CHAPTER 7.
FILE ANTI-VIRUS
The Kaspersky Anti-Virus component that protect your computer files against
infection is called
File Anti-Virus.
It loads when you start your operating system,
runs in your computer‟s RAM, and scans all files opened, saved, or executed.
The component‟s activity is indicated by the Kaspersky Anti-Virus icon in the
taskbar notification area, which looks like this
whenever a file is being
scanned.
By default, File Anti-Virus
only scans new or modified files
, i. e. files that have
been added or modified since last access. Files are scanned with the following
algorithm:
1. The component intercepts attempts by users or programs to access any
file.
2. File Anti-
Virus scans the iChecker™ and iSwift™ databases for informa-
tion on the file intercepted. A decision is made whether to scan the file
based on the information retrieved.
The scanning process includes the following steps:
1. The file is analyzed for viruses. Malicious objects are detected by com-
parison with the application databases, which contain descriptions of all
malicious programs and threats known to date, with methods for neutra-
lizing them.
2. After the analysis, there are three available courses of action:
a. If malicious code is revealed in a file, File Anti-Virus blocks it
and attempts its disinfection. After successful disinfection the
file becomes accessible for further operations with it. If
disinfection fails, the application deletes it. When a file is
disinfected or deleted, Anti-Virus places a copy of that file in
Backup
.
b. If the Anti-Virus detects in a file unknown code that resembles
malware but there is no absolute certainty about that, such file
will be placed in special storage
–
Quarantine
. Later you can
try disinfecting it with updated databases.
c.
If no malicious code is discovered in the file, it is immediately
restored.