Specifying program actions and setting up the protection level

By default, Kaspersky Anti-Virus Personal uses recommended settings. It denies access to all infected objects, malware (worms, Trojan programs) and objects possibly infected with a virus or a virus modification that you are trying to open for reading, writing or execution. It then displays a message prompting the user for action.

Note that the program DOES NOT SCAN archives, email databases, and plain text mail files in real-time protection mode! An exception is self-extracting archives, which are scanned if the Maximum Protection level is selected.

While real-time protection is on, you can select both the level of your computer protection and the actions that the program should perform upon detection of an infected object, malware or an object possibly infected with a virus or a virus modification.

In order to configure program actions upon detection of a malicious object:

Click Configure Real-Time Protection in the left section of the Settings tab or modify settings in the status area of the Protection tab.

When the Real-Time Protection settings dialog box opens, select the protection level using a slider. By changing the protection level, you change the balance between the speed of the scan and the number of objects to be scanned. The fewer objects scanned, the faster the scan will be.

Note that the program does not scan and disinfect archives in real-time protection mode! In order to scan and disinfect archives use full computer scan.

Real-time protection configuration

Kaspersky Anti-virus Personal allows the user to select one of three protection levels:

Maximum Protection - level that ensures maximum monitoring of objects that are being opened, saved or run.

Recommended - the settings of this level are recommended by Kaspersky Labs experts. At this protection level, the program scans the same types of object as at the Maximum Protection level, except self-extracting archives and outgoing e-mail messages.

High Speed - the settings of this level ensure good computer performance while you are working with programs that require considerable RAM resources, since the list of objects to be scanned is shorter.

The table below contains a list of all objects that may be subject to an anti-virus scan. The + sign indicates that the object will be scanned if the corresponding level is selected, while the - sign indicates that the object will not be scanned.


	Maximum Protection	Recommended	High Speed
Files that potentially can be infected	+	+	+
Disk boot sectors	+	+	+
Packed files	+	+	+
OLE objects	+	+	+
Incoming e-mail messages	+	+	+
Outgoing e-mail messages	+	-	-
Self-extracting archives	+	-	-
E-mail databases and messages	-	-	-

You can specify files to be excluded from the scan scope at each level of real-time protection, or disable real-time protection.

Specify actions for the program to perform each time it detects an infected object, malware (a worm or a Trojan program), or an object possibly infected with a virus or virus modification:

Block access and prompt user for action - deny access to the object and display a message prompting the user to choose which action is to be performed on the object. This is the default mode.

If you do not specify the action within 30 seconds after the message is displayed, the program will perform the recommended action on this object. For each type of detected object the particular action is recommended. For example, in case of infected object the recommended action is Disinfect. Next to the name of recommended action the text (recommended) is always displayed.

Lets consider a list of all possible actions that are suggested by Kaspersky Anti-Virus Personal (this list can differ for each type of object):

disinfect infected objects;

quarantine suspicious objects that are possibly infected with a virus or a virus modification;

Sometimes, after a file has been quarantined, a message appears notifying the user that the object cannot be deleted. This is related to the fact that the process of quarantining objects involves physical movement of the object to the quarantine folder and deletion of the object from its initial location. However, some objects (for instance, objects contained in a self-extracting archive) cannot be deleted during such a process.

delete malicious programs (Trojans and worms) or infected objects that could not be disinfected or disinfection of which is not possible;

skip - do not perform any action on objects, record information on their detection in the report.

If you want to quarantine an infected object, choose the Skip action and then quarantine this object manually (see section Working with quarantined objects).

Block access and perform recommended action - deny access to the object and perform a recommended action on this object. Recommended action for infected objects is Disinfect, for possibly infected - Quarantine, for trojan horses and worms - Delete.

Block access and delete infected objects - delete objects without any additional warning to the user.

Block access and write information to log file - deny access to the object, do not display messages prompting user for action.

In some situations no action can be performed on an object, for instance, if an infected object is being used by another program at the time of detection and therefore cannot be processed. In this case, a message will be displayed with a suggestion that you:

disinfect at system startup. This action will be listed only if this object can be disinfected;

delete at system startup;

skip.

Please note that actions listed above do not apply to e-mail messages and dangerous scripts:

Upon the detection of an infected or possibly infected e-mail message, Kaspersky Anti-Virus Personal performs the recommended action with no additional notification to the user.

Upon the detection of a dangerous script, you will always be notified and will be able to determine further actions yourself.

See also:

Checking the protection status