Managing the application using the Administration Console

This section describes administering Kaspersky Embedded Systems Security using Kaspersky Security Center Administration Console.

This description is provided for Kaspersky Security Center 14.2.

Kaspersky Security Center Administration Console (hereinafter also referred to as the "Administration Console") is Microsoft Management Console (MMC) snap-in that is installed on the administrator's workstation and provides user interface for the Administration Server and Network Agent administrative services.

The Administration Console lets you remotely install and uninstall, start and stop Kaspersky Embedded Systems Security, configure application settings, and start tasks on the managed devices.

The application is managed through Administration Console by means of the Kaspersky Embedded Systems Security MMC administration plug-in.

To manage Kaspersky Embedded Systems Security using the Administration Console, move the devices, on which Kaspersky Embedded Systems Security is installed, to

You can perform the following actions in the Kaspersky Security Center Administration Console:

• View the protection status of devices.
• View general application settings.
• Update application databases and modules.
• Manage policies.
• Manage application tasks.

If the user account which is used to access the Administration Server does not have permissions to edit the settings of certain functional scopes, the settings of these functional scopes are not available for editing.

Starting and stopping the application on a client device

To start or stop the application on a client device:

1. Open the Administration Console of Kaspersky Security Center.
2. In the Managed devices folder of the Administration Console tree, open the folder with the name of the administration group that includes the required device.
3. In the workspace, select the Devices tab.
4. In the list of managed devices, select the device for which you want to start or stop the application. In the device context menu, select Properties.
5. In the Properties: <Device name> window, select the Applications section.

   The right part of the window displays a list of Kaspersky applications installed on the device.

6. Select Kaspersky Embedded Systems Security 3.3 for Linux.
7. Do one of the following:
   1. To run the application, click the button to the right of the list of Kaspersky applications or select Start in the application context menu.
   2. To stop the application, click the button to the right of the list of Kaspersky applications or select Stop in the application context menu.

Page top

Viewing the protection status of a device

To view the protection status of a device:

1. Open the Administration Console of Kaspersky Security Center.
2. In the Managed devices folder, open the folder with the name of the administration group that includes the required device.
3. In the workspace, select the Devices tab.
4. In the list of managed devices, select the required device and select Properties in the device context menu.
5. In the Properties: <Device name> window, select the Protection section.

The Protection section displays the following information about the protected device:

• Device status: status of the client device generated based on the criteria set by the administrator for the protection status of the device and the device activity in the network.
• All problems: complete list of problems detected by the managed applications installed on the client device. Each problem has a status that the application prompts to assign to the device.
• Real-time protection status: current status of the File Threat Protection task, such as Running or Stopped. When the device status changes, the new status is displayed in the device properties window only after the client device is synchronized with the Administration Server.
• Last on-demand scan: date and time when the last malware scan was performed on the client device.
• Total threats detected: total number of threats detected on the client device since the installation of the application (first scan) or since the last reset of the threat counter.

  To reset the counter, click the Reset button.

• Active threats: the number of unprocessed files on the client device.

Page top

Viewing application settings

To view the application settings:

1. Open the Administration Console of Kaspersky Security Center.
2. In the Managed devices folder, open the folder with the name of the administration group that includes the required device.
3. In the workspace, select the Devices tab.
4. In the list of managed devices, select the required device and select Properties in the device context menu.
5. In the Properties: <Device name> window, select the Applications section.

   The right part of the window displays a list of Kaspersky applications installed on the device.

6. Select Kaspersky Embedded Systems Security 3.3 for Linux.
7. Click the Properties button under the list of applications or select Properties in the application context menu.

   The Kaspersky Embedded Systems Security 3.3 for Linux settings window opens.

