CHAPTER 7. FILE ANTI-VIRUS
The Kaspersky Internet Security component that protect your computer files
against infection is called
File Anti-Virus.
It loads when you start your operating
system, runs in your computer’s RAM, and scans all files opened, saved, or
executed.
The component’s activity is indicated by the Kaspersky Internet Security system
tray icon, which looks like this
whenever a file is being scanned.
File Anti-Virus by default scans only
new or modified files,
that is, only files that
have been added or changed since the previous scan. Files are scanned with
the following algorithm:
1. The component intercepts attempts by users or programs to access any
file.
2. File Anti-Virus scans the iChecker™ and iSwift™ databases for
information on the file intercepted. A decision is made whether to scan
the file based on the information retrieved.
The scanning process includes the following steps:
1. The file is analyzed for viruses. Malicious objects are detected by
comparison with the program’s
threat signatures
, which contain
descriptions of all malicious programs, threats, and network attacks
known to date, with methods for neutralizing them.
2. After the analysis, there are three available courses of action:
a. If malicious code is detected in the file, File Anti-Virus blocks
the file, places a copy of it in
Backup
, and attempts to disinfect
the file. If the file is successfully disinfected, it becomes
available again. If not, the file is deleted.
b. If code is detected in a file that appears to be malicious but
there is no guarantee, the file is subject to disinfection and is
sent to
Quarantine
.
c. If no malicious code is discovered in the file, it is immediately
restored.
7.1. Selecting a file security level
File Anti-Virus protects files that you are using at one of the following levels (see
fig. 17):
