Kaspersky Endpoint Security for Linux
12
English

Contents

Task settings

The following types of tasks are provided for managing Kaspersky Endpoint Security by means of Kaspersky Security Center:

  • Malware Scan. During the task execution, the application scans the device areas that are specified in the task settings for viruses and other malware.
  • Add Key. During the task execution, the application adds a key, including a reserve one, to activate the application.
  • Inventory Scan. During the task execution, the application receives information about all executable files stored on the devices.
  • Update. During the task execution, the application updates the databases in accordance with the configured update settings.
  • Rollback. During the task execution, the application rolls back the last database update.
  • Critical Areas Scan. During the task execution, the application scans boot sectors, startup objects, process memory, and kernel memory.
  • Container Scan. During the task execution, the application scans containers and images for viruses and other malware.
  • System Integrity Check. During the task execution, the application determines changes of each object by comparing the current state of the monitored object to its original state, which was previously established as a baseline.

The set of policy settings and default values for task settings depend on the license type. The Add Key, Update and Rollback tasks are not applicable if the application is used in Light Agent mode to protect virtual environments. Additionally, some application functions are not supported in a KESL container.

In this section

Add Key

Inventory

Update

Rollback

Malware Scan

Critical Areas Scan

Container Scan

System Integrity Check
Page top
[Topic 246375]

Add a key

If Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments, activation of the application using the Add key task is not supported.

If the Kaspersky Endpoint Security application is used in standalone mode, you can use the Add key task to add a license key for activating the application.

Add a key task settings

Setting

Description

Use as a reserve key

This check box enables or disables the usage of the key as a reserve key.

If this check box is selected, the application uses the key as a reserve key.

If this check box is cleared, the application uses the key as an active key.

This check box is cleared by default.

The check box is unavailable if you are adding a trial license key or a subscription key.

A trial license key and a subscription key cannot be added as a reserve key.

Select key

Clicking this button opens the Kaspersky Security Center key storage window. In this window, you can select keys added to Kaspersky Security Center key storage and add keys to Kaspersky Security Center key storage.

License information

This section contains information about the key and the license corresponding to this key:

  • License key – unique alphanumeric sequence. You may use the application only if it has a key.
  • License type can be trial, commercial, or commercial (subscription).
  • License validity period is the number of days during which you can use the application activated by this key (for example, 365 days). This information is not displayed if you use the application under a subscription.
  • Grace period – the number of days after the subscription ends during which the application retains its functionality. The field is displayed if you are using the application under a subscription and the service provider with which you registered your subscription offers a grace period for renewing your subscription.
  • Expires on is the date and time when the application activated by this key expires, in UTC. If you use the application under an unlimited subscription, the license expiration date is not specified.
  • Limit is the maximum number of devices that the application can protect.
  • Description – description of the license.
Page top
[Topic 247234]

Kaspersky Security Center key storage window

In this window, you can select keys added to Kaspersky Security Center key storage and add keys to Kaspersky Security Center key storage.

Settings in the Kaspersky Security Center key storage window

Setting

Description

Key table

The table contains the keys added to Kaspersky Security Center key storage and consists of the following columns:

  • License type can be one of the following: trial, commercial, or commercial (subscription).
  • Expires on is the expiration date of the application activated by this key.
  • License validity period is the number of days during which you can use the application activated by this key (for example, 365 days). This information is not displayed if you use the application under a subscription.
  • Limit is the maximum number of devices that the application can protect.
  • Description – description of the license.
  • License key – unique alphanumeric sequence.

Add a key

Clicking this button launches the Add license key wizard. The key will be added to Kaspersky Security Center key storage. After adding a key, information about it will be displayed in the key table.
Page top
[Topic 247221]

Inventory

The Inventory task provides information about all applications executable files stored on the client devices. Obtaining information about the applications installed on the devices can be useful, for example, for creating Application Control rules.

This feature is not supported in the KESL container.

To use the task, a license that includes the corresponding function is required.

The Kaspersky Security Center database can store information about up to 150,000 processed files. When this number of records is reached, new files will not be processed. To resume the Inventory task, delete the files registered in the Kaspersky Security Center database as a result of previous inventories, from the device where Kaspersky Endpoint Security is installed.

Inventory task settings

Setting

Description

Add files to the Golden Image category

The check box enables or disables adding applications detected on the device by the Inventory task to the Golden Image category. If the check box is selected, you can use the "Golden Image" category in the Application Control rules.

This check box is cleared by default.

Scan all executables

This check box enables or disables of executable file scans.

The check box is selected by default.

Scan binaries

This check box enables or disables of binary file scans (with extensions elf, java, and pyc).

The check box is selected by default.

Scan scripts

This check box enables or disables script scans.

The check box is selected by default.

Inventory scopes

The group of settings contains the Configure button. Clicking this button opens the Scan scopes window.

In the Exclusion scopes section for the Inventory task, you can also configure scopes to be excluded from scans.

Page top
[Topic 202213]

Scan scopes window

The table contains the scan scopes. The application will scan files and directories located in the paths specified in the table. By default, the table contains one scan scope – /usr/bin.

Scan scope settings for the Inventory task

Setting

Description

Scope name

Scan scope name.

Path

Path to the directory that the application scans.

Status

The status indicates whether the application scans this scope.

You can add, edit, delete, move up, and move down items in the table.

Clicking the Move down button moves the selected item down in the table.

Kaspersky Endpoint Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table.

This button is available if a scope is selected in the table.

Clicking the Move up button moves the selected item up in the table.

Kaspersky Endpoint Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table.

This button is available if a scope is selected in the table.

Clicking the Delete button excludes the selected scope from scans.

This button is available if at least one scan scope is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Kaspersky Endpoint Security scans objects in the specified scopes in the order they appear in the list of scopes. If necessary, place the subdirectory higher in the list than its parent directory, to configure security settings for a subdirectory that are different from the security settings of the parent directory.

