Kaspersky Embedded Systems Security for Linux
3.4.0
English

Contents

Protection against remote malicious encryption

Anti-Cryptor component allows you to protect your files in local directories with network access by SMB/NFS protocols from remote malicious encryption.

If Anti-Cryptor is enabled, Kaspersky Embedded Systems Security scans the actions of remote devices with file resources located in shared network directories of the protected device for the presence of malicious encryption. If an application considers the actions of a remote device accessing shared network resources to be malicious encryption, the application creates and enables a rule for the firewall of the operating system that blocks network traffic from the compromised device. The compromised device is added to the list of untrusted devices, and access to shared network directories is blocked for all untrusted devices. The application creates an Encryption detected event that contains information about the compromised device.

By default, the application blocks access of untrusted devices to network file resources for 30 minutes. When the blocking time expires, the application deletes the compromised device from the list of untrusted devices, and the device's access to network file resources is automatically restored.

Firewall rules created by the Anti-Cryptor component cannot be deleted using the iptables utility, since the application restores a set of rules every minute.

Protection against remote malicious encryption is disabled by default.

You can enable or disable protection against malicious encryption (Anti-Cryptor), and also configure the protection settings:

  • Select the action that the application will perform when encryption is detected: notify the user or block the device performing the malicious encryption.

    If the Inform action is selected, the application still scans remote devices' actions on network file shares to check for malicious encryption when Anti-Cryptor is enabled. If malicious activity is detected, the Encryption detected event is created, but the compromised device is not blocked.

  • Set the duration for blocking an untrusted device.
  • Specify the files and directories that the application protects against malicious encryption.
  • Specify the files and directories that are excluded from protection against malicious encryption.

    The application does not consider actions to be encryption if encryption activity is detected in directories excluded from protection against encryption (Anti-Cryptor).

You can use the commands for administering blocked devices in the command line to view the list of blocked devices and manually unblock these devices. Kaspersky Security Center does not provide tools for monitoring and managing blocked devices, except for the Encryption detected events.

For the Anti-Cryptor component to operate correctly, at least one of the services (Samba or NFS) must be installed in the operating system. The NFS service requires the rpcbind package to be installed.

The Anti-Cryptor component runs correctly with SMB1, SMB2, SMB3, NFS3, TCP/UDP, and IP/IPv6 protocols. Working with NFS2 and NFS4 protocols is not supported. It is recommended to configure your server settings so that the NFS2 and NFS4 protocols cannot be used to mount resources.

Kaspersky Embedded Systems Security does not block access to network file resources until the device's activity is identified as malicious. So, at least one file will be encrypted before the application detects malicious activity.

In this Help section

Configuring Anti-Cryptor in the Web Console

Configuring Anti-Cryptor in the Administration Console

Configuring Anti-Cryptor in the command line
Page top
[Topic 263950]

Configuring Anti-Cryptor in the Web Console

In the Web Console, you can configure Anti-Cryptor settings in the policy properties (Application settings Advanced Threat Protection Anti-Cryptor).

Anti-Cryptor component settings

Setting

Description

Anti-Cryptor protection enabled / disabled

This toggle switch enables or disables the protection of files in the local directories with network access by SMB/NFS protocols from remote malicious encrypting.

The toggle button is switched off by default.

Protection scopes

Clicking the Configure protection scopes link opens the Protection scopes window.

Action on encryption detection

The action to be performed by Kaspersky Embedded Systems Security upon detecting malicious encryption:

  • Inform user. Kaspersky Embedded Systems Security does not block the device performing encryption; it only records in the event log an event about the detection of malicious encryption.
  • Block the device performing encryption (default value).

Block untrusted host for (min)

In this field you can specify the untrusted host blocking duration in minutes.

If a compromised host is blocked and you change this setting value, the blocking time for this host will not change. The blocking time is not a dynamic value, and it is calculated at the moment of blocking.

Available values: integer from 1 to 4294967295.

Default value: 30.

Exclusions

Clicking the Configure exclusions link opens the Exclusion scopes window.

Exclusions by mask

Clicking the Configure exclusions by mask link opens the Exclusions by mask window.

Page top

[Topic 264159]

Protection scopes window

The table contains protection scopes of the Anti-Cryptor component. The application will scan files and directories located in the paths specified in the table. By default, the table contains one scan scope that includes all directories of the local file system.

Protection scope settings

Setting

Description

Scope name

Protection scope name.

Path

Path to the directory that the application protects.

Status

The status indicates whether the application scans this scope.

You can add, edit, delete, move up, and move down items in the table.

Clicking the Move down button moves the selected item down in the table.

