File Anti-Virus: security levels - Kaspersky Lab
File Anti-Virus: security levels - Kaspersky Lab
File Anti-Virus: security levels - Kaspersky Lab
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Kaspersky</strong> PURE 2.0<br />
<strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong>:<br />
<strong>security</strong> <strong>levels</strong>
<strong>Kaspersky</strong> PURE 2.0<br />
Content<br />
<strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong>. Security <strong>levels</strong> .................................................................................................... 2<br />
Security <strong>levels</strong> of <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> ............................................................................................. 2<br />
Customizing <strong>security</strong> level in <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> ........................................................................... 4<br />
Selecting file types scanned by <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> .................................................................... 4<br />
Selecting location of files scanned by <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> .......................................................... 6<br />
Scan methods of <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> .......................................................................................... 7<br />
Optimization of files scan .................................................................................................... 7<br />
Setting scan of compound files ........................................................................................... 8<br />
Scan modes of <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> ........................................................................................... 12<br />
iSwift и iChecker scan technologies .................................................................................. 13<br />
Pausing <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> ...................................................................................................... 14<br />
Rollback to default settings of <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> ........................................................................ 16<br />
1 | 17
<strong>Kaspersky</strong> PURE 2.0<br />
<strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong>. Security <strong>levels</strong><br />
Security <strong>levels</strong> of <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong><br />
The <strong>security</strong> level is defined as a preset configuration of the <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> component<br />
settings which provide a protection level to files and system memory. <strong>Kaspersky</strong> <strong>Lab</strong><br />
specialists distinguish three <strong>security</strong> <strong>levels</strong>. The decision of which level to select should be<br />
made by the user based on the current situation.<br />
► High. Set this level if you suspect that your computer has a high chance of being<br />
infected.<br />
► Recommended. This level provides an optimum balance between the efficiency and<br />
<strong>security</strong> and is suitable for most cases.<br />
► Low. If you work in a protected environment (for example, in a corporate network<br />
with centralized <strong>security</strong> management), the low <strong>security</strong> level may be suitable.<br />
To change the <strong>security</strong> level, perform the following actions:<br />
1. In the right part of the Settings window of the <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> component set a <strong>security</strong><br />
level by dragging the vertical slider to the required position.<br />
2. In the Settings window click the Apply button.<br />
2 | 17
<strong>Kaspersky</strong> PURE 2.0<br />
3 | 17
<strong>Kaspersky</strong> PURE 2.0<br />
Customizing <strong>security</strong> level in <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong><br />
To fine-tune the <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> settings, in the Security level section click the Settings<br />
button.<br />
The <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> window will open.<br />
Selecting file types scanned by <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong><br />
In the <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> window on the General tab you can set/ select file types to be scanned<br />
by <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong>. By default <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> scans only potentially infected files (files into<br />
which a virus can penetrate), started on all hard, removable and network drives.<br />
You can select on your own the file types which should be scanned by <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> for<br />
viruses.<br />
4 | 17
<strong>Kaspersky</strong> PURE 2.0<br />
The following file types can be set for scan:<br />
► All files — <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> analyzes all files irrespective of their name (for example,<br />
“press-release”) or extension (for example, «.doc»).<br />
► <strong>File</strong>s scanned by format — <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> scans the internal header of a file to<br />
determine the file format (.txt, .doc, .exe, etc.). If the analysis shows that such file<br />
format cannot be infected, the file is not scanned and is returned to the user. If a file<br />
format is infectable, such file is scanned for viruses;<br />
► <strong>File</strong>s scanned by extension — <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> scans files respective of their<br />
extension (for example, files with the extensions .com, .exe, .sys, .bat, .dll and etc).<br />
The file format is determined based on its extension. A file extension helps the user<br />
