- About this Help Guide
- About Kaspersky Security for Virtualization 6.0 Agentless
- What’s new
- Application architecture
- Managing the application via Kaspersky Security Center
- Preparing for application installation
- Installing the application
- Installation of the Kaspersky Security main administration plug-in and Integration Server
- Installation of the Kaspersky Security administration plug-in for tenants
- Result of installation of the Kaspersky Security administration plug-ins and Integration Server
- Configuring the Integration Server
- Registration of Kaspersky Security services
- Connecting to VMware NSX Manager
- Selecting an SVM image for the file system protection service
- Selecting an SVM image for the network protection service
- Selecting the traffic processing mode for the Network Threat Protection component
- Configuring the connection settings for an SVM
- Creating passwords for accounts on SVMs
- Selecting the time zone for SVMs
- Configuring the settings for connecting to network data storage
- Confirming Kaspersky Security settings
- Registration of Kaspersky Security services
- Exiting the wizard
- Viewing registered services in the VMware vSphere Web Client console
- Deploying SVMs with the File Threat Protection and Network Threat Protection components
- Configuring NSX Security Groups
- Configuring and applying NSX Security Policies
- Configuring protection of tenant organizations
- Preparing the application for operation and initial configuration
- Upgrading from a previous version of the application
- Upgrading the application installed in an infrastructure managed by a VMware vCenter server and VMware NSX Manager
- Upgrading the application installed in an infrastructure managed by a VMware vCenter Server and VMware vShield Manager, with migration to the VMware NSX platform
- About installing a new version of the Kaspersky Security administration plug-in and Integration Server
- SVM Update
- Converting policies and tasks
- Changing settings of Kaspersky Security
- Changing the connection settings for interaction between the Integration Server and VMware NSX Manager
- Changing the SVM image for the file system protection service
- Changing the SVM image for the network protection service
- Viewing information about the traffic processing mode for the Network Threat Protection component
- Changing the connection settings for an SVM
- Changing passwords for accounts on SVMs
- Changing the time zone for SVMs
- Changing settings for connecting to network data storage
- Starting Kaspersky Security reconfiguration
- Kaspersky Security reconfiguration process
- Exiting the wizard
- Removing the application
- Application licensing
- About the End User License Agreement
- About data provision
- About the license
- About the License Certificate
- About the license key
- About the key file
- About the activation code
- About subscription
- About application activation
- Application activation procedure
- Renewing a license
- Renewing subscription
- Viewing information about keys in use
- Starting and stopping the application
- Protection status
- Virtual machine file threat protection
- Conditions for protection of virtual machines against file threats
- Configuring main protection profile settings
- Managing additional protection profiles
- Creating an additional protection profile
- Viewing the protected infrastructure in a policy
- Assigning protection profiles to virtual infrastructure objects
- Assigning protection profiles by using NSX Profile Configurations
- Changing the protected infrastructure for a policy
- Disabling file threat protection for virtual infrastructure objects
- Scanning virtual machines
- Conditions for anti-virus scan of virtual machines
- Creating a full scan task
- Creating a custom scan task by using the main plug-in
- Creating a custom scan task by using the tenant plug-in
- Configuring virtual machine scan settings in a scan task
- Configuring the scan scope in a scan task
- Configuring the Custom Scan task scope
- Configuring the scan task run schedule
- Network Threat Protection
- Application database update
- Backup
- Events, notifications, and reports
- Participating in Kaspersky Security Network
- SNMP Monitoring of SVM status
- Automatic installation of application patches
- Application components integrity check
- Instructions on managing the application for a tenant organization administrator
- About Kaspersky Security for Virtualization 6.0 Agentless
- Deploying protection of the virtual infrastructure of a tenant organization
- Managing File Threat Protection
- Scanning virtual machines
- Participating in Kaspersky Security Network
- Obtaining protection status information
- Removing the Kaspersky Security administration plug-in for tenants
- Contacting Technical Support
- Sources of information about the application
- Appendix. Brief instructions on installing the application
- Glossary
- Activation code
- Active key
- Additional key
- Administration group
- Administration Server
- Application activation
- Application activation task
- Application database update task
- Backup
- Backup copy of a file
- Compound file
- Custom Scan task
- Database of malicious web addresses
- Database of phishing web addresses
- Desktop key
- End User License Agreement
- Full Scan task
- Kaspersky CompanyAccount
- Kaspersky Security Network (KSN)
- Key file
- Key with a limitation on the number of processor cores
- Key with a limitation on the number of processors
- KSC cluster
- KSC cluster protected infrastructure
- License
- License certificate
- License key (key)
- Main protection profile
- Multitenancy mode
- Network Agent
- OLE object
- Policy
- Protection profile
- Server key
- SVM
- Update rollback task
- Updates source
- Information about third-party code
- Trademark notices
Configuring virtual machine scan settings in a scan task
You can configure the virtual machine scan settings while creating the task (the Configure scan settings step) or in the task properties after its creation (the Scan settings section).
