User guide
K A S P E R S K Y A N T I - V I R U S 2 0 1 0
112
STORING REPORTS
You can determine the maximum storage time for event reports (the Store reports no longer than box). By default, it
is equal to 30 days: after it expires, objects will be deleted. You can change the maximum storage time, or even discard
any limits imposed on it. Besides, you can specify the maximum size of report file (the Maximum file size box). By
default, the maximum size is 1024 MB. Once the maximum size has been reached, the content of the file will be
overwritten with new records. You can cancel any limits set on the report's size, or enter another value.
To configure the settings of report storage, please do the following:
1. Open the main application window and in the top part click the Settings link.
2. In the window that will open, select the Reports and Storages section.
3. In the window that will open, in the Reports section, check the required boxes and change the maximum
report size and its storage time, if necessary.
QUARANTINE FOR POTENTIALLY INFECTED OBJECTS
Quarantine is a special repository that stores the objects possibly infected with viruses.
Potentially infected objects are objects that are suspected of being infected with viruses or their modifications.
A potentially infected object can be detected and quarantined by File Anti-Virus, Mail Anti-Virus, Proactive Defense or in
the course of a virus scan.
Objects are placed to quarantine as a result of File Anti-Virus and Mail Anti-Virus operation, as well as in the course of a
virus scan, if:
The code of the object being analyzed resembles a known threat but is partially modified.
Kaspersky Anti-Virus databases contain the information on the threats investigated to date by the specialists of
Kaspersky Lab. If a malicious program is modified and these changes have not been entered into the databases
yet, Kaspersky Anti-Virus classifies the object infected with the modified malicious program as a potentially
infected object, and indicates without fail what threat this infection resembles.
The code of the object detected is reminiscent in structure of a malicious program; however, nothing similar is
recorded in the application databases.
It is quite possible that this is a new type of threat, so Kaspersky Anti-Virus classifies that object as a potentially
infected object.
Files are identified as potentially infected with a virus by the heuristic code analyzer. This mechanism is fairly effective
and very rarely leads to false positives.
As for Proactive Defense, the component places an object to quarantine if, as a result of behavior analysis, the sequence
of object's actions arouses suspicion.
When you place an object in Quarantine, it is moved, not copied: the object is deleted from the disk or email, and saved
in the Quarantine folder. Files in Quarantine are saved in a special format and are not dangerous.
It is possible that after databases update Kaspersky Anti-Virus will be able to identify the threat unambiguously and
neutralize it. Due to this fact the application scans quarantine objects after each update (see page 88).
BACKUP COPIES OF DANGEROUS OBJECTS
Sometimes the integrity of objects cannot be maintained during disinfection. If the disinfected file contained important
information, and after disinfection it became inaccessible in part or in full, you can attempt to restore the original object
from its backup copy.