In this section, SVM refers to an SVM with the File Threat Protection component installed.
An SVM with the File Threat Protection component installed protects virtual machines on the VMware ESXi hypervisor. The settings that SVMs apply for virtual machine file threat protection are defined by using policies. Kaspersky Security starts protecting virtual machines only after you have enabled protection by using a policy.
File Threat Protection is enabled for virtual machines if a protection profile is assigned to these virtual machines. You can assign the main protection profile that is generated automatically when a policy is created, or create and assign additional protection profiles if you want to use different protection settings for different virtual infrastructure objects.
You can assign protection profiles directly to virtual machines and other virtual infrastructure objects. In a virtual infrastructure managed by a standalone VMware vCenter Server, you can also assign different protection profiles to virtual machines that are part of NSX Security Groups that are within the scope of different NSX Profile Configurations.
If the application is not activated or the application databases are missing on SVMs, Kaspersky Security does not protect the virtual machines.
Kaspersky Security protects only powered-on virtual machines that meet all the conditions for virtual machine protection.
When a user or program attempts to access a virtual machine file, Kaspersky Security scans this file.
Kaspersky Security then performs the action that is specified in the protection profile of the virtual machine; for example, it disinfects or blocks the file.
If an application that collects information and sends it to be processed is installed on a virtual machine, Kaspersky Security may classify this application as malware. To avoid this, you can exclude the application from protection. The list of exclusions is configured in the protection profile settings.
The Signature analysis and machine learning scan method is used for protection of virtual machines. Protection that uses signature analysis provides a minimally acceptable security level. Kaspersky Security uses application databases containing information about known threats and about the methods to neutralize them. Based on the recommendations of Kaspersky experts, the Signature analysis and machine learning scan method is always enabled.
Additionally, during virtual machines protection, the Heuristic analysis is used. This is a technology designed for detecting threats that cannot be detected with the aid of Kaspersky application databases. Heuristic analysis detects files that could be infected with malware for which there are not yet any database signatures or infected with a new variety of a known virus. Files in which a threat is detected during heuristic analysis are marked as Infected.
The heuristic analysis level depends on the selected security level:
Information about all events that occur during protection of virtual machines is logged in a report.
You are advised to regularly view the list of files blocked in the course of virtual machine protection and manage them. For example, you can save file copies to a location that is inaccessible to a virtual machine user or delete the files. You can view the details of blocked files in the threats report or by filtering events by the File blocked event (please refer to the Kaspersky Security Center documentation).
To gain access to files that were blocked as a result of virtual machine protection, you must exclude these files from protection in the settings of the protection profile assigned to the virtual machines, or temporarily disable the protection of these virtual machines.