Advanced application settings

You can configure the following additional application settings:

• Using a proxy server in the application.
• Global exclusions to exclude mount points from file operation interception for the File Threat Protection component and the Malware Scan, Critical Areas Scan, and Removable Drives Scan tasks.
• Exclude process memory from scans.
• File operations interception mode.
• Detection of legitimate applications that threat intruders can use to compromise devices or data.
• Application stability monitoring.
• Application startup settings.
• Limit on the use of memory and processor resources for scan tasks.
• Limit on the use of resident memory by the application.
• Limit on the number of Custom Scan tasks that a non-privileged user can start simultaneously.

How to configure a proxy server

You can configure proxy server settings if the users of the client devices use a proxy server to connect to the internet. The Kaspersky application may use a proxy server to connect to Kaspersky servers, for example, when updating application databases and modules or when communicating with Kaspersky Security Network.

The proxy server is not used by default.

You can enable or disable the use of a proxy server by application components in the command line with the help of the UseProxy and ProxyServer settings in the general application settings.

You can edit the setting using command line options or a configuration file that contains all general application settings.

The UseProxy setting can take the following values:

• Yes - enable the use of a proxy server.
• No: disable the proxy server.

The ProxyServer setting lets you define proxy server settings in the format: [<user >[:<password >]@]<proxy server address>[:<port>], where:

• <user> is a user name for proxy server authentication.
• <password> is a user password for proxy server authentication.
• <proxy server address> is the proxy server IP address or domain name.
• <port> is the proxy server port.

If no authentication is required for connecting to the proxy server, you do not need to define ProxyServer.

When connecting via an HTTP proxy, we recommend to use a separate account that is not used to sign in to other systems. An HTTP proxy uses an insecure connection, and the account may be compromised.

Page top

How to configure global exclusions

You can configure the exclusion of mount points from file operation interception for the File Threat Protection component, as well as from scanning by the Malware Scan and Critical Areas Scan tasks. Exclusion of mount points allows you to exclude local or remote directories mounted on a device from interception of file operations. In addition, global exclusions affect the Removable Drives Scan task.

You can define mount point exclusions in the command line via the ExcludedMountPoint.item_# option in the general application settings.

You can edit the setting using command line options or a configuration file that contains all general application settings.

The ExcludedMountPoint.item_# option accepts the following values:

• AllRemoteMounted — Exclude all remote directories mounted on the device using SMB and NFS protocols from file operation interception.
• Mounted:NFS — Exclude all remote directories mounted on the device using the NFS protocol from file operation interception.
• Mounted:SMB — Exclude all remote directories mounted on the device using the SMB protocol from file operation interception.
• Mounted:<file system type> — Exclude all mounted directories with the specified file system type from file operation interception.
• /mnt — Exclude objects in the /mnt mount point (including subdirectories) from file operation interception. This directory is used as the temporary mount point for removable drives.
• <path that contains the /mnt/user* or /mnt/**/user_share> — Exclude objects in mount points whose names contain the specified mask from file operation interception.

  You can use the * (asterisk) character to create a file or directory name mask.

  You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

  You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

  The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

  To exclude the mount point /dir, you need to specifically indicate /dir (no asterisk).

  The mask /dir/* excludes all mount points at the level below /dir but not /dir itself. The /dir/** mask excludes all mount points below the level of /dir but not /dir itself.

  You can use a single ? character to represent any one character in the file or directory name.

You can specify several mount points to exclude from scanning.

Mount points must be specified in the same way as they are displayed in the mount command output.

How to exclude process memory from scanning

You can exclude process memory from scans. The application does not scan the memory of the specified processes.

You can configure excluding process memory from scans in the command line using the MemScanExcludedProgramPath.item_# option in the general application settings.

You can edit the setting using command line options or a configuration file that contains all general application settings.

MemScanExcludedProgramPath.item_# contains the full path to the process in the local directory. You can use masks to specify the path.

You can specify several processes to exclude from scanning.

How to configure the file operation interception mode

The file operation interception mode affects the operation of the File Threat Protection component.

For the duration of the scan, the application can block access to files that are being scanned by the File Threat Protection component. By default, access is blocked: any access to the scanned file must wait until the scan results are in. If the scan detects no threats in the file, the application allows access to the file. When detecting infected objects, the application performs the actions specified in the FirstAction and SecondAction settings of the File Threat Protection component.

You can choose not to block access to files that are being scanned by the File Threat Protection component. In that case, the scan is performed asynchronously.

You can configure the file operation interception mode in the command line using the FileBlockDuringScan setting in the general application settings.

You can edit the setting using command line options or a configuration file that contains all general application settings.

The FileBlockDuringScan option accepts the following values:

• Yes (default value) to block access to files for the duration of the scan by the File Threat Protection component.
• No to allow access to files during the scan. Requests to any file is allowed, scanning is done asynchronously.

