Kaspersky Embedded Systems Security for Linux
- Kaspersky Embedded Systems Security 3.3 for Linux
- Preparing to install the application
- Installing the application
- Deploying the application using the command line
- Installing the application using the command line
- Post-installation configuration of the application in interactive mode
- Selecting the locale
- Viewing the End User License Agreement and the Privacy Policy
- Accepting the End User License Agreement
- Accepting the Privacy Policy
- Using Kaspersky Security Network
- Assigning the Administrator role to a user
- Determining the file operation interceptor type
- Enabling automatic configuration of SELinux
- Configuring the update source
- Configuring proxy server settings
- Downloading application databases
- Enabling automatic application database update
- Application activation
- Post-installation configuration of the application in automatic mode
- Settings in the configuration file for post-installation configuration
- Installing and configuring Kaspersky Security Center Network Agent
- Installing Kaspersky Embedded Systems Security administration plug-ins
- Deploying the application using Kaspersky Security Center
- Running the application on Astra Linux in closed software environment mode
- Configuring permissive rules in the SELinux system
- Deploying the application using the command line
- Uninstalling the application
- Application licensing
- Data provision
- Managing the application using the command line
- Starting and stopping the application
- Displaying Help on the commands
- Enabling automatic addition of kess-control commands (bash completion)
- Enabling the display of events
- Viewing information about the application
- Description of the application commands
- Using filters to limit query results
- Exporting and importing application settings
- Setting the application memory usage limit
- User roles
- General application settings
- Managing application tasks using the command line
- View the list of tasks
- Creating a new task
- Editing task settings using a configuration file
- Editing task settings using the command line
- Resetting task settings to their default values
- Starting and stopping a task
- Viewing a task state
- Scheduling a task
- Managing scan scopes from the command line
- Managing exclusion scopes from the command line
- Deleting a task
- Encrypted connections scan
- File Threat Protection task (File_Threat_Protection, ID:1)
- Malware Scan task (Scan_My_Computer, ID:2)
- Custom Scan task (Scan_File, ID:3)
- Critical Areas Scan task (Critical_Areas_Scan, ID:4)
- Update task (Update, ID:6)
- Rollback task (Rollback, ID:7)
- Licensing task (License, ID:9)
- Storage management task (Backup, ID:10)
- System Integrity Monitoring task (System_Integrity_Monitoring, ID:11)
- Firewall Management task (Firewall_Management, ID:12)
- About network packet rules
- About dynamic rules
- About the predefined network zone names
- Firewall Management task settings
- Adding a network packet rule
- Deleting a network packet rule
- Changing the execution priority of a network packet rule
- Adding a network address to a zone section
- Deleting a network address from a zone section
- Anti-Cryptor task (Anti_Cryptor, ID:13)
- Web Threat Protection task (Web_Threat_Protection, ID:14)
- Device Control task (Device_Control, ID:15)
- Removable Drives Scan task (Removable_Drives_Scan, ID:16)
- Network Threat Protection task (Network_Threat_Protection, ID:17)
- Container Scan task (Container_Scan, ID:18)
- Custom Container Scan task (Custom_Container_Scan, ID:19)
- Behavior Detection task (Behavior_Detection, ID:20)
- Application Control task (Application_Control, ID:21)
- Inventory task (Inventory_Scan, ID:22)
- Using Kaspersky Security Network
- Events and reports
- Managing the application using the Administration Console
- Starting and stopping the application on a client device
- Viewing the protection status of a device
- Viewing application settings
- Updating application databases and modules
- Managing policies in the Administration Console
- Policy settings
- File Threat Protection
- Exclusion scopes
- Exclusions by process
- Firewall Management
- Web Threat Protection
- Network Threat Protection
- Kaspersky Security Network
- Application Сontrol
- Anti-Cryptor
- System Integrity Monitoring
- Device Control
- Behavior Detection
- Task management
- Removable Drives Scan
- Proxy server settings
- Application settings
- Container scan settings
- Network settings
- Global exclusions
- Excluding process memory
- Storage settings
- Managing tasks in the Administration Console
- Task settings
- Manually checking the connection with the Administration Server. Klnagchk utility
- Manually connecting to the Administration Server. Klmover utility