To configure the virtual machine scan settings:
- Select the security level at which Kaspersky Security scans virtual machines. To do so, in the Security level section, perform one of the following actions:
- If you want to install one of the pre-installed security levels (High, Recommended, or Low), use the slider to select one.
- To change the security level to Recommended, click the Default button.
- If you want to configure the security level on your own, click the Settings button. In the Security level settings window that opens:
- In the Scanning archives and compound files section, specify the values of the following settings:
- Scan archives
Enable / disable scanning of archives.
This check box is cleared by default.
- Delete archives if disinfection fails
Enable / disable the feature of deleting archives that could not be disinfected.
If this check box is selected, Kaspersky Security deletes archives that could not be disinfected.
If this check box is cleared, the application does not delete archives that could not be disinfected. Kaspersky Security relays information that the infected file has not been deleted to the Administration Server of Kaspersky Security Center.
This check box is available when the Scan archives check box is selected.
This check box is cleared by default.
- Scan self-extracting archives
Enables / disables the scanning of self-extracting archives.
By default, this check box is cleared for protection profiles and selected for scan tasks.
- Scan embedded OLE-objects
Enables/disables the scanning of objects that are embedded inside a file.
This check box is set by default.
- Do not unpack large compound files
If this check box is set, Kaspersky Security does not scan compound files whose size exceeds the value that is specified in the Maximum size of a scanned compound file is N MB field.
If this check box is cleared, Kaspersky Security scans compound files of all sizes.
Kaspersky Security scans large files that are extracted from archives, regardless of whether the Do not unpack large compound files check box is selected.
This check box is set by default.
- Maximum size of a scanned compound file N MB
Maximum size of compound files that are subject to scanning (in megabytes). Kaspersky Security does not unpack and scan objects whose size is larger than the specified value.
This setting can be edited if the Do not unpack large compound files check box is selected.
You can specify a value in the range of 1 to 999999 in this field. The default value is 8 MB.
- In the Performance section, specify the values of the following settings:
- Limit file scan time
Enables / disables the file scan time limit.
If this check box is selected, Kaspersky Security stops scanning a file when the scan duration reaches the value that is specified in the Scan files for no longer than N second(s) field and skips this file.
If this check box is cleared, Kaspersky Security does not limit the duration of file scanning.
By default, this check box is selected for protection profiles and cleared for scan tasks.
- Scan files for no longer than N second(s)
Maximum duration of file scanning (in seconds). Kaspersky Security stops scanning a file if scanning takes longer than the time value specified.
This setting can be edited if the Limit file scan time check box is selected.
You can specify a value in the range of 1 to 3600 in this field. The default value is 60 seconds.
- In the Objects to detect section, click the Settings button. In the Objects to detect window that opens, specify the values of the following settings:
- Malicious tools
Enables/disables protection against malicious tools.
Malicious tools do not perform their actions right after they are started. Instead, they can be stealthily stored and run on the virtual machine. Intruders often use the features of malicious tools to create viruses, worms, and Trojans, perpetrate network attacks on remote servers, or perform other malicious actions.
If this check box is set, protection against malicious tools is enabled.
If this check box is cleared, protection against malicious tools is disabled.
This check box is set by default.
- Auto-dialers
Enables/disables protection against auto-dialers.
If this check box is selected, protection against auto-dialers is enabled.
If this check box is cleared, protection against auto-dialers is disabled.
This check box is set by default.
- Adware
Enables/disables protection against adware.
The function of adware is to display advertising information to the user. For example, it displays banner ads in the interfaces of other programs and redirects search queries to advertising websites. Some varieties of adware collect marketing information about the user and send it to the developer: this information may include the names of the websites that are visited by the user or the content of the user's search queries. Unlike Trojan-Spy–type programs, adware sends this information to the developer with the user's permission.
If this check box is set, protection against adware is enabled.
If this check box is cleared, protection against adware is disabled.
This check box is set by default.
- Other
Enables / disables protection against legitimate software that could be exploited by criminals to harm a virtual machine or user data.
Most of these programs are useful, so many users run them. These programs include IRC clients, file downloaders, remote administration programs, user activity monitoring programs, password utilities, and Internet servers for FTP, HTTP, and Telnet. However, if criminals gain access to these programs, some program features could be used to harm a virtual machine or user data.
Selecting this check box enables protection against legitimate software that could be used by criminals to harm a virtual machine or user data.
If this check box is cleared, protection against such software is disabled.
This check box is cleared by default.
- Multi-packed files
Enables/disables scanning of files that have been packed using one or several packers three or more times.