The Kaspersky Embedded Systems Security 3.3 for Linux settings window displays the following information about Kaspersky Embedded Systems Security:

• The General section contains general information about the installed application:
  • Version number: the version number of the application
  • Installed — Date and time when the application was installed on the protected device
  • Current status: status of the File Threat Protection task, such as Running or Paused
  • Last software update: date and time when Kaspersky Embedded Systems Security software modules were last updated
  • Installed updates: list of software modules for which updates are installed
  • Application databases: date and time when the application databases were created and last updated
• The Components section contains a list of standard application components. The status (for example, Stopped, Suspended, Not Installed) and version of each component is displayed.
• The License keys section contains information about the active key and reserve keys:
  • Serial number – unique alphanumeric sequence.
  • Status – The status of the license key, e.g. active or reserve.
  • Type: type of license (commercial or trial).
  • License validity period — Number of days during which you can use the application activated with this key.
  • License limit — Number of devices on which you can use the key.
  • Activation date (this field is only available for the active key): date when the active key was added.
  • License expiration date (this field is only available for the active key): date when the application can no longer be used with the current active key.
• The Event settings section displays the types of events that the application stores in event storage and how long they are stored.
• The Advanced section contains information about the application administration plug-in.

Page top

Updating application databases and modules

Updating the databases and application modules of Kaspersky Embedded Systems Security ensures up-to-date protection on your device. New viruses, malware, and other types of threats appear worldwide on a daily basis. Kaspersky Embedded Systems Security databases contain information about threats and ways of neutralizing them. To detect threats quickly, you are urged to regularly update the application databases and modules.

The following objects are updated on users' devices:

• Application databases. Application databases include databases of malware signatures, a description of network attacks, databases of malicious and phishing web addresses, databases of banners, spam databases, and other data.
• Application modules. Module updates are intended to eliminate vulnerabilities in the application and to improve methods of protecting devices. Module updates may change the behavior of application components and add new capabilities.

Kaspersky Embedded Systems Security supports the following scenarios for updating databases and application modules:

• Update from Kaspersky servers. Kaspersky update servers are located in different countries around the world, which ensures a high reliability of updates. If an update cannot be performed from one server, Kaspersky Embedded Systems Security switches over to the next server.
• Centralized update Centralized update reduces external Internet traffic, and provides for convenient monitoring of the update.

  Centralized update consists of the following steps:

  1. Download the update package to a repository within the organization's network.

     The update package is downloaded to the repository by the Download updates to Administration Server repository task of the Administration Server.

  2. Distribute the update package to client devices

     The update package is distributed to the client devices by the Update task of Kaspersky Embedded Systems Security. You can create an unlimited number of update tasks for each administration group.

By default, the list of update sources contains Kaspersky update servers and the Kaspersky Security Center Administration Server. You can add other update sources to the list. You can specify FTP-, HTTP-, or HTTPS servers as update sources. If an update cannot be performed from an update source, Kaspersky Embedded Systems Security switches to the next update source.

Updates are downloaded from Kaspersky update servers or from other FTP, HTTP, or HTTPS servers over standard network protocols. If connection to a proxy server is required to access the update sources, specify the proxy server settings in the Kaspersky Embedded Systems Security policy settings.

Updating from the Administration Server repository

To save Internet traffic, you can configure updates of application databases and modules on devices on the organization's LAN from a server repository. To do this, in Kaspersky Security Center you need to configure downloading the update package from Kaspersky update servers in the Administration Server repository. Other devices on the organization's LAN will be able to receive the update package from the server repository.

Configuring application database and module updates from the server repository consists of the following steps:

1. Download application databases and modules to the Administration Server repository using the Download updates to the Administration Server repository task of Kaspersky Security Center.
2. Configure updates of application databases and modules from the Administration Server repository on the remaining hosts using the Update task.

To configure updates of application databases and modules from the Administration Server repository:

1. Open the Administration Console of Kaspersky Security Center.
2. In the Administration Console tree, select the Tasks folder.

   The list of tasks is displayed in the right part of the window.

3. In the list of tasks, select the Update task for Kaspersky Embedded Systems Security and double-click to open the task properties window.

   The Update task is created automatically by the Initial Setup Wizard.

