iQ.Suite Watchdog with Kaspersky Security Network Option (KSN)
Which information and file formats are uploaded from an email to the cloud of the antivirus provider?
KSN offers only one mode of operation.
The KSN option is applied only when the scan based on local anti-virus patterns cannot achieve a conclusive result (virus or not virus).
When the cloud process is started, the KSN interface calculates a hash value locally for the particular file. This hash value is checked against information from the Kaspersky Security Network. This process determines whether the file can be considered safe or infected.
This process supports following file formats:
- EXE, DLL, SYS
- Shell scripts
- Executable and Linkable format (ELF)
- XAR archives
- JAR archives
File formats such as Office documents are disregarded in this process. An exchange of content information does not take place.
Kaspersky is looking for a certain header in a file, common for PE (Portable Executable) files, not at the extension. It may happen that new PE file with a new extension (or even without extension at all) appears and will be handled by its PE header.
Listed extensions of PE files you may find in the Internet.
Last updated: 9 September 2016