Page top
[Topic 215256]

<New scan scope> window

In this window, you can add and configure scan scope for the Inventory task.

Inventory scope settings

Setting

Description

Scan scope name

Field for entering the scan scope name. This name will be displayed in the table in the Scan scopes window.

The entry field must not be blank.

Use this scope

This check box enables or disables the scan of this scope when the task is performed.

If this check box is selected, the application processes this scan scope while running the task.

If this check box is cleared, the application does not process this scan scope while running the task. You can later include this scope in task settings by selecting the check box.

The check box is selected by default.

File system, access protocol, and path

Entry field for the path to the local directory that you want to include in the scan scope. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

You can use a single ? character to represent any one character in the file or directory name.

The field must not be blank.

Masks

This list contains name masks of the objects that the application scans while running the task.

By default the list contains the * mask (all objects).

You can add, edit, or delete masks.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.
Page top
[Topic 213264]

Exclusion scopes window

This table contains scan exclusion scopes. The application does not scan files and directories located at the paths specified in the table. By default, the table is empty.

Exclusion scope settings

Setting

Description

Exclusion scope name

Exclusion scope name.

Path

Path to the directory excluded from scan.

Status

The status indicates whether the application uses this exclusion.

You can add, edit, and delete items in the table.

Clicking the Delete button excludes the selected scope from scans.

This button is available if at least one scan scope is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top
[Topic 210496_2]

<New exclusion scope> window

In this window, you can add and configure scan exclusion scope for the Inventory task.

Exclusion scope settings

Setting

Description

Exclusion scope name

Field for entering the exclusion scope name. This name will be displayed in the table in the Exclusion scopes window.

The entry field must not be blank.

Use this scope

This check box enables or disables the exclusion of the scope when the task is executed.

If this check box is selected, the application excludes this scope during task execution.

If this check box is cleared, the application includes this scope during task execution. You can later exclude this scope from scanning by selecting the check box.

The check box is selected by default.

File system, access protocol, and path

Entry field for the path to the local directory that you want to exclude from the inventory. You can use masks to specify the path. The field must not be blank.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

You can use a single ? character to represent any one character in the file or directory name.

Masks

The list contains name masks of the objects that the application excludes from scan.

You can add, edit, or delete masks.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens the Object mask window. In this window, in the Define object mask field, you can specify the name template for files that Kaspersky Endpoint Security excludes from scans.

Examples:

The *.txt mask refers to all text files.

The *_my_file_??.html mask refers to html files starting with any characters, and ending with _my_file_ followed by any two characters (for example, 2020_my_file_09.html).

 
Page top
[Topic 213263]

Update

If Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments, the application databases and modules cannot be updated using the task created in Kaspersky Security Center. Updates are performed using a local predefined task.

Updating the databases and application modules of Kaspersky Endpoint Security ensures up-to-date protection on your device. New viruses and other types of malware appear worldwide on a daily basis. The application databases contain information about the threats and the ways to neutralize them. To detect threats quickly, you are urged to regularly update the application databases and modules.

An update source is a resource that contains updates for Kaspersky Endpoint Security databases and application modules. Update sources can be FTP, HTTP, or HTTPS servers (such as Kaspersky Security Center and Kaspersky update servers), as well as local or network directories mounted by the user.

Update source settings for the Update task

Setting

Description

Update source

In this section, you can select the update source:

  • Kaspersky update servers, where database updates for Kaspersky applications are published (default value).
  • Kaspersky Security Center – Kaspersky Security Center Administration Server.
  • Other sources on the local or global network – HTTP, HTTPS, or FTP servers or directories on local network servers.

Use Kaspersky update servers if other update sources are not available

The check box enables or disables usage Kaspersky update servers as the update source, if the selected update sources are not available.

This check box is available if under Update sources, the Other sources on the local or global network or Kaspersky Security Center option is selected.

The check box is selected by default.

Custom update sources

This table contains a list of custom sources of database updates. During the update process, the application accesses update sources in the order they appear in the table.

The table contains the following columns:

  • Source address – HTTP, HTTPS, or FTP servers or directories on local network servers.
  • Status indicates if the source is used in the task (In use or Not in use). You can change the status by selecting or clearing the Use this source check box in the Update source window that is opened when you click the Edit button.

     

This table is available if the Other sources on the local or global network option is selected.

You can add, edit, delete, move up, or move down update sources in the table.

Clicking the Move down button moves the selected item down in the table.

This button is available if only one item is selected in the table.

Clicking the Move up button moves the selected item up in the table.

This button is available if only one item is selected in the table.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

The table is empty by default.

In the Settings section, you can specify the response timeout and the application update download settings.

Additional settings of the Update task

Setting

Description

Maximum time to wait for a response from the update source (sec)

The maximum period of time that the application waits for a response from the selected update source (in seconds). When no response has arrived by this time, an event involving a loss of communication with the update source is logged in the task log.

Available values: 0–120. If 0 is specified, the period of time that the application waits for a response from the selected source is unlimited.

Default value: 10 seconds.

Application update download mode

In the drop-down list, you can select the mode for updating application databases:

  • Do not download updates. If this list item is selected, the application cannot be updated.
  • Download only update files, but do not install them on client devices (default value).
  • Download and install updates to client devices. After updates are installed, the application will restart automatically.

     

This feature is not supported in the KESL container.
Page top
[Topic 246378]

Rollback

If Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments, the task cannot be used to rollback database updates.

After the application databases are updated for the first time, the rollback of the application databases to their previous versions becomes available.

Every time a user starts the update process, Kaspersky Endpoint Security creates a backup copy of the current application databases. This allows you to roll back the application databases to a previous version if needed.