4. In the task properties window, select the Update sources section in the list on the left.

   The task settings are displayed in the right part of the window.

5. In the Database update source section, select the Kaspersky Security Center Administration Server option.
6. Select the Use Kaspersky update servers if other update sources are not available check box if you want to the Update task to use Kaspersky update servers if the Administration Server repository is unavailable.
7. Click Apply.

Updating using Kaspersky Update Utility

To reduce Internet traffic, you can configure updates of application databases and modules on devices of the organization's LAN from a shared directory by using the Kaspersky Update Utility. For this purpose, one of the devices in the organization LAN must receive update packages from the Kaspersky Security Center Administration Server or from Kaspersky update servers and copy the received update packages to the shared directory by using the utility. Other devices on the organization's LAN will be able to receive the update package from this shared directory.

Configuring application database and module updates from a shared directory consists of the following steps:

1. Install Kaspersky Update Utility on one of the devices of the organization's LAN.
2. Configure copying of the update package to the shared directory in the Kaspersky Update Utility settings.
3. Configure application database and module updates from the specified shared directory to the remaining devices on the organization's LAN.

You can download the Kaspersky Update Utility distribution kit from the Kaspersky Technical Support website. After installing the utility, select the update source (for example, the Administration Server repository) and the shared directory to which the Kaspersky Update Utility will copy update packages. For detailed information about using Kaspersky Update Utility, refer to the Kaspersky Knowledge Base.

To configure updates from a shared directory:

1. Open the Administration Console of Kaspersky Security Center.
2. In the Administration Console tree, select the Tasks folder.

   The list of tasks is displayed in the right part of the window.

3. In the list of tasks, select the Update task for Kaspersky Embedded Systems Security and double-click to open the task properties window.

   The Update task is created automatically by the Initial Setup Wizard.

4. In the task properties window, select the Update sources section.

   The task settings are displayed in the right part of the window.

5. In the Database updates source section, select the Other sources on the local or global network option.
6. In the table of update sources, click the Add button.
7. In the Update source field, specify the path to the shared directory.

   The source address must match the address indicated in the Kaspersky Update Utility settings.

8. Select the Use this source check box and click OK.
9. In the table, set the order of the update sources using the Up and Down buttons.
10. Click Apply.

Using a proxy server for updates

You may be required to specify proxy server settings to download database and application module updates from the update source. If there are multiple update sources, proxy server settings are applied for all sources. If a proxy server is not needed for some update sources, you can disable the use of a proxy server in Kaspersky Embedded Systems Security policy settings. The application will also use a proxy server to access Kaspersky Security Network and activation servers.

To enable use of a proxy server for a specific administration group:

1. Open the Administration Console of Kaspersky Security Center.
2. In the Managed devices folder, open the folder with the name of the desired administration group on devices on which you want to disable use of a proxy server.
3. In the workspace, select the Policies tab.
4. Select the required policy and in the context menu of the policy, select Properties.

   The Properties: <Policy name> window will open.

5. Select the General settings → Proxy server settings section.
6. In the Proxy server settings section, select the Use specified proxy server settings and specify the required proxy server settings.
7. Click OK.

Managing policies in the Administration Console

A policy is a set of Kaspersky Embedded Systems Security operation settings applied to an administration group. You can use policies to apply identical Kaspersky Embedded Systems Security settings to all client devices within an administration group.

Multiple policies with different values of the settings can be configured for a single application. However, there can be only one active policy at a time for an application within an administration group. When you create a new policy, all other policies within an administration group become inactive. You can change the policy status later.

Policies have a hierarchy, similarly to administration groups. By default, a child policy inherits the settings from the parent policy. A child policy is a policy of a nested hierarchy level, that is, a policy for nested administration groups and secondary Administration Servers. You can enable inheritance of the settings from the parent policy.

You can locally modify the values of the settings specified by the policy for individual devices within the administration group, if modification of these settings is not prohibited by the policy.

