Configuring the task protection scope

To configure a protection scope for Real-Time File Protection task:

1. In the main window of the Web Console, select Devices → Policies & profiles.
2. Click the policy name you want to configure.
3. In the <Policy name> window that opens select the Application settings tab.
4. Select the Real-time server protection section.
5. Click Settings in the Real-Time File Protection subsection.
6. Select the Protection scope section.
7. Do one of the following:
   • Click Add button to add a new rule.
   • Select an existing rule and click Edit button.

   The Edit scope window opens.

8. Switch the toggle button to Active and select an object type.
9. In the Objects protection section, configure the following settings:
   • Objects protection mode:
     • All objects
       

       Kaspersky Security for Windows Server scans all objects.

     • Objects scanned by format
       

       Kaspersky Security for Windows Server scans only infectable objects based on file format.

       Kaspersky compiles the list of formats. It is included in the Kaspersky Security for Windows Server databases.

     • Objects scanned according to list of extensions specified in anti-virus database
       

       Kaspersky Security for Windows Server scans only infectable objects based on file extension.

       Kaspersky compiles the list of extensions. It is included in the Kaspersky Security for Windows Server databases.

     • Objects scanned by specified list of extensions
       

       Kaspersky Security for Windows Server scans files based on file extension. The list of file extensions can be manually customized in the List of extensions window, which can be opened by clicking the Modify button.

   • Scan disk boot sectors and MBR
     

     Enables protection of boot sectors and master boot records.

     If the check box is selected, Kaspersky Security for Windows Server scans boot sectors and master boot records on hard drives and removable drives of the protected device.

     The check box is selected by default.

   • Scan alternate NTFS streams
     

     Scanning of alternative file and folder streams on drives with the NTFS file system.

     If the check box is selected, the application scans a probably infected object and all NTFS streams associated with that object.

     If the check box is cleared, the application scans only the object that was detected and considered as probably infected.

     The check box is selected by default.

10. In the Objects protection section, select or clear the Protect only new and modified files check box.
    

    This check box enables / disables scanning and protection of files that have been recognized by Kaspersky Security for Windows Server as new or modified since the last scan.

    If the check box is selected, Kaspersky Security for Windows Server scans and protects only the files that it has recognized as new or modified since the last scan.

    If the check box is cleared, Kaspersky Security for Windows Server scans and protects files regardless of their modification status.

    By default, the check box for the Maximum performance security level is selected. If the Maximum protection or Recommended security levels are set, the check box is cleared.

11. In the Compound objects protection section, specify the compound objects that you want to include in the scan scope:
    • Archives
      

      Scanning of ZIP, CAB, RAR, and ARJ archives and other archive formats.

      If this check box is selected, Kaspersky Security for Windows Server scans archives.

      If this check box is cleared, Kaspersky Security for Windows Server skips archives during scanning.

      The default value depends on the selected protection level.

    • SFX archives
      

      Scanning of self-extracting archives.

      If this check box is selected, Kaspersky Security for Windows Server scans SFX archives.

      If this check box is cleared, Kaspersky Security for Windows Server skips SFX archives during scanning.

      The default value depends on the selected protection level.

      This option is active when the Archives check box is cleared.

    • Packed objects
      

      Scanning of executable files packed by binary code packers, such as UPX or ASPack.

      If this check box is selected, Kaspersky Security for Windows Server scans executable files packed by packers.

      If this check box is cleared, Kaspersky Security for Windows Server skips executable files packed by packers during scanning.

      The default value depends on the selected protection level.

    • Email databases
      

      Scanning of Microsoft Outlook® and Microsoft Outlook Express mail database files.

      If this check box is selected, Kaspersky Security for Windows Server scans mail database files.

      If this check box is cleared, Kaspersky Security for Windows Server skips mail database files during scanning.

      The default value depends on the selected security level.

    • Plain email
      

      Scanning of files in mail formats, such as Microsoft Outlook and Microsoft Outlook Express messages.

      If this check box is selected, Kaspersky Security for Windows Server scans files in mail formats.

      If this check box is cleared, Kaspersky Security for Windows Server skips files in mail formats during scanning.

      The default value depends on the selected security level.

    • Embedded OLE objects
      

      Scanning of objects embedded in files (such as Microsoft Word macros, or email message attachments).

      If this check box is selected, Kaspersky Security for Windows Server scans objects embedded in files.

      If this check box is cleared, Kaspersky Security for Windows Server skips objects embedded in files during scanning.

      The default value depends on the selected protection level.

    • Entirely remove compound file that cannot be modified by the application in case of embedded object detection
      

      This check box enables or disables forced removal of the parent compound file when a malicious, probably infected or other detectable embedded child object is detected.