Rolling back the last database update may be useful, for example, if the new application database version contains invalid signatures, which causes Kaspersky Endpoint Security to block safe applications.

The rollback task does not have any settings.

Page top
[Topic 202208]

Malware Scan

Malware Scan is a one-time full or custom scan of files on the device performed by the application. The application can carry out multiple malware scanning tasks at the same time.

By default, the application creates one standard virus scan task — a full scan. The application scans all the objects located on the local drives of the device, as well as all mounted and shared objects that are accessed via the Samba and NFS protocols with the recommended security settings.

During a full disk scan, the processor is busy. It is recommended to run the full scan task when the business is idle.

Malware Scan task settings

Setting

Description

Scan

This group of settings contains buttons that open windows where you can configure the scan scopes, scan scope settings, and scan settings.

Action on threat detection

This group of settings contains the Configure button. Clicking this button opens the Action on threat detection window, where you can configure the actions that the application performs on detected infected objects.

In the Exclusions section, you can also configure exclusion scopes as well as exclusions by mask and by the threat name for Malware Scans.

Page top
[Topic 246376]

Scan scopes window

The table contains the scan scopes. The application will scan files and directories located in the paths specified in the table. By default, the table contains one scan scope that includes all directories of the local file system.

Scan scope settings

Setting

Description

Scope name

Scan scope name.

Path

Path to the directory that the application scans.

Status

The status indicates whether the application scans this scope.

You can add, edit, delete, move up, and move down items in the table.

Clicking the Move down button moves the selected item down in the table.

Kaspersky Endpoint Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table.

This button is available if a scope is selected in the table.

Clicking the Move up button moves the selected item up in the table.

Kaspersky Endpoint Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table.

This button is available if a scope is selected in the table.

Clicking the Delete button excludes the selected scope from scans.

This button is available if at least one scan scope is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Kaspersky Endpoint Security scans objects in the specified scopes in the order they appear in the list of scopes. If necessary, place the subdirectory higher in the list than its parent directory, to configure security settings for a subdirectory that are different from the security settings of the parent directory.

Page top
[Topic 202257_2]

<New scan scope> window

In this window, you can add and configure scan scopes.

Scan scope settings

Setting

Description

Scan scope name

Field for entering the scan scope name. This name will be displayed in the table in the Scan scopes window.

The entry field must not be blank.

Use this scope

This check box enables or disables scans of this scope by the application.

If this check box is selected, the application processes this scan scope.

If this check box is cleared, the application does not process this scan scope. You can later include this scope in the component settings by selecting the check box.

The check box is selected by default.

File system, access protocol, and path

The settings block lets you set the scan scope.

You can select the file system type in the drop-down list of file systems:

  • Local (default value) – local directories. If this item is selected, you need to indicate the path to the local directory.
  • Mounted – Mounted remote or local directories. If this item is selected, you need to indicate the protocol or name of the file system.
  • Shared — The protected server's file system resources accessible via the Samba or NFS protocol.
  • All remote mounted – all remote directories mounted on the device using the Samba and NFS protocols.
  • All shared — All of the protected server's file system resources accessible via the Samba and NFS protocols.

If Shared or Mounted is selected in the drop-down list of file systems, you can select the remote access protocol in the drop-down list on the right:

  • NFS: remote directories mounted on a device using the NFS protocol.
  • Samba: remote directories mounted on a device using the Samba protocol.
  • Custom – resources of the device's file system specified in the field below.

If Local is selected in the drop-down list of file systems, then in the input field you can enter a path to a directory that you want to add to the scan scope. You can use masks and tags to specify the path.

You can use special tags to specify a container or image:

  • [container-id:<identifier>]/<path to local directory>
  • [container-name:<name>]/<path to local directory>
  • [image-id:<identifier>]/<path to local directory>
  • [image-name:<name>]/<path to local directory>

You can also use unique combinations of the [container-id:<identifier>], [container-name:<name>], [image-id:<identifier>] and [image-name:<name>]/<path to local directory> tags.

Any combination of 1 to 4 unique tags within one area is allowed. The order they are listed in is not important.

For example:

  • [container-name:<name>][image-name:<name>]/<path to local directory>
  • [container-id:<identifier>][image-name:<name>]/<path to local directory>
  • [image-name:<name>][image-id:<identifier>]/<path to local directory>
  • [container-name:<name>][container-id:<identifier>][image-name:<name>]/<path to local directory>
  • [container-name:<name>][image-id:<identifier>][container-id:<identifier>][image-name:<name>]/<path to local directory>

You can use masks (? and * characters) in names and identifiers.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

You can use a single ? character to represent any one character in the file or directory name.

The / path is specified by default – the application scans all directories of the local file system.

If the Local type is selected in the drop-down list of file systems, and the path is not specified, the application scans all directories of the local file system.

Filesystem name

The field for entering the name of the file system where the directories that you want to add to the scan scope are located.

The field is available if the Mounted type is selected in the drop-down list of file systems and the Custom item is selected in the drop-down list on the right.

Masks

The list contains name masks for the objects that the application scans.

By default the list contains the * mask (all objects).

You can add, edit, or delete masks.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.
Page top
[Topic 248962_1]

Scan scope settings window

In this window, you can configure the scan settings for the Malware Scan task. The application allows you to scan files, boot sectors, device memory, and startup objects.

Scan scope settings

Setting

Description

Scan files

This check box enables or disables file scans.

If the check box is selected, the application scans the files.

If the check box is cleared, the application does not scan the files.

The check box is selected by default.

Scan boot sectors

This check box enables or disables boot sector scans.

If the check box is selected, the application scans the boot sectors.

If the check box is cleared, the application does not scan the boot sectors.

This check box is cleared by default.

Scan kernel memory and running processes

This check box enables or disables device memory scan.

If the checkbox is selected, the application scans kernel memory and running processes.

