Files and Memory Settings
Files and Memory Settings -> General tab
File types
Here you can specify which file formats should be scanned.
All files: all files will be scanned without exceptions.
Files scanned by format: only files which format can be infected will be scanned (for instance, .txt files will be skipped). The format of each file will be determined by the analysis of its header information.
Files scanned by extension: only files which format can be infected will be scanned, but in this case the format will be determined on the base of the file extension (.doc, .exe, etc).
Warning: an infected file with changed extension (for instance, a virus.exe file renamed as virus.txt), will be skipped.
Protection scope
All drives are scanned by default. You can reduce the scope of protection by unchecking one or more of the listed boxes, or extend it by clicking on the Add new item link.
Files and Memory Settings -> Performance tab
Scan methods
Here you can specify the scan method to be used for analyzing files.
Signature analysis: this is the standard scan method. KIS will compare the bit patterns of each file against a database of known virus signatures.
Heuristic analysis: the files will be virtually processed by a software emulator and monitored for suspicious activities. The heuristic method is useful to detect any unknown viruses before they have been included in the virus database. When the heuristic analysis is enabled, you can also set the level of analysis detail (Light scan, Medium scan, Deep scan). The deeper the detail is, the more significant the impact on system responsiveness will be.
Scan optimization
Scan only new and changed files: only the new files or the files changed after the last scan will be analyzed.
Scan of compound files
Scan archives: the .arj, .cab, .ice, .jar, .lha, .rar and .zip archives will be unpacked and scanned.
Scan installation packages: the self-extracting installation archives will be unpacked and scanned.
Scanning all the archives and installation packages, might increase the demand for system resources and therefore cause system slowdown.
Scan embedded OLE object: the objects embedded in files (for instance, MS Excel objects embedded in MS Word files) will be scanned.
If the Scan only new and changed files box is unchecked, then you will be able to specify, for each compound files category, whether you want KIS to scan all the objects or only the new ones.
Click on the Additional… button to access some additional settings:
Background scan
While archives are being unpacked by KIS, you might experience a variable delay in opening them. To minimize the amount of delay, select the Extract compound files in the background checkbox and specify a minimum file size value.
If the file is smaller than the specified size, then KIS will treat it as a compound object and will scan it completely before returning it to the user. Otherwise, if the file is larger than the set size, then KIS will treat it as a single object and will scan its header only, so that the file can be released to be used by other processes. In that case, the contents of the archive will be scanned later in the session.
Size limit
Do not unpack compound files larger than…: archives larger than the specified size will not be unpacked.
Files and Memory Settings -> Additional tab
Scan mode
Smart mode: KIS will analyze the operations performed on the file, to determine whether it needs to be scanned or not.
On access and modification: the object will be scanned when opened and changed.
On access: the object will be scanned when an attempt to access the file is made.
On execution: the object will be scanned when executed.
Scan technologies
iSwift and iChecker are proprietary scan technologies developed to reduce the duration of the scanning process.
iSwift: iSwift technology is based on the comparison results of object IDs under the NTFS file system.
iChecker: iChecker technology is based on the checksum (unique digital signature) comparison results. On the first scan, checksums are calculated for all files. During the next scans, KIS will exclude certain files from scanning, through comparing the actual checksums with the saved ones.
Both iChecker and iSwift use a complex algorithm that involves many different variables (like, for instance, the release date of the program database, the last scan date and any modifications made to the scan settings).
Pause Task
In some situations, you might need to pause real-time monitoring in order to free the available system resources for other critical applications (like, for example, defragmentation software). To do so, you can stop the component from running at a specified time or when working with certain applications.
By schedule: check the box and click on the Schedule… button to select pausing and resuming time.
At application start-up: check the box and click on the Select… button to select an application. Click on the Add new item link and browse through your programs to choose the desired application.
Warning: disabling the real-time protection, even if temporarily, is not recommended, as it will leave your computer vulnerable to viruses.