This button is available if only one item is selected in the table.

Clicking the Move up button moves the selected item up in the table.

This button is available if only one item is selected in the table.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Kaspersky Embedded Systems Security protects objects in the specified scopes in the order they appear in the list of scopes. If necessary, place the subdirectory higher in the list than its parent directory, to configure security settings for a subdirectory that are different from the security settings of the parent directory.

Page top
[Topic 202352]

Add protection scope window

In this window, you can add or configure protection scope for the Anti-Cryptor component.

Protection scope settings

Setting

Description

Scope name

Field for entering the protection scope name. This name will be displayed in the table in the Protection scopes window.

The entry field must not be blank.

Use this scope

This check box enables or disables scans of this scope by the application.

If this check box is selected, the application processes this protection scope during the component operation.

If this check box is cleared, the application does not process this protection scope during the component operation. You can later include this scope in the component operation settings by selecting the check box.

The check box is selected by default.

File system, access protocol, and path

You can select the type of file system in the drop-down list:

  • Local (default value) – local directories.
  • Shared displays server file system resources accessible via the Samba or NFS protocol.
  • All shared displays all server file system resources accessible via the Samba and NFS protocols.

Access protocol

You can select the remote access protocol in the drop-down list:

  • NFS: remote directories mounted on a device using the NFS protocol.
  • Samba: remote directories mounted on a device using the Samba protocol.

This drop-down list is available if the Shared option is selected in the drop-down list of file systems.

Path

The entry field for specifying the path to the directory that you want to include in the protection scope. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

You can use a single ? character to represent any one character in the file or directory name.

This field is available if the Local type is selected in the drop-down list of file systems.

The field must not be blank.

By default, the / path is specified (root directory).

Masks

This list contains name masks of the objects that the application scans during operation of the Anti-Cryptor component.

By default the list contains the * mask (all objects).

You can add, edit, or delete masks.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top

[Topic 202353]

Exclusion scopes window

This table contains scan exclusion scopes. The application does not scan files and directories located at the paths specified in the table. By default, the table is empty.

Exclusion scope settings

Setting

Description

Exclusion scope name

Exclusion scope name.

Path

Path to the directory excluded from scan.

Status

The status indicates whether the application uses this exclusion.

You can add, edit, and delete items in the table.

Clicking the Delete button excludes the selected scope from scans.

This button is available if at least one scan scope is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top
[Topic 197613_3]

Add exclusion scope window

In this window, you can add and configure exclusion scopes.

Exclusion scope settings

Setting

Description

Exclusion scope name

Field for entering the exclusion scope name. This name will be displayed in the table in the Exclusion scopes window.

The entry field must not be blank.

Use this scope

This check box enables or disables the exclusion of the scope when the application is running.

If the check box is selected, the application excludes this scope from scan or protection during its operation.

If the check box is cleared, the application includes this scope in scan or protection during its operation. You can later exclude this scope from scan or protection by selecting the check box.

The check box is selected by default.

File system, access protocol, and path

In this drop-down list, you can select the type of file system where the directories that you want to add to scan exclusions are located:

  • Local, for local directories.
  • Mounted, for remote directories mounted on the device.
  • All remote mounted – all remote directories mounted on the device using the Samba and NFS protocols.

Access protocol

You can select the remote access protocol in the drop-down list:

  • NFS: remote directories mounted on a device using the NFS protocol.
  • Samba: remote directories mounted on a device using the Samba protocol.
  • Custom – resources of the device's file system specified in the field below.

This drop-down list is available if the Mounted type is selected in the drop-down list of file systems.

Path

Entry field for the path to the directory that you want to add to the exclusion scope. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

To exclude the mount point /dir, you need to specifically indicate /dir (no asterisk).

The mask /dir/* excludes all mount points at the level below /dir but not /dir itself. The /dir/** mask excludes all mount points below the level of /dir but not /dir itself.

You can use a single ? character to represent any one character in the file or directory name.

The / path is specified by default. The application excludes all directories of the local file system from scan.

This field is available if the Local type is selected in the drop-down list of file systems.

Name of shared resource

The field for entering the name of the file system shared resource, where the directories that you want to add to the exclusion scope are located.

The field is available if the Mounted type is selected in the File system drop-down list and the Custom item is selected in the Access protocol drop-down list.

Masks

The list contains name masks of the objects that the application excludes from scan. Masks are only applied to objects in the directory specified in the Path field.

By default the list contains the * mask (all objects).

You can add, edit, or delete masks.

Clicking the Delete button causes Kaspersky Embedded Systems Security to remove the selected name mask of files excluded from a scan.

