Scanning virtual machines

Kaspersky Security lets you run a virus scan on the files of virtual machines on a VMware ESXi hypervisor. Virtual machine files need to be scanned regularly with new anti-virus databases to prevent the spread of malicious objects.

The settings that Kaspersky Security applies while scanning virtual machines are defined by using scan tasks. Kaspersky Security uses the following scan tasks:

• Full Scan. This task lets you run a virus scan on the files of all virtual machines in your virtual infrastructure.
• Custom Scan. This task lets you run a virus scan on the files of those virtual machines that you specified in the task settings. You can specify individual virtual machines or VMware virtual infrastructure objects of a higher level of the hierarchy.

You can set a schedule for running scan tasks, manually run a scan task, and view information about the progress and results of tasks.

If viruses or other malware are detected in a file during scanning of virtual machine files, Kaspersky Security assigns the Infected status to the file. If the scan cannot conclusively determine whether or not the file is infected (the file may contain a code sequence that is characteristic of viruses or other malware, or contain modified code from a known virus), Kaspersky Security also assigns the Infected status to the file.

The Signature analysis and machine learning scan method is used when scanning virtual machines. Scanning while using signature analysis ensures the minimum acceptable security level. Kaspersky Security uses application databases containing information about known threats and about the methods to neutralize them. Based on the recommendations of Kaspersky experts, the Signature analysis and machine learning scan method is always enabled.

When scanning virtual machines, Heuristic analysis is used. This is a technology designed for detecting threats that cannot be detected with the aid of Kaspersky application databases. Heuristic analysis detects files that could be infected with malware for which there are not yet any database signatures or infected with a new variety of a known virus. Files in which a threat is detected during heuristic analysis are marked as Infected.

The deep heuristic analysis level is always used during virtual machine scanning irrespective of the selected security level. Heuristic Analyzer performs the maximum number of instructions in executable file, which raises the probability of threat detection.

If an application that collects information and sends it to be processed is installed on a virtual machine, Kaspersky Security may classify this application as malware. To avoid this, you can exclude the application from the scan scope.

Special considerations for scanning virtual machines:

• When performing scan tasks, Kaspersky Security can scan powered-off virtual machines that have the following file systems: NTFS, FAT32, EXT2, EXT3, EXT4, XFS, BTRFS.
• When performing scan tasks, Kaspersky Security can scan virtual machine templates.
• When scanning virtual machines running Windows operating systems, Kaspersky Security does not scan files in network folders. Kaspersky Security is able to scan files in network folders only when the user or an application accesses those files. If you want to regularly scan files in network folders, you must configure a scan task for virtual machines that have open network access to files and folders, and include those files and folders into the task scan scope.

  When scanning virtual machines running Linux operating systems, Kaspersky Security scans files in CIFS network file systems if the directories in which the CIFS network file systems are mounted are included in the task scan scope. Scanning files in NFS network file systems is not supported.

After a scan task finishes, you are advised to view the list of files that are blocked as a result of the scan task and manage them manually. For example, you can save file copies in a location that is inaccessible for a virtual machine user or delete the files. You must first exclude the blocked files from protection in the settings of the protection profile assigned to the virtual machines, or temporarily disable protection of the virtual machines on which these files were blocked. You can view the details of blocked files by filtering events by the File blocked event (for more details, please refer to the Kaspersky Security Center documentation).

Creating a full scan task

To create a full scan task:

1. In the Kaspersky Security Center Administration Console, select the Managed devices folder.
2. In the workspace, select the Tasks tab and click the New task button to start the New Task Wizard.
3. At the first step of the Wizard, select Kaspersky Security for Virtualization 6.0 Agentless (for tenants) → Full Scan.

   Proceed to the next step of the New Task Wizard.

4. Configure the settings for scanning virtual machines.

   Proceed to the next step of the New Task Wizard.

5. If necessary, specify the scan scope of the task: indicate the locations and extensions of the files of virtual machines that need to be scanned or excluded from scanning during a scan task.

   Proceed to the next step of the New Task Wizard.

6. To configure the task run schedule, please define the values of the following settings:
   • Scheduled start. Choose the task run mode in the drop-down list. The settings displayed in the window depend on the task run mode chosen.
   • Run skipped tasks. If this check box is selected, an attempt to start the task is made the next time the application is started on the SVM. In the Manually and Once modes, the task is started as soon as an SVM appears on the network.

