Kaspersky Embedded Systems Security 3.4 for Linux Help

Kaspersky Embedded Systems Security for Linux

Print Support Send link

Configuring global exclusions

Configuring global exclusions

You can configure exclusion of mount points from file operation interception for the File Threat Protection and Anti-Cryptor components, as well as from scanning by the Malware Scan and Critical Areas Scan tasks. Exclusion of mount points allows you to exclude local or remote directories mounted on a device from interception of file operations. In addition, global exclusions affect the Removable Drives Scan task.

In this section

Configuring global exclusions in the Web Console

Configuring global exclusions in the Administration Console

Configuring global exclusions in the command line

Page top

Configuring global exclusions in the Web Console

In the Web Console, you can configure use of global exclusions in the policy properties (Application settings → General settings → Global exclusions).

The table in the Global exclusions section contains mount points to be excluded from file operation interception.

The Path column displays the paths to the excluded mount points. The table is empty by default.

You can add, edit, and delete items in the table.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

Page top

Adding a mount point exclusion window

Mount point settings

Setting	Description
File system, access protocol, and path	In this drop-down list, you can select the type of file system where the directories that you want to add to scan exclusions are located: Local: local mount points. Mounted: remote directories mounted on the device using the Samba or NFS protocol. All remote mounted – all remote directories mounted on the device using the Samba and NFS protocols.
Access protocol	You can select the remote access protocol in the drop-down list: NFS: remote directories mounted on a device using the NFS protocol. Samba: remote directories mounted on a device using the Samba protocol. Custom – resources of the device's file system specified in the field below. This drop-down list is available if the Mounted type is selected in the drop-down list of file systems.
Path	Field for entering the path to the mount point that you want to exclude from file operation interception. You can use masks to specify the path. You can use the `` (asterisk) character to create a file or directory name mask. You can indicate a single `` character to represent any set of characters (including an empty set) preceding the `/` character in the file or directory name. For example, `/dir//file` or `/dir///file`. You can indicate two consecutive `` characters to represent any set of characters (including an empty set and the `/` character) in the file or directory name. For example, `/dir/*/file/` or `/dir/file/`. The `` mask can be used only once in a directory name. For example, `/dir///file` is an incorrect mask. To exclude the mount point `/dir`, you need to specifically indicate `/dir` (no asterisk). The mask `/dir/` excludes all mount points at the level below `/dir` but not `/dir` itself. The `/dir/*` mask excludes all mount points below the level of `/dir` but not `/dir` itself. You can use a single `?` character to represent any one character in the file or directory name. This field is available if the Local type is selected in the drop-down list of file systems.
Name of shared resource	The field for entering the name of the file system shared resource, where the directories that you want to add to the file operation interception exclusions are located. The field is available if the Mounted type is selected in the File system drop-down list and the Custom item is selected in the Access protocol drop-down list.

Page top

Configuring global exclusions in the Administration Console

In the Administration Console, you can configure use of global exclusions in the policy properties (General settings → Global exclusions).

The Excluded mount points group of settings contains a Configure button. Clicking this button opens the Excluded mount points window.

The list in the window contains the paths to the excluded mount points. By default, the list is empty.

You can add, edit, and delete items in the list.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

Page top

Mount point path window

Mount point settings

Setting	Description
File system, access protocol, and path	The settings block lets you set the location of the mount point. In the drop-down list of file systems, you can select the type of file system where the directories that you want to add to scan exclusions are located: Local: local mount points. Mounted: remote directories mounted on the device using the Samba or NFS protocol. All remote mounted – all remote directories mounted on the device using the Samba and NFS protocols.
	If Mounted is selected in the drop-down list of file systems, you can select the remote access protocol in the drop-down list on the right: NFS: remote directories mounted on a device using the NFS protocol. Samba: remote directories mounted on a device using the Samba protocol. Custom: all the resources of the device file system specified in the field below.
	If Local is selected in the drop-down list of file systems, then in the input field you can enter a path to a mount point that you want to exclude from file operation interception. You can use masks to specify the path. You can use the `` (asterisk) character to create a file or directory name mask. You can indicate a single `` character to represent any set of characters (including an empty set) preceding the `/` character in the file or directory name. For example, `/dir//file` or `/dir///file`. You can indicate two consecutive `` characters to represent any set of characters (including an empty set and the `/` character) in the file or directory name. For example, `/dir/*/file/` or `/dir/file/`. The `` mask can be used only once in a directory name. For example, `/dir///file` is an incorrect mask. To exclude the mount point `/dir`, you need to specifically indicate `/dir` (no asterisk). The mask `/dir/` excludes all mount points at the level below `/dir` but not `/dir` itself. The `/dir/*` mask excludes all mount points below the level of `/dir` but not `/dir` itself. You can use a single `?` character to represent any one character in the file or directory name.
Filesystem name	The field for entering the name of the file system where the directories that you to exclude from file operation interception are located. The field is available if the Mounted type is selected in the drop-down list of file systems and the Custom item is selected in the drop-down list on the right.

Page top

Configuring global exclusions in the command line

You can define mount point exclusions in the command line via the ExcludedMountPoint.item_# option in the general application settings.

You can edit the setting using command line options or a configuration file that contains all general application settings.

The ExcludedMountPoint.item_# option accepts the following values:

AllRemoteMounted — Exclude all remote directories mounted on the device using SMB and NFS protocols from file operation interception.
Mounted:NFS — Exclude all remote directories mounted on the device using the NFS protocol from file operation interception.
Mounted:SMB — Exclude all remote directories mounted on the device using the SMB protocol from file operation interception.
Mounted:<file system type> — Exclude all mounted directories with the specified file system type from file operation interception.
/mnt — Exclude objects in the /mnt mount point (including subdirectories) from file operation interception. This directory is used as the temporary mount point for removable drives.
<path that contains the /mnt/user* or /mnt/**/user_share> — Exclude objects in mount points whose names contain the specified mask from file operation interception.
You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

To exclude the mount point /dir, you need to specifically indicate /dir (no asterisk).

The mask /dir/* excludes all mount points at the level below /dir but not /dir itself. The /dir/** mask excludes all mount points below the level of /dir but not /dir itself.

You can use a single ? character to represent any one character in the file or directory name.

You can specify several mount points to exclude from scanning.

Mount points must be specified in the same way as they are displayed in the mount command output.

Page top

Contents

Configuring global exclusions

Configuring global exclusions in the Web Console

Adding a mount point exclusion window

Configuring global exclusions in the Administration Console

Mount point path window

Configuring global exclusions in the command line