Kaspersky Standard | Plus | Premium
Linux
English

How to configure File Threat Protection

File Threat Protection component prevents infection of the device file system. The component is enabled automatically with the default settings when the Kaspersky application starts. It resides in the device operating memory and scans all files that are opened, saved, and executed in real time.

Upon detecting malware, the Kaspersky application can remove the infected file and terminate the malware process started from this file.

The operation of the component is affected by the file operation interception mode, which you can select in the general settings of the application. By default, access to the file is blocked for the duration of the scan.

On the command line, you can manage File Threat Protection using the File Threat Protection predefined task (File_Threat_Protection).

The File Threat Protection task is started by default. You can start and stop this task, as well as modify its settings manually.

To start and stop the File Threat Protection task on the command line, you need the privileges of the Administrator role.

By modifying the settings of the File Threat Protection predefined task, you can:

  • Select the file scan mode (when opened, or when opened and modified).
  • Enable or disable scanning of archives, mail databases, email messages in text format.
  • Temporarily exclude files in text format from rescans.
  • Limit the size of an object to be scanned and the duration of the object scan.
  • Select the actions to be performed by the application on the infected objects.
  • Configure the scan scopes. The application will scan objects in the specified area of the file system.
  • Configure exclusions of objects from scans. A scan exclusion is a set of conditions. When these conditions are met, the application does not scan the objects for viruses and other malware. You can exclude the following from scans:
    • Objects by name or mask
    • Objects by the name of the threats detected in them
    • Files and directories in specified areas of the file system
    • Processes and files being modified by the specified process
  • Configure the use of the heuristic analyzer and iChecker technology during a scan.
  • Enable or disable the logging of information about scanned non-infected objects, about scanning objects in archives, and about unprocessed objects.

On the command line, you can view information about detected threats and check the current status of the task.

To optimize the File Threat Protection component, you can exclude from scans any files being copied from network directories. Files are scanned only after the process of copying to a local directory is finished. To exclude files located in network directories from scans, configure exclusion based on processes for the utility used for copying from network directories (for example, for the cp utility). You can configure an exclusion by process by adding an [ExcludedForProgram.item_#] section to the settings of the OAS task.

In the application interface, you can manage File Threat Protection using the File Threat Protection component.

The application interface allows you to:

  • Enable or disable the File Threat Protection component.
  • Observe the operation of the component.
  • View pop-up notifications about detected threats; in these notifications, you can click the Open Reports link to navigate to application component reports and scan task results.
  • View reports of the File Threat Protection component.

    The statistics of the File Threat Protection component are displayed in the report in the Statistics section.

In this Help section

File Threat Protection task settings

How to optimize the scanning of network directories
Article ID: 285961, Last review: Apr 9, 2025
Page top