File Anti-Virus: security levels - Kaspersky Lab

Kaspersky PURE 2.0 

File Anti-Virus: 

security levels


Content 

File Anti-Virus. Security levels .................................................................................................... 2 

Security levels of File Anti-Virus ............................................................................................. 2 

Customizing security level in File Anti-Virus ........................................................................... 4 

Selecting file types scanned by File Anti-Virus .................................................................... 4 

Selecting location of files scanned by File Anti-Virus .......................................................... 6 

Scan methods of File Anti-Virus .......................................................................................... 7 

Optimization of files scan .................................................................................................... 7 

Setting scan of compound files ........................................................................................... 8 

Scan modes of File Anti-Virus ........................................................................................... 12 

iSwift и iChecker scan technologies .................................................................................. 13 

Pausing File Anti-Virus ...................................................................................................... 14 

Rollback to default settings of File Anti-Virus ........................................................................ 16 

1 | 17


File Anti-Virus. Security levels 

Security levels of File Anti-Virus 

The security level is defined as a preset configuration of the File Anti-Virus component 

settings which provide a protection level to files and system memory. Kaspersky Lab 

specialists distinguish three security levels. The decision of which level to select should be 

made by the user based on the current situation. 

► High. Set this level if you suspect that your computer has a high chance of being 

infected. 

► Recommended. This level provides an optimum balance between the efficiency and 

security and is suitable for most cases. 

► Low. If you work in a protected environment (for example, in a corporate network 

with centralized security management), the low security level may be suitable. 

To change the security level, perform the following actions: 

1. In the right part of the Settings window of the File Anti-Virus component set a security 

level by dragging the vertical slider to the required position. 

2. In the Settings window click the Apply button. 

2 | 17


3 | 17


Customizing security level in File Anti-Virus 

To fine-tune the File Anti-Virus settings, in the Security level section click the Settings 

button. 

The File Anti-Virus window will open. 

Selecting file types scanned by File Anti-Virus 

In the File Anti-Virus window on the General tab you can set/ select file types to be scanned 

by File Anti-Virus. By default File Anti-Virus scans only potentially infected files (files into 

which a virus can penetrate), started on all hard, removable and network drives. 

You can select on your own the file types which should be scanned by File Anti-Virus for 

viruses. 

4 | 17


The following file types can be set for scan: 

► All files — File Anti-Virus analyzes all files irrespective of their name (for example, 

“press-release”) or extension (for example, «.doc»). 

► Files scanned by format — File Anti-Virus scans the internal header of a file to 

determine the file format (.txt, .doc, .exe, etc.). If the analysis shows that such file 

format cannot be infected, the file is not scanned and is returned to the user. If a file 

format is infectable, such file is scanned for viruses; 

► Files scanned by extension — File Anti-Virus scans files respective of their 

extension (for example, files with the extensions .com, .exe, .sys, .bat, .dll and etc). 

The file format is determined based on its extension. A file extension helps the user 

and software define the type of data in the file. 

When selecting the file type scanned by File Anti-Virus, consider the following peculiarities. 

For example, the cyber criminal can send a virus to your computer with a txt extension, though 

in reality such file can be executable, renamed into a txt-file. 

If the Files scanned by extension option is selected, then during scan such file will be 

skipped. 

If the Files scanned by format option is selected, then in spite of the extension File Anti- 

Virus will analyze the file header. In the result of scan it will become clear that the file has an 

exe-format. Such file will be scanned for viruses. 

5 | 17


Selecting location of files scanned by File Anti-Virus 

You can also specify location of the scanned files in the Protection scope section. In order to 

add a new object to the scan scope, perform the following actions: 

1. In the File Anti-Virus window click the Add link. 

2. In the Select object to scan window select an object and click the Add button. 

3. Once you have added all the necessary objects, in the Select object to scan window 

click the OK button. 

4. In the File Anti-Virus window click the OK button. 

6 | 17


Scan methods of File Anti-Virus 

By default, File Anti-Virus scans objects using signature analysis (bases with the description 

of known threats and their disinfection methods). The component compares the object under 

scan with the records in the base and defines whether the object is malicious. Since new 

malicious objects appear daily, there is always some malware which are not described in the 

databases, and which can only be detected using heuristic analysis. This method presumes 

the analysis of the actions an object performs within the system. If its actions are typical of 

malicious objects, the object is likely to be classed as malicious or suspicious. 

In order to configure heuristic analysis, perform the following actions: 

1. In the File Anti-Virus window go to the Performance tab. 

2. In the Heuristic Analyzer section specify the detail level 1 for scan moving the horizontal 

slider to the necessary position. 

3. Click the OK button. 

Optimization of files scan 

To reduce the scan time and accelerate the application operation, you can configure scan of 

only new and recently changed files, which were modified after the previous scan. For this, 

perform the following actions: 


2. In the Scan optimization section check the Scan only new and changed files box. 

1 The higher the detail level is, the more resources and time are needed for scan, however the more thorough the 

analysis will be. 

