File Anti-Virus

Document Sample
File Anti-Virus Powered By Docstoc
					   Internet Security 2012




File Anti-Virus
Kaspersky Internet Security 2012


  Table of Contents
    File Anti-Virus ............................................................................................................................... 2
       What is File Anti-Virus ............................................................................................................... 2
       Enabling/Disabling File Anti-Virus ............................................................................................. 2
       Operating algorithm of File Anti-Virus ........................................................................................ 3
       Security levels of File Anti-Virus ................................................................................................ 3
       Actions to be performed by File Anti-Virus on detected threats ................................................. 4
       Customizing security level in File Anti-Virus .............................................................................. 7




                                                                                                                                     1 | 19
Kaspersky Internet Security 2012

  File Anti-Virus
  What is File Anti-Virus
  The file system may contain viruses and other malicious programs. Such malware may reside in
  your file system for several years having once intruded your computer and not reveal themselves.
  However once you open an infected file or, for example, try to copy it on the disk, the virus will
  reveal itself.
  The File Anti-Virus component monitors the computer file system and prevents infection of the
  computer's file system. The component starts upon startup of the operating system, continuously
  remains in the computer's RAM, and scans all files being opened, saved, or launched on your
  computer and all connected drives.

  Enabling/Disabling File Anti-Virus
  To enable/disable File Anti-Virus, perform the following actions:
     1. Open the application settings window.
     2. In the left part of the Settings window in the Protection Center section select File Anti-
        Virus from the list of components.
     3. In the right part of the window perform the following actions:
        ► To enable the component, check the Enable File Anti-Virus box.
        ► To disable the component, uncheck the Enable File Anti-Virus box.




     4. In the Settings window click the Apply button.




                                                                                          2 | 19
Kaspersky Internet Security 2012

  Operating algorithm of File Anti-Virus
  By default, File Anti-Virus operates according to the following algorithm:
     ► File Anti-Virus scans iChecker and iSwift databases (you can read about these
        technologies in the documentation to this video – a download link is available under the
        video window) or information about the intercepted file, and determines if it should scan the
        file, based on the information retrieved.
     ► The file is scanned for viruses. Based on the analysis, File Anti-Virus performs one of the
        following actions:
             ► If malicious code is detected in the file, File Anti-Virus blocks the file, creates a
                backup copy and attempts to perform disinfection. If the file is successfully
                disinfected, it becomes available again. If disinfection fails, the file is deleted.
             ► If potentially malicious code is detected in the file, the file proceeds to disinfection
                and then is sent to the special storage area called Quarantine.
             ► If no malicious code is discovered in the file, it is immediately restored.

  Security levels of File Anti-Virus
  The security level is defined as a preset configuration of the File Anti-Virus component settings
  which provide a protection level to files and system memory. Kaspersky Lab specialists
  distinguish three security levels. The decision of which level to select should be made by the user
  based on the current situation.
      ► High. Set this level if you suspect that your computer has a high chance of being infected.
      ► Recommended. This level provides an optimum balance between the efficiency and
         security and is suitable for most cases.
      ► Low. If you work in a protected environment (for example, in a corporate network with
         centralized security management), the low security level may be suitable.
  To change the security level, perform the following actions:
     1. In the right part of the Settings window of the File Anti-Virus component set a security
        level by dragging the vertical slider to the required position.




     2. In the Settings window click the Apply button.

                                                                                            3 | 19
Kaspersky Internet Security 2012

  Actions to be performed by File Anti-Virus on detected threats
  Default actions
  By default program chooses the actions on detected objects itself.
  If as a result of scan the program failed to define whether the object is infected or not, the object is
  quarantined. Quarantine is a special storage, which contains objects that can be infected
  viruses. Objects in the quarantine cannot harm your computer.
  If as a result of the scan object is given the status of malicious software, File Anti-Virus will try to
  disinfect it. If the disinfection is impossible, the object is deleted.

  Before disinfecting or deleting of the object KIS 2012 creates its backup in case there is necessity
  to restore the object or in case the way to disinfect the object turns up. The storage period for a
  backup copy makes 30 days.