- Remote diagnostics of client devices. Kaspersky Security Center remote diagnostics utility
- Remote application administration using Kaspersky Security Center Web Console and Kaspersky Security Center Cloud Console
- Logging in and out of the Web Console and Cloud Console
- Starting and stopping the application on a client device
- Viewing the protection status of a device
- Updating application databases and modules
- Managing policies in the Web Console
- Policy settings
- Application settings tab
- File Threat Protection
- Scan exclusions
- Firewall Management
- Web Threat Protection
- Network Threat Protection
- Kaspersky Security Network
- Anti-Cryptor
- System Integrity Monitoring
- Application Сontrol
- Device Control
- Behavior Detection
- Task management
- Removable Drives Scan
- Proxy server settings
- Application settings
- Container scan settings
- Network settings
- Global exclusions
- Storage settings
- Managing tasks in the Web Console
- Task settings
- Configuring remote diagnostics of client devices
- Managing application using graphical user interface
- Application components integrity check
- Contact Technical Support
- Appendices
- Appendix 1. Resource consumption optimization
- Appendix 2. Application configuration files
- Application settings configuration files
- Rules for editing application task configuration files
- File Threat Protection task configuration file
- Configuration file for the Malware Scan task
- Custom Scan task configuration file
- Critical Areas Scan task configuration file
- Update task configuration file
- Storage management task configuration file
- System Integrity Monitoring task configuration file
- Firewall Management task configuration file
- Anti-Cryptor task configuration file
- Web Threat Protection task configuration file
- Device Control task configuration file
- Removable Drives Scan task configuration file
- Network Threat Protection task configuration file
- Container Scan task configuration file
- Behavior Detection task configuration file
- Application Control task configuration file
- Inventory task configuration file
- Appendix 3. Command line return codes
- Sources of information about the application
- Glossary
- Active key
- Active policy
- Administration group
- Administration Server
- Application activation
- Application databases
- Application settings
- Database of malicious web addresses
- Database of phishing web addresses
- Exclusion
- False positive
- File mask
- Group policy
- Group task
- Infected object
- Kaspersky update servers
- License
- License certificate
- Object disinfection
- Policy
- Proxy server
- Reserve key
- Startup objects
- Subscription
- Trusted device
- Trusted zone
- Information about third-party code
- Trademark notices
Remote application administration using Kaspersky Security Center Web Console and Kaspersky Security Center Cloud Console > Policy settings > Container scan settings
Container scan settings
Container scan settings
You can configure the settings for namespace and container scan by Kaspersky Embedded Systems Security.
Container scan settings
Setting |
Description |
|---|---|
Namespace and container scan enabled / disabled |
This toggle button enables or disables namespace and container scans. The check toggle button is switched on by default. |
Action with container upon threat detection |
You can select the action that the application performs on a container when it detects an infected object:
This setting is available when using the application under a license that supports this function. |
Use Docker |
This check box enables or disables the use of the Docker environment. The check box is selected by default. |
Docker socket path |
Entry field for the path or URI (Uniform Resource Identifier) of the Docker socket. The default value is /var/run/docker.sock. |
Use CRI-O |
The check box enables or disables the use of the CRI-O environment. The check box is selected by default. |
File path |
Entry field for the path to CRI-O configuration file. Default value: /etc/crio/crio.conf. |
Use Podman |
The check box enables or disables the use of the Podman utility. The check box is selected by default. |
File path |
Entry field for the path to the Podman utility executable file. Default value: /usr/bin/podman. |
Root folder |
Entry field for the path to the root directory of the container storage. Default value: /var/lib/containers/storage. |
Use runc |
The check box enables or disables the use of the runc utility. The check box is selected by default. |
File path |
Entry field for the path to the runc utility executable file. Default value: /usr/bin/runc. |
Root folder |
Entry field for the path to the root directory of the container state storage. Default value: /run/runc-ctrs. |
Article ID: 207662, Last review: Jan 27, 2025