Kaspersky Standard | Plus | Premium
Linux
English

Contents

How to configure the Malware Scan

Malware Scan is a one-time full or custom file scan on the device performed on demand. The Kaspersky application can run multiple Malware Scan tasks at the same time.

A Malware Scan (Scan_My_Computer) predefined task is created in the application. You can use this task to perform a full scan of the device. During a full scan, the application scans all objects located on the device's local drives, as well as all mounted and shared objects that are accessed via Samba or NFS protocols with the recommended security settings.

During a full disk scan, the processor is busy. It is recommended to run the full scan task when the business is idle.

You can configure the settings of automatically created tasks on the command line, and also create Malware Scan user tasks.

Upon detecting malware, the Kaspersky application can remove the infected file and terminate the malware process started from this file.

If during execution of the malware scan task the application was restarted by a control service or manually by the user, the task will be stopped. The application logs the OnDemandTaskInterrupted event.

By modifying the settings of malware scan tasks, you can:

  • Select operating system objects to scan: files, directories, archives, boot sectors, process memory and kernel memory, startup objects.
  • Limit the size of an object to be scanned and the duration of the object scan.
  • Select the actions to be performed by the application on the infected objects.
  • Configure exclusions of objects from scans:
    • by name or mask
    • by the name of the threats detected in the objects
  • Enable or disable global exclusions and File Threat Protection exclusions when scanning.
  • Enable or disable the logging of information about scanned non-infected objects, about scanning objects in archives, and about unprocessed objects.
  • Configure the use of the heuristic analyzer and iChecker technology during a scan.
  • Limit the set of devices whose boot sectors need to be scanned.
  • Configure scan scopes and scan exclusion scopes.
  • Configure a schedule for running Malware Scan tasks.

On the command line, you can scan for malware in the following ways:

On the command line, you can view information about detected threats and check the current status of the task.

In the application interface, you can scan for malware in the following ways:

The application interface also allows you to:

  • Monitor the progress of the Malware Scan task.
  • View pop-up notifications about the status of the Malware Scan task; in these notifications, you can click the Open Reports link to navigate to application component reports and scan task results.
  • View a report with the result of the Malware Scan task.

    The result of the Malware Scan task is displayed in the report in the Scan tasks section.

In this Help section

Settings of the Malware Scan predefined task

How to perform a custom scan of files and directories on the command line

How to perform a custom scan of files and directories in the application interface
Page top
[Topic 283337]

Settings of the Malware Scan predefined task

The Malware Scan task is not running by default. You can start and stop the task at any time. You can also modify task settings.

You must modify the settings of a task before starting the task.

ID of the Malware Scan predefined task: 2. Name of the Malware Scan predefined task: Scan_My_Computer. If you have a Malware Scan user task, you must specify its ID or name.

To configure the task schedule using a configuration file:

  1. Output the task settings to the configuration file: kfl-control --get-schedule
  2. Edit the values of the necessary settings in the configuration file and save the changes.
  3. Execute the command:

    kfl-control --set-schedule <task ID/name> --file <configuration file path> [--json]

All values of the settings for the task run schedule defined in the file will be imported into the application.

To modify individual task schedule settings on the command line:

kfl-control --set-schedule <task ID/name> <setting name>=<setting value> [<setting name>=<setting value>]

The values of the specified settings for the task run schedule are modified.

To start the Malware Scan predefined task, enable the output of current events related to this task, and display the progress of the task:

kfl-control --start-task 2 [-W] [--progress]

To create and start the Malware Scan user task, enable the output of current events related to this task, and display the progress of the task, run the following commands in sequence:

  1. kfl-control --create-task <task ID/name> --type <Rollback>
  2. kfl-control --start-task <task ID/name> [-W] [--progress]

To stop the Malware Scan task and enable the output of current events related to this task, run the following command:

kfl-control --stop-task <task ID/name> -W

The Malware Scan task is started by default with settings listed in Appendix 3.

