Viewing application statistics

To improve performance, you can exclude the files that are most frequently scanned by the File Threat Protection component, the paths to applications that are most frequently scanned by the Behavior Detection component, and the mount points detected on the device.

On devices with operating systems that support fanotify, the most effective way to improve performance is to exclude mount points.

You can view statistics about the most frequently scanned files and applications, as well as a list of mount points in the following ways:

• in the Web Console
• in the Administration Console
• on the command line

You can configure the parameters for how the application calculates and displays statistics in the kess.ini configuration file in the [ScannerImpactStats] section.

Viewing application statistics in the Web Console

To view application statistics in the Web Console:

1. In the main window of the Web Console, select Assets (Devices) → Managed devices.

   The list of managed devices opens.

2. Select the administration group containing the necessary device. To do so, click the link in the Current path field above the list of managed devices and select an administration group in the window that opens.

   The list displays only the managed devices for the selected administration group.

3. In the list, find the device for which you want to view information and click the device name.
4. This opens a managed device properties window; in that window, go to the Applications tab.
5. In the list of applications installed on the device, click the name of the Kaspersky Embedded Systems Security 3.4 for Linux application.
6. In the application properties window that opens, on the Application settings tab, select Statistics → Scan statistics.

   The Scan statistics window will open.

   The Scan statistics window displays the following application statistics:

   • The Most frequently scanned applications (File Threat Protection) block displays the paths to the applications that the Behavior Detection component scans most frequently, and the number of times the component accesses these applications. Files are displayed in descending order of the number of times they are accessed.
   • The Most frequently scanned applications block displays the paths to the applications that the Behavior Detection component scans most frequently, and the number of times the component accesses these applications. Applications are displayed in descending order of the number of times they are accessed.

   Using the Export buttons located at the top of each block, you can export the statistics displayed in that block to a text file.

Viewing application statistics in the Administration Console

To view application statistics in the Administration Console:

1. In the Kaspersky Security Center Administration Console tree, in the Managed devices folder, select the administration group containing the required device.
2. In the workspace, select the Devices tab.
3. In the list of managed devices, select the required device and double-click it to open the Properties: <Task name> window.
4. In the window that opens with the properties of the managed device, select the Applications section.

   The right part of the window displays a list of Kaspersky applications installed on the device.

5. Select Kaspersky Embedded Systems Security 3.4 for Linux and double-click it to open the application properties window. Alternatively, you can click the Properties button in the lower part of the window.

   The Kaspersky Embedded Systems Security 3.4 for Linux settings window opens.

6. In the window that opens, select Statistics → Scan statistics.

   The following application statistics will be displayed in the window on the right:

   • The Most frequently scanned applications (File Threat Protection) block displays the paths to the applications that the Behavior Detection component scans most frequently, and the number of times the component accesses these applications. Files are displayed in descending order of the number of times they are accessed.
   • The Most frequently scanned applications block displays the paths to the applications that the Behavior Detection component scans most frequently, and the number of times the component accesses these applications. Applications are displayed in descending order of the number of times they are accessed.

   Using the Export buttons under each block, you can export the statistics displayed in that block to a text file.

Page top

Viewing a list of mount points in the Web Console

To view the list of mount points in the Web Console:

1. In the main window of the Web Console, select Assets (Devices) → Managed devices.

   The list of managed devices opens.

2. Select the administration group containing the necessary device. To do so, click the link in the Current path field above the list of managed devices and select an administration group in the window that opens.

   The list displays only the managed devices for the selected administration group.

3. In the list, find the device for which you want to view information and click the device name.
4. This opens a managed device properties window; in that window, go to the Applications tab.
5. In the list of applications installed on the device, click the name of the Kaspersky Embedded Systems Security 3.4 for Linux application.
6. In the application properties window that opens, on the Application settings tab, select Statistics → Mount points.

   The Mount points window opens.

   The Mount points window displays a list of paths to mount points found on the device and information about whether the mount point has been added to the scan exclusions. The list of mount points is sorted as follows:

   • Static, system, service and other mount points
   • Mounted snap packages and mount points in their namespaces

   By clicking the Export button, located at the top of the window above the list, you can export the list of mount points to a text file.

Viewing the list of mount points in the Administration Console

To view the list of mount points in the Administration Console:

1. In the Kaspersky Security Center Administration Console tree, in the Managed devices folder, select the administration group containing the required device.
2. In the workspace, select the Devices tab.
3. In the list of managed devices, select the required device and double-click it to open the Properties: <Task name> window.
4. In the window that opens with the properties of the managed device, select the Applications section.

   The right part of the window displays a list of Kaspersky applications installed on the device.

5. Select Kaspersky Embedded Systems Security 3.4 for Linux and double-click it to open the application properties window. Alternatively, you can click the Properties button in the lower part of the window.

   The Kaspersky Embedded Systems Security 3.4 for Linux settings window opens.

6. In the window that opens, select Statistics → Mount points.

   On the right, the window displays the list of paths to mount points detected on the device and information about whether the mount point has been added to the scan exclusions. The list of mount points is sorted as follows:

   • Static, system, service and other mount points
   • Mounted snap packages and mount points in their namespaces

   By clicking the Export button below the list, you can export the list of mount points to a file in text format.

Page top

Viewing application statistics and the list of mount points in the command line

To view application statistics and the list of mount points, run the following command:

kess-control [-S] --get-statistic [--files] [--processes] [--mountpoints]

where:

• --files: statistics of files most frequently scanned by the File Threat Protection component, and the number of times the component accesses these files.
• --processes: statistics of applications most frequently scanned by the Behavior Detection component, and the number of times the component accesses these applications.
• --mountpoints: list of mount points.

In the output, mount points are sorted as follows:

• Static, system, service and other mount points
• Mounted snap packages and mount points in their namespaces

You can specify one or more options in any combination or no options at all. If you do not specify options, the application displays three lists: statistics on the most frequently scanned files, statistics on the most frequently scanned applications, and the list of mount points found on the device.