Viewing the protection status of a device and information about application performance

You can view information about the protection status of a device, as well as the status of Kaspersky Embedded Systems Security and its components on the device.

You can get information about the protection status of a device in the following ways:

• In the Web Console or in the Administration Console, using the statuses of the client devices (OK, Critical, Warning). The device on which Kaspersky Security Center Network Agent is installed is a client device for Kaspersky Security Center. The status of a client device can change to Critical or Warning for the following reasons:
  • In accordance with the rules defined in Kaspersky Security Center. For example, the status changes if a security application is not installed on the device, a virus scan has not been performed in a long time, application databases are outdated, the license has expired, or the application is unstable. For more details on the reasons for changing statuses and configuring conditions for assigning statuses, refer to the Kaspersky Security Center Help system.
  • Kaspersky Security Center receives the device status from the managed application, i.e., from Kaspersky Embedded Systems Security.

    Receiving device status from a managed application must be enabled in Kaspersky Security Center in the lists of conditions for assigning the Critical and Warning statuses. Conditions for assigning device statuses are configured in the properties window of an administration group.

  For more details on client device statuses, refer to the Kaspersky Security Center Help system.

• In the Web Console or in the Administration Console, using the statuses of functional components of Kaspersky Embedded Systems Security on the device. In the properties of Kaspersky Embedded Systems Security installed on the device, a list of the functional components of the application is displayed. For each component, its status is displayed.
• On the command line, using the kess-control --app-info command. The command displays information about the operation of the application and the status of functional components and tasks of the application.

Viewing the protection status of a device in the Web Console

To view the protection status of a device in the Web Console:

1. In the main window of the Web Console, select Assets (Devices) → Managed devices.

   The list of managed devices opens.

2. Select the administration group containing the necessary device. To do so, click the link in the Current path field above the list of managed devices and select an administration group in the window that opens.

   The list displays only the managed devices for the selected administration group.

3. In the list, find the device for which you want to view information and click the device name.
4. In the properties window of the managed device that opens, on the General tab, select the Protection section.

The Protection section displays the following information about the device:

• Visible in the network is the visibility of the selected device in the network: Yes or No.
• Device status is the status of the client device generated based on the protection status criteria set by the administrator for the selected device and the device activity in the network: OK, Critical, or Warning.
• Status description represents the reasons for changing the status of the device to Critical or Warning.
• Protection status represents the current status of File Threat Protection on the selected device, such as Running, Stopped, or Paused.
• Last full check represents date and time when the last full scan task was completed on the selected device.
• Viruses detected represents a total number of malicious objects detected on the selected device (detected threat counter) since Kaspersky Embedded Systems Security was installed.
• Objects that failed disinfection represents a number of infected objects that Kaspersky Embedded Systems Security was unable to disinfect.

Viewing the protection status of a device in the Administration Console

To view the protection status of a device in the Administration Console:

1. In the Administration Console tree, in the Managed devices folder, select the administration group containing the necessary device.
2. In the workspace, select the Devices tab.
3. In the list of managed devices, select the required device and double-click it to open the Properties: <Task name> window.
4. In the window that opens with the properties for the managed device, select the Protection section.

The Protection section displays the following information about the device:

• Device status: status of the client device generated based on the criteria set by the administrator for the protection status of the selected device and the device activity in the network.
• All problems: complete list of problems detected by the managed applications installed on the selected device. Each problem has a status that the application prompts to assign to the device.
• Real-Time Protection status: current status of File Threat Protection on the selected device, such as Running or Stopped. When the protection status changes, the new status is displayed in the device properties window only after the device is synchronized with the Administration Server.
• Last on-demand scan: date and time when the last malware scan was performed on the selected device.
• Total threats detected: total number of threats detected on the selected device since the installation of the application (first scan) or since the last reset of the threat counter.

  To reset the counter, click the Reset button.

• Active threats: the number of unprocessed files on the selected device.