     If this check box is cleared, the task is started on an SVM by schedule only, and in Manually and Once modes it is started only on the SVMs that are visible on the network.

   • Use automatically randomized delay for task starts. By default, the time of task start on SVMs is randomized with the scope of a certain time period. This period is calculated automatically depending on the number of SVMs covered by the task:
     • 0–200 SVMs – task start is not randomized
     • 200-500 SVMs – task start is randomized within the scope of 5 minutes
     • 500-1000 SVMs – task start is randomized within the scope of 10 minutes
     • 1000-2000 SVMs – task start is randomized within the scope of 15 minutes
     • 2000-5000 SVMs – task start is randomized within the scope of 20 minutes
     • 5000-10000 SVMs – task start is randomized within the scope of 30 minutes
     • 10000–20000 SVMs – task start is randomized within the scope of 1 hour
     • 20000–50000 SVMs – task start is randomized within the scope of 2 hours
     • over 50000 SVMs – task start is randomized within the scope of 3 hours

     If you do not need to randomize the time of task starts within an automatically calculated time period, clear the Use automatically randomized delay for task starts check box. This check box is set by default.

   • Use randomized delay for task starts within an interval of (min): If you want the task to start at a random time within a specified period of time after the scheduled task start, select this check box. In the text box, enter the maximum task start delay. In this case, the task starts at a random time within the specified period of time after the scheduled start. This check box can be changed if the Use automatically randomized delay for task starts check box is cleared.

     Randomized task start times help prevent situations in which a large number of SVMs contact the Kaspersky Security Center Administration Server at the same time.

   Proceed to the next step of the New Task Wizard.

7. In the Name field, enter the task name and proceed to the next step of the New Task Wizard.
8. If you want the task to start as soon as the New Task Wizard finishes, select the Run task when the wizard is complete check box.

   Finish the wizard.

The created custom scan task appears in the list of tasks. If you configured a task start schedule in the Task start schedule settings window, the task is started according to this schedule. You can also run the task manually at any time.

Creating a custom scan task

To create a Custom Scan task for virtual machines of tenants:

1. In the Kaspersky Security Center Administration Console, select the Managed devices folder of the virtual Administration Server corresponding to the tenant.
2. In the workspace, select the Tasks tab and click the New task button to start the New Task Wizard.
3. At the first step of the Wizard, select Kaspersky Security for Virtualization 6.0 Agentless (for tenants) → Custom Scan.

   Proceed to the next step of the New Task Wizard.

4. Specify the Integration Server address and proceed to the next step of the New Task Wizard.

   The Task Wizard verifies the SSL certificate received from the Integration Server. If the received certificate contains an error, the Certificate verification window containing the error message opens. The SSL certificate is used to establish a secure connection to the Integration Server. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure. To view information on the received certificate, click the View the received certificate button in the window containing the error message. You can install the certificate you received as a trusted certificate to avoid receiving a certificate error message at the next connection to the Integration Server. To do so, select the Install received certificate and stop showing warnings for <Integration Server address> check box.

   To continue connecting, click the Continue button in the Certificate verification window. If you selected the Install received certificate and stop showing warnings for <Integration Server address> check box, the received certificate is saved in the operating system registry on the computer where the Kaspersky Security Center Administration Console is installed. The application also checks the previously installed trusted certificate for the Integration Server. If the received certificate does not match the previously installed certificate, a window opens to confirm replacement of the previously installed certificate. To replace the previously installed certificate with the certificate received from the Integration Server and continue connecting, click the Yes button in this window.

5. Select the task scope: select the check boxes for those virtual machines that you want to scan as part of the scan task being created. You can specify individual virtual machines or their combinations.

   If the virtual infrastructure contains two or more virtual machines with the same ID (vmID), only one virtual machine appears in the object tree. If this virtual machine is selected to be scanned using the custom scan task, the task will be performed on all virtual machines that have the same ID (vmID).

   Proceed to the next step of the New Task Wizard.

6. Configure the settings for scanning virtual machines.

   Proceed to the next step of the New Task Wizard.

7. If necessary, specify the scan scope of the task: indicate the locations and extensions of the files of virtual machines that need to be scanned or excluded from scanning during a scan task.

   Proceed to the next step of the New Task Wizard.