This button is available if at least one file mask is selected in the list.

Clicking the mask opens the Object mask window. In this window, in the Define object mask field, you can modify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Clicking the Add button opens the Object mask window. In this window, in the Define object mask field, you can specify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Examples:

The *.txt mask refers to all text files.

The *_my_file_??.html mask refers to html files starting with any characters, and ending with _my_file_ followed by any two characters (for example, 2020_my_file_09.html).

 

Page top

[Topic 248957_3]

Exclusions by mask window

You can configure the exclusion of objects from scans based on name mask. The application will not scan files whose names contain the specified mask. By default, the list of masks is empty.

You can add, edit, or delete masks.

Clicking the Delete button causes Kaspersky Embedded Systems Security to remove the selected name mask of files excluded from a scan.

This button is available if at least one file mask is selected in the list.

Clicking the mask opens the Object mask window. In this window, in the Define object mask field, you can modify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Clicking the Add button opens the Object mask window. In this window, in the Define object mask field, you can specify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Examples:

The *.txt mask refers to all text files.

The *_my_file_??.html mask refers to html files starting with any characters, and ending with _my_file_ followed by any two characters (for example, 2020_my_file_09.html).

Page top
[Topic 202356_3]

Configuring Anti-Cryptor in the Administration Console

In the Administration Console, you can configure Anti-Cryptor settings in the policy properties (Advanced Threat Protection Anti-Cryptor).

Anti-Cryptor component settings

Setting

Description

Enable Anti-Cryptor

This check box enables or disables the protection of files in local directories with network access by SMB/NFS protocols from remote malicious encryption.

This check box is cleared by default.

Protection scopes

This group of settings contains buttons that open windows where you can configure the scan scopes and protection settings.

Exclusions

This group of settings contains the Configure button. Clicking this button opens the Exclusion scopes window. In this window, you can define the list of scopes to be excluded from scans.

Exclusions by mask

This group of settings contains the Configure button, which opens the Exclusions by mask window. In this window, you can configure the exclusion of objects from scans by name mask.

Page top

[Topic 264197]

Scan scopes window

The table contains the scan scopes. The application will scan files and directories located in the paths specified in the table. By default, the table contains one scan scope that includes all directories of the local file system.

Scan scope settings

Setting

Description

Scope name

Scan scope name.

Path

Path to the directory that the application scans.

Status

The status indicates whether the application scans this scope.

You can add, edit, delete, move up, and move down items in the table.

Clicking the Move down button moves the selected item down in the table.

Kaspersky Embedded Systems Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table.

This button is available if a scope is selected in the table.

Clicking the Move up button moves the selected item up in the table.

Kaspersky Embedded Systems Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table.

This button is available if a scope is selected in the table.

Clicking the Delete button excludes the selected scope from scans.

This button is available if at least one scan scope is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Kaspersky Embedded Systems Security scans objects in the specified scopes in the order they appear in the list of scopes. If necessary, place the subdirectory higher in the list than its parent directory, to configure security settings for a subdirectory that are different from the security settings of the parent directory.

Page top
[Topic 276476]

<New scan scope> window

In this window, you can add or configure protection scope for the Anti-Cryptor component.

Protection scope settings

Setting

Description

Scope name

Field for entering the protection scope name. This name will be displayed in the table in the Scan scopes window.

The entry field must not be blank.

Use this scope

This check box enables or disables scans of this scope by the application.

If this check box is selected, the application processes this protection scope during the component operation.

If this check box is cleared, the application does not process this protection scope during the component operation. You can later include this scope in the component operation settings by selecting the check box.

The check box is selected by default.

File system, access protocol, and path

The settings block lets you set the scan scope.

You can select the file system type in the drop-down list of file systems:

  • Local, for local directories.
  • Shared displays server file system resources accessible via the Samba or NFS protocol.
  • All shared (default value) displays all server file system resources accessible via the Samba and NFS protocols.

If Shared is selected in the drop-down list of file systems, you can select the remote access protocol in the drop-down list on the right:

  • NFS: remote directories mounted on a device using the NFS protocol.
  • Samba: remote directories mounted on a device using the Samba protocol.

If Local is selected in the drop-down list of file systems, then in the input field you can enter a path to a directory that you want to add to the protection scope. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

To exclude the mount point /dir, you need to specifically indicate /dir (no asterisk).

The mask /dir/* excludes all mount points at the level below /dir but not /dir itself. The /dir/** mask excludes all mount points below the level of /dir but not /dir itself.

You can use a single ? character to represent any one character in the file or directory name.

The field must not be blank.