  Actions set by the user
  You can set the action to be performed on detected threats by yourself. File Anti-Virus can
  perform the following actions on detected threats:
     ► Disinfect;
     ► Delete;
     ► Delete if disinfection fails (appears if Disinfect option is enabled).




  If the Disinfect variant is selected, the program functions the following way:
       ► If the object can be disinfected, it will be disinfected and will return to the user.
       ► If as a result of scan the program failed to define whether the object is infected or not, the
          object is quarantined. If the option to scan quarantined files after each database update is
          enabled, then when a new disinfection signature is received the quarantined object can be
          disinfected and returned to the user.
       ► If the virus status is assigned to the object and its disinfection is impossible, the object is
          blocked and is added to the report about detected threats. If you want infected objects
          which cannot be disinfected would be deleted check the Delete if disinfection fails box
          (the box appears if the Disinfect option is enabled).


                                                                                               4 | 19
Kaspersky Internet Security 2012

  You can select only the Delete variant, but in this case all objects will be deleted, even if they
  could be available for the user after disinfection.




  In order to select the necessary action, check the box next to the action and click the Apply button
  to save the changes.
  Kaspersky Lab specialists recommend to select the following actions for the detected threats:
      ► Disinfect;
      ► Delete if disinfection fails.
  In this case the program will perform the following actions over an object:
      ► Disinfect, if disinfection is possible. After disinfection you can continue your work with the
          object.
      ► Quarantine, if the program failed to define if the object is infected or not. If the option to
          scan quarantined files after each database update is enabled, then when a new disinfection
          signature is received the quarantined object can be disinfected and returned to the user.
      ► Delete, if the virus status is assigned to the object and its disinfection is impossible.

  Actions for each object
  You can also specify File Anti-Virus actions for every detected object individually. For this enable
  interactive mode the following way:
     1. In the left of the Settings window go to the General Settings subsection.
     2. In the Interactive protection section, uncheck the Select action automatically box.
     3. In the Settings click the Apply button.




                                                                                              5 | 19
Kaspersky Internet Security 2012




  Interactive mode is enabled for the entire application. That is why when interactive mode is
  enabled you will have to define an action for each object detected by any KIS 2012 component.

  How to specify action on detected threats
  To specify an action on detected threats, please do the following:
     1. In the left part of the Settings window select the File Anti-Virus component.
     2. Make sure the Enable File Anti-Virus box is enabled in the right part of the window.
     3. In the Action on threat detection section select an action on detected threats:
        ► Prompt for action.
        ► Select action:
            ► Disinfect.
            ► Delete (Delete if disinfection fails).

     4. In the Settings click the Apply button.

  If you have selected the Select action variant and have not selected any action, File Anti-Virus
  will block dangerous objects and quarantine then, notifying the user of its actions.




  The Delete if disinfection fails box appears only if the Disinfect box is enabled.




                                                                                          6 | 19
Kaspersky Internet Security 2012




  Customizing security level in File Anti-Virus
  To fine-tune the File Anti-Virus settings, in the Security level section click the Settings button.




  The File Anti-Virus window will open.

  Selecting file types scanned by File Anti-Virus
  In the File Anti-Virus window on the General tab you can set/ select file types to be scanned by
  File Anti-Virus. By default File Anti-Virus scans only potentially infected files (files into which a
  virus can penetrate), started on all hard, removable and network drives.
  You can select on your own the file types which should be scanned by File Anti-Virus for viruses.




                                                                                            7 | 19
Kaspersky Internet Security 2012

  The following file types can be set for scan:
     ► All files – File Anti-Virus analyzes all files irrespective of their name (for example, “press-
         release”) or extension (for example, «.doc»).
     ► Files scanned by format — File Anti-Virus scans the internal header of a file to determine
         the file format (.txt, .doc, .exe, etc.). If the analysis shows that such file format cannot be
         infected, the file is not scanned and is returned to the user. If a file format is infectable, such
         file is scanned for viruses;
     ► Files scanned by extension – File Anti-Virus scans files respective of their extension (for
         example, files with the extensions .com, .exe, .sys, .bat, .dll and etc). The file format is
         determined based on its extension. A file extension helps the user and software define the
         type of data in the file.