8. To configure the task run schedule, please define the values of the following settings:
   • Scheduled start. Choose the task run mode in the drop-down list. The settings displayed in the window depend on the task run mode chosen.
   • Run skipped tasks. If this check box is selected, an attempt to start the task is made the next time the application is started on the SVM. In the Manually and Once modes, the task is started as soon as an SVM appears on the network.

     If this check box is cleared, the task is started on an SVM by schedule only, and in Manually and Once modes it is started only on the SVMs that are visible on the network.

   • Use automatically randomized delay for task starts. By default, the time of task start on SVMs is randomized with the scope of a certain time period. This period is calculated automatically depending on the number of SVMs covered by the task:
     • 0–200 SVMs – task start is not randomized
     • 200-500 SVMs – task start is randomized within the scope of 5 minutes
     • 500-1000 SVMs – task start is randomized within the scope of 10 minutes
     • 1000-2000 SVMs – task start is randomized within the scope of 15 minutes
     • 2000-5000 SVMs – task start is randomized within the scope of 20 minutes
     • 5000-10000 SVMs – task start is randomized within the scope of 30 minutes
     • 10000–20000 SVMs – task start is randomized within the scope of 1 hour
     • 20000–50000 SVMs – task start is randomized within the scope of 2 hours
     • over 50000 SVMs – task start is randomized within the scope of 3 hours

     If you do not need to randomize the time of task starts within an automatically calculated time period, clear the Use automatically randomized delay for task starts check box. This check box is set by default.

   • Use randomized delay for task starts within an interval of (min): If you want the task to start at a random time within a specified period of time after the scheduled task start, select this check box. In the text box, enter the maximum task start delay. In this case, the task starts at a random time within the specified period of time after the scheduled start. This check box can be changed if the Use automatically randomized delay for task starts check box is cleared.

     Randomized task start times help prevent situations in which a large number of SVMs contact the Kaspersky Security Center Administration Server at the same time.

   Proceed to the next step of the New Task Wizard.

9. In the Name field, enter the task name and proceed to the next step of the New Task Wizard.
10. If you want the task to start as soon as the New Task Wizard finishes, select the Run task when the wizard is complete check box.

    Finish the wizard.

The created custom scan task appears in the list of tasks. If you configured a task start schedule in the Task start schedule settings window, the task is started according to this schedule. You can also run the task manually at any time.

Configuring virtual machine scan settings in a scan task

You can configure the virtual machine scan settings while creating the task (the Configure scan settings step) or in the task properties after its creation (the Scan settings section).

To configure the virtual machine scan settings:

1. Select the security level at which Kaspersky Security scans virtual machines. To do so, in the Security level section, perform one of the following actions:
   • If you want to install one of the pre-installed security levels (High, Recommended, or Low), use the slider to select one.
   • To change the security level to Recommended, click the Default button.
   • If you want to configure the security level on your own, click the Settings button. In the Security level settings window that opens:
   1. In the Scanning archives and compound files section, specify the values of the following settings:
      • Scan archives

        

        Enable / disable scanning of archives.

        This check box is cleared by default.

      • Delete archives if disinfection fails

        

        Enable / disable the feature of deleting archives that could not be disinfected.

        If this check box is selected, Kaspersky Security deletes archives that could not be disinfected.

        If this check box is cleared, the application does not delete archives that could not be disinfected. Kaspersky Security relays information that the infected file has not been deleted to the Administration Server of Kaspersky Security Center.

        This check box is available when the Scan archives check box is selected.

        This check box is cleared by default.

      • Scan self-extracting archives

        

        Enables / disables the scanning of self-extracting archives.

        By default, this check box is cleared for protection profiles and selected for scan tasks.

      • Scan embedded OLE-objects

        

        Enables/disables the scanning of objects that are embedded inside a file.

        This check box is set by default.

      • Do not unpack large compound files

        

        If this check box is set, Kaspersky Security does not scan compound files whose size exceeds the value that is specified in the Maximum size of a scanned compound file is N MB field.

        If this check box is cleared, Kaspersky Security scans compound files of all sizes.

        Kaspersky Security scans large files that are extracted from archives, regardless of whether the Do not unpack large compound files check box is selected.

        This check box is set by default.