If the check box is cleared, the application does not scan kernel memory and running processes.

This check box is cleared by default.

Scan startup objects

This check box enables or disables startup object scans.

If the check box is selected, the application scans startup objects.

If the check box is cleared, the application does not scan startup objects.

This check box is cleared by default.

Devices to scan

This group of settings contains the Configure button. Clicking this button opens the Scan scopes window, where you can specify the devices whose boot sectors must be scanned.
Page top
[Topic 246377]

Scan scopes window

The table contains name masks of the devices, whose boot sectors the application must scan. By default, the table contains the /** device name mask (all devices).

You can add, edit, and delete items in the table.

Clicking the Delete button excludes the selected scope from scans.

This button is available if at least one scan scope is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top
[Topic 215174]

Scan settings window

In this window, you can configure the file scan settings for the task.

Scan settings

Setting

Description

Scan archives

This check box enables or disables scan of archives.

If the check box is selected, the application scans the archives.

To scan an archive, the application has to unpack it first, which may slow down scanning. You can reduce the duration of archive scans by configuring the Skip file that is scanned for longer than (sec) and Skip file larger than (MB) settings in the General scan settings section.

If the check box is cleared, the application does not scan the archives.

The check box is selected by default.

Scan SFX archives

This check box enables or disables self-extracting archive scans. Self-extracting archives are the archives that contain an executable extraction module.

If the check box is selected, the application scans self-extracting archives.

If the check box is cleared, the application does not scan self-extracting archives.

This check box is available if the Scan archives check box is unchecked.

The check box is selected by default.

Scan mail databases

This check box enables or disables scans of mail databases of Microsoft Outlook, Outlook Express, The Bat!, and other mail applications.

If the check box is selected, the application scans mail database files.

If the check box is cleared, the application does not scan mail database files.

This check box is cleared by default.

Scan mail format files

This check box enables or disables scan of files of plain-text email messages.

If this check box is selected, the application scans plain-text messages.

If this check box is cleared, the application does not scan plain-text messages.

This check box is cleared by default.

Skip file that is scanned for longer than (sec)

In this field, you can specify the maximum time to scan a file, in seconds. After the specified time, the application stops scanning the file.

Available values: 0–9999. If the value is set to 0, the scan time is unlimited.

Default value: 0.

Skip file larger than (MB)

In this field, you can specify the maximum size of a file to scan, in megabytes.

Available values: 0–999999. If the value is set to 0, the application scans files of any size.

Default value: 0.

Log clean objects

This check box enables or disables the logging of ObjectProcessed type events.

If this check box is selected, the application logs events of the ObjectProcessed type for all scanned objects.

If this check box is cleared, the application does not log events of the ObjectProcessed type for any scanned object.

This check box is cleared by default.

Log unprocessed objects

This check box enables or disables the logging ObjectNotProcessed type events if a file cannot be processed during a scan.

If this check box is selected, the application logs the events of the ObjectNotProcessed type.

If this check box is cleared, the application does not log the events of the ObjectNotProcessed type.

This check box is cleared by default.

Log packed objects

This check box enables or disables the logging of PackedObjectDetected type events for all packed objects that are detected.

If this check box is selected, the application logs the events of the PackedObjectDetected type.

If this check box is cleared, the application does not log the events of the PackedObjectDetected type.

This check box is cleared by default.

Use iChecker technology

This check box enables or disables scan of only new and modified since the last scan files.

If the check box is selected, the application scans only new files or the files modified since the last scan.

If the check box is cleared, the application scans the files regardless of the creation or modification date.

The check box is selected by default.

If Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments, the use of the iChecker technology is not supported. Scan optimization is implemented by means of the Protection Server.

Use heuristic analysis

This check box enables or disables heuristic analysis during file scans.

The check box is selected by default.

Heuristic analysis level

If the Use heuristic analysis check box is selected, you can select the heuristic analysis level in the drop-down list:

  • Light is the least detailed scan with minimal system load.
  • Medium is a medium scan with balanced system load.
  • Deep is the most detailed scan with maximum system load.
  • Recommended (default value) is the optimal level recommended by Kaspersky experts. It ensures an optimal combination of protection quality and impact on the performance of the protected devices.
Page top
[Topic 210861]

Action on threat detection window

In this window, you can configure actions to be performed by Kaspersky Endpoint Security on detected infected objects:

Actions on threat detection

Setting

Description

First action

In this drop-down list, you can select the first action to be performed by the application on an infected object that has been detected:

  • Disinfect the object. A copy of the infected object will be moved to the Backup.
  • Remove the object. A copy of the infected object will be moved to the Backup.
  • Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it (default value).
  • Skip the object.

Second action

In this drop-down list, you can select the second action to be performed by the application on an infected object, in case the first action is unsuccessful:

  • Disinfect the object. A copy of the infected object will be moved to the Backup.
  • Remove the object. A copy of the infected object will be moved to the Backup.
  • Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it.
  • Skip the object (default value).

     
Page top
[Topic 210864]

Critical Areas Scan

The Critical Areas Scan task allows you to scan files, boot sectors, startup objects, process memory, and kernel memory.

Critical Areas Scan task settings

Setting

Description

Scan

This group of settings contains buttons that open windows where you can configure the scan scopes, scan scope settings, and scan settings.

Action on threat detection

This group of settings contains the Configure button. Clicking this button opens the Action on threat detection window, where you can configure the actions that the application performs on detected infected objects.

In the Exclusions section, you can also configure exclusion scopes as well as exclusions by mask and by the threat name for the Critical areas scan task.

Page top
[Topic 215184]

Scan scopes window

The table contains the scan scopes. The application will scan files and directories located in the paths specified in the table. By default, the table contains one scan scope that includes all directories of the local file system.

