Hi Guys I found an useful Text in Kaspersky KL002 Student Guide. Page: 153 How does Kaspersky Endpoint Security learn which files have been changed and which have not? The NTFS file system (and its successor ReFS) logs when files are changed, and guarantees integrity of these records. Therefore, on NTFS drives, Kaspersky Endpoint Security simply checks the file modification date. FAT32 file system cannot log the modification date; neither can it protect the modification date against unsolicited changes. Malware may modify a file, and then assign any modification date to it. For this reason, Kaspersky Endpoint Security saves checksums of scanned files into a special database for FAT32 drives. When the file is accessed next time, Kaspersky Endpoint Security re-calculates the checksum and compares it with that saved. If the sums differ, the file has been changed, and File Threat Protection scans it. Scanning new files only once is dangerous. If malware gets on the computer before Kaspersky Endpoint Security receives its signatures, File Threat Protection will scan it, consider to be clean, and will not scan at the next start. and this one in page: 160 Starting with Kaspersky Security Center version eleven, the Quick Start Wizard does not create a Quick Virus Scan task anymore. By default, computers are scanned for viruses by a special local Background scan task. Background scanning is less resource-intensive when compared with an ordinary virus scan task. It is performed while the computer is locked, does not display any notifications to the use; however, it does not reset the Not scanned for a long time status either. You cannot modify scan settings or scope of this task.