      • Maximum size of a scanned compound file N MB

        

        Maximum size of compound files that are subject to scanning (in megabytes). Kaspersky Security does not unpack and scan objects whose size is larger than the specified value.

        This setting can be edited if the Do not unpack large compound files check box is selected.

        You can specify a value in the range of 1 to 999999 in this field. The default value is 8 MB.

   2. In the Performance section, specify the values of the following settings:
      • Limit file scan time

        

        Enables / disables the file scan time limit.

        If this check box is selected, Kaspersky Security stops scanning a file when the scan duration reaches the value that is specified in the Scan files for no longer than N second(s) field and skips this file.

        If this check box is cleared, Kaspersky Security does not limit the duration of file scanning.

        By default, this check box is selected for protection profiles and cleared for scan tasks.

      • Scan files for no longer than N second(s)

        

        Maximum duration of file scanning (in seconds). Kaspersky Security stops scanning a file if scanning takes longer than the time value specified.

        This setting can be edited if the Limit file scan time check box is selected.

        You can specify a value in the range of 1 to 3600 in this field. The default value is 60 seconds.

   3. In the Objects to detect section, click the Settings button. In the Objects to detect window that opens, specify the values of the following settings:
      • Malicious tools

        

        Enables/disables protection against malicious tools.

        Malicious tools do not perform their actions right after they are started. Instead, they can be stealthily stored and run on the virtual machine. Intruders often use the features of malicious tools to create viruses, worms, and Trojans, perpetrate network attacks on remote servers, or perform other malicious actions.

        If this check box is set, protection against malicious tools is enabled.

        If this check box is cleared, protection against malicious tools is disabled.

        This check box is set by default.

      • Auto-dialers

        

        Enables/disables protection against auto-dialers.

        If this check box is selected, protection against auto-dialers is enabled.

        If this check box is cleared, protection against auto-dialers is disabled.

        This check box is set by default.

      • Adware

        

        Enables/disables protection against adware.

        The function of adware is to display advertising information to the user. For example, it displays banner ads in the interfaces of other programs and redirects search queries to advertising websites. Some varieties of adware collect marketing information about the user and send it to the developer: this information may include the names of the websites that are visited by the user or the content of the user's search queries. Unlike Trojan-Spy–type programs, adware sends this information to the developer with the user's permission.

        If this check box is set, protection against adware is enabled.

        If this check box is cleared, protection against adware is disabled.

        This check box is set by default.

      • Other

        

        Enables / disables protection against legitimate software that could be exploited by criminals to harm a virtual machine or user data.

        Most of these programs are useful, so many users run them. These programs include IRC clients, file downloaders, remote administration programs, user activity monitoring programs, password utilities, and Internet servers for FTP, HTTP, and Telnet. However, if criminals gain access to these programs, some program features could be used to harm a virtual machine or user data.

        Selecting this check box enables protection against legitimate software that could be used by criminals to harm a virtual machine or user data.

        If this check box is cleared, protection against such software is disabled.

        This check box is cleared by default.

      • Multi-packed files

        

        Enables/disables scanning of files that have been packed using one or several packers three or more times.

        If a file was packed by one or several packers three or more times, the file probably contains malware or legitimate software that can be used by criminals to damage your computer or personal data.

        If this check box is selected, protection against multi-packed files is enabled, and the scanning of such files is allowed.

        If this check box is cleared, protection against multi-packed files is disabled.

        This check box is set by default.

      Kaspersky Security always scans virtual machine files for viruses, worms, and Trojans. That is why the Viruses and worms and Trojans settings in the Malware section cannot be changed.

   4. In the Objects to detect window, click OK.
   5. In the Security level settings window, click OK.

      If you have changed security level settings, the application creates a custom security level. The name of the security level in the Security level section changes to Custom.

2. In the Scan powered-on virtual machines section, configure the settings for scanning virtual machines that are powered on while a task is running:
   • Action on threat detection

     

     This drop-down list contains the actions that can be taken by Kaspersky Security when it detects infected files on powered-on virtual machines:

     • Disinfect. Block if disinfection fails. Kaspersky Security automatically attempts to disinfect infected files. If disinfection fails, Kaspersky Security blocks such files.
     • Disinfect. Delete if disinfection fails. Kaspersky Security automatically attempts to disinfect infected files. If disinfection fails, the application deletes such files. If deletion fails, Kaspersky Security blocks the infected files.