Masks

This list contains name masks of the objects that the application scans during operation of the Anti-Cryptor component.

By default the list contains the * mask (all objects).

You can add, edit, or delete masks.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top

[Topic 210668]

Protection settings window

Protection settings

Setting

Description

Action on encryption detection

The action to be performed by Kaspersky Embedded Systems Security upon detecting malicious encryption:

  • Inform user. Kaspersky Embedded Systems Security does not block the device performing encryption; it only records in the event log an event about the detection of malicious encryption.
  • Block the device performing encryption (default value).

Block untrusted host for (min)

In this field you can specify the untrusted host blocking duration in minutes. After the specified time, Kaspersky Embedded Systems Security removes the untrusted devices from the list of blocked devices. The access of the host to network file resources is restored automatically, after it is deleted from the list of untrusted hosts.

If a compromised host is blocked and you change this setting value, the blocking time for this host will not change. The blocking time is not a dynamic value, and it is calculated at the moment of blocking.

Possible values: integers from 1 to 2,147,483,647.

Default value: 30.

Page top

[Topic 275603]

Exclusion scopes window

This table contains scan exclusion scopes. The application does not scan files and directories located at the paths specified in the table. By default, the table is empty.

Exclusion scope settings

Setting

Description

Exclusion scope name

Exclusion scope name.

Path

Path to the directory excluded from scan.

Status

The status indicates whether the application uses this exclusion.

You can add, edit, and delete items in the table.

Clicking the Delete button excludes the selected scope from scans.

This button is available if at least one scan scope is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top
[Topic 276477]

<New exclusion scope> window

In this window, you can add and configure scan exclusion scopes.

Exclusion scope settings

Setting

Description

Exclusion scope name

Field for entering the exclusion scope name. This name will be displayed in the table in the Exclusion scopes window.

The entry field must not be blank.

Use this scope

The check box enables or disables exclusion of the scope from scan when the application is running.

If this check box is selected, the application excludes this area during scans.

If this check box is cleared, the application includes this area in the scan scope. You can later exclude this scope by selecting the check box.

The check box is selected by default.

File system, access protocol, and path

The settings block lets you set the exclusion scope.

In the drop-down list of file systems, you can select the type of file system of the directories to be excluded from scans:

  • Local, for local directories.
  • Mounted – mounted directories.
  • All remote mounted – all remote directories mounted on the device using the Samba and NFS protocols.

If Mounted is selected in the drop-down list of file systems, you can select the remote access protocol in the drop-down list on the right:

  • NFS: remote directories mounted on a device using the NFS protocol.
  • Samba: remote directories mounted on a device using the Samba protocol.
  • Custom – resources of the device's file system specified in the field below.

If Local is selected in the drop-down list of file systems, then in the input field you can enter a path to a directory that you want add to the exclusion scope. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

To exclude the mount point /dir, you need to specifically indicate /dir (no asterisk).

The mask /dir/* excludes all mount points at the level below /dir but not /dir itself. The /dir/** mask excludes all mount points below the level of /dir but not /dir itself.

You can use a single ? character to represent any one character in the file or directory name.

The / path is specified by default. The application excludes all directories of the local file system from scan.

Filesystem name

The field for entering the name of the file system where the directories that you want to add to the exclusion scope are located.

The field is available if the Mounted type is selected in the drop-down list of file systems and the Custom item is selected in the drop-down list on the right.

Masks

The list contains name masks of the objects that the application excludes from scan. Masks are only applied to objects in the directory specified in the path field.

By default the list contains the * mask (all objects).

You can add, edit, or delete masks.

Clicking the Delete button causes Kaspersky Embedded Systems Security to remove the selected name mask of files excluded from a scan.

This button is available if at least one file mask is selected in the list.

Clicking the mask opens the Object mask window. In this window, in the Define object mask field, you can modify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Clicking the Add button opens the Object mask window. In this window, in the Define object mask field, you can specify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Examples:

The *.txt mask refers to all text files.

The *_my_file_??.html mask refers to html files starting with any characters, and ending with _my_file_ followed by any two characters (for example, 2020_my_file_09.html).

 

Page top

[Topic 276439]

Exclusions by mask window

You can configure the exclusion of objects from scans based on name mask. The application will not scan files whose names contain the specified mask. By default, the list of masks is empty.

You can add, edit, or delete masks.

Clicking the Delete button causes Kaspersky Embedded Systems Security to remove the selected name mask of files excluded from a scan.

This button is available if at least one file mask is selected in the list.