  When selecting the file type scanned by File Anti-Virus, consider the following peculiarities. For
  example, the cybercriminal can send a virus to your computer with a txt extension, though in
  reality such file can be executable, renamed into a txt-file.
  If the Files scanned by extension option is selected, then during scan such file will be skipped.
  If the Files scanned by format option is selected, then in spite of the extension File Anti-Virus
  will analyze the file header. In the result of scan it will become clear that the file has an exe-format.
  Such file will be scanned for viruses.




                                                                                                8 | 19
Kaspersky Internet Security 2012

  Selecting location of files scanned by File Anti-Virus
  You can also specify location of the scanned files in the Protection scope section. In order to add
  a new object to the scan scope, perform the following actions:
     1. In the File Anti-Virus window click the Add link.




     2. In the Select object to scan window select an object and click the Add button.




     3. Once you have added all the necessary objects, in the Select object to scan window click
        the OK button.
     4. In the File Anti-Virus window click the OK button.




                                                                                          9 | 19
Kaspersky Internet Security 2012

  Scan methods of File Anti-Virus
  By default, File Anti-Virus scans objects using signature analysis (bases with the description of
  known threats and their disinfection methods). The component compares the object under scan
  with the records in the base and defines whether the object is malicious. Since new malicious
  objects appear daily, there is always some malware which are not described in the databases, and
  which can only be detected using heuristic analysis. This method presumes the analysis of the
  actions an object performs within the system. If its actions are typical of malicious objects, the
  object is likely to be classed as malicious or suspicious.
  In order to configure heuristic analysis, perform the following actions:
      1. In the File Anti-Virus window go to the Performance tab.
      2. In the Heuristic Analyzer section specify the detail level 1 for scan moving the horizontal
         slider to the necessary position.
      3. Click the OK button.




  Optimization of files scan
  To reduce the scan time and accelerate the application operation, you can configure scan of only
  new and recently changed files, which were modified after the previous scan. For this, perform the
  following actions:
      1. In the File Anti-Virus window go to the Performance tab.
      2. In the Scan optimization section check the Scan only new and changed files box.




  1
   The higher the detail level is, the more resources and time are needed for scan, however the more thorough the
  analysis will be.


                                                                                                         10 | 19
Kaspersky Internet Security 2012




     3. Click the OK button.

  Setting scan of compound files
  A compound file is structured storage for several other files. Examples of compound files are
  archives and OLE-objects. A common method of concealing viruses is to embed them into
  compound files (archives). To detect viruses that are hidden in this way a compound file should be
  unpacked, which can significantly lower the scan speed.
  To enable scan of archives, perform the following actions:
     1. In the File Anti-Virus window go to the Performance tab.
     2. In the Scan of compound files section, check the Scan archives box.




                                                                                         11 | 19
Kaspersky Internet Security 2012




      3. Click the OK button.
  Installer packages (files to install software) and files containing OLE objects (objects (images,
  texts, tables, drawings) created in one program but which can be opened using other programs)
  are executed when they are opened, which makes them more dangerous than archives.
  To enable scan of installer packages and embedded OLE-objects, perform the following actions:
     1. In the File Anti-Virus window on the Performance tab in the Scan of compound files
        section, check the corresponding boxes.
     2. Click the OK button.




                                                                                          12 | 19
Kaspersky Internet Security 2012

  When large compound files are scanned, their preliminary unpacking may take a long period of
  time. This period can be reduced by enabling unpacking of compound files in background mode
  (while the user is working with other programs). If a malicious object is detected when processing
  such a file, File Anti-Virus will notify you of this.
  To scan compound files in background mode, perform the following actions:
     1. In the File Anti-Virus window on the Performance tab in the Scan of compound files
        section, click the Additional button.




     2. In the Compound files window check the Extract compound files in the background
        box.
     3. In the Minimum file size field specify the minimum file size to be scanned in the
        background. Files of smaller size are scanned in the normal mode.




                                                                                            13 | 19
Kaspersky Internet Security 2012




  To reduce access time to compound files, you can disable extracting of files whose size exceeds
  the specified value. For this, perform the following actions:
     1. In the Size limit section specify the maximum file size to be scanned. The setting is not
        applied to scan of files extracted from archives.
     2. Click the OK button.