Each policy setting has a "lock" attribute that indicates whether child policy settings and local application settings can be modified. The "lock" status of a setting within a policy determines whether or not an application setting on a client device can be edited:

• When a setting is "locked" (), you cannot edit the setting. The setting value specified by the policy is used for all client devices within the administration group.
• When a setting is "unlocked" (), you can edit the setting. For all client devices in the administration group, the settings specified locally are used. The settings specified in the policy are not applied.

After the policy is applied for the first time, the application settings change in accordance with the policy settings.

You can perform the following operations with the policies:

• Create a policy.
• Edit policy settings.

  If the user account which is used to access the Administration Server does not have permissions to edit the settings of certain functional scopes, the settings of these functional scopes are not available for editing.

• Delete a policy.
• Change a policy status.
• Compare policy versions in the Revision history section of the policy properties window.

You can also create policy profiles. A policy profile may contain settings that differ from the "base" policy settings and apply to client devices when the configured conditions (activation rules) are met. Using policy profiles allows you to flexibly configure operation settings for different devices. You can create and configure profiles in the Policy profiles section of the policy properties.

For general information on working with policies and policy profiles, refer to Kaspersky Security Center documentation.

Creating a policy

To create a policy:

1. Open the Administration Console of Kaspersky Security Center.
2. Do one of the following:
   • Select the Managed devices folder to create a policy for all the devices managed by Kaspersky Security Center.
   • In the Managed devices folder, select the folder with the name of the administration group that contains the required devices.
3. In the workspace, select the Policies tab.
4. Start the New Policy Wizard in one of the following ways:
   • Click the New policy button.
   • In the context menu of the policy list select New → Policy.
5. In the drop-down list, select Kaspersky Embedded Systems Security 3.3 for Linux.

   Proceed to the next step.

6. Enter a name for the policy being created.

   Proceed to the next step.

7. To use the settings from the previous version of Kaspersky Embedded Systems Security policy in the policy being created, select the Use policy settings for the earlier application version check box.

   Proceed to the next step.

8. Decide whether you want to use Kaspersky Security Network. Carefully read the Kaspersky Security Network Statement and do one of the following:
   • If you agree with all the terms and conditions of the Statement and want the application to use Kaspersky Security Network, select I confirm that I have fully read, understand, and accept the terms and conditions of Kaspersky Security Network Statement.
   • If you do not want to use Kaspersky Security Network, select I do not accept the terms and conditions of the Kaspersky Security Network Statement and confirm your decision in the window that opens.

   If necessary, you can change the decision to use Kaspersky Security Network later.

   Proceed to the next step.

9. If necessary, configure the File Threat Protection settings.

   Proceed to the next step.

10. If necessary, modify the default scan settings.

    Proceed to the next step.

11. If necessary, configure exclusion areas.

    Proceed to the next step.

12. If necessary, modify the default actions for infected objects.

    Proceed to the next step.

13. Complete the New Policy Wizard.

Page top

Editing policy settings

To edit policy settings:

1. Open the Administration Console of Kaspersky Security Center.
2. In the Managed devices folder, open the folder with the name of the required administration group for which you want to edit the policy settings.
3. In the workspace, select the Policies tab.
4. Select the required policy and in the context menu of the policy, select Properties.

   The Properties: <Policy name> window will open.

5. Edit the policy settings.
6. In the Properties: <Policy name> window, click OK to save the changes.

If the user account which is used to access the Administration Server does not have permissions to edit the settings of certain functional scopes, the settings of these functional scopes are not available for editing.

Policy settings

You can use the policy to configure Kaspersky Embedded Systems Security settings for all client devices included in the administration group.

The set of values and default values of the policy settings may differ depending on the type of application license.

You can configure the application operation settings in the sections and subsections of the policy properties window described in the table below. For information about configuring general policy settings and event settings, refer to Kaspersky Security Center documentation.

Sections of the Policy properties window

File Threat Protection

File Threat Protection prevents infection of the file system on the user device. File Threat Protection starts automatically with the default settings upon Kaspersky Embedded Systems Security start. It resides in the device operating memory and scans all files that are opened, saved, and launched.