You can display the current values of the task settings in one of the following ways:

If you need to modify the settings of the Malware Scan task, you can:

  • Modify all task settings using the configuration file. To do so:
    1. Output the task settings to the configuration file: kfl-control --get-settings <task ID/name> [--json]

      A configuration file with the current task settings is generated.

    2. Edit task settings in the generated configuration file by choosing values from the following table.
    3. If necessary, add a scan scope to the configuration file or remove scan scopes that you want to skip from the configuration file.

      To add a scan scope, add a [ScanScope.item_#] section to the configuration file and specify the values of its settings by choosing them from the table below.

      To delete a scan scope, delete the [ScanScope.item_#] section corresponding to the unwanted scan scope along with its settings from the configuration file.

    4. If necessary, add an exclusion scope to the configuration file.

      To add an exclusion scope, add an [ExcludedFromScanScope.item_#] section to exclude files and directories and specify its settings by choosing them from the table below.

    5. Save the configuration file.
    6. Run the following command: kfl-control --set-settings <task ID/name> --file <configuration file path> [--json]
  • Modify individual task settings using command line options. To do so:
    1. Modify the settings by choosing values from the table below using the following command: kfl-control --set-settings <task ID/name> <setting name>=<setting value> [<setting name>=<setting value>]
    2. If necessary, add a scan scope using the kfl-control --set-settings <task ID/name> --add-path <path to directory with objects to scan> command or delete a scan scope using the kfl-control --set-settings <task ID/name> --del-path <path to directory with objects to scan> command.
    3. If necessary, add an exclusion scope using the kfl-control --set-settings <task ID/name> --add-exclusion <path to directory with objects to exclude> command or delete an exclusion scope using the kfl-control --set-settings <task ID/name> --del-exclusion <path to directory with objects to exclusion> command.
  • Restore default task settings: kfl-control --set-settings <task ID/name> --set-to-default

For detailed instructions on how to modify the settings of application tasks, see the How to manage task settings on the command line section.

The following table describes all the settings of the Malware Scan task and their values.

Malware Scan task settings

Setting

Description

Values

ScanFiles

Enables file scan.

Yes (default value) — Scan files.

No — Do not scan files.

ScanBootSectors

Enables boot sector scans.

Yes (default value) — Scan boot sectors.

No — Do not scan boot sectors.

ScanComputerMemory

Enables process memory and kernel memory scans.

Yes (default value) — Scan process memory and kernel memory.

No — Do not scan process memory and kernel memory.

ScanStartupObjects

Enables startup object scans.

Yes (default value) — Scan startup objects.

No — Do not scan startup objects.

ScanArchived

Enables scanning of archives (including SFX self-extracting archives).

The application scans the following archives: .zip; .7z*; .7-z; .rar; .iso; .cab; .jar; .bz; .bz2; .tbz; .tbz2; .gz; .tgz; .arj. The list of supported archive formats depends on the application databases being used.

Yes (default value) — Scan archives.

If the FirstAction=Recommended value is specified, then, depending on the archive type, the application deletes either the infected object or the entire archive that contains the threat.

No — Do not scan archives.

ScanSfxArchived

Enables scanning of self-extracting archives only (archives that contain an executable extraction module).

Yes (default value) — Scan self-extracting archives.

No — Do not scan self-extracting archives.

ScanMailBases

Enables scanning email databases of Microsoft Outlook, Outlook Express, The Bat, and other mail clients.

Yes — Scan files of email databases.

No (default value) — Do not scan files of email databases.

ScanPlainMail

Enables scanning of plain text email messages.

Yes — Scan plain text email messages.

No (default value) — Do not scan plain text email messages.

SizeLimit

Maximum size of an object to be scanned (in megabytes). If the object to be scanned is larger than the specified value, the application skips this object.

0–999999

0 — The application scans objects of any size.

Default value: 0.

TimeLimit

Maximum object scan duration (in seconds). The application stops scanning the object if it takes longer than the time specified by this setting.

0–9999

0 — The object scan time is unlimited.

Default value: 0.

FirstAction

Selection of the first action to be performed by the application on the infected objects.

