Custom scan task settings

This section provides information about the settings you can specify for the custom scan task.

All available values and default values for each setting are described.

ScanArchived

Enables / disables scanning of archives (including SFX self-extracting archives). Kaspersky Endpoint Security detects threats in archives but does not disinfect them. the following archive types are supported: .zip; .7z*; .7-z; .rar; .iso; .cab; .jar; .bz;.bz2;.tbz;.tbz2; .gz;.tgz; .arj.

Available values:

Yes—Scan archives.

No—Do not scan archives.

Default value: Yes.

ScanSfxArchived

Enables / disables scanning of self-extracting archives only (archives that contain an executable extraction module).

Available values:

Yes—Scan self-extracting archives.

No—Do not scan self-extracting archives.

Default value: Yes.

ScanMailBases

Enables / disables scanning of email databases of Microsoft Outlook®, Outlook Express, The Bat! and other mail clients.

Available values:

Yes—Scan files of email databases.

No—Do not scan files of email databases.

Default value: No.

ScanPlainMail

Enables / disables scanning of plain text email messages.

Available values:

Yes—Scan plain text email messages.

No—Do not scan plain text email messages.

Default value: No.

UseSizeLimit

Enables / disables use of the SizeLimit setting (maximum size of an object to be scanned).

Available values:

Yes—Apply the SizeLimit parameter.

No—Do not apply the SizeLimit parameter.

Default value: No.

SizeLimit

Specifies the maximum size of an object to be scanned (in megabytes). If an object to be scanned is larger than the specified value, Kaspersky Endpoint Security skips the object.

This setting is used together with the UseSizeLimit setting.

Available values:

0 – 999,999.

0—Kaspersky Endpoint Security scans objects of any size.

Default value: 0.

UseTimeLimit

Enables / disables use of the TimeLimit setting (maximum duration of an object scan).

Available values:

Yes—Аpply the TimeLimit parameter.

No—Do not apply the TimeLimit parameter.

Default value: No.

TimeLimit

Specifies maximum duration for the object scan (in seconds). Kaspersky Endpoint Security stops scanning an object if it takes longer than the number of seconds specified by this parameter.

This setting is used together with the UseTimeLimit setting.

Available values:

0-9999.

0—The object scan duration is unlimited.

Default value: 0.

FirstAction

Selection of the first action to be performed by Kaspersky Endpoint Security on infected objects.

Available values:

Cure (disinfect)—Kaspersky Endpoint Security attempts to disinfect an object by saving a copy of it in Storage. If disinfection fails (for example, if the type of object or the type of threat in the object cannot be disinfected) Kaspersky Endpoint Security leaves the object unchanged. If the first action is set to Cure, it is recommended to specify the second action using the SecondAction setting.

Remove—Kaspersky Endpoint Security removes the infected object after first creating a backup copy of it.

Recommended (perform recommended action)—Kaspersky Endpoint Security automatically selects and performs an action on the object based on information about the threat detected in the object. For example, Kaspersky Endpoint Security immediately removes Trojans since they do not incorporate themselves into other files and therefore they do not need to be disinfected.

Skip—Kaspersky Endpoint Security does not attempt to disinfect or delete an infected object. Information about the infected object is logged.

Default value: Recommended.

SecondAction

Selection of the second action to be performed by Kaspersky Endpoint Security on infected objects. Kaspersky Endpoint Security performs the second action if the first action fails.

The values of the SecondAction setting are the same as the values of the FirstAction setting.

If Skip or Remove is selected as the first action, a second action does not need to be specified. It is recommended to specify two actions in other cases. If you have not specified a second action, Kaspersky Endpoint Security applies Skip as the second action.

Default value: Skip.

UseExcludeMasks

Enables / disables the scan exclusion of objects specified using the ExcludeMasks setting.

Available values:

Yes—Exclude objects specified by the ExcludeMasks setting.

No—Do not exclude objects specified by the ExcludeMasks setting.

Default value: No.

ExcludeMasks

Excludes objects from scanning by name or mask. You can use this setting to exclude an individual file from the specified scan scope by name or exclude several files at once using masks in command shell format.

The default value is not defined.

Example:

UseExcludeMasks=Yes

ExcludeMasks.item_0000=eicar1.*

ExcludeMasks.item_0001=eicar2.*

UseExcludeThreats

Enables or disables the scan exclusion of objects with threats specified using the ExcludeThreats setting.

Available values:

Yes—Exclude from scanning the objects containing threats specified using the ExcludeThreats setting.

No—Do not exclude from scanning the objects containing threats specified using the ExcludeThreats setting.

Default value: No.

ExcludeThreats

Excludes objects from scanning by the name of the threats detected in them. Before specifying a value for this setting, make sure that the UseExcludeThreats setting is enabled.

In order to exclude a single object from scanning, specify the full name of the threat detected in this object – the Kaspersky Endpoint Security string with the verdict that the object is infected.

E.g., you may be using a utility to collect information about your network. To keep Kaspersky Endpoint Security from blocking it, add the full name of the threat contained in it to the list of threats excluded from scanning.

You can find the full name of the threat detected in the object in the Kaspersky Endpoint Security log. You can also find the full name of the threat on the website of the Virus Encyclopedia (). To find the name of a threat, enter the application name in the Search field.