Scan scope settings

Setting

Description

Scope name

Scan scope name.

Path

Path to the directory that the application scans.

Status

The status indicates whether the application scans this scope.

You can add, edit, delete, move up, and move down items in the table.

Clicking the Move down button moves the selected item down in the table.

Kaspersky Endpoint Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table.

This button is available if a scope is selected in the table.

Clicking the Move up button moves the selected item up in the table.

Kaspersky Endpoint Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table.

This button is available if a scope is selected in the table.

Clicking the Delete button excludes the selected scope from scans.

This button is available if at least one scan scope is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Kaspersky Endpoint Security scans objects in the specified scopes in the order they appear in the list of scopes. If necessary, place the subdirectory higher in the list than its parent directory, to configure security settings for a subdirectory that are different from the security settings of the parent directory.

Page top
[Topic 202257_3]

<New scan scope> window

In this window, you can add and configure scan scopes.

Scan scope settings

Setting

Description

Scan scope name

Field for entering the scan scope name. This name will be displayed in the table in the Scan scopes window.

The entry field must not be blank.

Use this scope

This check box enables or disables scans of this scope by the application.

If this check box is selected, the application processes this scan scope.

If this check box is cleared, the application does not process this scan scope. You can later include this scope in the component settings by selecting the check box.

The check box is selected by default.

File system, access protocol, and path

The settings block lets you set the scan scope.

You can select the file system type in the drop-down list of file systems:

  • Local (default value) – local directories. If this item is selected, you need to indicate the path to the local directory.
  • Mounted – Mounted remote or local directories. If this item is selected, you need to indicate the protocol or name of the file system.
  • Shared — The protected server's file system resources accessible via the Samba or NFS protocol.
  • All remote mounted – all remote directories mounted on the device using the Samba and NFS protocols.
  • All shared — All of the protected server's file system resources accessible via the Samba and NFS protocols.

If Shared or Mounted is selected in the drop-down list of file systems, you can select the remote access protocol in the drop-down list on the right:

  • NFS: remote directories mounted on a device using the NFS protocol.
  • Samba: remote directories mounted on a device using the Samba protocol.
  • Custom – resources of the device's file system specified in the field below.

If Local is selected in the drop-down list of file systems, then in the input field you can enter a path to a directory that you want to add to the scan scope. You can use masks and tags to specify the path.

You can use special tags to specify a container or image:

  • [container-id:<identifier>]/<path to local directory>
  • [container-name:<name>]/<path to local directory>
  • [image-id:<identifier>]/<path to local directory>
  • [image-name:<name>]/<path to local directory>

You can also use unique combinations of the [container-id:<identifier>], [container-name:<name>], [image-id:<identifier>] and [image-name:<name>]/<path to local directory> tags.

Any combination of 1 to 4 unique tags within one area is allowed. The order they are listed in is not important.

For example:

  • [container-name:<name>][image-name:<name>]/<path to local directory>
  • [container-id:<identifier>][image-name:<name>]/<path to local directory>
  • [image-name:<name>][image-id:<identifier>]/<path to local directory>
  • [container-name:<name>][container-id:<identifier>][image-name:<name>]/<path to local directory>
  • [container-name:<name>][image-id:<identifier>][container-id:<identifier>][image-name:<name>]/<path to local directory>

You can use masks (? and * characters) in names and identifiers.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

You can use a single ? character to represent any one character in the file or directory name.

The / path is specified by default – the application scans all directories of the local file system.

If the Local type is selected in the drop-down list of file systems, and the path is not specified, the application scans all directories of the local file system.

Filesystem name

The field for entering the name of the file system where the directories that you want to add to the scan scope are located.

The field is available if the Mounted type is selected in the drop-down list of file systems and the Custom item is selected in the drop-down list on the right.

Masks

The list contains name masks for the objects that the application scans.

By default the list contains the * mask (all objects).

You can add, edit, or delete masks.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.
Page top
[Topic 248962_2]

Scan scope settings window

In this window, you can configure the scan settings for the Critical Areas Scan task. The application allows you to scan files, boot sectors, startup objects, process memory, and kernel memory.

Scan scope settings

Setting

Description

Scan files

This check box enables or disables file scans.

If this check box is selected, Kaspersky Endpoint Security will scan files.

If this check box is unchecked, Kaspersky Endpoint Security will not scan files.

This check box is cleared by default.

Scan boot sectors

This check box enables or disables boot sector scans.

If this check box is selected, Kaspersky Endpoint Security will scan boot sectors.

If this check box is unchecked, Kaspersky Endpoint Security will not scan boot sectors.

The check box is selected by default.

Scan kernel memory and running processes

This check box enables or disables device memory scan.

If the check box is selected, Kaspersky Endpoint Security scans kernel memory and running processes.

If the check box is cleared, Kaspersky Endpoint Security does not scan kernel memory and running processes.

The check box is selected by default.

Scan startup objects

This check box enables or disables startup object scans.

If this check box is selected, Kaspersky Endpoint Security will scan startup objects.

If this check box is unchecked, Kaspersky Endpoint Security will not scan startup objects.

The check box is selected by default.

Devices to scan

This group of settings contains the Configure button. Clicking this button opens the Scan scopes window, where you can specify the devices whose boot sectors must be scanned.
Page top
[Topic 215199]

Scan scopes window

The table contains name masks of the devices, whose boot sectors the application must scan. By default, the table contains the /** device name mask (all devices).

You can add, edit, and delete items in the table.

Clicking the Delete button excludes the selected scope from scans.

This button is available if at least one scan scope is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top
[Topic 215174_1]

Scan settings window

In this window, you can configure the file scan settings for the task.

Scan settings

Setting

Description

Scan archives

This check box enables or disables scan of archives.

If the check box is selected, the application scans the archives.

