File Threat Protection task settings
October 10, 2024
ID 161284
This section provides information about the settings you can specify for the File Threat Protection task.
All available values and default values for each setting are described.
ScanArchived
Enables or disables scanning of archives (including SFX self-extracting archives). Kaspersky Endpoint Security detects threats in archives but does not disinfect them. The following archive types are supported: .zip; .7z*; .7-z; .rar; .iso; .cab; .jar; .bz;.bz2;.tbz;.tbz2; .gz;.tgz; .arj.
Available values:
Yes—Scan archives. If FirstAction=Recommended is specified, the application removes an archive that contains a threat.
No—Do not scan archives
Default value: No
ScanSfxArchived
Enables or disables scanning of self-extracting archives only (archives that contain an executable extraction module).
Available values:
Yes—Scan self-extracting archives
No—Do not scan self-extracting archives
Default value: No
ScanMailBases
Enables or disables scanning of email databases of Microsoft Outlook, Outlook Express, The Bat! and other mail clients.
Available values:
Yes—Scan files of email databases
No—Do not scan files of email databases
Default value: No
ScanPlainMail
Enables or disables scanning of plain text email messages.
Available values:
Yes—Scan plain text email messages
No—Do not scan plain text email messages
Default value: No
SizeLimit
Specifies the maximum size of an object to be scanned (in megabytes). If an object to be scanned is larger than the specified value, Kaspersky Endpoint Security skips the object.
Available values:
0 – 999,999
0—Kaspersky Endpoint Security scans objects of any size
Default value: 0
TimeLimit
Specifies maximum duration for the object scan (in seconds). Kaspersky Endpoint Security stops scanning an object if it takes longer than the number of seconds specified by this parameter.
Available values:
0 – 9999
0—The object scan duration is unlimited
Default value: 60
FirstAction
Selection of the first action to be performed by Kaspersky Endpoint Security on infected objects.
In File Threat Protection tasks, before performing the action specified by you on an object, Kaspersky Endpoint Security blocks access to the object by applications that attempt to access it.
Available values:
Cure—Kaspersky Endpoint Security attempts to disinfect an object by saving a copy of it in Storage. If disinfection fails (for example, if the type of object or the type of threat in the object cannot be disinfected) Kaspersky Endpoint Security leaves the object unchanged. If the first action is set to Cure, it is recommended to specify the second action using the SecondAction setting.
Remove—Kaspersky Endpoint Security removes the infected object after first creating a backup copy of it
Recommended (perform recommended action)—Kaspersky Endpoint Security automatically selects and performs an action on the object based on information about the threat detected in the object. For example, Kaspersky Endpoint Security immediately removes Trojans since they do not incorporate themselves into other files and therefore they do not need to be disinfected.
Block—Kaspersky Endpoint Security blocks access to the infected object. Information about the infected object is logged
Default value: Recommended
SecondAction
Selection of the second action to be performed by Kaspersky Endpoint Security on infected objects. Kaspersky Endpoint Security performs the second action if the first action fails.
The values of the SecondAction setting are the same as the values of the FirstAction setting.
If Block or Remove is selected as the first action, a second action does not need to be specified. It is recommended to specify two actions in other cases. If you have not specified a second action, Kaspersky Endpoint Security applies Block as the second action.
Default value: Block
UseExcludeMasks
Enables or disables the scan exclusion of objects specified using the ExcludeMasks setting.
Available values:
Yes—Exclude objects specified by the ExcludeMasks setting
No—Do not exclude objects specified by the ExcludeMasks setting
Default value: No
ExcludeMasks
Excludes objects from scanning by name or mask. You can use this setting to exclude an individual file from the specified scan scope by name or exclude several files at once using masks in command shell format.
The default value is not defined.
Example:
|
UseExcludeThreats
Enables or disables the scan exclusion of objects with threats specified using the ExcludeThreats setting.
Available values:
Yes—Exclude from scanning the objects containing threats specified using the ExcludeThreats setting
No—Do not exclude from scanning the objects containing threats specified using the ExcludeThreats setting
Default value: No
ExcludeThreats
Excludes objects from scanning by the name of the threats detected in them. Before specifying a value for this setting, make sure that the UseExcludeThreats setting is enabled.
In order to exclude a single object from scanning, specify the full name of the threat detected in this object – the Kaspersky Endpoint Security string with the decision that the object is infected.
E.g., you may be using a utility to collect information about your network. To keep Kaspersky Endpoint Security from blocking it, add the full name of the threat contained in it to the list of threats excluded from scanning.
You can find the full name of the threat detected in the object in the Kaspersky Endpoint Security log. You can also find the full name of the threat on the website of the Virus Encyclopedia. To find the name of a threat, enter the application name in the Search field.
