Contents
- Configuring File Anti-Virus of Light Agent for Windows
- Enabling and disabling of File Anti-Virus for Windows
- Automatically pausing File Anti-Virus
- Changing the file security level
- Changing the File Anti-Virus action to take on infected files
- Editing the protection scope of File Anti-Virus
- Scanning of compound files by File Anti-Virus
- Optimizing file scanning by File Anti-Virus
- Changing the scan mode
- Using of Heuristic Analyzer with File Anti-Virus
- Using of iSwift technology in the operation of File Anti-Virus
Configuring File Anti-Virus of Light Agent for Windows
You can do the following to configure File Anti-Virus of Light Agent for Windows:
- Configure File Anti-Virus to be paused automatically according to schedule or at application startup.
- Change the file security level.
- Change the action that is performed by File Anti-Virus on detection of an infected file.
- Create the protection scope of File Anti-Virus.
- Configure scanning of compound files.
- Optimize file scanning.
- Change the file scan mode.
- Configure Heuristic Analyzer.
- Configure the use of iSwift scanning technology.
Enabling and disabling of File Anti-Virus for Windows
By default, File Anti-Virus for Windows is enabled, running in the mode that is recommended by Kaspersky experts. You can disable File Anti-Virus for Windows if necessary.
To enable or disable File Anti-Virus for Windows in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, do one of the following:
- If you want to enable File Anti-Virus component, select the File Anti-Virus check box.
- If you want to disable File Anti-Virus component, clear the File Anti-Virus check box.
- Click the Apply button.
In the local interface of Light Agent for Windows, you can enable or disable a component in two ways:
- On the Protection and Control tab of the main application window.
- From the application settings window.
To enable or disable File Anti-Virus on the Protection and Control tab of the main application window:
- On the protected virtual machine, open the main application window.
- Select the Protection and Control tab and expand the Manage protection section.
- Open the context menu of the File Anti-Virus item and perform one of the following actions:
- To enable File Anti-Virus, select Enable in the menu.
The component status
icon, which is displayed on the left in the File Anti-Virus line, changes to the
icon.
- To disable File Anti-Virus, select Disable in the menu.
The component status
icon, which is displayed on the left in the File Anti-Virus line, changes to the
icon.
If this menu item is unavailable, this means that you cannot enable or disable this component because the policy-defined setting is applied to protected virtual machines within the administration group.
- To enable File Anti-Virus, select Enable in the menu.
To enable or disable File Anti-Virus from the application settings window:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select File Anti-Virus.
In the right part of the window, the File Anti-Virus component's settings are displayed.
If component settings are unavailable, this means that you cannot enable or disable this component because the policy-defined setting is applied to protected virtual machines within the administration group.
- Do one of the following:
- If you want to enable File Anti-Virus component, select the Enable File Anti-Virus check box.
- If you want to disable File Anti-Virus component, clear the Enable File Anti-Virus check box.
- To save changes, click the Save button.
Automatically pausing File Anti-Virus
You can configure the File Anti-Virus component to pause automatically at a specified time or when handling specified programs.
Pausing File Anti-Virus when it conflicts with some programs is an emergency measure. In case of any conflicts during the operation of a component, contact Kaspersky Technical Support. The support specialists will help you set up File Anti-Virus to run simultaneously with other applications on your virtual machine.
To configure automatic pausing of File Anti-Virus using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the File Anti-Virus window that opens, on the Additional tab, in the Pause operation section, do the following:
- To configure automatic pausing of File Anti-Virus at a specified time:
- Select the By schedule check box and click the Schedule button.
- In the Pause operation window that opens, in the Pause task at and Resume task at fields, specify the time (in the HH:MM format) during which the File Anti-Virus will be paused.
- Click OK.
- To configure automatic pausing of File Anti-Virus when specified applications are launched:
- Select At application startup and click the Select button.
- In the Applications window that opens, use the Add, Edit, and Delete buttons to create a list of applications. File Anti-Virus is not suspended when these applications are running.
- Click OK.
- To configure automatic pausing of File Anti-Virus at a specified time:
- Click OK in the File Anti-Virus window.
- Click the Apply button.
To configure automatic pausing of File Anti-Virus in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select File Anti-Virus.
In the right part of the window, the File Anti-Virus component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–8 of the previous instructions.
- To save changes, click the Save button.
Changing the file security level
To protect the virtual machine's file system, File Anti-Virus applies various groups of settings. These groups of settings are called file security levels. You can select one of the preset file security levels or configure security level settings on your own. There are three file security levels: High, Recommended, and Low. The Recommended file security level is considered the optimal group of settings, and is recommended by Kaspersky.
To change the file security level in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, do one of the following:
- If you want to install one of the pre-installed file security levels (High, Recommended, or Low), use the slider to select one.
- If you want to configure a custom file security level, click the Settings button and, in the File Anti-Virus window that opens, enter your settings.
After you configure a custom file security level, the name of the file security level in the Security level section changes to Custom.
- If you want to change the file security level to Recommended, click the Default button.
- Click the Apply button.