To scan an archive, the application has to unpack it first, which may slow down scanning. You can reduce the duration of archive scans by configuring the Skip file that is scanned for longer than (sec) and Skip file larger than (MB) settings in the General scan settings section.

If the check box is cleared, the application does not scan the archives.

The check box is selected by default.

Scan SFX archives

This check box enables or disables self-extracting archive scans. Self-extracting archives are the archives that contain an executable extraction module.

If the check box is selected, the application scans self-extracting archives.

If the check box is cleared, the application does not scan self-extracting archives.

This check box is available if the Scan archives check box is unchecked.

The check box is selected by default.

Scan mail databases

This check box enables or disables scans of mail databases of Microsoft Outlook, Outlook Express, The Bat!, and other mail applications.

If the check box is selected, the application scans mail database files.

If the check box is cleared, the application does not scan mail database files.

This check box is cleared by default.

Scan mail format files

This check box enables or disables scan of files of plain-text email messages.

If this check box is selected, the application scans plain-text messages.

If this check box is cleared, the application does not scan plain-text messages.

This check box is cleared by default.

Skip file that is scanned for longer than (sec)

In this field, you can specify the maximum time to scan a file, in seconds. After the specified time, the application stops scanning the file.

Available values: 0–9999. If the value is set to 0, the scan time is unlimited.

Default value: 0.

Skip file larger than (MB)

In this field, you can specify the maximum size of a file to scan, in megabytes.

Available values: 0–999999. If the value is set to 0, the application scans files of any size.

Default value: 0.

Log clean objects

This check box enables or disables the logging of ObjectProcessed type events.

If this check box is selected, the application logs events of the ObjectProcessed type for all scanned objects.

If this check box is cleared, the application does not log events of the ObjectProcessed type for any scanned object.

This check box is cleared by default.

Log unprocessed objects

This check box enables or disables the logging ObjectNotProcessed type events if a file cannot be processed during a scan.

If this check box is selected, the application logs the events of the ObjectNotProcessed type.

If this check box is cleared, the application does not log the events of the ObjectNotProcessed type.

This check box is cleared by default.

Log packed objects

This check box enables or disables the logging of PackedObjectDetected type events for all packed objects that are detected.

If this check box is selected, the application logs the events of the PackedObjectDetected type.

If this check box is cleared, the application does not log the events of the PackedObjectDetected type.

This check box is cleared by default.

Use iChecker technology

This check box enables or disables scan of only new and modified since the last scan files.

If the check box is selected, the application scans only new files or the files modified since the last scan.

If the check box is cleared, the application scans the files regardless of the creation or modification date.

The check box is selected by default.

If Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments, the use of the iChecker technology is not supported. Scan optimization is implemented by means of the Protection Server.

Use heuristic analysis

This check box enables or disables heuristic analysis during file scans.

The check box is selected by default.

Heuristic analysis level

If the Use heuristic analysis check box is selected, you can select the heuristic analysis level in the drop-down list:

  • Light is the least detailed scan with minimal system load.
  • Medium is a medium scan with balanced system load.
  • Deep is the most detailed scan with maximum system load.
  • Recommended (default value) is the optimal level recommended by Kaspersky experts. It ensures an optimal combination of protection quality and impact on the performance of the protected devices.
Page top
[Topic 210861_1]

Action on threat detection window

In this window, you can configure actions to be performed by Kaspersky Endpoint Security on detected infected objects:

Actions on threat detection

Setting

Description

First action

In this drop-down list, you can select the first action to be performed by the application on an infected object that has been detected:

  • Disinfect the object. A copy of the infected object will be moved to the Backup.
  • Remove the object. A copy of the infected object will be moved to the Backup.
  • Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it (default value).
  • Skip the object.

Second action

In this drop-down list, you can select the second action to be performed by the application on an infected object, in case the first action is unsuccessful:

  • Disinfect the object. A copy of the infected object will be moved to the Backup.
  • Remove the object. A copy of the infected object will be moved to the Backup.
  • Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it.
  • Skip the object (default value).

     
Page top
[Topic 210864_1]

Container Scan

When the Container Scan task is running, Kaspersky Endpoint Security scans containers and images for viruses and other malware. You can run multiple Container Scan tasks simultaneously.

Integration with Docker container management system, CRI-O framework, and Podman and runc utilities is supported.

To use the task, a license that includes the corresponding function is required.

Container scan task settings

Setting

Description

Scan

This group of settings contains buttons that open windows where you can configure the Container Scan settings and general scan settings.

Action on threat detection

This group of settings contains the Configure button. Clicking this button opens the Action on threat detection window, where you can configure the actions that the application performs on detected infected objects.

In the Exclusions section, you can also configure exclusions by mask and by the threat name for the Container scan task.

Page top
[Topic 210891]

Container Scan settings window

In this window, you can configure container and image scan settings.

Container and image scan settings

Setting

Description

Scan containers

This check box enables or disables container scans. If the check box is selected, you can specify a name or a name mask for containers to be scanned.

The check box is selected by default.

Name mask

Entry field for a name or a name mask for containers to be scanned.

By default, the * mask is specified – all containers will be scanned.

Action on threat detection

In the drop-down list, you can select the action to be performed on a container when an infected object is detected:

  • Skip container – do not perform any actions on the container when an infected object is detected.
  • Stop container – stop container when an infected object is detected.
  • Stop container if disinfection fails (default value) – stop the container if disinfection of the infected object or elimination of the threat fails.

Due to the way a CRI-O environment works, an infected object is not disinfected or deleted in a container in a CRI-O environment. We recommend to select the Stop container action.

Scan images

This check box enables or disables the image scan. If the check box is selected, you can specify a name or a name mask for images to be scanned.

The check box is selected by default.

Name mask

Entry field for a name or a name mask for images to be scanned.

By default, the * mask is specified (all images are scanned).

