The settings that Kaspersky Security applies for protection of virtual machines are defined using policies.
Kaspersky Security protects only powered-on virtual machines that have been assigned a protection profile.
When a user or program attempts to access a virtual machine file, Kaspersky Security scans this file.
Kaspersky Security then performs the action that is specified in the protection profile of the virtual machine; for example, it disinfects or blocks the file.
If an application that collects information and sends it to be processed is installed on a virtual machine, Kaspersky Security may classify this application as malware. To avoid this, you can exclude the application from protection. The list of exclusions is configured in the protection profile settings.
The Signature analysis and machine learning scan method is used for protection of virtual machines. Protection that uses signature analysis provides a minimally acceptable security level. Kaspersky Security uses application databases containing information about known threats and about the methods to neutralize them. Based on the recommendations of Kaspersky experts, the Signature analysis and machine learning scan method is always enabled.
Additionally, during virtual machines protection, the Heuristic analysis is used. This is a technology designed for detecting threats that cannot be detected with the aid of Kaspersky application databases. Heuristic analysis detects files that could be infected with malware for which there are not yet any database signatures or infected with a new variety of a known virus. Files in which a threat is detected during heuristic analysis are marked as Infected.
The heuristic analysis level depends on the selected security level:
Information about all events that occur during protection of virtual machines is sent to the Kaspersky Security Center Administration Server.
You are advised to regularly view the list of files blocked in the course of virtual machine protection and manage them. For example, you can save file copies to a location that is inaccessible to a virtual machine user or delete the files. You can view the details of blocked files by filtering events by the File blocked event (for more details on events, please refer to the Kaspersky Security Center documentation).
To gain access to files that were blocked as a result of virtual machine protection, you must exclude these files from protection in the settings of the protection profile assigned to the virtual machines, or temporarily disable the protection of these virtual machines.