If a file was packed by one or several packers three or more times, the file probably contains malware or legitimate software that can be used by criminals to damage your computer or personal data.
If this check box is selected, protection against multi-packed files is enabled, and the scanning of such files is allowed.
If this check box is cleared, protection against multi-packed files is disabled.
This check box is set by default.
Kaspersky Security always scans virtual machine files for viruses, worms, and Trojans. That is why the Viruses and worms and Trojans settings in the Malware section cannot be changed.
- In the Objects to detect window, click OK.
- In the Security level settings window, click OK.
If you have changed security level settings, the application creates a custom security level. The name of the security level in the Security level section changes to Custom.
- In the Scan powered-on virtual machines section, configure the settings for scanning virtual machines that are powered on while a task is running:
- Action on threat detection
This drop-down list contains the actions that can be taken by Kaspersky Security when it detects infected files on powered-on virtual machines:
- Disinfect. Block if disinfection fails. Kaspersky Security automatically attempts to disinfect infected files. If disinfection fails, Kaspersky Security blocks such files.
- Disinfect. Delete if disinfection fails. Kaspersky Security automatically attempts to disinfect infected files. If disinfection fails, the application deletes such files. If deletion fails, Kaspersky Security blocks the infected files.
This action is selected by default.
Kaspersky Security deletes infected archives that could not be disinfected only if the Delete archives if disinfection fails check box is selected in the security level settings.
- Delete. Block if deletion fails. Kaspersky Security automatically deletes infected files without attempting to disinfect them. If deletion fails, Kaspersky Security blocks such files.
- Block. Kaspersky Security automatically blocks infected files without attempting to disinfect them.
- Scan optical drives
Enables / disables scanning of optical drives.
If the check box is selected, Kaspersky Security scans files on optical drives (CD, DVD, Blu-Ray) while performing the scan task on virtual machines running Windows operating systems.
If the check box is cleared, Kaspersky Security does not scan files on optical drives.
If the check box is selected but the scan task has a defined scan scope that does not include a path to the optical drive, Kaspersky Security does not scan files on the optical drive.
Kaspersky Security does not scan files on optical drives when scanning powered-off virtual machines, virtual machine templates, or virtual machines running Linux operating systems.
This check box is cleared by default.
- In the Scan powered-off virtual machines and virtual machine templates section, configure the settings for scanning virtual machines that are powered off or paused while a task is running, as well as for scanning virtual machine templates:
- Scan powered-off virtual machines
Enables / disables scanning of powered-off virtual machines.
If the check box is selected, when performing a scan task Kaspersky Security scans files on powered-off virtual machines (with an NTFS, FAT32, EXT2, EXT3, EXT4, XFS, or BTRFS file system) that are within the task scope. Files on powered-off virtual machines with other file systems are not scanned.
While a powered off virtual machine is being scanned, it is impossible to turn on or migrate the virtual machine.
If this check box is cleared, Kaspersky Security does not scan files on the powered-off virtual machines.
This check box is cleared by default.
- Scan virtual machine templates
Enables / disables scanning of virtual machine templates.
If the check box is selected, when Kaspersky Security performs a scan task it scans files on virtual machine templates that are within the task scope.
If this check box is cleared, Kaspersky Security does not scan files on virtual machine templates.
This check box is cleared by default.
The check box is available if the Scan powered-off virtual machines check box is selected.
- Action on threat detection
This drop-down list contains the actions that can be taken by Kaspersky Security when it detects infected files on powered-off virtual machines or virtual machine templates:
- Disinfect. Block if disinfection fails. Kaspersky Security automatically attempts to disinfect infected files. If disinfection fails, Kaspersky Security blocks such files.
- Disinfect. Delete if disinfection fails. Kaspersky Security automatically attempts to disinfect infected files. If disinfection fails, the application deletes such files. If deletion fails, Kaspersky Security blocks the infected files.
Kaspersky Security deletes infected archives that could not be disinfected only if the Delete archives if disinfection fails check box is selected in the security level settings.
- Delete. Block if deletion fails. Kaspersky Security automatically deletes infected files without attempting to disinfect them. If deletion fails, Kaspersky Security blocks such files.
- Block. Kaspersky Security automatically blocks infected files without attempting to disinfect them.
This action is selected by default.
You can select an action if the Scan powered-off virtual machines check box is selected.
- In the Stop scan section, choose one of the following options:
- After N minute(s) since task launch
Maximum scan task duration (in minutes). When the specified time limit is reached, the scan task is interrupted even if it has not been completed.
This option is selected by default.
You can specify a value in the range of 1 to 4320 in this field. The default value is set to 120 minutes.
- After completing scan of files on all protected virtual machines
The scan task is performed until files on all protected virtual machines that are within the task scope have been scanned.
- Save the changes by clicking Next (in the New Task Wizard) or Apply (in the task properties).