Action on threat detection

In the drop-down list, you can select the action to be performed on an image when an infected object is detected:

  • Skip image (default value) – do not perform any actions on the image when an infected object is detected.
  • Delete image when an infected object is detected (not recommended). All dependencies will also be deleted. Running containers will be stopped, and then deleted.

Scan each layer

This check box enables or disables the scanning of all layers of images and running containers.

This check box is cleared by default.
Page top
[Topic 210893]

Scan settings window

In this window, you can configure the file scan settings for the task.

Scan settings

Setting

Description

Scan archives

This check box enables or disables scan of archives.

If the check box is selected, the application scans the archives.

To scan an archive, the application has to unpack it first, which may slow down scanning. You can reduce the duration of archive scans by configuring the Skip file that is scanned for longer than (sec) and Skip file larger than (MB) settings in the General scan settings section.

If the check box is cleared, the application does not scan the archives.

The check box is selected by default.

Scan SFX archives

This check box enables or disables self-extracting archive scans. Self-extracting archives are the archives that contain an executable extraction module.

If the check box is selected, the application scans self-extracting archives.

If the check box is cleared, the application does not scan self-extracting archives.

This check box is available if the Scan archives check box is unchecked.

The check box is selected by default.

Scan mail databases

This check box enables or disables scans of mail databases of Microsoft Outlook, Outlook Express, The Bat!, and other mail applications.

If the check box is selected, the application scans mail database files.

If the check box is cleared, the application does not scan mail database files.

This check box is cleared by default.

Scan mail format files

This check box enables or disables scan of files of plain-text email messages.

If this check box is selected, the application scans plain-text messages.

If this check box is cleared, the application does not scan plain-text messages.

This check box is cleared by default.

Skip file that is scanned for longer than (sec)

In this field, you can specify the maximum time to scan a file, in seconds. After the specified time, the application stops scanning the file.

Available values: 0–9999. If the value is set to 0, the scan time is unlimited.

Default value: 0.

Skip file larger than (MB)

In this field, you can specify the maximum size of a file to scan, in megabytes.

Available values: 0–999999. If the value is set to 0, the application scans files of any size.

Default value: 0.

Log clean objects

This check box enables or disables the logging of ObjectProcessed type events.

If this check box is selected, the application logs events of the ObjectProcessed type for all scanned objects.

If this check box is cleared, the application does not log events of the ObjectProcessed type for any scanned object.

This check box is cleared by default.

Log unprocessed objects

This check box enables or disables the logging ObjectNotProcessed type events if a file cannot be processed during a scan.

If this check box is selected, the application logs the events of the ObjectNotProcessed type.

If this check box is cleared, the application does not log the events of the ObjectNotProcessed type.

This check box is cleared by default.

Log packed objects

This check box enables or disables the logging of PackedObjectDetected type events for all packed objects that are detected.

If this check box is selected, the application logs the events of the PackedObjectDetected type.

If this check box is cleared, the application does not log the events of the PackedObjectDetected type.

This check box is cleared by default.

Use iChecker technology

This check box enables or disables scan of only new and modified since the last scan files.

If the check box is selected, the application scans only new files or the files modified since the last scan.

If the check box is cleared, the application scans the files regardless of the creation or modification date.

The check box is selected by default.

If Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments, the use of the iChecker technology is not supported. Scan optimization is implemented by means of the Protection Server.

Use heuristic analysis

This check box enables or disables heuristic analysis during file scans.

The check box is selected by default.

Heuristic analysis level

If the Use heuristic analysis check box is selected, you can select the heuristic analysis level in the drop-down list:

  • Light is the least detailed scan with minimal system load.
  • Medium is a medium scan with balanced system load.
  • Deep is the most detailed scan with maximum system load.
  • Recommended (default value) is the optimal level recommended by Kaspersky experts. It ensures an optimal combination of protection quality and impact on the performance of the protected devices.
Page top
[Topic 210861_2]

Action on threat detection window

In this window, you can configure actions to be performed by Kaspersky Endpoint Security on detected infected objects:

Actions on threat detection

Setting

Description

First action

In this drop-down list, you can select the first action to be performed by the application on an infected object that has been detected:

  • Disinfect the object. A copy of the infected object will be moved to the Backup.
  • Remove the object. A copy of the infected object will be moved to the Backup.
  • Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it (default value).
  • Skip the object.

Second action

In this drop-down list, you can select the second action to be performed by the application on an infected object, in case the first action is unsuccessful:

  • Disinfect the object. A copy of the infected object will be moved to the Backup.
  • Remove the object. A copy of the infected object will be moved to the Backup.
  • Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it.
  • Skip the object (default value).

     
Page top
[Topic 210864_2]

Exclusions section

Settings of scan exclusions

Group of settings

Description

Exclusions by mask

This group of settings contains the Configure button, which opens the Exclusions by mask window. In this window, you can configure the exclusion of objects from scans by name mask.

Exclusions by threat name

This group of settings contains the Configure button, which opens the Exclusions by threat name window. In this window, you can configure the exclusion of objects from scans based on threat name.
Page top
[Topic 215330]

System Integrity Check

While the System Integrity Check (ODFIM) task is running, each object change is determined by comparing the current state of the monitored objects with its original state, which was previously established as a baseline.

To use the task, a license that includes the corresponding function is required.

This feature is not supported in the KESL container.

The system baseline is created during the first run of the ODFIM task on the device. You can create several ODFIM tasks. For each ODFIM task, a separate baseline is created. The task is performed only if the baseline corresponds to the monitoring scope. If the baseline does not match the monitoring scope, Kaspersky Endpoint Security generates a system integrity violation event.