File Threat Protection settings

Page top

Scan scopes window

The table contains the scan scopes. The application will scan files and directories located in the paths specified in the table. By default, the table contains one scan scope that includes all directories of the local file system.

Scan scope settings

You can add, edit, delete, move up, and move down items in the table.

Kaspersky Embedded Systems Security scans objects in the specified scopes in the order they appear in the list of scopes. If necessary, place the subdirectory higher in the list than its parent directory, to configure security settings for a subdirectory that are different from the security settings of the parent directory.

<Scan scope name> window

In this window, you can add and configure scan scopes.

Scan scope settings

Page top

Scan settings window

In this window, you can configure file scan settings while File Threat Protection is enabled.

File Threat Protection settings

Page top

Actions for infected objects window

In this window, you can configure actions to be performed by Kaspersky Embedded Systems Security on detected infected objects:

File Threat Protection settings

Page top

Exclusion scopes

Scan exclusion is a set of conditions. When these conditions are met, Kaspersky Embedded Systems Security does not scan the objects for viruses and other malware. You can also exclude objects from scans by masks and threat names.

Settings of scan exclusions

Page top

Exclusion scopes window

This table contains scan exclusion scopes. The application does not scan files and directories located at the paths specified in the table. By default, the table is empty.

Exclusion scope settings

You can add, edit, and delete items in the table.

<Exclusion scope name> window

In this window, you can add and configure scan exclusion scopes.

Exclusion scope settings

Page top

Exclusions by mask window

You can configure the exclusion of objects from scans based on name mask. The application will not scan files whose names contain the specified mask. By default, the list of masks is empty.

You can add, edit, or delete masks.

Exclusions by threat name window

You can configure the exclusion of objects from scans based on threat name. The application will not block the specified threats. By default, the list of threat names is empty.

You can add, edit, and delete threat names.

Exclusions by process

You can exclude process activity from scans. The application does not scan the activity of the indicated processes. You can also exclude the files modified by the indicated processes.

The Exclusions by process settings group contains a Configure button, which opens the Exclusions by process window. In this window, you can define the list of exclusion scopes for exclusion by process.

Exclusions by process window

The table contains the exclusion scopes for exclusion by process The exclusion scope for exclusion by process lets you exclude from scans the activity of the indicated process and files modified by the indicated process. By default, the table includes two exclusion scopes that contain paths to the Network Agents. You can remove these exclusions, if necessary.

Exclusion scope settings for exclusion by process

You can add, edit, and delete items in the table.

Trusted process window

In this window, you can add and configure exclusion scopes for exclusion by process.

Exclusion scope settings for exclusion by process

Page top

Firewall Management

The operating system firewall protects personal data that is stored on the user's device. The firewall blocks most threats to the operating system when the device is connected to the Internet or a LAN. Firewall Management detects all network connections by the user's device and provides a list of IP addresses, as well as an indication of the default network connection's status.

The Firewall Management component filters all network activity according to the network packet rules. Configuring network packet rules lets you specify the desired level of the device protection, from blocking Internet access for all applications to allowing unlimited access.

It is recommended to disable other operating system firewall management tools before enabling the Firewall Management component.

Firewall Management settings

Page top

Network packet rules window

The Network packet rules table contains network packet rules that the Firewall Management component uses for network activity monitoring. You can configure the settings described in the table below for network packet rules.

Network packet rules settings

By default, the table of network packet rules is empty.

You can add, edit, delete, move up, and move down network packet rules in the table.

Added network packet rule window

In this window, you can configure the added network packet rule settings.

Network packet rule settings

Page top

Available networks window

The Available networks table contains the networks controlled by the Firewall Management component. The table of available networks is empty by default.

Available networks settings

You can add, edit, and delete available networks.

Page top

Network connection window

In this window, you can configure the network connection that the Firewall Management component will monitor.