Disinfect — The application tries to disinfect an object and save a copy of it to Backup. If disinfection fails (for example, if the type of object or the type of threat in the object cannot be disinfected), then the application leaves the object unchanged. If the first action is Disinfect, it is recommended to specify a second action using the SecondAction setting.

Remove — The application removes the infected object after creating a backup copy of it.

Recommended (perform recommended action) — The application automatically selects and performs an action on the object based on information about the threat detected in the object. For example, the Kaspersky application immediately removes Trojans because they do not incorporate themselves into other files and therefore they do not need to be disinfected.

Skip — The application does not try to disinfect or delete infected objects. Information about the infected object is logged.

Default value: Recommended.

SecondAction

Selection of the second action to be performed by the application on the infected objects. The application performs the second action if the first action fails.

The possible values of the SecondAction setting are the same as those of the FirstAction setting.

If Skip or Remove is selected as the first action, the second action does not need to be specified. It is recommended to specify two actions in all other cases. If you have not specified the second action, the application applies Skip as the second action.

Default value: Skip.

UseExcludeMasks

Enables exclusion of the objects specified by the ExcludeMasks.item_# setting from the scan.

Yes — Exclude objects specified by the ExcludeMasks.item_# setting from the scan.

No (default value) — Do not exclude objects specified by the ExcludeMasks.item_# setting from the scan.

ExcludeMasks.item_#

Excludes objects from being scanned by name or mask. You can use this setting to exclude an individual file from the specified scan scope by name or exclude several files at once using masks in SHELL format.

Before specifying a value for this setting, make sure that the UseExcludeMasks setting is enabled.

The default value is not defined.

Example:

UseExcludeMasks=Yes

ExcludeMasks.item_0000=eicar1.*

ExcludeMasks.item_0001=eicar2.*

 

UseExcludeThreats

Enables exclusion of objects containing the threats specified by the ExcludeThreats setting from scans.

Yes — Exclude objects containing the threats specified by the ExcludeThreats.item_# setting from the scan.

No (default value): do not exclude objects containing the threats specified by the ExcludeThreats.item_# setting from the scan.

ExcludeThreats.item_#

Excludes objects from scans by the name of the threats detected in them. Before specifying a value for this setting, make sure that the UseExcludeThreats setting is enabled.

In order to exclude an object from scans, specify the full name of the threat detected in this object – the string containing the application's decision that the object is infected.

For example, you may be using a utility to collect information about your network. To keep the application from blocking it, add the full name of the threat contained in it to the list of threats excluded from scans.

You can find the full name of the threat detected in an object in the application log or on the website https://threats.kaspersky.com.

The setting value is case-sensitive.

The default value is not defined.

Example:

UseExcludeThreats=Yes

ExcludeThreats.item_0000=EICAR-Test-*

ExcludeThreats.item_0001=?rojan.Linux

 

 

UseGlobalExclusions

Enables global exclusions for scanning.

Yes (default value) — Use the global exclusions.

No — Do not use global exclusions.

UseOASExclusions

Enables File Threat Protection exclusions for scanning.

Yes (default value) — Use File Threat Protection exclusions.

No — do not use File Threat Protection exclusions.

ReportCleanObjects

Enables logging of information about scanned objects that the application reports as not being infected.

You can enable this setting, for example, to make sure that a particular object was scanned by the application.

Yes — Log information about non-infected objects.

No (default value) — Do not log information about non-infected objects.

ReportPackedObjects

Enables logging of information about scanned objects that are part of compound objects.

You can enable this setting, for example, to make sure that an object within an archive has been scanned by the application.

Yes — Log information about scanned objects within archives.

No (default value) — Do not log information about scanned objects within archives.

ReportUnprocessedObjects

Enables logging of information about objects that have not been processed for some reason.

 

Yes — Log information about unprocessed objects.

No (default value) — Do not log information about unprocessed objects.

UseAnalyzer

Enables heuristic analysis.

Heuristic analysis helps the application to detect threats even before they become known to virus analysts.

Yes (default value) — Enable Heuristic Analyzer.

No — Disable Heuristic Analyzer.