and software define the type of data in the file.<br />
When selecting the file type scanned by <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong>, consider the following peculiarities.<br />
For example, the cyber criminal can send a virus to your computer with a txt extension, though<br />
in reality such file can be executable, renamed into a txt-file.<br />
If the <strong>File</strong>s scanned by extension option is selected, then during scan such file will be<br />
skipped.<br />
If the <strong>File</strong>s scanned by format option is selected, then in spite of the extension <strong>File</strong> <strong>Anti</strong>-<br />
<strong>Virus</strong> will analyze the file header. In the result of scan it will become clear that the file has an<br />
exe-format. Such file will be scanned for viruses.<br />
5 | 17
<strong>Kaspersky</strong> PURE 2.0<br />
Selecting location of files scanned by <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong><br />
You can also specify location of the scanned files in the Protection scope section. In order to<br />
add a new object to the scan scope, perform the following actions:<br />
1. In the <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> window click the Add link.<br />
2. In the Select object to scan window select an object and click the Add button.<br />
3. Once you have added all the necessary objects, in the Select object to scan window<br />
click the OK button.<br />
4. In the <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> window click the OK button.<br />
6 | 17
<strong>Kaspersky</strong> PURE 2.0<br />
Scan methods of <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong><br />
By default, <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> scans objects using signature analysis (bases with the description<br />
of known threats and their disinfection methods). The component compares the object under<br />
scan with the records in the base and defines whether the object is malicious. Since new<br />
malicious objects appear daily, there is always some malware which are not described in the<br />
databases, and which can only be detected using heuristic analysis. This method presumes<br />
the analysis of the actions an object performs within the system. If its actions are typical of<br />
malicious objects, the object is likely to be classed as malicious or suspicious.<br />
In order to configure heuristic analysis, perform the following actions:<br />
1. In the <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> window go to the Performance tab.<br />
2. In the Heuristic Analyzer section specify the detail level 1 for scan moving the horizontal<br />
slider to the necessary position.<br />
3. Click the OK button.<br />
Optimization of files scan<br />
To reduce the scan time and accelerate the application operation, you can configure scan of<br />
only new and recently changed files, which were modified after the previous scan. For this,<br />
perform the following actions:<br />
1. In the <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> window go to the Performance tab.<br />
2. In the Scan optimization section check the Scan only new and changed files box.<br />
1 The higher the detail level is, the more resources and time are needed for scan, however the more thorough the<br />
analysis will be.<br />
7 | 17
<strong>Kaspersky</strong> PURE 2.0<br />
3. Click the OK button.<br />
Setting scan of compound files<br />
A compound file is structured storage for several other files. Examples of compound files are<br />
archives and OLE-objects. A common method of concealing viruses is to embed them into<br />
compound files (archives). To detect viruses that are hidden in this way a compound file should<br />
be unpacked, which can significantly lower the scan speed.<br />
To enable scan of archives, perform the following actions:<br />
1. In the <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> window go to the Performance tab.<br />
2. In the Scan of compound files section, check the Scan archives box.<br />
8 | 17
<strong>Kaspersky</strong> PURE 2.0<br />
3. Click the OK button.<br />
Installer packages (files to install software) and files containing OLE objects (objects (images,<br />
texts, tables, drawings) created in one program but which can be opened using other<br />
programs) are executed when they are opened, which makes them more dangerous than<br />
archives.<br />
To enable scan of installer packages and embedded OLE-objects, perform the following<br />
actions:<br />
1. In the <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> window on the Performance tab in the Scan of compound files<br />
section, check the corresponding boxes.<br />
9 | 17
<strong>Kaspersky</strong> PURE 2.0<br />
2. Click the OK button.<br />
When large compound files are scanned, their preliminary unpacking may take a long period of<br />
time. This period can be reduced by enabling unpacking of compound files in background<br />
mode (while the user is working with other programs). If a malicious object is detected when<br />
processing such a file, <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> will notify you of this.<br />
To scan compound files in background mode, perform the following actions:<br />
1. In the <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> window on the Performance tab in the Scan of compound files<br />
section, click the Additional button.<br />
10 | 1 7
<strong>Kaspersky</strong> PURE 2.0<br />
2. In the Compound files window check the Extract compound files in the background<br />
box.<br />
3. In the Minimum file size field specify the minimum file size to be scanned in the<br />
background. <strong>File</strong>s of smaller size are scanned in the normal mode.<br />
To reduce access time to compound files, you can disable extracting of files whose size<br />
exceeds the specified value. For this, perform the following actions:<br />
1. In the Size limit section specify the maximum file size to be scanned. The setting is not<br />