The setting value is case-sensitive.
The default value is not defined.
Example:
|
ReportCleanObjects
Enables or disables logging of information about scanned objects that Kaspersky Endpoint Security has deemed non-infected.
You can enable this setting, for example, to make sure that a particular object has been scanned by Kaspersky Endpoint Security.
Available values:
Yes—Log information about non-infected objects
No—Do not log information about non-infected objects
Default value: No
ReportPackedObjects
Enables or disables logging of information about scanned objects that are part of compound objects.
You can enable this setting, for example, to make sure that an object within an archive has been scanned by Kaspersky Endpoint Security.
Available values:
Yes—Log information about scanning objects within archives
No—Do not log information about scanning objects within archives
Default value: No
ReportUnprocessedObjects
Enables or disables the logging of information about unscanned objects.
Available values:
Yes—Log information about unscanned objects
No—Do not log information about unscanned objects
Default value: No
UseAnalyzer
Enables or disables Heuristic Analyzer.
Heuristic analysis helps the application to detect threats even before they become known to virus analysts.
Available values:
Yes—Enable Heuristic Analyzer
No—Disable Heuristic Analyzer
Default value: Yes
HeuristicLevel
Heuristic analysis level.
You can specify the heuristic analysis level. The heuristic analysis level sets the balance between the thoroughness of searches for threats, the load on the operating system's resources, and the scan duration. The higher the heuristic analysis level, the more resources and time are required for scanning.
Available values:
Light—The least thorough scan with minimal load on the system
Medium—Medium heuristic analysis level with a balanced load on the operating system
Deep—The most thorough scan with maximal load on the operating system
Recommended—recommended value
Default value: Recommended
UseIChecker
Enables or disables the use of iChecker technology.
Available values:
Yes—Enable use of iChecker technology
No—Disable use of iChecker technology
Default value: Yes
ScanByAccessType
You can use this setting to specify the File Threat Protection mode. The ScanByAccessType setting is applied only in File Threat Protection task.
Available values:
SmartCheck—Scan a file when there is an attempt to open it, and scan it again when there is an attempt to close it if the file has been modified. If a process accesses an object multiple times in the course of its operation and modifies it, the application scans the object again only when the process closes it for the last time.
OpenAndModify—Scan a file when there is an attempt to open it, and scan it again when there is an attempt to close it if the file has been modified
Open—Scan the file when an attempt is made to open it for reading or for execution or modification
Default value: SmartCheck
The [ScanScope.item_#] section contains the following settings:
AreaDesc
Description of the scan scope, which contains additional information about the scan scope. The maximum length of the string specified using this setting is 4096 characters.
Default value: All objects
Example:
|
UseScanArea
This setting enables or disables scanning of the specified scope. To run the task, you must include at least one area to scan.
Available values:
Yes—Scan the specified scope
No—Do not scan the specified scope
Default value: Yes
AreaMask
You can use this setting to restrict the scan scope.
In the scan scope, Kaspersky Endpoint Security scans only the files that are indicated using command shell masks.
If this setting is not specified, Kaspersky Endpoint Security scans all objects in the scan scope. You can specify several values for this setting.
Default value: * (scan all objects)
Example:
|
Path
You can use this setting to specify the path to objects to scan.
The value of the Path setting consists of two elements: <file system type>:<access protocol>. It may also contain the path to the directory in the local file system.
Available values:
<path to local directory>—Scan objects in the specified directory
Shared:NFS—Scan the computer's file system resources that are accessible via the NFS protocol
Shared:SMB—Scan the computer's file system resources that are accessible via the SMB protocol
AllRemoteMounted—Scan all remote directories mounted on the computer using the SMB and NFS protocols
AllShared—Scan all of the computer's file system resources shared via the SMB and NFS protocols
The [ExcludedFromScanScope.item_#] section contains the following settings:
AreaDesc
Description of the scan exclusion scope. Contains additional information about the exclusion scope.
The default value is not defined.
Example:
|
UseScanArea
Enables or disables scanning of the specified scope.
Available values:
Yes—Excludes the specified scope
No—Does not exclude the specified scope
Default value: Yes
Path
You can use this setting to specify the path to objects excluded from scanning.
The value of the Path setting consists of two elements: <file system type>:<access protocol>. It may also contain the path to the directory in the local file system.
Available values:
<path to local directory>—Exclude objects in the specified directory from scanning. You can use masks to specify the path.
Shared:NFS—Exclude the computer's file system resources that are accessible via the NFS protocol
Shared:SMB—Exclude the computer's file system resources that are accessible via the Samba protocol
AllRemoteMounted—Exclude all remote directories mounted on the computer using the SMB and NFS protocols
AllShared—Exclude all of the computer file system resources shared via the SMB and NFS protocols
