Kaspersky Security 9.x for SharePoint Server

On-access scan

November 9, 2024

ID 37000

On-access scan is an operation mode of Kaspersky Security in which Kaspersky Security subsystems scan objects on SharePoint servers in real time. The subsystems scan an object in the moment the SharePoint user handles it (for example, when copying it from a SharePoint server to a computer).

Each of the application subsystems performs a scan of a single type. The table lists scan types that the application performs in on-access scan mode, as well as objects to which the respective scans apply.

Processing objects in on-access scan mode

Objects to scan

Scan types

Anti-virus scan

Content filtering

Phishing scan

Files uploaded by the user to the SharePoint server

+

+

Files copied from the SharePoint server to the computer

+

+

SharePoint web parts (such as wiki pages and forums hosted on the SharePoint server) that are created or modified

+

+

If the subsystems that scan an object detect no threats, malicious links, and unwanted content, the application allows the user to handle this object. If a subsystem detects a threat, malicious link, or unwanted content, the application performs the action that has been configured for each scan type.

Objects are scanned by subsystems one by one. If an object was blocked by the application during a scan by a subsystem, the remaining subsystems do not scan this object. If a file was blocked during an anti-virus scan, the application does not apply content filtering to this file.

If failures occur in the operation of the application subsystems, some file may remain unscanned. By default, unscanned files are skipped without being scanned. You can configure the application so that it will block all files that cannot be scanned. Contact Technical Support for additional details.

Status labels assigned to files following on-access scan

Based on the results of on-access scanning, the application assigns one of the following status labels to the file:

  • Not infected. No threats detected in the file.
  • Infected. A file a segment of whose code fully matches a code segment of a known threat.
  • Probably infected. A file whose code contains a modified segment of code of a known threat, or a file resembling a threat in the way it behaves.
  • Password-protected. A password-protected archive.
  • Corrupted. The file cannot be read by Kaspersky Security.

Based on the results of content filtering, the application assigns one of the following status labels to the file:

  • Allowed. There is no unwanted content in the file.
  • Forbidden format. The file has an unwanted format.
  • Forbidden mask. The file name contains an unwanted mask.
  • Forbidden content. The file has been found to contain unwanted words and phrases.

Based on the results of content filtering and phishing scanning, the application assigns one of the following status labels to the SharePoint web part:

  • Allowed. The SharePoint web object does not contain unwanted content, malicious or phishing URLs.
  • Forbidden content. The SharePoint web object has been found to contain malicious / phishing URLs or unwanted content.

About the restricted scan mode

If one of the scanning subsystems is freezing during an on-access scan, the application switches to the restricted scan mode by default. In this case, some objects may remain unscanned. When the application switches to the restricted scan mode, the following information is recorded to Windows Event Log:

  • Date and time the restricted scan mode was enabled
  • Name of the subsystem for which the mode was enabled
  • Event level: Error
  • Event category: Infrastructure
  • Event ID: 6200

If the application switches to the restricted scan mode, the Control Center node displays a warning. For example, if a phishing scan is freezing, the following warning is displayed: Restricted scan mode enabled. Some objects can be skipped without being scanned for phishing. Information about files that have not been scanned by the application due to the restricted scan mode will be logged to the report with the Scan errors status.

The restricted scan mode does not affect on-demand scanning or data leak prevention.

The restricted scan mode can be disabled. For additional information about how to disable the restricted scan mode please contact Technical Support.

In this Help section

Kaspersky Security operation depending upon the SharePoint server settings

Enabling and disabling on-access anti-virus scanning

Configuring basic scan settings

Configuring object processing rules for on-access scanning

Enabling and disabling on-access content filtering

Enabling and disabling SharePoint web object scanning

Creating on-access Anti-Virus scan exclusions

Configuring additional settings for on-access content filtering

On-access scan

General

Exclusions from anti-virus scan

File mask

Content filtering rules

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.