Configuring File Anti-Virus of Light Agent for Linux via Kaspersky Security Center

You can do the following to configure File Anti-Virus of Light Agent for Linux via Kaspersky Security Center:

• Change the file security level.
• Change the action that is performed by File Anti-Virus on detection of an infected file.
• Create the protection scope of File Anti-Virus.
• Configure scanning of compound files.
• Change the file scan mode.
• Configure Heuristic Analyzer.
• Configure the usage of iChecker scanning technology.

Enabling and disabling of File Anti-Virus for Linux

By default, File Anti-Virus for Linux is enabled, running in the mode that is recommended by Kaspersky experts. You can disable File Anti-Virus for Linux if necessary.

To enable or disable File Anti-Virus for Linux:

1. Open Kaspersky Security Center Administration Console.
2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
3. In the workspace, select the Policies tab.
4. Select the Light Agent for Linux policy in the list of policies and open the Properties: <Policy name> window by double-clicking.
5. In the policy properties window, select the File Anti-Virus section in the list on the left.
6. In the right part of the window, do one of the following:
   • If you want to enable File Anti-Virus component, select the File Anti-Virus check box.
   • If you want to disable File Anti-Virus component, clear the File Anti-Virus check box.
7. Click the Apply button.

Changing the file security level

To protect the protected virtual machine’s file system, File Anti-Virus applies various groups of settings. These groups of settings are called file security levels. You can select one of the preset file security levels or configure security level settings on your own. There are three file security levels: High, Recommended, and Low. The Recommended file security level is considered the optimal group of settings, and is recommended by Kaspersky.

To change the file security level:

1. Open Kaspersky Security Center Administration Console.
2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
3. In the workspace, select the Policies tab.
4. Select the Light Agent for Linux policy in the list of policies and open the Properties: <Policy name> window by double-clicking.
5. In the policy properties window, select the File Anti-Virus section in the list on the left.
6. In the right part of the window, in the Security level section, do one of the following:
   • If you want to install one of the pre-installed file security levels (High, Recommended, or Low), use the slider to select one.
   • If you want to configure a custom file security level, click the Settings button and, in the File Anti-Virus window that opens, enter your settings.

     After you configure a custom file security level, the name of the file security level in the Security level section changes to Custom.

   • If you want to change the file security level to Recommended, click the Default button.
7. Click the Apply button.

Changing the File Anti-Virus action to take on infected files

To change the File Anti-Virus action on infected files:

1. Open Kaspersky Security Center Administration Console.
2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
3. In the workspace, select the Policies tab.
4. Select the Light Agent for Linux policy in the list of policies and open the Properties: <Policy name> window by double-clicking.
5. In the policy properties window, select the File Anti-Virus section in the list on the left.
6. In the right part of the window, in the Action on threat detection section, select the required option:
   • Disinfect. Delete if disinfection fails.
   • Disinfect.
   • Delete.
   • Block.

   The Disinfect. Delete if disinfection fails option is selected by default.

   When files are deleted or disinfected, their copies are saved in Backup.

7. Click the Apply button.

Editing the protection scope of File Anti-Virus

The protection scope refers to the objects that the File Anti-Virus component scans during its operation. By default, File Anti-Virus scans only infectable files that are stored on hard drives, removable drives, and network drives of a protected virtual machine. You can expand or narrow the scanning scope by adding or removing objects to be scanned by File Anti-Virus.

To create the File Anti-Virus protection scope:

1. Open Kaspersky Security Center Administration Console.
2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
3. In the workspace, select the Policies tab.
4. Select the Light Agent for Linux policy in the list of policies and open the Properties: <Policy name> window by double-clicking.
5. In the policy properties window, select the File Anti-Virus section in the list on the left.
6. In the right part of the window, in the Security level section, click the Settings button.
7. In the File Anti-Virus window that opens, select the General tab.
8. In the File types section, specify the type of files that you want File Anti-Virus to scan:
   • If you want to scan all files, select All files.
   • Select Files scanned by format if you want to scan files of the formats that, according to Kaspersky experts, are currently most susceptible to infection.
   • Select Files scanned by extension if you want to scan files with extensions that, according to Kaspersky experts, are currently most susceptible to infection.

   The list of scanned extensions and the list of scanned file formats are changed dynamically in order to match the current need to maintain your virtual machine security.

9. In the Protection scope section, create the File Anti-Virus protection scope.
   • To add a new object to the list of objects to be scanned:
     1. Click the Add button.
     2. In the Select object window that opens, select an object and click Add.
     3. Click OK.

     All objects that are selected in the Select object window are displayed in the File Anti-Virus window, in the Protection scope list.

   • To change the path to an object:
     1. Select the object in the list of objects and click Edit.
     2. In the Select object window that opens, in the Object field, specify another path to the object and click OK.
   • To remove an object from the protection scope:
     1. Select the object in the list of objects and click Delete.
     2. In the removal confirmation window, click Yes.
   • To exclude an object from the protection scope without removing it, clear the check box next to the object in the Protection scope list. The object remains on the list of objects to be scanned, though it is excluded from scanning by File Anti-Virus.
10. Click OK in the File Anti-Virus window.
11. Click the Apply button.