To change the file security level in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select File Anti-Virus.
In the right part of the window, the File Anti-Virus component's settings are displayed.
- In the Security level section, do one of the following:
- If you want to install one of the pre-installed file security levels (High, Recommended, or Low), use the slider to select one.
- If you want to configure a custom file security level, click the Settings button and, in the File Anti-Virus window that opens, enter your settings.
After you configure a custom file security level, the name of the file security level in the Security level section changes to Custom.
- If you want to change the file security level to Recommended, click the Default button.
- To save changes, click the Save button.
Changing the File Anti-Virus action to take on infected files
To change the File Anti-Virus action on infected files using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Action on threat detection section, select the required option:
- Select action automatically.
- Perform action: Disinfect. Delete if disinfection fails.
- Perform action: Disinfect.
- Perform action: Delete.
- Perform action: Block.
The Select action automatically option is selected by default. The application performs the default action defined by Kaspersky experts: Disinfect. Delete if disinfection fails option is selected by default.
Regardless of the option selected, Kaspersky Security application applies the Delete action to the files that are part of the Windows Store application.
When files are deleted or disinfected, their copies are saved in Backup.
- Click the Apply button.
To change the File Anti-Virus action on infected files in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select File Anti-Virus.
In the right part of the window, the File Anti-Virus component's settings are displayed.
- In the Action on threat detection section, select the required option:
- Select action automatically.
- Perform action: Disinfect. Delete if disinfection fails.
- Perform action: Disinfect.
- Perform action: Delete.
- Perform action: Block.
The Select action automatically option is selected by default. The application performs the default action defined by Kaspersky experts: Disinfect. Delete if disinfection fails option is selected by default.
Regardless of the option selected, Kaspersky Security application applies the Delete action to the files that are part of the Windows Store application.
When files are deleted or disinfected, their copies are saved in Backup.
- To save changes, click the Save button.
Editing the protection scope of File Anti-Virus
The protection scope refers to the objects that the component scans during its operation. The protection scopes of different components have different properties. The location and type of files to be scanned are properties of the protection scope of File Anti-Virus. By default, File Anti-Virus scans only
that are stored on hard drives, removable drives, and network drives of a virtual machine. You can expand or restrict the protection scope by adding or removing scan objects, or by changing the type of files to be scanned.To create the File Anti-Virus protection scope in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the File Anti-Virus window that opens, on the General tab, in the File types section, specify the types of files you want to scan using File Anti-Virus:
- If you want to scan all files, select All files.
- Select Files scanned by format if you want to scan files of the formats that, according to Kaspersky experts, are currently most susceptible to infection.
- Select Files scanned by extension if you want to scan files with extensions that, according to Kaspersky experts, are currently most susceptible to infection.
When selecting the type of files to scan, remember the following information:
- There are some file formats (such as .txt) for which the probability of intrusion of malicious code and its subsequent activation is quite low. At the same time, there are file formats that contain or may contain executable code (such as .exe, .dll, and .doc). The risk of intrusion and activation of malicious code in such files is quite high.
- An intruder can send a virus or other malware to your virtual machine in an executable file that has had its extension changed to .txt. If you select scanning of files by extension, such a file is skipped by the scan. If scanning of files by format is selected, then regardless of the extension, File Anti-Virus analyzes the file header. This analysis may reveal that the file is in .exe format. Such a file is thoroughly scanned for viruses and other malware.
- The list of scanned extensions and the list of scanned file formats are changed dynamically in order to match the current need to maintain your virtual machine security.
- In the Protection scope section, create the File Anti-Virus protection scope.
- To add a new object to the list of objects to be scanned:
- Click the Add button.
- In the Select object window that opens, select an object and click Add.
- Click OK.
All objects that are selected in the Select object window are displayed in the File Anti-Virus window, in the Protection scope list.
- To change the path to an object:
- Select the object in the list of objects and click Edit.
- In the Select object window that opens, in the Object field, specify another path to the object and click OK.
- To remove an object from the protection scope:
- Select the object in the list of objects and click Delete.
- In the removal confirmation window, click Yes.
- To exclude an object from the protection scope without removing it, clear the check box next to the object in the Protection scope list. The object remains on the list of objects to be scanned, though it is excluded from scanning by File Anti-Virus.
- To add a new object to the list of objects to be scanned:
- Click OK in the File Anti-Virus window.
- Click the Apply button.
To create the File Anti-Virus protection scope in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select File Anti-Virus.
In the right part of the window, the File Anti-Virus component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–9 of the previous instructions.
- To save changes, click the Save button.
Scanning of compound files by File Anti-Virus
A common technique of concealing viruses and other malware is to implant them in compound files, such as archives or databases. To detect viruses and other malware that are hidden in this way, the compound file has to be unpacked, which may slow down scanning. You can limit the set of compound files to be scanned, thus speeding up scanning.
To configure scanning of compound files using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the File Anti-Virus window that opens, on the Performance tab, in the Scan compound files section, specify the types of compound files that you want to scan: archives, self-extracting archives, or embedded OLE objects by selecting the corresponding check boxes.