Page top

Viewing information about the operation of an application in the Web Console

To view information about the application operation in the Web Console:

1. In the main window of the Web Console, select Assets (Devices) → Managed devices.

   The list of managed devices opens.

2. Select the administration group containing the necessary device. To do so, click the link in the Current path field above the list of managed devices and select an administration group in the window that opens.

   The list displays only the managed devices for the selected administration group.

3. In the list, find the device for which you want to view information and click the device name.
4. This opens a managed device properties window; in that window, go to the Applications tab.
5. In the list of applications installed on the device, click the name of the Kaspersky Embedded Systems Security 3.4 for Linux application.

   The application properties window opens.

The Kaspersky Embedded Systems Security 3.4 for Linux window displays the following information about Kaspersky Embedded Systems Security:

• The General tab in the Information section displays general information about the installed application:
  • Name is the name of the application.
  • Version is the version number of the application.
  • Installed is the date and time when the application was installed on the device.
  • Last software update: date and time when Kaspersky Embedded Systems Security software modules were last updated.
  • Last synchronization is the date and time of the last connection of the device to the Kaspersky Security Center Administration Server.
  • Current status: status of File Threat Protection on the device, such as Running or Paused.
  • The Installed updates block contains information about installed versions of application updates.
  • Under Application databases, you can find information about the date and time of the application database update release and the date and time of the last update.
• On the General tab, the Licenses section contains information about license keys added to the application and the licenses corresponding to these keys.
• On the General tab, the Components section contains a list of functional components of the application. The status (for example, Stopped, Suspended, Not Installed) and version of each component is displayed.
• The Events tab displays a list of application events on the device.
• The Event settings section displays the types of events that the application stores in event storage and how long they are stored.
• On the Application settings tab, you can do the following:
  • In the Application Control section, you can export configured component settings and application categories to a file, and import them from a file.
  • In the Statistics section, you can view application statistics and the list of mount points.

Page top

Viewing information about the operation of an application in the Administration Console

To view information about the application operation in the Kaspersky Security Center Administration Console:

1. In the Kaspersky Security Center Administration Console tree, in the Managed devices folder, select the administration group containing the required device.
2. In the workspace, select the Devices tab.
3. In the list of managed devices, select the required device and double-click it to open the Properties: <Task name> window.
4. In the window that opens with the properties of the managed device, select the Applications section.

   The right part of the window displays a list of Kaspersky applications installed on the device.

5. Select Kaspersky Embedded Systems Security 3.4 for Linux and double-click it to open the application properties window. Alternatively, you can click the Properties button in the lower part of the window.

   The Kaspersky Embedded Systems Security 3.4 for Linux settings window opens.

The Kaspersky Embedded Systems Security 3.4 for Linux settings window displays the following information about Kaspersky Embedded Systems Security:

• The General section contains general information about the installed application:
  • Version number: the version number of the application.
  • Installed — Date and time when the application was installed on the device.
  • Current status: status of File Threat Protection on the device, such as Running or Paused.
  • Last software update: date and time when Kaspersky Embedded Systems Security software modules were last updated.
  • Installed updates – information about installed versions of application updates.
  • Application databases – date and time when the application database update was released.
• In the Application Control section, you can export configured component settings and application categories to a file, and import them from a file.
• The Statistics section displays application statistics and information about mount points.
• The Components section contains a list of standard application components. The status (for example, Stopped, Suspended, Not Installed) and version of each component is displayed.
• The License keys section contains information about the active and reserve license keys.
• The Event settings section displays the types of events that the application stores in event storage and how long they are stored.
• The Advanced section contains information about the application administration plug-in.

Viewing information about the operation of an application in the command line

To view information about the application, run the following command:

kess-control --app-info [--json]

where --json: output data in JSON format. If the --json option is not specified, the settings are output in the INI format.