  This file operation interception mode has less impact on the system performance, but there is a risk that a threat in a file will not be disinfected or deleted if the file can, for example, change its name during a scan before the application makes a decision on the status of the file.

How to configure detection of applications that intruders can use to compromise devices or data

You can enable or disable detection of legitimate applications that intruders can use to compromise devices or data.

In the command line, you can enable or disable detection of legitimate applications that intruders can use to compromise devices or data by using the DetectOtherObjects setting in the general application settings.

You can edit the setting using command line options or a configuration file that contains all general application settings.

DetectOtherObjects accepts the following values:

• Yes: enable detection of legitimate applications that intruders can use to compromise devices or data.
• No: do not enable detection of legitimate applications that intruders can use to compromise devices or data.

Page top

How to enable application stability monitoring

You can enable or disable the stability monitoring of the Kaspersky application, which lets you keep track of the number of times the application terminates abnormally and notify the administrator about the unstable operation of the application.

On the command line, you can configure application stability monitoring using the TrackProductCrashes, ProductHealthLogFile, WarnThreshold, WarnAfter_#_crash, and WarnRemovingThreshold settings in the kfl.ini configuration file.

The TrackProductCrashes setting lets you enable or disable application stability monitoring. This setting can take the following values:

• Yes/true – enable application stability monitoring.
• No/false – do not enable application stability monitoring.

The ProductHealthLogFile setting lets you specify the path to a file used for application stability monitoring. Default value: /var/opt/kaspersky/kfl/private/kfl_health.log.

The WarnThreshold setting lets you set the time interval (in seconds) in which the application must experience the specified number of abnormal halts before displaying a notification about unstable operation. Default value: 3600 seconds.

The WarnRemovingThreshold setting lets you set the time interval (in seconds) after which the application's unstable status will be cleared. Default value: 86400 seconds.

The WarnAfter_#_crash setting lets you set the number of abnormal halts of the application that are required before displaying a notification about unstable application operation. The setting can take values from 0 to 10. Default value: 10. If the value is 0, an unstable application notification is not displayed.

How to edit application startup settings

You can configure the application startup settings.

On the command line, you can configure application startup settings using the MaxRestartCount and StartupTimeout settings in the kfl.ini configuration file.

The MaxRestartCount setting lets you set the maximum number of unsuccessful consecutive attempts to start the application. The setting can take values from 1 to 10. Default value: 5.

The StartupTimeout setting lets you set the maximum time to wait for the application to start (in minutes), after which the kfl process is restarted. The setting can take values from 1 to 60. Default value: 3.

Page top

How to limit memory and CPU resource usage

You can set a limit on CPU usage for scan tasks. No limit is set by default. You can also configure memory usage limits for scan tasks. The default limit is 8192 megabytes.

On the command line, you can configure CPU utilization limits for tasks of the ODS type using the UseOnDemandCPULimit and OnDemandCPULimit settings in the general application settings.

You can edit the setting using command line options or a configuration file that contains all general application settings.

UseOnDemandCPULimit accepts the following values:

• Yes to enable the CPU usage limit for ODS tasks.
• No to disable the CPU usage limit for tasks.

The OnDemandCPULimit setting sets the maximum utilization level for all CPU cores (as a percentage) when running ODS tasks. The option accepts values between 10 and 100. Default value 100.

On the command line, you can configure memory usage limits for tasks of the ODS type using the ScanMemoryLimit setting in the kfl.ini configuration file. Default value: 8192.

How to limit resident memory usage

You can configure a limit on the application's use of resident memory. By default, the limit is set automatically.

On the command line, you can configure the resident memory usage limit using the MaxMemory setting in the kfl.ini configuration file.

The MaxMemory setting can take the following values:

• off – the resident set size is not limited.
• <value>% – a value between 1 and 100, expressing a percentage of memory.
• <value>MB – a value in megabytes.
• lowest/<value>%/<value>MB – the smaller value between the value as a percentage and the value in megabytes.
• highest/<value>%/<value>MB – the larger value between the value as a percentage and the value in megabytes.
• auto – up to 50% of available memory, but not less than 2 GB and not more than 16 GB.

Default value: auto.

How to limit the number of Custom Scan tasks

You can set a limit on the number of custom scan tasks that a non-privileged user can simultaneously run on a device. There is no limit on the number of tasks that a user with root privileges can run.

You can enable or disable the limit on the number of concurrent custom scan tasks on the command line using the LimitNumberOfScanFileTasks option in the general application settings.

You can edit the setting using command line options or a configuration file that contains all general application settings.

LimitNumberOfScanFileTasks accepts values between 0 and 4294967295. Default value: 0.

If 0 is specified, a non-privileged user cannot start custom scan tasks.