      If the check box is selected and the task is configured to remove infected and probably infected objects, Kaspersky Security for Windows Server forcibly removes the entire parent compound object when a malicious or other embedded object is detected. The parent file along with all of its contents are forcibly removed if the application cannot remove only the detected child object (for example, if the parent object cannot be modified).

      If this check box is cleared and the task is configured to remove infected and probably infected objects, Kaspersky Security for Windows Server does not perform the selected action if the parent object cannot be modified.

12. Select the action to be performed on infected and other detected objects:
    • Notify only.
      

      When this mode is selected, Kaspersky Security for Windows Server does not block access to nor perform any actions on infected or other detected objects. The following event is recorded in the task log: Object not disinfected. Reason: no action was taken to neutralize detected object due to user-defined settings. The event specifies all available information about the detected object.

      Notify only mode should be separately configured for each protection or scan area. This mode is not used by default in any of the security levels. If you select this mode, Kaspersky Security for Windows Server automatically changes the security level to Custom.

    • Block access.
      

      When this option is selected, Kaspersky Security for Windows Server blocks access to the detected or probably infected object. In the drop-down list, you can select an additional action to perform on blocked objects.

    • Perform additional action.

      Select the action from the drop-down list:

      • Disinfect.
      • Disinfect. Remove if disinfection fails.
      • Remove.
        

        Kaspersky Security for Windows Server deletes the object and places a copy of it in Backup.

      • Recommended.
        

        Kaspersky Security for Windows Server performs an action recommended by Kaspersky experts.

13. Select the action to be performed on probably infected objects:
    • Notify only.
    • Block access.
    • Perform additional action.

      Select the action from the drop-down list:

      • Quarantine.
      • Remove.
      • Recommended.
14. Configure actions to be performed on objects depending on the type of object detected:
    1. Clear or select the Perform actions depending on the type of object detected check box.
       

       If the check box is selected, you can independently set primary and secondary actions for each type of detected objects by clicking the Settings button next to the check box. However, Kaspersky Security for Windows Server will not allow to open or execute an infected object regardless of your choice.

       If the check box is cleared, Kaspersky Security for Windows Server performs actions that are selected in the Action to perform on infected and other objects and Action to perform on probably infected objects sections for named object types respectively.

       The check box is cleared by default.

    2. Click the Settings button.
    3. In the window that opens, select a primary action and a secondary action (to be performed if the primary action fails) for each type of detected object.
    4. Click OK.
15. In the Exclusions section, configure the following settings:
    • Clear or select the Exclude files check box.
      

      Excluding files from scanning by file name or file name mask.

      If this check box is selected, Kaspersky Security for Windows Server skips the specified objects during scanning.

      If this check box is cleared, Kaspersky Security for Windows Server scans all objects.

      The check box is cleared by default.

    • Clear or select the Do not detect check box.
      

      Objects are excluded from scanning by the name or name mask of the detectable object. The list of names of detectable objects is available on the Virus Encyclopedia website.

      If this check box is selected, Kaspersky Security for Windows Server skips specified detectable objects during scanning.

      If the check box is cleared, Kaspersky Security for Windows Server detects all objects specified in the application by default.

      The check box is cleared by default.

16. In the Performance section, configure the following settings:
    • Stop scanning if it takes longer than (sec.)
      

      Limits the duration of object scanning. The default value is 60 seconds.

      If the check box is selected, scanning is limited to the specified maximum duration.

      If the check box is cleared, scanning is unlimited.

      By default, the check box for the Maximum performance security level is selected.

    • Do not scan compound objects larger than (MB)
      

      Excludes objects larger than the specified size from scanning.

      If the check box is selected, Kaspersky Security for Windows Server skips compound objects whose size exceeds the specified limit during a virus scan.

      If this check box is cleared, Kaspersky Security for Windows Server scans compound objects of any size.

      By default, the check box is selected for the Maximum performance security level.

    • Use iSwift technology
      

      iSwift compares a file’s NTFS identifier stored in a database with its current identifier. Scanning is performed only for files whose identifiers have changed (new files and files modified since the last scan of NTFS system objects).

      If the check box is selected, Kaspersky Security for Windows Server scans only new files or those modified since the last scan of NTFS system objects.

      If the check box is cleared, Kaspersky Security for Windows Server scans NTFS file system objects regardless of the file creation date or file modification date, except for files from network folders.

      The check box is selected by default.

    • Use iChecker technology
      

      iChecker calculates and remembers checksums of scanned files. If an object is modified, the checksum changes. The application compares all checksums and scans only files that are new and have been modified since the last scan.

      If the check box is selected, Kaspersky Security for Windows Server scans only new and modified files.

      If the check box is cleared, Kaspersky Security for Windows Server scans files regardless of the file creation date or file modification date.

      The check box is selected by default.

17. Click the OK button.