Clicking the mask opens the Object mask window. In this window, in the Define object mask field, you can modify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Clicking the Add button opens the Object mask window. In this window, in the Define object mask field, you can specify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Examples:

The *.txt mask refers to all text files.

The *_my_file_??.html mask refers to html files starting with any characters, and ending with _my_file_ followed by any two characters (for example, 2020_my_file_09.html).

Page top
[Topic 276440]

Configuring Anti-Cryptor in the command line

In the command line, you can manage Anti-Cryptor using the Anti-Cryptor task (Anti_Cryptor).

By default, the Anti-Cryptor task does not run. You can start and stop this task manually.

You can configure Anti-Cryptor settings by editing the settings of the Anti-Cryptor predefined task.

Anti-Cryptor task settings

Setting

Description

Values

ActionOnDetect

Enables untrusted hosts blocking.

Block (default value) – enable untrusted hosts blocking.

Notify: disable untrusted hosts blocking.

BlockTime

The time in minutes for which an untrusted device is blocked.

If a compromised host is blocked, and you change a value for the BlockTime setting, the blocking time for this host will not change. The blocking time is not a dynamic value, and is calculated at the moment of blocking.

Integer from 1 to 4294967295.

Default value: 30.

UseExcludeMasks

Enables exclusion of the objects specified by the ExcludeMasks.item_# setting from the protection scope.

This setting applies only if the ExcludeMasks.item_# setting is specified.

Yes — Exclude the objects specified by the ExcludeMasks.item_# setting from the protection scope.

No (default value) — Do not exclude the objects specified by the ExcludeMasks.item_# setting from the protection scope.

ExcludeMasks.item_#

Excludes objects from the protection scope by names or masks. You can use this setting to exclude an individual file from the specified protection scope by name or exclude multiple files at the same time using masks in the shell format.

Before specifying a value for this setting, make sure that the UseExcludeMasks setting is enabled.

If you want to specify several masks, specify each mask on a new line with a new index.

The default value is not defined.

The [ScanScope.item_#] section contains the scopes protected by the application. For the Anti-Cryptor task, you need to specify at least one protection scope; you can only specify shared directories.

You can specify several [ScanScope.item_#] sections in any order. The application processes the scopes by index in ascending order.

The [ScanScope.item_#] section contains the following settings:

AreaDesc

Description of protection scope; contains additional information about the protection scope.

Default value: All shared directories.

UseScanArea

Enables protection of the specified scope. To run the task, enable protection of at least one scope.

Yes (default value) — Protect the specified scope.

No — Do not protect the specified scope.

AreaMask.item_#

Protection scope limitation. In the protection scope, the application protects only the objects that are specified using the masks in the shell format.

You can specify several AreaMask.item_# items in any order. The application processes the scopes by index in ascending order.

Default value: * (protect all objects)

Path

Path to the directory with the objects to be protected.

<path to local directory> – Protect a local directory accessible via SMB/NFS. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

You can use a single ? character to represent any one character in the file or directory name.

AllShared (default value) — Protect all resources accessible via SMB/NFS.

Shared:SMB — Protect resources accessible via SMB.

Shared:NFS — Protect resources accessible via NFS.

The [ExcludedFromScanScope.item_#] section contains the objects to be excluded from all [ScanScope.item_#] sections. The objects that match the rules of any [ExcludedFromScanScope.item_#] section are not scanned. The format of the [ExcludedFromScanScope.item_#] section is similar to the format of the [ScanScope.item_#] section. You can specify several [ExcludedFromScanScope.item_#] sections in any order. The application processes the scopes by index in ascending order.

The [ExcludedFromScanScope.item_#] section contains the following settings:

AreaDesc

Description of the protection exclusion scope, which contains additional information about the exclusion scope.

Default value: All objects.

UseScanArea

Excludes the specified scope from protection.

Yes (default value) — Exclude the specified scope from protection.

No — Do not exclude the specified scope from protection.

AreaMask.item_#

Limitation of the protection exclusion scope. In the exclusion scope, the application excludes only the objects that are specified using masks in the shell format.

You can specify several AreaMask.item_# items in any order. The application processes the scopes by index in ascending order.

Default value: * (exclude all objects).

Path

Path to the directory with objects excluded from protection.

<path to local directory> — Exclude objects in the specified directory from protection. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

You can use a single ? character to represent any one character in the file or directory name.

Mounted:NFS– Exclude the remote directories mounted on a client device using the NFS protocol from protection.

Mounted:SMB– Exclude the remote directories mounted on a client device using the Samba protocol from protection.

AllRemoteMounted– Exclude all remote directories mounted on a client device using the Samba and NFS protocols from protection.

Page top

[Topic 264203]