level to Custom.
- Disinfect.
- Disinfect. Remove if disinfection fails.
- Remove.
  Kaspersky Security for Windows Server deletes the object and places a copy of it in Backup.
- Recommended.
In the Action to perform on probably infected objects section, select the action to be performed on probably infected objects:
- Notify only.
- Quarantine.
- Remove.
- Recommended.
  Kaspersky Security for Windows Server performs an action recommended by Kaspersky experts.
In the Action to perform on probably infected objects section, select or clear the Entirely remove compound file that cannot be modified by the application in case of embedded object detection check box.
This check box enables or disables forced removal of the parent compound file when a malicious, probably infected or other detectable embedded child object is detected.

If the check box is selected and the task is configured to remove infected and probably infected objects, Kaspersky Security for Windows Server forcibly removes the entire parent compound object when a malicious or other embedded object is detected. The parent file along with all of its contents are forcibly removed if the application cannot remove only the detected child object (for example, if the parent object cannot be modified).

If this check box is cleared and the task is configured to remove infected and probably infected objects, Kaspersky Security for Windows Server does not perform the selected action if the parent object cannot be modified.
In the Exclusions section, configure the following settings:
- Clear or select the Exclude files check box.
  Excluding files from scanning by file name or file name mask.
  
  If this check box is selected, Kaspersky Security for Windows Server skips the specified objects during scanning.
  
  If this check box is cleared, Kaspersky Security for Windows Server scans all objects.
  
  The check box is cleared by default.
- Clear or select the Do not detect check box.
  Objects are excluded from scanning by the name or name mask of the detectable object. The list of names of detectable objects is available on the Virus Encyclopedia website.
  
  If this check box is selected, Kaspersky Security for Windows Server skips specified detectable objects during scanning.
  
  If the check box is cleared, Kaspersky Security for Windows Server detects all objects specified in the application by default.
  
  The check box is cleared by default.
In the Advanced settings section, configure the following settings:
- Stop scanning if it takes longer than (sec.)
  Limits the duration of object scanning. The default value is 60 seconds.
  
  If the check box is selected, scanning is limited to the specified maximum duration.
  
  If the check box is cleared, scanning is unlimited.
  
  By default, the check box for the Maximum performance security level is selected.
- Do not scan compound objects larger than (MB)
  Excludes objects larger than the specified size from scanning.
  
  If the check box is selected, Kaspersky Security for Windows Server skips compound objects whose size exceeds the specified limit during a virus scan.
  
  If this check box is cleared, Kaspersky Security for Windows Server scans compound objects of any size.
  
  By default, the check box is selected for the Maximum performance security level.
- Use iSwift technology
  iSwift compares a file’s NTFS identifier stored in a database with its current identifier. Scanning is performed only for files whose identifiers have changed (new files and files modified since the last scan of NTFS system objects).
  
  If the check box is selected, Kaspersky Security for Windows Server scans only new files or those modified since the last scan of NTFS system objects.
  
  If the check box is cleared, Kaspersky Security for Windows Server scans NTFS file system objects regardless of the file creation date or file modification date, except for files from network folders.
  
  The check box is selected by default.
- Use iChecker technology
  iChecker calculates and remembers checksums of scanned files. If an object is modified, the checksum changes. The application compares all checksums and scans only files that are new and have been modified since the last scan.
  
  If the check box is selected, Kaspersky Security for Windows Server scans only new and modified files.
  
  If the check box is cleared, Kaspersky Security for Windows Server scans files regardless of the file creation date or file modification date.
  
  The check box is selected by default.
In the Action on the offline files section, select the action to be performed on the files:
- Do not scan.
- Scan resident part of file only.
- Scan entire file.
  If this action is selected, you can specify the following options:
  - Select or clear the Only if the file has been accessed within the specified period (days) check box and specify the number of days.
  - Select or clear the Do not copy file to a local hard drive, if possible check box.
Click the OK button.

Kaspersky Security for Windows Server: Prompt detection of all kinds of threats

Launch control and exploit prevention for businesses of all sizes. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.