Virus scan task settings

This section provides information about the settings you can specify for the virus scan task.

All available values and default values for each setting are described.

ScanArchived

Enables or disables scanning of archives (including SFX self-extracting archives). Kaspersky Endpoint Security detects threats in archives but does not disinfect them. The following archive types are supported: .zip; .7z*; .7-z; .rar; .iso; .cab; .jar; .bz;.bz2;.tbz;.tbz2; .gz;.tgz; .arj.

Available values:

Yes—Scan archives. If FirstAction=Recommended is specified, the application removes an archive that contains a threat.

No—Do not scan archives

Default value: Yes

ScanSfxArchived

Enables or disables scanning of self-extracting archives only (archives that contain an executable extraction module).

Available values:

Yes—Scan self-extracting archives

No—Do not scan self-extracting archives

Default value: Yes

ScanMailBases

Enables or disables scanning of email databases of Microsoft Outlook®, Outlook Express, The Bat! and other mail clients.

Available values:

Yes—Scan files of email databases

No—Do not scan files of email databases

Default value: No

ScanPlainMail

Enables or disables scanning of plain text email messages.

Available values:

Yes—Scan plain text email messages

No—Do not scan plain text email messages

Default value: No

SizeLimit

Specifies the maximum size of an object to be scanned (in megabytes). If an object to be scanned is larger than the specified value, Kaspersky Endpoint Security skips the object.

Available values:

0 – 999,999

0—Kaspersky Endpoint Security scans objects of any size

Default value: 0

TimeLimit

Specifies maximum duration for the object scan (in seconds). Kaspersky Endpoint Security stops scanning an object if it takes longer than the number of seconds specified by this parameter.

Available values:

0 – 9999

0—The object scan duration is unlimited

Default value: 0

FirstAction

Selection of the first action to be performed by Kaspersky Endpoint Security on infected objects.

Available values:

Cure—Kaspersky Endpoint Security attempts to disinfect an object by saving a copy of it in Storage. If disinfection fails (for example, if the type of object or the type of threat in the object cannot be disinfected) Kaspersky Endpoint Security leaves the object unchanged. If the first action is set to Cure, it is recommended to specify the second action using the SecondAction setting.

Remove—Kaspersky Endpoint Security removes the infected object after first creating a backup copy of it

Recommended (perform recommended action)—Kaspersky Endpoint Security automatically selects and performs an action on the object based on information about the threat detected in the object. For example, Kaspersky Endpoint Security immediately removes Trojans since they do not incorporate themselves into other files and therefore they do not need to be disinfected.

Skip—Kaspersky Endpoint Security does not attempt to disinfect or delete an infected object. Information about the infected object is logged.

Default value: Recommended

SecondAction

Selection of the second action to be performed by Kaspersky Endpoint Security on infected objects. Kaspersky Endpoint Security performs the second action if the first action fails.

The values of the SecondAction setting are the same as the values of the FirstAction setting.

If Skip or Remove is selected as the first action, a second action does not need to be specified. It is recommended to specify two actions in other cases. If you have not specified a second action, Kaspersky Endpoint Security applies Skip as the second action.

Default value: Skip

UseExcludeMasks

Enables or disables the scan exclusion of objects specified using the ExcludeMasks setting.

Available values:

Yes—Exclude objects specified by the ExcludeMasks setting

No—Do not exclude objects specified by the ExcludeMasks setting

Default value: No

ExcludeMasks

Excludes objects from scanning by name or mask. You can use this setting to exclude an individual file from the specified scan scope by name or exclude several files at once using masks in command shell format.

The default value is not defined.

Example:

UseExcludeMasks=Yes

ExcludeMasks.item_0000=eicar1.*

ExcludeMasks.item_0001=eicar2.*

UseExcludeThreats

Enables or disables the scan exclusion of objects with threats specified using the ExcludeThreats setting.

Available values:

Yes—Exclude from scanning the objects containing threats specified using the ExcludeThreats setting

No—Do not exclude from scanning the objects containing threats specified using the ExcludeThreats setting

Default value: No

ExcludeThreats

Excludes objects from scanning by the name of the threats detected in them. Before specifying a value for this setting, make sure that the UseExcludeThreats setting is enabled.

In order to exclude a single object from scanning, specify the full name of the threat detected in this object – the Kaspersky Endpoint Security string with the decision that the object is infected.

E.g., you may be using a utility to collect information about your network. To keep Kaspersky Endpoint Security from blocking it, add the full name of the threat contained in it to the list of threats excluded from scanning.

