File Threat Protection

Kaspersky Container Security uses the File Threat Protection component to search and analyze potential file threats in order to protect containerized files (including files in archives and email) from malware. If malware is detected, Kaspersky Container Security can block or delete the infected object, and terminate the malicious process started using that object. The results of malware scan are displayed together with the overall scan results.

You can enable or disable File Threat Protection and configure protection settings:

• Select the file interceptor operation mode (audit or blocking objects).
• Select a file scan mode (when opened, when opened and modified).
• Enable or disable scanning of archives, mail databases, email messages in text format.
• Temporarily exclude plain text files from re-scanning.
• Limit the size of an object to be scanned and the scan duration.
• Select the actions that the solution will perform on infected objects.
• Configure scan scopes. Kaspersky Container Security will scan objects in the specified area of the file system.
• Configure the use of the heuristic analyzer and the iChecker technology during a scan.
• Enable or disable the recording of information about scanned uninfected objects, scanning of archived objects, and unprocessed objects to the security event log.

The File Threat Protection settings can be activated under Policies → Runtime policies → Container runtime profiles, configured in the File Threat Protection settings window, and applied to all existing runtime policies.

If you do not want File Threat Protection to be activated when a certain security environment policy is started, disable it in the policy settings using the Disabled / Enabled toggle. Also, make sure that File Threat Protection is not running under a different applicable runtime policy.