Network connection

Page top

Web Threat Protection

While the Web Threat Protection component is running, Kaspersky Embedded Systems Security scans inbound traffic and prevents downloads of malicious files from the Internet and also blocks phishing, adware, or other malicious websites.

The application scans HTTP, HTTPS, and FTP traffic. Also, the application scans websites and IP addresses. You can specify the network ports or network port ranges to be monitored.

To monitor HTTPS traffic, enable encrypted connection scans. To monitor FTP traffic, select the Monitor all network ports check box.

Web Threat Protection settings

Page top

Trusted web addresses window

In this window, you can add web addresses and web pages whose content you consider trusted.

You can only add HTTP/HTTPS web addresses to the list of trusted web addresses. You can use masks to specify web addresses. Masks are not supported to specify IP addresses. By default, the list is empty.

You can add, edit, and remove web addresses on the list.

Page top

Web address window

In this window, you can add a web address or a web address mask to the list of trusted web addresses.

You can add only HTTP/HTTPS web addresses to the list of trusted web addresses. You can use masks to specify web addresses. Masks are not supported to specify IP addresses.

Scan settings window

In this window, you can configure the settings for scanning incoming traffic during operation of the Web Threat Protection component.

Web Threat Protection settings

Page top

Network Threat Protection

While the Network Threat Protection component is running, the application scans inbound network traffic for activity that is typical for network attacks. Network Threat Protection is started by default when the application starts.

The application receives the numbers of the TCP ports from the current application databases and scans incoming traffic for these ports. Upon detecting an attempt of a network attack that targets your device, the application blocks network activity from the attacking device and logs an event about the detected network activity.

To scan network traffic, the Network Threat Protection task receives port numbers from the application databases and accepts connections via all these ports. During the network scan process, it may look like an open port on the device, even if no application on the system is listening to this port. It is recommended to close unused ports by means of a firewall.

Network Threat Protection settings

Page top

Exclusions window

In this window, you can add IP addresses from which network attacks will not be blocked.

By default, the list is empty.

You can add, edit, and remove IP addresses in the list.

Page top

IP address window

In this window, you can add and edit IP addresses. Network attacks from these IP addresses will not be blocked by Kaspersky Embedded Systems Security.

IP addresses

Page top

Kaspersky Security Network

To increase the protection of devices and user data, Kaspersky Embedded Systems Security can use Kaspersky's cloud-based knowledge base Kaspersky Security Network (KSN) to check the reputation of files, Internet resources, and software. The use of Kaspersky Security Network data ensures a faster response to various threats, high protection component performance, and fewer false positives.

Kaspersky Embedded Systems Security supports the following infrastructure solutions to work with Kaspersky's reputation databases:

• Kaspersky Security Network (KSN) – A solution that receives information from Kaspersky and sends data about objects detected on user devices to Kaspersky for additional verification by Kaspersky analysts and to add to reputation and statistical databases.
• Kaspersky Private Security Network (KPSN) – A solution that allows users of devices with Kaspersky Embedded Systems Security installed to access the reputation databases of Kaspersky, as well as other statistical data, without sending data to Kaspersky from their devices. KPSN is designed for corporate clients who can't use Kaspersky Security Network, for example, for the following reasons:
  • No connection of local workplaces to the Internet
  • Legal prohibition or corporate security restrictions on sending any data outside the country or the organization's local network

After changing the Kaspersky Embedded Systems Security license, submit the details of the new key to the service provider in order to be able to use KPSN. Otherwise, data exchange with KPSN will be impossible due to an authentication error.

Use of Kaspersky Security Network is voluntary. Kaspersky Embedded Systems Security suggests using KSN during installation. You can start or stop using KSN at any time.

There are two options for using KSN:

• KSN with statistics sharing (extended KSN mode) – you can receive information from the Kaspersky knowledge base, while Kaspersky Embedded Systems Security automatically sends statistical information to KSN obtained during its operation. The application can also send to Kaspersky for additional scanning certain files (or parts of files) that intruders can use to harm the device or data.
• KSN without statistics sharing – you can receive information from the Kaspersky knowledge base, while Kaspersky Embedded Systems Security does not send anonymous statistics and data about the types and sources of threats.

