Suspicious object detected

If File Anti-Virus, Mail Anti-Virus, or a virus scan detects an object containing code from an unknown virus or modified code of a known virus, a notification pops up.

The notification provides the following information:

  • Threat description.
  • Type of threat and name of the malicious object as listed in the Kaspersky Lab Virus Encyclopedia.

    The Kapersky Antivirus info pict Suspicious object detected icon is displayed next to the name of the malicious object. Click it to open the window with information about the object. Clicking the www.securelist.com/en/ link in this window allows you to go to the Virus Encyclopedia website and obtain more detailed information about the threat posed by the object.

  • File name of the malicious object, including the path to it.

You are asked to select one of the following responses to the object:

  • Quarantine – move the object to Quarantine where it will pose no threat to your computer.

    A certain folder, where all possibly infected objects are placed, which were detected during scans or by real-time protection.

    With further scans of Quarantine, the status of the object may change. For example, the object may be identified as infected and can be processed using an updated database. Otherwise, the object could be assigned the not infected status, and then restored.

    If you manually move to Quarantine a file that turns out to be not infected at the next scan, its status changes to OK only if the file has been scanned for three days after it had been moved to Quarantine, or later.

  • Delete – delete malicious object. Before deleting, a backup copy of the object is created in case the necessity arises to restore it or a portrait of its infection.
  • Skip / Block – block access to the object, but perform no actions in respect of it; simply record information about it in a report.

    You can later return to skipped malicious objects in the report window. However, you cannot postpone the processing of objects detected in emails.

To apply the selected action to all objects with the same status that have been detected during the current session of a protection component or task, check the Kapersky Antivirus mark fs Suspicious object detected Apply to all objects box. The current session is the time from when the component is started until it is disabled or the application is restarted or the time from beginning a virus scan until it is complete.

If you are sure that the object detected it is not malicious, we recommend adding it to the trusted zone to avoid the program from making repeat false positives when you use the object.

Suspicious object detected