As a result of the command execution, the following information will be displayed in the console:

• Name. Application names.
• Version. Current application version.
• Policy. Information about whether a Kaspersky Security Center policy is applied on the device.
• Application license information Application license information or application license key status.
• Kaspersky Embedded Systems Security license expiration date. Date and time when the application license expires, in UTC.
• Subscription status. Subscription status. This field is displayed if the application is started under a subscription.
• Backup state. Backup state.
• Backup space usage. Backup size.
• Last run date of the Scan_My_Computer task. Time of the last Malware Scan task.
• Last release date of databases. Date and time the application databases were last released.
• Application databases. Information about whether the application databases were downloaded.
• Using Kaspersky Security Network. Information about using Kaspersky Security Network: Extended KSN mode, Basic KSN mode or Disabled.
• Kaspersky Security Network infrastructure. Information about the infrastructure solution used to work with Kaspersky reputation databases: Kaspersky Security Network or Kaspersky Private Security Network.
• File Threat Protection. Real-time File Threat Protection status.
• System Integrity Monitoring. System Integrity Monitoring component status.
• Firewall Management. Firewall Management component status.
• Anti-Cryptor. Anti-Cryptor component status.
• Web Threat Protection. Web Threat Protection component status.
• Device Control. Device Control component status.
• Removable Drives Scan. Removable Drives Scan component status.
• Network Threat Protection. Network Threat Protection component status.
• Behavior Detection. Behavior Detection component status.
• Application Control. Application Control component status.
• Post-update actions. Application update actions and the actions to be performed by the user.
• Unstable application operation. Information about application failure and dump file creation. This field is displayed if a failure occurred the last time the application was launched.

Page top

Viewing application statistics

To improve performance, you can exclude the files that are most frequently scanned by the File Threat Protection component, the paths to applications that are most frequently scanned by the Behavior Detection component, and the mount points detected on the device.

On devices with operating systems that support fanotify, the most effective way to improve performance is to exclude mount points.

You can view statistics about the most frequently scanned files and applications, as well as a list of mount points in the following ways:

• in the Web Console
• in the Administration Console
• on the command line

You can configure the parameters for how the application calculates and displays statistics in the kess.ini configuration file in the [ScannerImpactStats] section.

Viewing application statistics in the Web Console

To view application statistics in the Web Console:

1. In the main window of the Web Console, select Assets (Devices) → Managed devices.

   The list of managed devices opens.

2. Select the administration group containing the necessary device. To do so, click the link in the Current path field above the list of managed devices and select an administration group in the window that opens.

   The list displays only the managed devices for the selected administration group.

3. In the list, find the device for which you want to view information and click the device name.
4. This opens a managed device properties window; in that window, go to the Applications tab.
5. In the list of applications installed on the device, click the name of the Kaspersky Embedded Systems Security 3.4 for Linux application.
6. In the application properties window that opens, on the Application settings tab, select Statistics → Scan statistics.

   The Scan statistics window will open.

   The Scan statistics window displays the following application statistics:

   • The Most frequently scanned applications (File Threat Protection) block displays the paths to the applications that the Behavior Detection component scans most frequently, and the number of times the component accesses these applications. Files are displayed in descending order of the number of times they are accessed.
   • The Most frequently scanned applications block displays the paths to the applications that the Behavior Detection component scans most frequently, and the number of times the component accesses these applications. Applications are displayed in descending order of the number of times they are accessed.

   Using the Export buttons located at the top of each block, you can export the statistics displayed in that block to a text file.

Viewing application statistics in the Administration Console

To view application statistics in the Administration Console:

1. In the Kaspersky Security Center Administration Console tree, in the Managed devices folder, select the administration group containing the required device.
2. In the workspace, select the Devices tab.
3. In the list of managed devices, select the required device and double-click it to open the Properties: <Task name> window.
4. In the window that opens with the properties of the managed device, select the Applications section.

   The right part of the window displays a list of Kaspersky applications installed on the device.

5. Select Kaspersky Embedded Systems Security 3.4 for Linux and double-click it to open the application properties window. Alternatively, you can click the Properties button in the lower part of the window.

   The Kaspersky Embedded Systems Security 3.4 for Linux settings window opens.