The baseline is rebuilt after an ODFIM task has finished. You can rebuild a baseline for a task using the corresponding setting. Also, a baseline is rebuilt when the settings of a task change, for example, if a new monitoring scope is added. The baseline will be rebuilt during the next task run. You can delete a baseline by deleting the corresponding ODFIM task.

System Integrity Check task settings

Setting

Description

Rebuild baseline on each task start

This check box enables or disables the rebuilding of the system baseline every time the System Integrity Check task is started.

This check box is cleared by default.

Use hash for monitoring (SHA-256)

This check box enables or disables the use of the file hash as a criterion when comparing the current state of the file with its original state.

If this check box is cleared, the application compares only the file size (if the file size has not changed, then the modification time is not considered a critical parameter).

This check box is cleared by default.

Track directories in monitoring scopes

This check box enables or disables checking of the specified directories while the System Integrity Check task is running.

This check box is cleared by default.

Track last file access time

This check box enables or disables the tracking of file access time while the System Integrity Check task is running.

This check box is cleared by default.

Monitoring scopes

The group of settings contains the Configure button. Clicking this button opens the Scan scopes window.

In the Exclusion scopes section, you can also configure monitoring exclusion scopes and exclusions by mask for the System Integrity Check task.

Page top
[Topic 239415]

Scan scopes window

The table contains monitoring scopes for the System Integrity Check task. The application monitors files and directories located in the paths specified in the table. By default, the table contains one monitoring scope, Kaspersky internal objects (/opt/kaspersky/kesl/).

Monitoring scope settings

Setting

Description

Scope name

Monitoring scope name.

Path

Path to the directory that the application protects.

Status

The status indicates whether the application scans this scope.

You can add, edit, delete, move up, and move down items in the table.

Clicking the Move down button moves the selected item down in the table.

This button is available if only one item is selected in the table.

Clicking the Move up button moves the selected item up in the table.

This button is available if only one item is selected in the table.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Kaspersky Endpoint Security scans objects in the specified scopes, in the order they appear in the list of scopes. If necessary, place the subdirectory higher in the list than its parent directory, to configure security settings for a subdirectory that are different from the security settings of the parent directory.

Page top
[Topic 246670]

<New scan scope> window

In this window, you can add and configure monitoring scopes for the System Integrity Check task.

Monitoring scope settings

Setting

Description

Scan scope name

Field for entering the monitoring scope name. This name will be displayed in the table in the Scan scopes window.

The entry field must not be blank.

Use this scope

This check box enables or disables scans of this scope by the application.

If this check box is selected, the application controls this monitoring scope during the application's operation.

If this check box is cleared, the application does not control this monitoring scope during the operation. You can later include this scope in the component settings by selecting the check box.

The check box is selected by default.

File system, access protocol, and path

Entry field for the path to the local directory that you want to include in the monitoring scope. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

You can use a single ? character to represent any one character in the file or directory name.

The field must not be blank.

The default path is /opt/kaspersky/kesl.

Masks

The list contains name masks for the objects that the application scans.

By default the list contains the * mask (all objects).

You can add, edit, or delete masks.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.
Page top
[Topic 246671]

Exclusion scopes section

Settings of scan exclusions

Group of settings

Description

Monitoring exclusions

This group of settings contains the Configure button. Clicking this button opens the Exclusion scopes window. In this window, you can define the list of scopes to be excluded from monitoring.

Exclusions by mask

This group of settings contains the Configure button, which opens the Exclusions by mask window. In this window, you can configure the exclusion of objects from monitoring by name mask.
Page top
[Topic 215327]

Exclusion scopes window

The table contains scan exclusion scopes for the System Integrity Check component. The application does not scan files and directories located at the paths specified in the table. By default, the table is empty.

Scan exclusion scope settings for the System Integrity Check task

Setting

Description

Exclusion scope name

Exclusion scope name.

Path

Path to the directory excluded from scan.

Status

Indicates whether the application excludes this scope from monitoring during the component operation.

You can add, edit, and delete items in the table.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top
[Topic 246672]

<New exclusion scope> window

In this window, you can add and configure the monitoring exclusion scope for the System Integrity Check task.

Monitoring exclusion scope settings

Setting

Description

Exclusion scope name

Field for entering the exclusion scope name. This name will be displayed in the table in the Exclusion scopes window. The entry field must not be blank.

Use this scope

The check box enables or disables the exclusion of the scope from monitoring when the application is running.

If this check box is selected, the application excludes this scope from monitoring during the task operation.

If this check box is cleared, the application monitors this scope during the task operation. You can later exclude this scope from monitoring by selecting the check box.

The check box is selected by default.

File system, access protocol, and path

Entry field for the path to the local directory that you want to add to the exclusion scope. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

You can use a single ? character to represent any one character in the file or directory name.

The field must not be blank.

The / path is specified by default. The application excludes all directories of the local file system from scan.

Masks

The list contains name masks of the objects that the application excludes from the monitoring.

By default the list contains the * mask (all objects).

You can add, edit, or delete masks.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens the Object mask window. In this window, in the Define object mask field, you can specify the name template for files that Kaspersky Endpoint Security excludes from scans.

Examples:

The *.txt mask refers to all text files.

The *_my_file_??.html mask refers to html files starting with any characters, and ending with _my_file_ followed by any two characters (for example, 2020_my_file_09.html).

 
Page top
[Topic 246673]

Exclusions by mask window

You can configure the exclusion of objects from monitoring based on name masks. The application does not scan the files with the names containing the specified masks. By default, the list of masks is empty.

You can add, edit, or delete masks.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens the Object mask window. In this window, in the Define object mask field, you can specify the name template for files that Kaspersky Endpoint Security excludes from scans.

Examples:

The *.txt mask refers to all text files.

The *_my_file_??.html mask refers to html files starting with any characters, and ending with _my_file_ followed by any two characters (for example, 2020_my_file_09.html).
Page top
[Topic 202412_1]