You can start or stop using Kaspersky Security Network at any time. You can also select another Kaspersky Security Network usage option by clicking the Edit button.

No personal data is collected, processed, or stored. Detailed information about the storage, and destruction, and/or submission to Kaspersky of statistical information generated during participation in KSN is available in the Kaspersky Security Network Statement and on Kaspersky's website.

You can read the text of the Kaspersky Security Network Statement in the Kaspersky Security Network Statement window, which can be opened by clicking the Kaspersky Security Network Statement link.

User devices managed by Kaspersky Security Center Administration Server can interact with KSN via the KSN proxy server service. You can configure the KSN proxy server settings in the Kaspersky Security Center Administration Server properties. For details about the KSN proxy server service refer to Kaspersky Security Center documentation.

Kaspersky Security Network settings

In this window, you can configure Kaspersky Security Network participation settings.

Kaspersky Security Network settings

Page top

Kaspersky Security Network Statement

In this window, you can read the text of the Kaspersky Security Network Statement and accept its terms and conditions.

Kaspersky Security Network settings

Page top

Kaspersky Private Security Network Statement

In this window, you can read the text of the Kaspersky Private Security Network Statement and accept its terms and conditions.

Kaspersky Security Network settings

Page top

Application Сontrol

During execution of the Application Control task, Kaspersky Embedded Systems Security controls the launching of applications on user devices. This helps reduce the risk of device infection by restricting access to applications. Application launching is regulated by Application Control rules.

Application Control can operate in two modes:

• Denylist. In this mode Kaspersky Embedded Systems Security allows all users to launch any applications that are not specified in the Application Control rules. This is the default operation mode of the Application Control component.
• Allowlist. In this mode Kaspersky Embedded Systems Security prevents all users from launching any applications that are not specified in the Application Control rules.

For each Application Control operation mode, separate rules can be created and an action can be specified: apply rules or test rules. Kaspersky Embedded Systems Security performs this action when it detects an attempt to start an application.

The Application Control settings are described in the following table.

Application Control settings

Page top

Application Control rules window

The Application Control rules table contains the rules used by the Application Control component. The Application Control rules table is empty by default.

Application Control rules settings

You can add, modify and remove Application Control rules.

Adding rule window

In this window, you can configure the settings for the created Application Control rule.

Adding the Application Control rule

Page top

Application Control categories window

In this window, you can add a new category or configure the category settings for an Application Control rule.

Kaspersky Embedded Systems Security does not support use of the KL categories of Kaspersky Security Center.

Application Control categories

Page top

Principal name window

In this window, you can specify a local or domain user or user group for which you want to configure a rule.

Adding the Application Control rule

Page top

Anti-Cryptor

Anti-Cryptor allows you to protect your files in local directories with network access by SMB/NFS protocols from remote malicious encryption.

While the Anti-Cryptor component is running, Kaspersky Embedded Systems Security scans remote devices calls to access the files located in the shared network directories of the protected device. If the application considers a remote device actions on network file resources to be malicious encrypting, this device is added to a list of untrusted devices and loses access to the shared network directories. The application does not consider activity to be malicious encryption if it is detected in the directories excluded from the protection scope of the Anti-Cryptor component.

For the Anti-Cryptor component to operate correctly, at least one of the services (Samba or NFS) must be installed in the operating system. For the NFS service, the rpcbind package must be installed.

Anti-Cryptor operates correctly with the SMB1, SMB2, SMB3, NFS3, TCP/UDP, and IP/IPv6 protocols. Working with NFS2 and NFS4 protocols is not supported. It is recommended to configure your server settings so that the NFS2 and NFS4 protocols cannot be used to mount resources.

Anti-Cryptor does not block access to network file resources until the device activity is identified as malicious. So, at least one file will be encrypted before the application detects malicious activity.