You can find the full name of the threat detected in the object in the Kaspersky Endpoint Security log. You can also find the full name of the threat on the website of the Virus Encyclopedia. To find the name of a threat, enter the application name in the Search field.

The setting value is case-sensitive.

The default value is not defined.

Example:

UseExcludeThreats=Yes

ExcludeThreats.item_0000=EICAR-Test-*

ExcludeThreats.item_0001=?rojan.Linux

ReportCleanObjects

Enables or disables logging of information about scanned objects that Kaspersky Endpoint Security has deemed non-infected.

You can enable this setting, for example, to make sure that a particular object has been scanned by Kaspersky Endpoint Security.

Available values:

Yes—Log information about non-infected objects

No—Do not log information about non-infected objects

Default value: No

ReportPackedObjects

Enables or disables logging of information about scanned objects that are part of compound objects.

You can enable this setting, for example, to make sure that an object within an archive has been scanned by Kaspersky Endpoint Security.

Available values:

Yes—Log information about scanning objects within archives

No—Do not log information about scanning objects within archives

Default value: No

ReportUnprocessedObjects

Enables or disables the logging of information about unscanned objects.

Available values:

Yes—Log information about unscanned objects

No—Do not log information about unscanned objects

Default value: No

UseAnalyzer

Enables or disables Heuristic Analyzer.

Heuristic analysis helps the application to detect threats even before they become known to virus analysts.

Available values:

Yes—Enable Heuristic Analyzer

No—Disable Heuristic Analyzer

Default value: Yes

HeuristicLevel

Heuristic analysis level.

You can specify the heuristic analysis level. The heuristic analysis level sets the balance between the thoroughness of searches for threats, the load on the operating system's resources, and the scan duration. The higher the heuristic analysis level, the more resources and time are required for scanning.

Available values:

Light—The least thorough scan with minimal load on the system

Medium—Medium heuristic analysis level with a balanced load on the operating system

Deep—The most thorough scan with maximal load on the operating system

Recommended—Recommended value

Default value: Recommended

UseIChecker

Enables or disables the use of iChecker technology.

Available values:

Yes—Enable use of iChecker technology

No—Disable use of iChecker technology

Default value: Yes

The [ScanScope.item_#] section contains the following settings:

AreaDesc

Description of the scan scope, which contains additional information about the scan scope. The maximum length of the string specified using this setting is 4096 characters.

The default value: All objects

Example:

AreaDesc="Scan mail databases"

UseScanArea

Enables or disables scanning of the specified scope. To run the task, you must include at least one area to scan.

Available values:

Yes—Scan the specified scope

No—Do not scan the specified scope

The default value: Yes

AreaMask

You can use this setting to restrict the scan scope.

In the scan scope, Kaspersky Endpoint Security scans only the files that are indicated using command shell masks.

If this setting is not specified, Kaspersky Endpoint Security scans all objects in the scan scope. You can specify several values for this setting.

The default value: * (scan all objects).

Example:

AreaAreaMask_<item number>=*.doc

Path

You can use this setting to specify the path to objects to scan.

The value of the Path setting consists of two elements: <file system type>:<access protocol>. It may also contain the path to the directory in the local file system.

Available values:

<path to local directory>—Scan objects in the specified directory

Shared:NFS—Scan the computer's file system resources that are accessible via the NFS protocol

Shared:SMB—Scan the computer's file system resources that are accessible via the SMB protocol

AllRemoteMounted—Scan all remote directories mounted on the computer using the SMB and NFS protocols

AllShared—Scan all of the computer's file system resources shared via the SMB and NFS protocols

The [ExcludedFromScanScope.item_#] section contains the following settings:

AreaDesc

Description of the scan exclusion scope. Contains additional information about the exclusion scope.

The default value is not defined.

Example:

AreaDesc="Exclude separate SAMBA"

UseScanArea

Enables or disables scanning of the specified scope.

Available values:

Yes—Excludes the specified scope

No—Does not exclude the specified scope

Default value: Yes

Path

You can use this setting to specify the path to objects excluded from scanning.

The value of the Path setting consists of two elements: <file system type>:<access protocol>. It may also contain the path to the directory in the local file system.

Available values:

<path to local directory>—Exclude objects in the specified directory from scanning. You can use masks to specify the path.

Shared:NFS—Exclude the computer's file system resources that are accessible via the NFS protocol

Shared:SMB—Exclude the computer's file system resources that are accessible via the Samba protocol

AllRemoteMounted—Exclude all remote directories mounted on the computer using the SMB and NFS protocols

AllShared—Exclude all of the computer's file system resources shared via the SMB and NFS protocols

Page top