Configuring anti-virus protection on Android devices

For the timely detection of threats, viruses, and other malicious applications, you should configure the settings for real-time protection and autorun of virus scans.

Kaspersky Endpoint Security for Android detects the following types of objects:

• Viruses, worms, Trojans, and malicious tools
• Adware
• Apps that can be exploited by criminals to harm your device or personal data

Anti-Virus has a number of limitations:

• When Anti-Virus is running, a threat detected in the external memory of the device (such as an SD card) cannot be neutralized automatically in the Work profile (Applications with a briefcase icon, Configuring the Android work profile). Kaspersky Endpoint Security for Android does not have access to external memory in the Work profile. Information about detected objects is displayed in app notifications. To neutralize objects detected in the external memory, the object files have to be deleted manually and the device scan restarted.
• Due to technical limitations, Kaspersky Endpoint Security for Android cannot scan files with a size of 2 GB or more. During a scan, the app skips such files without notifying you that such files were skipped.

To configure the mobile device real-time protection settings:

1. In the console tree, in the Managed devices folder, select the administration group to which the Android devices belong.
2. In the workspace of the group, select the Policies tab.
3. Open the policy properties window by double-clicking any column.
4. In the policy Properties window, select the Protection section.
5. In the Protection section, configure the settings of mobile device file system protection:
   • To enable real-time protection of the mobile device against threats, select the Enable Protection check box.

     Kaspersky Endpoint Security for Android scans only new apps and files from the Downloads folder.

   • To enable extended protection of the mobile device against threats, select the Extended protection mode check box.

     Kaspersky Endpoint Security for Android will scan all files that the user opens, modifies, moves, copies, installs or saves on the device, as well as newly installed mobile apps.

     On devices running Android 8.0 or later, Kaspersky Endpoint Security for Android scans files that the user modifies, moves, installs and saves, as well as copies of files. Kaspersky Endpoint Security for Android does not scan files when they are opened, or source files when they are copied.

   • To enable additional scanning of new apps before they are started for the first time on the user's device with the help of the Kaspersky Security Network cloud service, select the Cloud protection (KSN) check box.
   • To block adware and apps that can be exploited by criminals to harm the device or user data, select the Detect adware, autodialers, and apps that can be used by criminals to cause harm to the user's device and data check box.
6. In the Action on threat detection list, select one of the following options:
   • Delete

     Detected objects will be automatically deleted. The user is not required to take any additional actions. Prior to deleting an object, Kaspersky Endpoint Security for Android will display a temporary notification about the detection of the object.

   • Skip

     If the detected objects have been skipped, Kaspersky Endpoint Security for Android warns the user about problems in device protection. For each skipped threat, the app provides actions that the user can perform to eliminate the threat. The list of skipped objects may change, for example, if a malicious file was deleted or moved. To receive an up-to-date list of threats, run a full device scan. To ensure reliable protection of your data, eliminate all detected objects.

   • Quarantine
7. Click the Apply button to save the changes you have made.

Mobile device settings are configured after the next device synchronization with the Kaspersky Security Center.

To configure autorun of virus scans on the mobile device:

1. In the console tree, in the Managed devices folder, select the administration group to which the Android devices belong.
2. In the workspace of the group, select the Policies tab.
3. Open the policy properties window by double-clicking any column.
4. In the policy Properties window, select the Scan section.
5. To block adware and apps that can be exploited by criminals to harm the device or user data, select the Detect adware, autodialers, and apps that can be used by criminals to cause harm to the user's device and data check box.
6. In the Action on threat detection list, select one of the following options:
   • Delete

     Detected objects will be automatically deleted. The user is not required to take any additional actions. Prior to deleting an object, Kaspersky Endpoint Security for Android will display a temporary notification about the detection of the object.

   • Skip

     If the detected objects have been skipped, Kaspersky Endpoint Security for Android warns the user about problems in device protection. For each skipped threat, the app provides actions that the user can perform to eliminate the threat. The list of skipped objects may change, for example, if a malicious file was deleted or moved. To receive an up-to-date list of threats, run a full device scan. To ensure reliable protection of your data, eliminate all detected objects.

   • Quarantine
   • Ask user

     The Kaspersky Endpoint Security for Android app displays a notification prompting the user to choose the action to take on the detected object: Skip or Delete.

     When the app detects several objects, the Ask user option allows the device user to apply a selected action to each file by using the Apply to all threats check box.

     Kaspersky Endpoint Security for Android must be set as an Accessibility feature to ensure the display of notifications on mobile devices running Android 10.0 or later. Kaspersky Endpoint Security for Android prompts the user to set the app as an Accessibility feature through the Initial Configuration Wizard. The user can skip this step or disable this service in the device settings at a later time. In this case, Kaspersky Endpoint Security for Android displays an Android system window prompting the user to choose the action to take on the detected object: Skip or Delete. To apply an action to multiple objects, you need to open Kaspersky Endpoint Security.

7. The Scheduled scan section lets you configure the settings of the automatic launch of the full scan of the device file system. To do so, click the Schedule button and specify the frequency and start time of the full scan in the Schedule window.

   On Android 12 or later, the app may perform this task later than specified if the device is in battery saver mode.

8. Click the Apply button to save the changes you have made.

Mobile device settings are configured after the next device synchronization with the Kaspersky Security Center. Kaspersky Endpoint Security for Android scans all files, including the contents of archives.

To keep mobile device protection up to date, configure the anti-virus database update settings.

By default, anti-virus database updates are disabled for when the device is roaming. Scheduled updates of anti-virus databases are not performed.

To configure the settings of anti-virus database updates:

1. In the console tree, in the Managed devices folder, select the administration group to which the Android devices belong.
2. In the workspace of the group, select the Policies tab.
3. Open the policy properties window by double-clicking any column.
4. In the policy Properties window, select the Database update section.
5. If you want Kaspersky Endpoint Security for Android to download database updates according to the update schedule when the device is in the roaming zone, select the Allow database update while roaming check box in the Database update while roaming section.

   Even if the check box is cleared, the user can manually start an anti-virus database update when the device is roaming.

6. In the Database update source section, specify the update source from which Kaspersky Endpoint Security for Android receives and installs anti-virus database updates:
   • Kaspersky servers

     Using a Kaspersky update server as an update source for downloading the databases of Kaspersky Endpoint Security for Android on users' mobile devices. To update databases from Kaspersky servers, Kaspersky Endpoint Security for Android transmits data to Kaspersky (for example, the update task run ID). The list of data that is transmitted during database updates is provided in the End User License Agreement.

   • Administration Server

     Using the repository of Kaspersky Security Center Administration Server as an update source for downloading the databases of Kaspersky Endpoint Security for Android on users' mobile devices.

   • Other source

     Using a third-party server as an update source for downloading the databases of Kaspersky Endpoint Security for Android on users' mobile devices. To start an update, you should enter the address of an HTTP server in the field below (e.g., http://domain.com/).

7. In the Scheduled database update section, configure the settings for automatic anti-virus database updates on the user's device. To do so, click the Schedule button and specify the frequency and start time of updates in the Schedule window.

   On Android 12 or later, the app may perform this task later than specified if the device is in battery saver mode.

8. Click the Apply button to save the changes you have made.

Mobile device settings are configured after the next device synchronization with the Kaspersky Security Center.