Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition MP2 (builds 6.0.2. [551-555])

Correct processing of infected objects is a very important moment for each anti-virus application. Kaspersky Lab divides all known Malware into the following types: 

• Virware.

Classic viruses and all types of worms refer to Virware. 

• Trojware – all trojan programs. 

• Malware. To Malware refer:

Constructor	DoS	Exploit	FileCryptor	Flooder	HackTool
not-virus:Hoax	not-virus:BadJoke	Nuker	PolyCryptor	PolyEngine	Sniffer
SpamTool	Spoofer	VirTool	Email-Flooder	IM-Flooder	SMS-Flooder

• Adware.

The Anti-Virus defines programs of the kind as not-a-virus:AdWare. 

• Pornware.

The programs not-a-virus:Porn-Dialer, not-a-virus:Porn-Downloader and not-a-virus:Porn-Tool refer to this threat type. 

• Riskware.

To Riskware refer:

not-a-virus:Tool	not-a-virus:Client-IRC	not-a-virus:Dialer	not-a-virus:Downloader
not-a-virus:PSWTool	not-a-virus:RemoteAdmin	not-a-virus:Server-FTP	not-a-virus:Server-Proxy
not-a-virus:Server-Web	not-a-virus:RiskTool	not-a-virus:NetTool	not-a-virus:Client-P2P
not-a-virus:AdTool	not-a-virus:FraudTool	not-a-virus:Monitor	not-a-virus:Server-Telnet
not-a-virus:Client-SMTP

You can get more detailed information about each threat type on www.viruslist.com.

Each threat type has its own definition and characteristics. Correspondingly each threat type should be treated differently. Some threats can be disinfected, others cannot. In Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition administrator can process infected objects according to their threat type. 

• Anti-Virus performs the configured action irrespective of the threat type detected in a file; 

• Anti-Virus decides by itself which action to apply to an object. It is so called Recommended action. The analysis is carried out based on the detected threat; 

• an administrator defines which action to apply to which threat type.

Only one variant of settings can be selected at a time.

Setting a general action over all threat types

In order to set the action choose the necessary task (Real-time file protection or any On-demand scan task) in the right part of the Console click Properties and go to the Actions tab. On this tab in the section Actions to be performed on infected objects select the necessary action (depending on the task type):

In the Real-time file protection task an infected object will be blocked additionally to the configured action. 

• Disinfect - the Anti-Virus makes an attempt to disinfect the file by deleting the threat from the object. Before disinfection copy of the object will be backed up. 

• Disinfect, delete if disinfection fails - the Anti-Virus makes an attempt to disinfect the file, if disinfection fails, the object is deleted. Before disinfection copy of the object will be backed up. 

• Delete – the Anti-Virus deletes an infected object without an attempt to disinfect it. Before disinfection copy of the object will be backed up. 

• Skip (only in the On-demand scan tasks) – the Anti-Virus will not perform any actions over infected objects. Information about threat detection will be logged. 

• Block access (only in the Real-time file protection tasks) – the Anti-Virus will not only block access to an infected object, but it will not either disinfect or delete it. Information about the threat detection will be logged.

Setting Anti-Virus into the Recommended mode

In order to set Anti-Virus into the Recommended mode:

1. Select the necessary task (Real-time file protection task or any On-demand scan task), in the right part of the Console click Properties and go to the Actions tab.

2. In the section Actions to be performed on infected objects, choose an action: 

• Perform recommended action – for the On-demand scan tasks

• Block access + Perform recommended action - for the Real-time file protection task.

Manually configuring actions depending on the threat type

To manually configure actions performed depending on the threat type:

1. Select the necessary task (Real-time file protection task or any On-demand scan task), in the right part of the Console click Properties and go to the Actions tab.

2. In the section Actions on objects depending on the threat type click Settings to choose an action.

3. For each threat type select the actions to be applied to an object: Disinfect, Delete, Skip, Quarantine. At first the First action is performed, if it cannot be performed then the Anti-Virus applies the Second action.

All new threats which have not been classified yet will be added to the threat type Not installed.

In the Real-time file protection task an infected object will be blocked additionally to the action performed over it.

 

If the action Quarantine is set as the First action and it cannot be performed, then the second action will not be applied. In this case the object will be skipped!

Pay attention, if an object is suspicious for having any threat type (a possibly infected object), then Anti-Virus will apply to it the action configured for this threat type! For example, you have set the Delete action for Trojware. Anti-Virus detects in a file a code which is similar to the code of a Trojan program. According to the settings configured the file will be deleted.