HeuristicLevel

Specifies the heuristic analysis level.

You can specify the heuristic analysis level. The heuristic analysis level sets the balance between the thoroughness of searches for threats, the load on the operating system's resources, and the scan duration. The higher the heuristic analysis level, the more resources and time are required for scanning.

Light — The least thorough scan with minimum load on the system.

Medium — A medium heuristic analysis level with a balanced load on the system.

Deep — The most thorough scan with maximum load on the system.

Recommended (default value) — The recommended value.

UseIChecker

Enables usage of the iChecker technology.

Yes (default value) — Enable use of the iChecker technology.

No — Disable use of the iChecker technology.

DeviceNameMasks.item_#

List of device names. The application will scan boot sectors of these devices.

The setting value cannot be empty. At least one device name mask must be specified to run this task.

AllObjects – scan boot sectors of all devices.

<device name mask> – Scan boot sectors of the devices whose names match the specified mask.

Default value: /** – any set of characters in the device name, including the / character.

The [ScanScope.item_#] section contains the following settings:

AreaDesc

Scan scope description. Contains additional information about the scan scope. The maximum length of the string specified using this setting is 4096 characters.

Default value: All objects.

Example:

AreaDesc="Mail bases scan"

 

UseScanArea

Enables scans of the specified scope. To run the task, enable scans of at least one scope.

Yes (default value) — Scan the specified scope.

No — Do not scan the specified scope.

AreaMask.item_#

Scan scope limitation. Within the scan scope, the application scans only the files that are specified using the masks in SHELL format.

If this setting is not specified, the application scans all the objects in the scan scope. You can specify several values for this setting.

The default value is * (scan all objects).

Example:

AreaMask.item_<item number>=*doc

 

Path

Path to the directory with objects to be scanned.

 

<path to local directory> — Scan objects in the specified directory.

Shared:NFS — Scan the device file system resources that are accessible via the NFS protocol.

Shared:SMB – Scan the device file system resources that are accessible via the Samba protocol.

Mounted:NFS – Scan the remote directories mounted on a device using the NFS protocol.

Mounted:SMB – Scan the remote directories mounted on a device using the Samba protocol.

AllRemoteMounted – Scan all remote directories mounted on the device using the Samba and NFS protocols.

AllShared – Scan all the device file system resources that are accessible via the Samba and NFS protocols.

<file system type> — Scan all the resources of the specified device file system.

The [ExcludedFromScanScope.item_#] section contains the following settings:

AreaDesc

Description of the scan exclusion scope. Contains additional information about the exclusion scope.

The default value is not defined.

UseScanArea

Excludes the specified scope from scans.

Yes (default value) — Exclude the specified scope.

No — Do not exclude the specified scope.

AreaMask.item_#

Limitation of scan exclusion scope. In the exclusion scope, the application excludes only the files that are specified using masks in SHELL format.

If this setting is not specified, the application excludes all the objects in the exclusion scope. You can specify several values for this setting.

Default value: * (exclude all objects)

Path

Path to the directory with objects to be excluded.

 

<path to local directory> — Exclude objects in the specified directory (including subdirectories) from scans. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

You can use a single ? character to represent any one character in the file or directory name.

In order to optimize the operation of scan tasks, it is recommended to add the path with snapshots mounted by the system in the read-only mode to the exclusions for the systems with the btrfs file system and enabled active snapshots. For example, for the systems based on SUSE/OpenSUSE, you can add the following exclusion /.snapshots/*/snapshot/.

Mounted:NFS– Exclude the remote directories mounted on a device using the NFS protocol from scan.

Mounted:SMB – Exclude the remote directories mounted on a device using the Samba protocol from scan.

AllRemoteMounted – Exclude all remote directories mounted on the device using the Samba and NFS protocols from scan.

<file system type> — Exclude all the resources of the specified device file system from scans.

Remote directories are excluded from scanning by the application only if they were mounted before the task was started. Remote directories mounted after the task is started are not excluded from scanning.

