Active threats

Information about unprocessed files that have been detected on client devices is stored in the Repositories folder, Active threats subfolder.

Postponed processing and disinfection are performed by the security application upon request or after a specified event occurs. You can configure the postponed processing.

Disinfecting an unprocessed file

To start disinfection of an unprocessed file:

1. In the console tree, in the Repositories folder select the Active threats subfolder.
2. In the workspace of the Active threats folder, select the file that you have to disinfect.
3. Start disinfection of the file in one of the following ways:
   • By selecting Disinfect in the context menu of the file.
   • By clicking the Disinfect link in the information box for the selected file.

The attempt to disinfect this file is then performed.

If the file is disinfected, the security application installed on the client device restores it to its original folder. The record of the file is removed from the list in the Active threats folder. If the file cannot be disinfected, the security application installed on the device deletes it from that device. The record of the file is removed from the list in the Active threats folder.

File disinfection and deletion capability may vary depending on which security application is installed, its version and settings.

Saving an unprocessed file to disk

Kaspersky Security Center allows you to save to disk copies of unprocessed files found on client devices. Files are copied to the device with Kaspersky Security Center installed, to the specified folder.

You can save copies of files in the following cases:

• Files were deleted or modified during disinfection and their copies are stored in the Kaspersky Endpoint Security for Windows storage on the managed device.
• Log only option is selected for the Action on threat detection parameter (Essential Threat Protection → File Threat Protection) in the Kaspersky Endpoint Security policy.

To save a copy of an unprocessed file to disk:

1. In the console tree, in the Repositories folder select the Active threats subfolder.
2. In the workspace of the Active threats folder, select the files that you have to copy to disk.
3. Start copying in one of the following ways:
   • By selecting Save to Disk in the context menu of the file.
   • By clicking the Save to Disk link in the information box for the selected file.

The security application installed on the client device on which the unprocessed file has been found saves a copy of that file to the specified folder.

Deleting files from the "Active threats" folder

To delete a file from the Active threats folder:

1. In the console tree, in the Repositories folder select the Active threats subfolder.
2. In the workspace of the Active threats folder, select the files that you have to delete by using the Shift and Ctrl keys.
3. Delete the files in one of the following ways:
   • By selecting Delete in the context menu of the files.
   • By clicking the Delete (Delete if you want to delete one file) link in the information box for the selected files.

The security applications that placed the files in repositories on client devices, will delete the same files from those repositories. The records of the files are removed from the list in the Active threats folder.