The setting value is case-sensitive.

The default value is not defined.

Example:

UseExcludeThreats=Yes

ExcludeThreats.item_0000=EICAR-Test-*

ExcludeThreats.item_0001=?rojan.Linux

ReportCleanObjects

Enables / disables logging of information about scanned objects that Kaspersky Endpoint Security has deemed non-infected.

You can enable this setting, for example, to make sure that a particular object has been scanned by Kaspersky Endpoint Security.

Available values:

Yes—Log information about non-infected objects.

No—Do not log information about non-infected objects.

Default value: No.

ReportPackedObjects

Enables / disables logging of information about scanned objects that are part of compound objects.

You can enable this setting, for example, to make sure that an object within an archive has been scanned by Kaspersky Endpoint Security.

Available values:

Yes—Log information about scanning objects within archives.

No—Do not log information about scanning objects within archives.

Default value: No.

ReportUnprocessedObjects

Enables / disables the logging of information about unscanned objects.

Available values:

Yes—Log information about unscanned objects.

No—Do not log information about unscanned objects.

Default value: No.

UseAnalyzer

Enables / disables Heuristic Analyzer. Heuristic analysis enables the application to detect new threats even before they become known to virus analysts.

Available values:

Yes—Enable Heuristic Analyzer.

No—Disable Heuristic Analyzer.

Default value: Yes.

HeuristicLevel

Heuristic analysis level.

You can specify the heuristic analysis level. The heuristic analysis level sets the balance between the thoroughness of searches for threats, the load on the operating system's resources, and the scan duration. The higher the heuristic analysis level, the more resources and time are required for scanning.

Available values:

Light—The least thorough scan with minimal load on the system.

Medium—Medium heuristic analysis level with a balanced load on the operating system.

Deep—The most thorough scan with maximal load on the operating system.

Recommended—Recommended value.

Default value: Recommended.

UseIChecker

Enables / disables the use of iChecker technology.

Available values:

Yes—Enable use of iChecker technology.

No—Disable use of iChecker technology.

Default value: Yes.

ScanByAccessType

You can use this setting to specify the real-time protection mode. The ScanByAccessType setting is applied only in real-time protection tasks.

Available values:

SmartCheck—Scan a file when there is an attempt to open it, and scan it again when there is an attempt to close it if the file has been modified. If a process accesses an object multiple times in the course of its operation and modifies it, the application scans the object again only when the process closes it for the last time.

OpenAndModify—Scan a file when there is an attempt to open it, and scan it again when there is an attempt to close it if the file has been modified.

Open—Scan the file when an attempt is made to open it for reading or for execution or modification.

Default value: SmartCheck.

The [ScanScope.item_#] section contains the following settings:

AreaDesc

Description of the scan scope, which contains additional information about the scan scope. The maximum length of the string specified using this setting is 4096 characters.

Default value: All objects.

Example:

AreaDesc="Scan mail databases"

UseScanArea

This setting enables / disables scanning of the specified scope. To run the task, you must include at least one area to scan.

Available values:

Yes—Scan the specified scope.

No—Do not scan the specified scope.

Default value: Yes.

AreaMask

You can use this setting to restrict the scan scope.

In the scan scope, Kaspersky Endpoint Security scans only the files that are indicated using command shell masks.

If this setting is not specified, Kaspersky Endpoint Security scans all objects in the scan scope. You can specify several values for this setting.

Default value: * (scan all objects).

Example:

AreaMask=*doc

Path

You can use this setting to specify the path to objects to scan.

The value of the Path setting consists of two elements: <file system type>:<access protocol>. It may also contain the path to the directory in the local file system.

Available values:

<path to local directory>—Scan objects in the specified directory.

Shared:NFS—Scan the computer's file system resources that are accessible via the NFS protocol.

Shared:SMB—Scan the computer's file system resources that are accessible via the SMB protocol.

AllRemoteMounted—Scan all remote directories mounted on the computer using the SMB and NFS protocols.

AllShared—Scan all of the computer's file system resources shared via the SMB and NFS protocols.

The [ExcludedFromScanScope.item_#] section contains the following settings:

AreaDesc

Description of the scan exclusion scope. Contains additional information about the exclusion scope.

The default value is not defined.

Example:

AreaDesc="Exclude separate SAMBA"

UseScanArea

This setting enables / disables scanning of the specified scope.

Available values:

Yes—Excludes the specified scope.

No—Does not exclude the specified scope.

Default value: Yes.

Path

You can use this setting to specify the path to objects excluded from scanning.

The value of the Path setting consists of two elements: <file system type>:<access protocol>. It may also contain the path to the directory in the local file system.

Available values:

<path to local directory>—Exclude objects in the specified directory from scanning.

Shared:NFS—Exclude the computer's file system resources that are accessible via the NFS protocol.

Shared:SMB—Exclude the computer's file system resources that are accessible via the Samba protocol.

AllRemoteMounted—Exclude all remote directories mounted on the computer using the SMB and NFS protocols.

AllShared—Exclude all of the computer's file system resources shared via the SMB and NFS protocols.

Page top