Page top

[Topic 291134]

How to perform a custom scan of files and directories on the command line

You can perform a custom scan of the specified files and directories using the following command: kfl-control --scan-file.

A custom scan is performed with the settings stored in the predefined task Scan_File (ID: 3). You can configure settings for a custom scan of files by editing the settings of this task (see the table below).

You must modify the settings of a task before starting the task.

To start a custom scan of the specified files and directories, execute the following command:

kfl-control --scan-file <path> [--action <action>]

where:

  • <path> is the path to the file or directory that you want to scan. You can specify multiple paths by separating them with a space.
  • --action <action> is the action to be performed by the application on the infected objects. If you do not specify the --action key, the application performs the Recommended action.

As a result of executing the command, a temporary file scan task is created, which is automatically deleted after completion. In this case, the scan results are output to the console.

The following table describes all available values and the default values of all the settings that you can specify for the Scan_File task.

The [ScanScope.item_#] and [ExcludedFromScanScope.item_#] sections defined in the Scan_File task are not taken into account when performing the custom scan.

Scan_File task settings

Setting

Description

Values

ScanFiles

Enables file scan.

Yes (default value) — Scan files.

No — Do not scan files.

ScanBootSectors

Enables boot sector scans.

Yes — Scan boot sectors.

No (default value) — Do not scan boot sectors.

ScanComputerMemory

Enables process memory and kernel memory scans.

Yes — Scan process memory and kernel memory.

No (default value) — Do not scan process memory and kernel memory.

ScanStartupObjects

Enables startup object scans.

Yes — Scan startup objects.

No (default value) — Do not scan startup objects.

ScanArchived

Enables scanning of archives (including SFX self-extracting archives).

The application scans the following archives: .zip; .7z*; .7-z; .rar; .iso; .cab; .jar; .bz; .bz2; .tbz; .tbz2; .gz; .tgz; .arj. The list of supported archive formats depends on the application databases being used.

Yes (default value) — Scan archives. If the FirstAction=Recommended value is specified, then, depending on the archive type, the application deletes either the infected object or the entire archive that contains the threat.

No — Do not scan archives.

ScanSfxArchived

Enables scanning of self-extracting archives only (archives that contain an executable extraction module).

Yes (default value) — Scan self-extracting archives.

No — Do not scan self-extracting archives.

ScanMailBases

Enables scanning email databases of Microsoft Outlook, Outlook Express, The Bat!, and other mail clients.

Yes — Scan files of email databases.

No (default value) — Do not scan files of email databases.

ScanPlainMail

Enables scanning of plain text email messages.

Yes — Scan plain text email messages.

No (default value) — Do not scan plain text email messages.

SizeLimit

Maximum size of an object to be scanned (in megabytes). If the object to be scanned is larger than the specified value, the application skips this object.

0–999999

0 — The application scans objects of any size.

Default value: 0.

TimeLimit

Maximum object scan duration (in seconds). The application stops scanning the object if it takes longer than the time specified by this setting.

0–9999

0 — The object scan time is unlimited.

Default value: 0.

FirstAction

Selection of the first action to be performed by the application on the infected objects.

 

Disinfect — The application tries to disinfect an object and save a copy of it to Backup. If disinfection fails (for example, if the type of object or the type of threat in the object cannot be disinfected), then the application leaves the object unchanged. If the first action is Disinfect, it is recommended to specify a second action using the SecondAction setting.

Remove — The application removes the infected object after creating a backup copy of it.

Recommended (perform recommended action) — The application automatically selects and performs an action on the object based on information about the threat detected in the object. For example, the Kaspersky application immediately removes Trojans because they do not incorporate themselves into other files and therefore they do not need to be disinfected.

Skip — The application does not try to disinfect or delete infected objects. Information about the infected object is logged.

Default value: Recommended.

SecondAction

Selection of the second action to be performed by the application on the infected objects. The application performs the second action if the first action fails.

The possible values of the SecondAction setting are the same as those of the FirstAction setting.

If Skip or Remove is selected as the first action, the second action does not need to be specified. It is recommended to specify two actions in all other cases. If you have not specified the second action, the application applies Skip as the second action.