Scanning of compound files by File Anti-Virus

A common technique of concealing viruses and other malware is to implant them in compound files, such as archives or databases. To detect viruses and other malware that are hidden in this way, the compound file has to be unpacked, which may slow down scanning. You can limit the set of compound files to be scanned, thus speeding up scanning.

To configure scanning of compound files:

1. Open Kaspersky Security Center Administration Console.
2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
3. In the workspace, select the Policies tab.
4. Select the Light Agent for Linux policy in the list of policies and open the Properties: <Policy name> window by double-clicking.
5. In the policy properties window, select the File Anti-Virus section in the list on the left.
6. In the right part of the window, in the Security level section, click the Settings button.
7. In the File Anti-Virus window that opens, on the Performance tab, in the Scan compound files section, specify the types of compound files that you want to scan by selecting the corresponding check boxes: packed files, archives, self-extracting archives, mail databases, or mail files.
8. Click the Additional button.
9. In the Compound files window that opens, in the Time limit section, do one of the following:
   • If you want File Anti-Virus to skip files when the specified time runs out, select the Skip files if scanning takes more than and specify the value you need in the Maximum scan time field.
   • If you do not want File Anti-Virus to skip files when the specified time runs out, clear the Skip files that are scanned for longer than check box.
10. In the Size limit section, do one of the following:
    • If you want File Anti-Virus to unpack large-sized compound files, clear the Do not unpack large compound files check box.
    • If you do not want File Anti-Virus to unpack large-sized compound files, select the Do not unpack large compound files check box and specify the required value in the Maximum file size field.

    A file is considered large if its size exceeds the value in the Maximum file size field.

    File Anti-Virus scans large-sized files that are extracted from archives, regardless of whether or not the Do not unpack large compound files check box is set.

11. In the Compound files window, click OK.
12. Click OK in the File Anti-Virus window.
13. Click the Apply button.

Changing the scan mode

Scan mode means the condition under which File Anti-Virus starts to scan files. By default, File Anti-Virus scans files in smart mode. In this file scan mode, File Anti-Virus decides whether or not to scan files after analyzing operations that are performed with the file by you, by an application on behalf of you or a different user (under the account credentials that were used to log in to the operating system), or by the operating system. For example, when a Microsoft Office Word document is used, File Anti-Virus scans the file when it is first opened and last closed. Intermediate operations that overwrite the file do not cause it to be scanned.

To change the file scan mode:

1. Open Kaspersky Security Center Administration Console.
2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
3. In the workspace, select the Policies tab.
4. Select the Light Agent for Linux policy in the list of policies and open the Properties: <Policy name> window by double-clicking.
5. In the policy properties window, select the File Anti-Virus section in the list on the left.
6. In the right part of the window, in the Security level section, click the Settings button.
7. In the File Anti-Virus window that opens, on the Additional tab, in the Scan mode section, select the required mode:
   • Smart mode.
   • On access and modification.
   • On access.
8. Click OK in the File Anti-Virus window.
9. Click the Apply button.

Using of Heuristic Analyzer with File Anti-Virus

File Anti-Virus uses a technique called signature analysis. During signature analysis, File Anti-Virus matches the detected object with records in application databases. Following the recommendations of Kaspersky experts, signature analysis is always enabled.

For increasing the effectiveness of protection you can use heuristic analysis. During heuristic analysis, File Anti-Virus analyzes the activity of objects in the operating system. Heuristic analysis can detect new malicious objects for which there are currently no records in the application database.

To configure use of Heuristic Analyzer in the operation of File Anti-Virus:

1. Open Kaspersky Security Center Administration Console.
2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
3. In the workspace, select the Policies tab.
4. Select the Light Agent for Linux policy in the list of policies and open the Properties: <Policy name> window by double-clicking.
5. In the policy properties window, select the File Anti-Virus section in the list on the left.
6. In the right part of the window, in the Security level section, click the Settings button.
7. In the File Anti-Virus window that opens, on the Performance tab, in the Scan methods section, do one of the following:
   • If you want File Anti-Virus to use heuristic analysis, select the Heuristic Analysis check box and use the slider to set the heuristic analysis level: Light, Medium, or Deep.
   • If you do not want File Anti-Virus to use heuristic analysis, clear the Heuristic Analysis check box.
8. Click OK in the File Anti-Virus window.
9. Click the Apply button.

Using of iChecker technology in the operation of File Anti-Virus

You can enable usage of iChecker technology that increases the scanning speed by excluding certain files from scanning according to a special algorithm that accounts for the release date of the application databases, the date when the file was scanned previously, and changes in the scan settings.

To configure use of iChecker technology in the operation of File Anti-Virus:

1. Open Kaspersky Security Center Administration Console.
2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
3. In the workspace, select the Policies tab.
4. Select the Light Agent for Linux policy in the list of policies and open the Properties: <Policy name> window by double-clicking.
5. In the policy properties window, select the File Anti-Virus section in the list on the left.
6. In the right part of the window, in the Security level section, click the Settings button.
7. In the File Anti-Virus window that opens, on the Additional tab, in the Scan technology section, do one of the following:
   • Select the iChecker technology check box to use File Anti-Virus with this technology enabled.
   • Clear the iChecker technology check box to use File Anti-Virus with this technology disabled.
8. Click OK in the File Anti-Virus window.
9. Click the Apply button.