6. In the window that opens, select Statistics → Scan statistics.

   The following application statistics will be displayed in the window on the right:

   • The Most frequently scanned applications (File Threat Protection) block displays the paths to the applications that the Behavior Detection component scans most frequently, and the number of times the component accesses these applications. Files are displayed in descending order of the number of times they are accessed.
   • The Most frequently scanned applications block displays the paths to the applications that the Behavior Detection component scans most frequently, and the number of times the component accesses these applications. Applications are displayed in descending order of the number of times they are accessed.

   Using the Export buttons under each block, you can export the statistics displayed in that block to a text file.

Page top

Viewing a list of mount points in the Web Console

To view the list of mount points in the Web Console:

1. In the main window of the Web Console, select Assets (Devices) → Managed devices.

   The list of managed devices opens.

2. Select the administration group containing the necessary device. To do so, click the link in the Current path field above the list of managed devices and select an administration group in the window that opens.

   The list displays only the managed devices for the selected administration group.

3. In the list, find the device for which you want to view information and click the device name.
4. This opens a managed device properties window; in that window, go to the Applications tab.
5. In the list of applications installed on the device, click the name of the Kaspersky Embedded Systems Security 3.4 for Linux application.
6. In the application properties window that opens, on the Application settings tab, select Statistics → Mount points.

   The Mount points window opens.

   The Mount points window displays a list of paths to mount points found on the device and information about whether the mount point has been added to the scan exclusions. The list of mount points is sorted as follows:

   • Static, system, service and other mount points
   • Mounted snap packages and mount points in their namespaces

   By clicking the Export button, located at the top of the window above the list, you can export the list of mount points to a text file.

Viewing the list of mount points in the Administration Console

To view the list of mount points in the Administration Console:

1. In the Kaspersky Security Center Administration Console tree, in the Managed devices folder, select the administration group containing the required device.
2. In the workspace, select the Devices tab.
3. In the list of managed devices, select the required device and double-click it to open the Properties: <Task name> window.
4. In the window that opens with the properties of the managed device, select the Applications section.

   The right part of the window displays a list of Kaspersky applications installed on the device.

5. Select Kaspersky Embedded Systems Security 3.4 for Linux and double-click it to open the application properties window. Alternatively, you can click the Properties button in the lower part of the window.

   The Kaspersky Embedded Systems Security 3.4 for Linux settings window opens.

6. In the window that opens, select Statistics → Mount points.

   On the right, the window displays the list of paths to mount points detected on the device and information about whether the mount point has been added to the scan exclusions. The list of mount points is sorted as follows:

   • Static, system, service and other mount points
   • Mounted snap packages and mount points in their namespaces

   By clicking the Export button below the list, you can export the list of mount points to a file in text format.

Page top

Viewing application statistics and the list of mount points in the command line

To view application statistics and the list of mount points, run the following command:

kess-control [-S] --get-statistic [--files] [--processes] [--mountpoints]

where:

• --files: statistics of files most frequently scanned by the File Threat Protection component, and the number of times the component accesses these files.
• --processes: statistics of applications most frequently scanned by the Behavior Detection component, and the number of times the component accesses these applications.
• --mountpoints: list of mount points.

In the output, mount points are sorted as follows:

• Static, system, service and other mount points
• Mounted snap packages and mount points in their namespaces

You can specify one or more options in any combination or no options at all. If you do not specify options, the application displays three lists: statistics on the most frequently scanned files, statistics on the most frequently scanned applications, and the list of mount points found on the device.

Collecting system performance metrics

Kaspersky Embedded Systems Security affects the operating system. To help you analyze the impact, the application can collect metrics associated with application performance.

To configure the collection of operating system performance metrics, run the following command:

kess-control [-J] --export-metrics [--period <interval in seconds between exports>|--interactive]

where:

• --period enables periodic output of results.
• --interactive enables interactive output (on the Enter key being pressed).

You can publish exported metrics to monitoring systems such as Prometheus and Zabbix. To integrate with monitoring systems, you can use a script that gets information from the application and publishes it to the monitoring system. To get the script, you can contact Technical Support.