Default value: Skip.

UseExcludeMasks

Enables exclusion of the objects specified by the ExcludeMasks.item_# setting from the scan.

Yes — Exclude objects specified by the ExcludeMasks.item_# setting from the scan.

No (default value) — Do not exclude objects specified by the ExcludeMasks.item_# setting from the scan.

ExcludeMasks.item_#

Excludes objects from being scanned by name or mask. You can use this setting to exclude an individual file from the specified scan scope by name or exclude several files at once using masks in SHELL format.

The default value is not defined.

Example:

UseExcludeMasks=Yes

ExcludeMasks.item_0000=eicar1.*

ExcludeMasks.item_0001=eicar2.*

 

UseExcludeThreats

Enables exclusion of objects containing the threats specified by the ExcludeThreats setting from scans.

Yes — Exclude objects containing the threats specified by the ExcludeThreats.item_# setting from the scan.

No (default value): do not exclude objects containing the threats specified by the ExcludeThreats.item_# setting from the scan.

ExcludeThreats.item_#

Excludes objects from scans by the name of the threats detected in them. Before specifying a value for this setting, make sure that the UseExcludeThreats setting is enabled.

In order to exclude an object from scans, specify the full name of the threat detected in this object – the string containing the application's decision that the object is infected.

For example, you may be using a utility to collect information about your network. To keep the application from blocking it, add the full name of the threat contained in it to the list of threats excluded from scans.

You can find the full name of the threat detected in an object in the application log or on the website https://threats.kaspersky.com.

The setting value is case-sensitive.

The default value is not defined.

Example:

UseExcludeThreats=Yes

ExcludeThreats.item_0000=EICAR-Test-*

ExcludeThreats.item_0001=?rojan.Linux

 

 

UseGlobalExclusions

Enables global exclusions for scanning.

Yes (default value) — Use the global exclusions.

No — Do not use global exclusions.

UseOASExclusions

Enables File Threat Protection exclusions for scanning.

Yes (default value) — Use File Threat Protection exclusions.

No — do not use File Threat Protection exclusions.

ReportCleanObjects

Enables logging of information about scanned objects that the application reports as not being infected.

You can enable this setting, for example, to make sure that a particular object was scanned by the application.

Yes — Log information about non-infected objects.

No (default value) — Do not log information about non-infected objects.

ReportPackedObjects

Enables logging of information about scanned objects that are part of compound objects.

You can enable this setting, for example, to make sure that an object within an archive has been scanned by the application.

Yes — Log information about scanned objects within archives.

No (default value) — Do not log information about scanned objects within archives.

ReportUnprocessedObjects

Enables logging of information about objects that have not been processed for some reason.

Yes — Log information about unprocessed objects.

No (default value) — Do not log information about unprocessed objects.

UseAnalyzer

Enables heuristic analysis.

Heuristic analysis helps the application to detect threats even before they become known to virus analysts.

Yes (default value) — Enable Heuristic Analyzer.

No — Disable Heuristic Analyzer.

HeuristicLevel

Specifies the heuristic analysis level.

You can specify the heuristic analysis level. The heuristic analysis level sets the balance between the thoroughness of searches for threats, the load on the operating system's resources, and the scan duration. The higher the heuristic analysis level, the more resources and time are required for scanning.

Light — The least thorough scan with minimum load on the system.

Medium — A medium heuristic analysis level with a balanced load on the system.

Deep — The most thorough scan with maximum load on the system.

Recommended (default value) — The recommended value.

UseIChecker

Enables usage of the iChecker technology.

Yes (default value) — Enable use of the iChecker technology.

No — Disable use of the iChecker technology.

DeviceNameMasks.item_#

List of device names. The application will scan boot sectors of these devices.

The setting value cannot be empty. At least one device name mask must be specified to run this task.

AllObjects – scan boot sectors of all devices.

<device name mask> – Scan boot sectors of the devices whose names match the specified mask.

Default value: /** – any set of characters in the device name, including the / character.