applied to scan of files extracted from archives.<br />
11 | 1 7
<strong>Kaspersky</strong> PURE 2.0<br />
2. Click the OK button.<br />
Scan modes of <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong><br />
You can select one of four scan modes in <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong>:<br />
► Smart mode.<br />
► On access and modification (the application scans objects when they are opened<br />
or modified).<br />
► On access (the application scans objects only when they are attempted to open).<br />
► On execution (the application scans objects only when they are attempted to run).<br />
By default, <strong>Kaspersky</strong> PURE uses smart mode, which determines if the object is subject to<br />
scan, based on the actions performed on it. For example, when working with a Microsoft<br />
Office document, <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> scans the file when it is first opened and last closed.<br />
Intermediate operations that overwrite the file do not cause it to be scanned.<br />
To set a scan mode, perform the following actions:<br />
1. In the <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> window go to the Additional tab.<br />
2. In the Scan mode section select the required scan mode.<br />
12 | 1 7
<strong>Kaspersky</strong> PURE 2.0<br />
3. Click the OK button.<br />
iSwift и iChecker scan technologies<br />
Intellectual technologies iChecker and iSwift allow accelerating work of <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong>.<br />
Technologies achieve the highest efficiency sometime after installation of the product. These<br />
technologies add to each other thus accelerating anti-virus scan of various objects in different<br />
file and operating systems.<br />
During the first scan with iChecker technology the check sum of an object is saved. Check<br />
sum is a unique digital signature of an object (file) that allows identifying this object (file).<br />
Check sum changes every time the object is modified. This information is saved in a special<br />
table. During the next scan of an object the previous and current check sums are compared. If<br />
the check sum is different the object should be scanned for a malicious code once again, if the<br />
check sum is the same, the object is not scanned.<br />
The iChecker technology works with limited number of formats such as exe, dll, lnk, ttf, inf,<br />
sys, com, chm, zip, rar and does not scan files larger than 4 GB, as in such cases it is quicker<br />
to scan the whole file, than to calculate its check sums.<br />
The iSwift technology has been developed for NTFS file system. In this system NTFS-identifier<br />
is given to each object. This NTFS-identifier is compared with the values in the special iSwift<br />
database. This algorithm considers the previous scan date. If from the moment of the first scan<br />
to the last scan the same period or more passed then the object will be re-scanned. The object<br />
will be also scanned in the case of the object settings were changed to stricter ones.<br />
The technology is connected to a definite file location in the file system. If the file was<br />
copied/relocated then it is scanned again.<br />
In order to enable the use of iSwift and iChecker technologies, perform the following actions:<br />
1. In the <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> window go to the Additional tab.<br />
2. In the Scan technologies section check the boxes iSwift technology and iChecker<br />
technology.<br />
13 | 1 7
<strong>Kaspersky</strong> PURE 2.0<br />
3. Click the OK button.<br />
Pausing <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong><br />
When carrying out resource-intensive works, you can pause <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong>. To reduce<br />
workload and ensure quick access to objects, you can configure automatic pausing of the<br />
component at a specified time. For this, perform the following actions:<br />
1. In the <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> window go to the Additional tab.<br />
2. In the Pause task section check the By schedule box.<br />
3. Click the Schedule button.<br />
14 | 1 7
<strong>Kaspersky</strong> PURE 2.0<br />
4. In the Pausing the task window in the fields Pause and Resume task at define the<br />
time interval during which the component will remain inactive.<br />
5. Click the OK button.<br />
6. In the <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> window click the OK button.<br />
Additionally to disabling <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> on schedule, you can configure disabling <strong>File</strong> <strong>Anti</strong>-<br />
<strong>Virus</strong> when handling specified programs. For this, perform the following actions:<br />
1. In the <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> window go to the Additional tab.<br />
2. In the Pause task section check the At application startup box.<br />
3. Click the Select button.<br />
15 | 1 7
<strong>Kaspersky</strong> PURE 2.0<br />
4. In the Applications window click the Add link. Next, perform the following actions:<br />
► Select an application from the Applications list;<br />
or<br />
► Click Browse and select an application using the browser window.<br />
5. Having created the list of applications, click the OK button in the Applications window.<br />
6. In the <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> window click the OK button.<br />
Rollback to default settings of <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong><br />
You can always roll back to default <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> settings. For this perform the following<br />
actions:<br />
1. Close the <strong>File</strong> <strong>Anti</strong>-<strong>Virus</strong> window.<br />
2. In the Settings window in the Security level section click the Default level button.<br />
16 | 1 7
<strong>Kaspersky</strong> PURE 2.0<br />
3. Click the OK button to save the made changes.<br />
17 | 1 7