Kaspersky Embedded Systems Security 3.3 for Linux

Kaspersky Embedded Systems Security for Linux

Print Support Send link

System Integrity Monitoring

System Integrity Monitoring

System Integrity Monitoring is designed to track the actions performed on files and directories in the monitoring scope specified in the component operation settings. You can use System Integrity Monitoring to track the file changes that may indicate a security breach on a protected device.

To use the component, a license that includes the corresponding function is required.

System Integrity Monitoring settings

Setting	Description
System Integrity Monitoring enabled / disabled	This toggle button enables or disables System Integrity Monitoring. The toggle button is switched off by default.
Monitoring scopes	Clicking the Configure monitoring scopes link opens the Monitoring scopes window.
Monitoring exclusions	Clicking the Configure monitoring exclusion scopes link opens the Exclusion scopes window.
Exclusions by mask	Clicking the Configure exclusions by mask link opens the Exclusions by mask window.

Page top

Monitoring scopes window

The table contains monitoring scopes for the System Integrity Monitoring component. The application monitors files and directories located in the paths specified in the table. By default, the table contains the Kaspersky internal objects (/opt/kaspersky/kess/) monitoring scope.

Monitoring scope settings for System Integrity Monitoring

Setting	Description
Scope name	Monitoring scope name.
Path	Path to the directory that the application protects.
Status	The status indicates whether the application scans this scope.

You can add, edit, delete, move up, and move down items in the table.

Clicking the Move down button moves the selected item down in the table.

This button is available if only one item is selected in the table.

Clicking the Move up button moves the selected item up in the table.

This button is available if only one item is selected in the table.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Kaspersky Embedded Systems Security scans objects in the specified scopes, in the order they appear in the list of scopes. If necessary, place the subdirectory higher in the list than its parent directory, to configure security settings for a subdirectory that are different from the security settings of the parent directory.

Page top

Add monitoring scope window

In this window, you can add and configure monitoring scope for the System Integrity Monitoring component.

Monitoring scope settings

Setting	Description
Scan scope name	Field for entering the monitoring scope name. This name will be displayed in the table in the Monitoring scopes window. The entry field must not be blank.
Use this scope	This check box enables or disables scans of this scope by the application. If this check box is selected, the application controls this monitoring scope during the operation. If this check box is cleared, the application does not control this monitoring scope during the operation. You can later include this scope in the component settings by selecting the check box. The check box is selected by default.
File system, access protocol and path	Entry field for the path to the local directory that you want to include in the monitoring scope. You can use masks to specify the path. The field must not be blank. You can use the `` (asterisk) character to create a file or directory name mask. You can indicate a single `` character to represent any set of characters (including an empty set) preceding the `/` character in the file or directory name. For example, `/dir//file` or `/dir///file`. You can indicate two consecutive `` characters to represent any set of characters (including an empty set and the `/` character) in the file or directory name. For example, `/dir/*/file/` or `/dir/file/`. The `` mask can be used only once in a directory name. For example, `/dir///file` is an incorrect mask. You can use a single `?` character to represent any one character in the file or directory name. The / path is specified by default – the application scans all directories of the local file system.
Masks	The list contains name masks for the objects that the application scans. By default the list contains the * mask (all objects). You can add, edit, or delete masks. Clicking the Delete button removes the selected item from the table. This button is available if at least one item is selected in the table. The selected element's settings are changed in a separate window. Clicking the Add button opens a window where you can specify the new item settings.

Page top

Exclusion scopes window

The table contains monitoring exclusion scopes for the System Integrity Monitoring component. The application does not scan files and directories located at the paths specified in the table. By default, the table is empty.

Monitoring exclusion scope settings

Setting	Description
Exclusion scope name	Exclusion scope name.
Path	Path to the directory excluded from monitoring.
Status	Indicates whether the application excludes this scope from monitoring during the component operation.

You can add, edit, and delete items in the table.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top

Add exclusion scope window

In this window, you can add or configure the monitoring exclusion scope for the System Integrity Monitoring component.

Monitoring exclusion scope settings

Setting	Description
Exclusion scope name	Field for entering the exclusion scope name. This name will be displayed in the table in the Exclusion scopes window. The entry field must not be blank.
Use this scope	The check box enables or disables the exclusion of the scope from monitoring when the application is running. If this check box is selected, the application excludes this scope from monitoring during the component operation. If this check box is cleared, the application monitors this scope during the component operation. You can later exclude this scope from monitoring by selecting the check box. The check box is selected by default.
File system, access protocol and path	Entry field for the path to the local directory that you want to add to the exclusion scope. You can use masks to specify the path. The field must not be blank. You can use the `` (asterisk) character to create a file or directory name mask. You can indicate a single `` character to represent any set of characters (including an empty set) preceding the `/` character in the file or directory name. For example, `/dir//file` or `/dir///file`. You can indicate two consecutive `` characters to represent any set of characters (including an empty set and the `/` character) in the file or directory name. For example, `/dir/*/file/` or `/dir/file/`. The `` mask can be used only once in a directory name. For example, `/dir///file` is an incorrect mask. To exclude the mount point `/dir`, you need to specifically indicate `/dir` (no asterisk). The mask `/dir/` excludes all mount points at the level below `/dir` but not `/dir` itself. The `/dir/*` mask excludes all mount points below the level of `/dir` but not `/dir` itself. You can use a single `?` character to represent any one character in the file or directory name. The / path is specified by default. The application excludes all directories of the local file system from scan.
Masks	The list contains name masks of the objects that the application excludes from the monitoring. By default the list contains the * mask (all objects). You can add, edit, or delete masks. Clicking the Delete button removes the selected item from the table. This button is available if at least one item is selected in the table. The selected element's settings are changed in a separate window. Clicking the Add button opens a window where you can specify the new item settings.

Page top

Exclusions by mask window

You can configure the exclusion of objects from monitoring based on name masks. The application does not scan the files with the names containing the specified masks. By default, the list of masks is empty.

You can add, edit, or delete masks.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens the Object mask window. In this window, in the Define object mask field, you can specify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Examples:

The *.txt mask refers to all text files.

The *_my_file_??.html mask refers to html files starting with any characters, and ending with _my_file_ followed by any two characters (for example, 2020_my_file_09.html).

Page top

Contents

System Integrity Monitoring

Monitoring scopes window

Add monitoring scope window

Exclusion scopes window

Add exclusion scope window

Exclusions by mask window