The [ScanScope.item_#] section contains the following settings:

AreaDesc

Description of the scan scope, which contains additional information about the scan scope. The maximum length of the string specified using this setting is 4096 characters.

Default value: All objects.

Example:

AreaDesc="Scanning of email databases"

 

UseScanArea

Enables scans of the specified scope. To run the task, enable scans of at least one scope.

Yes (default value) — Scan the specified scope.

No — Do not scan the specified scope.

AreaMask.item_#

Scan scope limitation. Within the scan scope, the application scans only the files that are specified using the masks in SHELL format.

If this setting is not specified, the application scans all the objects in the scan scope. You can specify several values for this setting.

The default value is * (scan all objects).

Example:

AreaMask.item_<item number>=*doc

 

Path

Path to the directory with objects to be scanned.

 

<path to local directory> — Scan objects in the specified directory.

Shared:NFS — Scan the device file system resources that are accessible via the NFS protocol.

Shared:SMB – Scan the device file system resources that are accessible via the Samba protocol.

Mounted:NFS – Scan the remote directories mounted on a device using the NFS protocol.

Mounted:SMB – Scan the remote directories mounted on a device using the Samba protocol.

AllRemoteMounted – Scan all remote directories mounted on the device using the Samba and NFS protocols.

AllShared – Scan all the device file system resources that are accessible via the Samba and NFS protocols.

<file system type> — Scan all the resources of the specified device file system.

The [ExcludedFromScanScope.item_#] section contains the following settings:

AreaDesc

Description of the scan exclusion scope, which contains additional information about the exclusion scope.

The default value is not defined.

UseScanArea

Excludes the specified scope from scans.

Yes (default value) — Exclude the specified scope.

No — Do not exclude the specified scope.

AreaMask.item_#

Limitation of scan exclusion scope. In the exclusion scope, the application excludes only the files that are specified using masks in SHELL format.

If this setting is not specified, the application excludes all the objects in the exclusion scope. You can specify several values for this setting.

Default value: * (exclude all objects)

Path

Path to the directory with objects to be excluded.

<path to local directory> — Exclude objects in the specified directory (including subdirectories) from scans. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

You can use a single ? character to represent any one character in the file or directory name.

In order to optimize the operation of scan tasks, it is recommended to add the path with snapshots mounted by the system in the read-only mode to the exclusions for the systems with the btrfs file system and enabled active snapshots. For example, for the systems based on SUSE/OpenSUSE, you can add the following exclusion /.snapshots/*/snapshot/.

Mounted:NFS– Exclude the remote directories mounted on a device using the NFS protocol from scan.

Mounted:SMB – Exclude the remote directories mounted on a device using the Samba protocol from scan.

AllRemoteMounted – Exclude all remote directories mounted on the device using the Samba and NFS protocols from scan.

<file system type> — Exclude all the resources of the specified device file system from scans.

Remote directories are excluded from scanning by the application only if they were mounted before the task was started. Remote directories mounted after the task is started are not excluded from scanning.

Page top

[Topic 290528]

How to perform a custom scan of files and directories in the application interface

To start a custom scan of the specified files and directories in the application interface with default task settings:

  1. Right-click the file or directory that you want to scan to open its context menu.
  2. In the context menu, select Open With Other Application.

    This opens the Open with window.

  3. In this window, select the Kaspersky application.

    The custom scan task and its progress are displayed in the application interface.

To start a custom scan of the specified files and directories in the application interface with previously modified task settings:

  1. Output the task settings to the configuration file: kfl-control --get-settings 3 [--json]

    A configuration file with the current task settings is generated.

  2. Edit task settings in the generated configuration file by choosing values from the table.
  3. Save the configuration file.
  4. Run the following command: kfl-control --set-settings 3 --file <configuration file path> [--json]
  5. Right-click the file or directory that you want to scan to open its context menu.
  6. In the context menu, select Open With Other Application.

    This opens the Open with window.

  7. In this window, select the Kaspersky application.

    The custom scan task and its progress are displayed in the application interface.

Page top

[Topic 290633]