       This action is selected by default.

       Kaspersky Security deletes infected archives that could not be disinfected only if the Delete archives if disinfection fails check box is selected in the security level settings.

     • Delete. Block if deletion fails. Kaspersky Security automatically deletes infected files without attempting to disinfect them. If deletion fails, Kaspersky Security blocks such files.
     • Block. Kaspersky Security automatically blocks infected files without attempting to disinfect them.
   • Scan optical drives

     

     Enables / disables scanning of optical drives.

     If the check box is selected, Kaspersky Security scans files on optical drives (CD, DVD, Blu-Ray) while performing the scan task on virtual machines running Windows operating systems.

     If the check box is cleared, Kaspersky Security does not scan files on optical drives.

     If the check box is selected but the scan task has a defined scan scope that does not include a path to the optical drive, Kaspersky Security does not scan files on the optical drive.

     Kaspersky Security does not scan files on optical drives when scanning powered-off virtual machines, virtual machine templates, or virtual machines running Linux operating systems.

     This check box is cleared by default.

3. In the Scan powered-off virtual machines and virtual machine templates section, configure the settings for scanning virtual machines that are powered off or paused while a task is running, as well as for scanning virtual machine templates:
   • Scan powered-off virtual machines

     

     Enables / disables scanning of powered-off virtual machines.

     If the check box is selected, when performing a scan task Kaspersky Security scans files on powered-off virtual machines (with an NTFS, FAT32, EXT2, EXT3, EXT4, XFS, or BTRFS file system) that are within the task scope. Files on powered-off virtual machines with other file systems are not scanned.

     While a powered off virtual machine is being scanned, it is impossible to turn on or migrate the virtual machine.

     If this check box is cleared, Kaspersky Security does not scan files on the powered-off virtual machines.

     This check box is cleared by default.

   • Scan virtual machine templates

     

     Enables / disables scanning of virtual machine templates.

     If the check box is selected, when Kaspersky Security performs a scan task it scans files on virtual machine templates that are within the task scope.

     If this check box is cleared, Kaspersky Security does not scan files on virtual machine templates.

     This check box is cleared by default.

     The check box is available if the Scan powered-off virtual machines check box is selected.

   • Action on threat detection

     

     This drop-down list contains the actions that can be taken by Kaspersky Security when it detects infected files on powered-off virtual machines or virtual machine templates:

     • Disinfect. Block if disinfection fails. Kaspersky Security automatically attempts to disinfect infected files. If disinfection fails, Kaspersky Security blocks such files.
     • Disinfect. Delete if disinfection fails. Kaspersky Security automatically attempts to disinfect infected files. If disinfection fails, the application deletes such files. If deletion fails, Kaspersky Security blocks the infected files.

       Kaspersky Security deletes infected archives that could not be disinfected only if the Delete archives if disinfection fails check box is selected in the security level settings.

     • Delete. Block if deletion fails. Kaspersky Security automatically deletes infected files without attempting to disinfect them. If deletion fails, Kaspersky Security blocks such files.
     • Block. Kaspersky Security automatically blocks infected files without attempting to disinfect them.

       This action is selected by default.

     You can select an action if the Scan powered-off virtual machines check box is selected.

4. In the Stop scan section, choose one of the following options:
   • After N minute(s) since task launch

     

     Maximum scan task duration (in minutes). When the specified time limit is reached, the scan task is interrupted even if it has not been completed.

     This option is selected by default.

     You can specify a value in the range of 1 to 4320 in this field. The default value is set to 120 minutes.

   • After completing scan of files on all protected virtual machines

     

     The scan task is performed until files on all protected virtual machines that are within the task scope have been scanned.

5. Save the changes by clicking Next (in the New Task Wizard) or Apply (in the task properties).

Configuring the scan scope in a scan task

The scan scope refers to the locations and extensions of files of virtual machines that are scanned by Kaspersky Security when it performs a scan task.

If a scan scope has not been configured, Kaspersky Security scans all files of virtual machines.

When scanning virtual machines running Windows operating systems, Kaspersky Security does not scan files in network folders. Kaspersky Security is able to scan files in network folders only when the user or an application accesses those files. If you want to scan files in network folders regularly, you must create a task for scanning virtual machines that have shared files and folders, and include those files and folders into the scan task scope.

