Kaspersky Embedded Systems Security 3.3 for Linux

Kaspersky

Online Help

Kaspersky Embedded Systems Security for Linux

Print Support Send link

Container scan settings
- Container Scan settings window

Container scan settings

You can configure the settings for namespace and container scan by Kaspersky Embedded Systems Security.

Container scan settings

Setting	Description
Enable namespace and container scan	This check box enables or disables namespace and container scan. The check box is selected by default.
Action with container upon threat detection	In the drop-down list, you can select the action to be performed on a container when an infected object is detected: Skip container: if an infected object is detected, the application does not perform any action on the container. Stop container: if an infected object is detected, the application stops the container. Stop container if disinfection fails (default value) – the application stops the container if disinfection of the infected object fails. This setting is available when using the application under a license that supports this function.
Container scan settings	The group of settings contains the Configure button. Clicking this button opens the Container scan settings window.

Setting

Description

Enable namespace and container scan

This check box enables or disables namespace and container scan.

The check box is selected by default.

Action with container upon threat detection

In the drop-down list, you can select the action to be performed on a container when an infected object is detected:

Skip container: if an infected object is detected, the application does not perform any action on the container.
Stop container: if an infected object is detected, the application stops the container.
Stop container if disinfection fails (default value) – the application stops the container if disinfection of the infected object fails.

This setting is available when using the application under a license that supports this function.

Container scan settings

The group of settings contains the Configure button. Clicking this button opens the Container scan settings window.

Page top

Container Scan settings window

In this window, you can configure the settings for container scan by Kaspersky Embedded Systems Security.

The application does not scan namespaces and containers unless components for working with containers and namespaces are installed in the operating system. Moreover, in the device properties in the Applications section, in the application properties in the Components section for container scans, the Stopped status is displayed.

Container scan settings

Setting	Description
Use Docker	This check box enables or disables the use of the Docker environment. The check box is selected by default.
Docker socket path	Entry field for the path or URI (Uniform Resource Identifier) of the Docker socket. The default value is /var/run/docker.sock.
Use CRI-O	The check box enables or disables the use of the CRI-O environment. The check box is selected by default.
File path	Entry field for the path to CRI-O configuration file. Default value: /etc/crio/crio.conf.
Use Podman	The check box enables or disables the use of the Podman utility. The check box is selected by default.
File path	Entry field for the path to the Podman utility executable file. Default value: /usr/bin/podman.
Root folder	Entry field for the path to the root directory of the container storage.
Use runc	The check box enables or disables the use of the runc utility. The check box is selected by default.
File path	Entry field for the path to the runc utility executable file. Default value: /usr/bin/runc.
Root folder	Entry field for the path to the root directory of the container state storage. Default value: /run/runc-ctrs.

Page top

Contents

Container scan settings

Container Scan settings window