Real-Time Protection settings window

Using the Real-time Protection settings window, you can specify settings that will be used by the real-time protection function of Kaspersky Anti-Virus Personal.

Select the protection level using a slider. By changing the protection level, you change the balance between how fast the scan will be performed and the number of objects to be scanned as the fewer objects are to be scanned the faster the scan process will be. Kaspersky Anti-virus Personal allows the user to select one of the three protection levels:

Maximum Protection - level that ensures maximum monitoring of objects that are being opened, saved or run. When this protection level is selected, the program will scan:
all files, including self-extracting archives and packed files residing on your hard drives and removable drives or network drives if there are such drives connected to your computer;
disk boot sectors;
objects that are linked to or embedded into other files, for example a Microsoft Excel spreadsheet embedded into a Microsoft Word document;
incoming POP3 and outgoing SMTP mail;
Microsoft Outlook and Microsoft Outlook Express mailboxes.

The scan of Microsoft Outlook and Microsoft Outlook Express mailboxes is provided only if such programs are installed in your computer.

Recommended - the settings of this level are recommended by Kaspersky Labs experts. At this protection level, the program scans same types of objects as at the Maximum Protection level, except self-extracting archives and outgoing e-mail messages.
High Speed - the settings of this level ensure good computer performance while you are working with programs that require considerable RAM resources due to a shorter list of objects to be scanned. In order to ensure the maximum speed, at this level the program scans only objects listed below:
only files that can potentially be infected (for example, files that have extensions normally assigned to executable objects) and that reside only on hard drives and removable drives;
disk boot sectors;
packed files and linked or embedded objects, for example, a Microsoft Excel spreadsheet embedded into a Microsoft Word document;
incoming mail messages.

You can specify exclusions from the real-time protection scope - that is objects that will not be scanned when they are opened, saved or run, or disable the real-time protection altogether. In order to do so, use the Configure Real-Time Protection link.

Specify actions for the program to perform each time it detects an infected object, malware (a worm or a Trojan program), or an object possibly infected with a virus or a virus modification:

Block access and prompt user for action - deny access to the object and display a message prompting the user to choose which action is to be performed on the object. This is a default mode. You can choose one of the following actions:
disinfect infected objects;
quarantine objects possibly infected with a virus or a virus modification;

Sometimes, after a file has been quarantined, a message appears notifying the user that the object cannot be deleted. This is related to the fact that the process of quarantining objects involves physical movement of the object to the quarantine folder and deletion of the object from its initial location. However, some objects (as, for instance, objects contained in a self-extracting archive) cannot be deleted during such process.

delete malicious programs (Trojans and worms) or infected objects that could not be disinfected or disinfection of which is not possible;
skip - do not perform any action on objects, record information on the detection of such objects in the report.

If you do not specify the action within 30 seconds after the message was displayed, the program will perform the recommended action on this object (the recommended action is always flagged in the list of available action by the word recommended).

Block access and perform recommended action - deny access to the object and perform the action recommended for this type of objects. The recommended actions (except skip, which cannot be a recommended action) are listed above:
Block access and delete infected objects - delete objects without any additional warning to the user.
Block access and write information to log file - deny access to the object, do not display messages prompting user for action.