When scanning virtual machines running Linux operating systems, Kaspersky Security scans files in CIFS network file systems if the directories in which the CIFS network file systems are mounted are included in the task scan scope. Scanning files in NFS network file systems is not supported.

You can define the scan scope of a task while creating the task (the Defining the scan scope step) or in the task properties after it is created (the Scan scope section).

To configure the scan scope of the task:

1. Select one of the following options:
   • Scan all files and folders except for those specified
   • Scan specified files and folders only
2. If you selected the Scan all files and folders except for those specified option, you can create a list of objects that must be excluded from the scan scope by using the Add, Change and Delete buttons.

   You can exclude objects of the following types from the scan scope:

   • Folders. Files stored in folders at the specified path are excluded from the scan scope. For each folder, you can specify whether to apply the exclusion to subfolders.
   • Files by mask. Files with the specified name, files located at the specified path, or files matching the specified mask are excluded from the scan scope.

     You can use the * and ? symbols to specify a file mask.

     Kaspersky Security ignores the case of characters in the paths to files and folders, names and masks of files that are to be excluded from the scan scope.

   You can save a configured list of exclusions to file using the Export button or load a previously saved list of exclusions from file using the Import button. To import or export a list of exclusions, you can use a file in XML format. You can also import a list of exclusions from a file in DAT format. Using a file in DAT format, you can import a list of exclusions that was generated in other Kaspersky applications.

   The application distribution kit includes the microsoft_file_exclusions.xml file with the list of exclusions recommended by Microsoft Corporation (see the Microsoft website for the list of exclusions recommended by Microsoft). The microsoft_file_exclusions.xml file is located in the setup folder of the Kaspersky Security administration plug-in on the computer on which the Kaspersky Security Center Administration Console is installed. You can import this file into exclusions of the scan task. After the import is completed, Kaspersky Security does not scan the objects recommended by Microsoft when it performs a scan task. You can view and edit the list of these objects in the Files and folders table.

   If your exclusions list uses an environment variable that has multiple values depending on the bit rate of the application that uses it, in 64-bit Windows operating systems, objects corresponding to all values of the variable are excluded from the scan scope. For example, if you are using the variable %ProgramFiles%, objects located in the folder C:\Program files and in the folder C:\Program files (х86) are excluded from the scan scope.

3. If you selected the Scan all files and folders except for those specified option, in the File extensions section you can specify the extensions of files that should be included in the scan scope or excluded from the scan scope.

   To do so, select one of the options below:

   • Scan all except files with the following extensions. In the text box, specify a list of extensions of files to not scan during a scan task. Kaspersky Security ignores the case of characters in the extensions of files that are to be excluded from the scan scope.
   • Scan files with the following extensions only. In the text box, specify a list of extensions of files to scan during a scan task. When scanning virtual machines running Linux operating systems, Kaspersky Security is case sensitive regarding the characters in the extensions of files to be included in the scan scope. When scanning virtual machines running Windows operating systems, the application ignores the cases of characters in file extensions.

     You can type file extensions in the field by separating them with a blank space, or by typing each extension in a new line. File extensions may contain any characters except . * | \ : " < > ? /. If an extension includes a blank space, the extension should be typed inside quotation marks: "doc x".

     If you have selected Scan files with the following extensions only in the drop-down list but have not specified the extensions of files to scan, Kaspersky Security scans all files.

   Folders excluded from the scan have a higher priority than file extensions that are included in the scan scope. If a file is located in a folder that is excluded from the scan, the application skips this file even if its extension is included in the scan scope.

4. If you selected the Scan specified files and folders only option, use the Add, Change, and Delete buttons to create a list of virtual machine files and folders to scan during the scan task.

   When scanning virtual machines running Linux operating systems, Kaspersky Security is case sensitive regarding the characters in paths to files and directories included in the scan scope. When scanning virtual machines running Windows operating systems, paths to files and folders are not case sensitive.

   If your list of objects requiring scanning uses an environment variable that has multiple values depending on the bit rate of the application that uses it, in 64-bit Windows operating systems, objects corresponding to all values of the variable are included in the scan scope. For example, if you are using the variable %ProgramFiles%, objects located in the folder C:\Program files and in the folder C:\Program files (х86) are included in the scan scope.

5. Save the changes by clicking Next (in the New Task Wizard) or Apply (in the task properties).