7 | 17



Setting scan of compound files 

A compound file is structured storage for several other files. Examples of compound files are 

archives and OLE-objects. A common method of concealing viruses is to embed them into 

compound files (archives). To detect viruses that are hidden in this way a compound file should 

be unpacked, which can significantly lower the scan speed. 

To enable scan of archives, perform the following actions: 


2. In the Scan of compound files section, check the Scan archives box. 

8 | 17



Installer packages (files to install software) and files containing OLE objects (objects (images, 

texts, tables, drawings) created in one program but which can be opened using other 

programs) are executed when they are opened, which makes them more dangerous than 

archives. 

To enable scan of installer packages and embedded OLE-objects, perform the following 

actions: 

1. In the File Anti-Virus window on the Performance tab in the Scan of compound files 

section, check the corresponding boxes. 

9 | 17



When large compound files are scanned, their preliminary unpacking may take a long period of 

time. This period can be reduced by enabling unpacking of compound files in background 

mode (while the user is working with other programs). If a malicious object is detected when 

processing such a file, File Anti-Virus will notify you of this. 

To scan compound files in background mode, perform the following actions: 

1. In the File Anti-Virus window on the Performance tab in the Scan of compound files 

section, click the Additional button. 

10 | 1 7


2. In the Compound files window check the Extract compound files in the background 

box. 

3. In the Minimum file size field specify the minimum file size to be scanned in the 

background. Files of smaller size are scanned in the normal mode. 

To reduce access time to compound files, you can disable extracting of files whose size 

exceeds the specified value. For this, perform the following actions: 

1. In the Size limit section specify the maximum file size to be scanned. The setting is not 

applied to scan of files extracted from archives. 

11 | 1 7



Scan modes of File Anti-Virus 

You can select one of four scan modes in File Anti-Virus: 

► Smart mode. 

► On access and modification (the application scans objects when they are opened 

or modified). 

► On access (the application scans objects only when they are attempted to open). 

► On execution (the application scans objects only when they are attempted to run). 

By default, Kaspersky PURE uses smart mode, which determines if the object is subject to 

scan, based on the actions performed on it. For example, when working with a Microsoft 

Office document, File Anti-Virus scans the file when it is first opened and last closed. 

Intermediate operations that overwrite the file do not cause it to be scanned. 

To set a scan mode, perform the following actions: 

1. In the File Anti-Virus window go to the Additional tab. 

2. In the Scan mode section select the required scan mode. 

12 | 1 7



iSwift и iChecker scan technologies 

Intellectual technologies iChecker and iSwift allow accelerating work of File Anti-Virus. 

Technologies achieve the highest efficiency sometime after installation of the product. These 

technologies add to each other thus accelerating anti-virus scan of various objects in different 

file and operating systems. 

During the first scan with iChecker technology the check sum of an object is saved. Check 

sum is a unique digital signature of an object (file) that allows identifying this object (file). 

Check sum changes every time the object is modified. This information is saved in a special 

table. During the next scan of an object the previous and current check sums are compared. If 

the check sum is different the object should be scanned for a malicious code once again, if the 

check sum is the same, the object is not scanned. 

The iChecker technology works with limited number of formats such as exe, dll, lnk, ttf, inf, 

sys, com, chm, zip, rar and does not scan files larger than 4 GB, as in such cases it is quicker 

to scan the whole file, than to calculate its check sums. 

The iSwift technology has been developed for NTFS file system. In this system NTFS-identifier 

is given to each object. This NTFS-identifier is compared with the values in the special iSwift 

database. This algorithm considers the previous scan date. If from the moment of the first scan 

to the last scan the same period or more passed then the object will be re-scanned. The object 

will be also scanned in the case of the object settings were changed to stricter ones. 

The technology is connected to a definite file location in the file system. If the file was 

copied/relocated then it is scanned again. 

In order to enable the use of iSwift and iChecker technologies, perform the following actions: 


2. In the Scan technologies section check the boxes iSwift technology and iChecker 

technology. 

13 | 1 7



Pausing File Anti-Virus 

When carrying out resource-intensive works, you can pause File Anti-Virus. To reduce 

workload and ensure quick access to objects, you can configure automatic pausing of the 

component at a specified time. For this, perform the following actions: 


2. In the Pause task section check the By schedule box. 

3. Click the Schedule button. 

14 | 1 7


4. In the Pausing the task window in the fields Pause and Resume task at define the 

time interval during which the component will remain inactive. 



Additionally to disabling File Anti-Virus on schedule, you can configure disabling File Anti- 

Virus when handling specified programs. For this, perform the following actions: 


2. In the Pause task section check the At application startup box. 

3. Click the Select button. 

15 | 1 7


4. In the Applications window click the Add link. Next, perform the following actions: 

► Select an application from the Applications list; 

or 

► Click Browse and select an application using the browser window. 

5. Having created the list of applications, click the OK button in the Applications window. 


Rollback to default settings of File Anti-Virus 

You can always roll back to default File Anti-Virus settings. For this perform the following 

actions: 

1. Close the File Anti-Virus window. 

2. In the Settings window in the Security level section click the Default level button. 

16 | 1 7


3. Click the OK button to save the made changes. 

17 | 1 7

File Anti-Virus: security levels - Kaspersky Lab

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?