                                                                                          14 | 19
Kaspersky Internet Security 2012

  Scan modes of File Anti-Virus
  You can select one of four scan modes in File Anti-Virus:
      ► Smart mode.
      ► On access and modification (the application scans objects when they are opened or
         modified).
      ► On access (the application scans objects only when they are attempted to open).
      ► On execution (the application scans objects only when they are attempted to run).
  By default, KIS 2012 uses smart mode, which determines if the object is subject to scan, based
  on the actions performed on it. For example, when working with a Microsoft Office document,
  File Anti-Virus scans the file when it is first opened and last closed. Intermediate operations that
  overwrite the file do not cause it to be scanned.
  To set a scan mode, perform the following actions:
     1. In the File Anti-Virus window go to the Additional tab.
     2. In the Scan mode section select the required scan mode.




     3. Click the OK button.

  iSwift и iChecker scan technologies
  Intellectual technologies iChecker and iSwift allow accelerating work of File Anti-Virus.
  Technologies achieve the highest efficiency sometime after installation of the product. These
  technologies add to each other thus accelerating anti-virus scan of various objects in different file
  and operating systems.
  During the first scan with iChecker technology the check sum of an object is saved. Check sum is
  a unique digital signature of an object (file) that allows identifying this object (file). Check sum
  changes every time the object is modified. This information is saved in a special table. During the
  next scan of an object the previous and current check sums are compared. If the check sum is
  different the object should be scanned for a malicious code once again, if the check sum is the
  same, the object is not scanned.


                                                                                            15 | 19
Kaspersky Internet Security 2012

  The iChecker technology works with limited number of formats such as exe, dll, lnk, ttf, inf, sys,
  com, chm, zip, rar and does not scan files larger than 4 GB, as in such cases it is quicker to scan
  the whole file, than to calculate its check sums.
  The iSwift technology has been developed for NTFS file system. In this system NTFS-identifier is
  given to each object. This NTFS-identifier is compared with the values in the special iSwift
  database. This algorithm considers the previous scan date. If from the moment of the first scan to
  the last scan the same period or more passed then the object will be re-scanned. The object will
  be also scanned in the case of the object settings were changed to stricter ones.
  The technology is connected to a definite file location in the file system. If the file was
  copied/relocated then it is scanned again.
  In order to enable the use of iSwift and iChecker technologies, perform the following actions:
     1. In the File Anti-Virus window go to the Additional tab.
     2. In the Scan technologies section check the boxes iSwift technology and iChecker
        technology.




     3. Click the OK button.

  Pausing File Anti-Virus
  When carrying out resource-intensive works, you can pause File Anti-Virus. To reduce workload
  and ensure quick access to objects, you can configure automatic pausing of the component at a
  specified time. For this, perform the following actions:
     1. In the File Anti-Virus window go to the Additional tab.
     2. In the Pause task section check the By schedule box.
     3. Click the Schedule button.




                                                                                          16 | 19
Kaspersky Internet Security 2012




     4. In the Pausing the task window in the fields Pause and Resume task at define the time
        interval during which the component will remain inactive.




     5. Click the OK button.
    6. In the File Anti-Virus window click the OK button.
  Additionally to disabling File Anti-Virus on schedule, you can configure disabling File Anti-Virus
  when handling specified programs. For this, perform the following actions:
     1. In the File Anti-Virus window go to the Additional tab.
     2. In the Pause task section check the At application startup box.
     3. Click the Select button.




                                                                                          17 | 19
Kaspersky Internet Security 2012




     4. In the Applications window click the Add link. Next, perform the following actions:
        ► Select an application from the Applications list;
            or
        ► Click Browse and select an application using the browser window.




     5. Having created the list of applications, click the OK button in the Applications window.
     6. In the File Anti-Virus window click the OK button.




                                                                                          18 | 19
Kaspersky Internet Security 2012

  Rollback to default settings of File Anti-Virus
  You can always roll back to default File Anti-Virus settings. For this perform the following actions:
     1. Close the File Anti-Virus window.
     2. In the Settings window in the Security level section click the Default level button.




     3. Click the OK button to save the made changes.




                                                                                            19 | 19

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:8
posted:8/25/2011
language:English
pages:20