- If you want File Anti-Virus to scan only new and changed compound files of all types, in the Scan optimization section, select the Scan only new and modified files check box.
If the Scan only new and modified files check box is not selected, in the Scan compound files section you can specify for each type of compound file whether to scan all files of this type or only new ones. To make your choice, click the all / new link next to the name of a type of compound file. This link changes its value after you click it.
- Click the Additional button.
- In the Compound files window that opens, in the Background scan section, do one of the following:
- If you want File Anti-Virus to unpack large-sized compound files in background mode, select the Unpack compound files in background mode check box and specify the required value in the Minimum file size field.
- If you do not want File Anti-Virus to unpack compound files in background mode, clear the Unpack compound files in background mode check box.
- In the Size limit section, do one of the following:
- If you want File Anti-Virus to unpack large-sized compound files, clear the Do not unpack large compound files check box.
- If you do not want File Anti-Virus to unpack large-sized compound files, select the Do not unpack large compound files check box and specify the required value in the Maximum file size field.
A file is considered large if its size exceeds the value in the Maximum file size field.
File Anti-Virus scans large-sized files that are extracted from archives, regardless of whether or not the Do not unpack large compound files check box is set.
- In the Compound files window, click OK.
- Click OK in the File Anti-Virus window.
- Click the Apply button.
To configure scanning of compound files in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select File Anti-Virus.
In the right part of the window, the File Anti-Virus component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–13 of the previous instructions.
- To save changes, click the Save button.
Optimizing file scanning by File Anti-Virus
You can optimize the file scanning that is performed by File Anti-Virus, thereby reducing the scan time and improving the performance of the application. This can be achieved by scanning only new files and those files that have been modified since the previous scan. This mode applies both to simple and to compound files.
To optimize file scanning using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the File Anti-Virus window that opens, on the Performance tab, in the Scan optimization section, select the Scan only new and modified files check box.
- Click OK in the File Anti-Virus window.
- Click the Apply button.
To optimize file scanning in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select File Anti-Virus.
In the right part of the window, the File Anti-Virus component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–8 of the previous instructions.
- To save changes, click the Save button.
Changing the scan mode
Scan mode means the condition under which File Anti-Virus starts to scan files. By default, File Anti-Virus scans files in smart mode. In this file scan mode, File Anti-Virus decides whether or not to scan files after analyzing operations that are performed with the file by you, by an application on behalf of you or a different user (under the account credentials that were used to log in to the operating system), or by the operating system. For example, when a Microsoft Office Word document is used, File Anti-Virus scans the file when it is first opened and last closed. Intermediate operations that overwrite the file do not cause it to be scanned.
To change the file scan mode using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the File Anti-Virus window that opens, on the Additional tab, in the Scan mode section, select the required mode:
- Smart mode.
- On access and modification.
- On access.
- On execution.
- Click OK in the File Anti-Virus window.
- Click the Apply button.
To change the file scan mode in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select File Anti-Virus.
In the right part of the window, the File Anti-Virus component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–8 of the previous instructions.
- To save changes, click the Save button.
Using of Heuristic Analyzer with File Anti-Virus
File Anti-Virus uses a technique called signature analysis. During signature analysis, File Anti-Virus matches the detected object with records in application databases. Following the recommendations of Kaspersky experts, signature analysis is always enabled.
For increasing the effectiveness of protection you can use heuristic analysis. During heuristic analysis, File Anti-Virus analyzes the activity of objects in the operating system. Heuristic analysis can detect new malicious objects for which there are currently no records in the application database.
To configure the use of Heuristic Analyzer in the operation of File Anti-Virus using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the File Anti-Virus window that opens, on the Performance tab, in the Scan methods section, do one of the following:
- If you want File Anti-Virus to use heuristic analysis, select the Heuristic Analysis check box and use the slider to set the heuristic analysis level: Light, Medium, or Deep.
- If you do not want File Anti-Virus to use heuristic analysis, clear the Heuristic Analysis check box.
- Click OK in the File Anti-Virus window.
- Click the Apply button.
To configure the use of Heuristic Analyzer in the operation of File Anti-Virus in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select File Anti-Virus.
In the right part of the window, the File Anti-Virus component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–8 of the previous instructions.
- To save changes, click the Save button.
Using of iSwift technology in the operation of File Anti-Virus
You can enable the use of the iSwift technology, which optimizes the speed of file scanning by excluding files that have not been modified since the most recent scan.
To configure the use of iSwift technology in the operation of File Anti-Virus using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the File Anti-Virus window that opens, on the Additional tab, in the Scan technology section, do one of the following:
- Select the iSwift technology check box to use File Anti-Virus with this technology enabled.
- Clear the iSwift technology check box to use File Anti-Virus with this technology disabled.
- Click OK in the File Anti-Virus window.
- Click the Apply button.
To configure the use of iSwift technology in the operation of File Anti-Virus in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select File Anti-Virus.
In the right part of the window, the File Anti-Virus component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–8 of the previous instructions.
- To save changes, click the Save button.