Anti-Cryptor settings

Page top

Scan scopes window

The table contains the scan scopes. The application will scan files and directories located in the paths specified in the table. By default, the table contains one scan scope that includes all directories of the local file system.

Scan scope settings

You can add, edit, delete, move up, and move down items in the table.

Kaspersky Embedded Systems Security scans objects in the specified scopes in the order they appear in the list of scopes. If necessary, place the subdirectory higher in the list than its parent directory, to configure security settings for a subdirectory that are different from the security settings of the parent directory.

<New scan scope> window

In this window, you can add or configure protection scope for the Anti-Cryptor component.

Protection scope settings

Page top

Protection settings window

Protection settings

Page top

Exclusion scopes window

This table contains scan exclusion scopes. The application does not scan files and directories located at the paths specified in the table. By default, the table is empty.

Exclusion scope settings

You can add, edit, and delete items in the table.

<Exclusion scope name> window

In this window, you can add and configure scan exclusion scopes.

Exclusion scope settings

Page top

Exclusions by mask window

You can configure the exclusion of objects from scans based on name mask. The application will not scan files whose names contain the specified mask. By default, the list of masks is empty.

You can add, edit, or delete masks.

System Integrity Monitoring

System Integrity Monitoring is designed to track the actions performed on files and directories in the monitoring scope specified in the component operation settings. You can use System Integrity Monitoring to track the file changes that may indicate a security breach on a protected device.

To use the component, a license that includes the corresponding function is required.

System Integrity Monitoring settings

Page top

Scan scopes window

The table contains monitoring scopes for the System Integrity Monitoring component. The application monitors files and directories located in the paths specified in the table. By default, the table contains one monitoring scope, Kaspersky internal objects (/opt/kaspersky/kess/).

Monitoring scope settings

You can add, edit, delete, move up, and move down items in the table.

Kaspersky Embedded Systems Security scans objects in the specified scopes, in the order they appear in the list of scopes. If necessary, place the subdirectory higher in the list than its parent directory, to configure security settings for a subdirectory that are different from the security settings of the parent directory.

<New scan scope> window

In this window, you can add and configure monitoring scopes for the System Integrity Monitoring component.

Monitoring scope settings

Page top

Exclusion scopes window

The table contains monitoring exclusion scopes for the System Integrity Monitoring component. The application does not scan files and directories located at the paths specified in the table. By default, the table is empty.

Monitoring exclusion scope settings

You can add, edit, and delete items in the table.

<Exclusion scope name> window

In this window, you can add or configure the monitoring exclusion scope for the System Integrity Monitoring component.

Monitoring exclusion scope settings

Page top

Exclusions by mask window

You can configure the exclusion of objects from monitoring based on name masks. The application does not scan the files with the names containing the specified masks. By default, the list of masks is empty.

You can add, edit, or delete masks.

Device Control

When the Device Control task is running, Kaspersky Embedded Systems Security manages user access to the devices that are installed on or connected to the client device (for example, hard drives, cameras, or Wi-Fi modules). This lets you protect the client device from infection when external devices are connected, and prevent data loss or leaks. Device Control manages user access to devices using the access rules.

When a device, access to which is denied by the Device Control task, connects to a client device, the application denies the users specified in the rule access to this device and displays a notification. During attempts to read and write on this device, the application silently blocks the users specified in the rule from reading/writing.

Device Control settings

Page top

Trusted devices window

The table contains a list of trusted devices. The table is empty by default.

Trusted device settings

You can add a device to the list of trusted devices by ID or by mask or by selecting the required device in the list of devices detected on the user device.

You can edit and delete trusted devices in the table.

Trusted device window

In this window, you can add a device to the list of trusted devices by its identifier.

Adding device by ID

Page top

Device window on client devices

In this window you can add a device to the list of trusted devices by selecting it in the list of existing devices detected on client devices.

Information about existing devices is available only if an active policy exists and synchronization with the Network Agent has been completed (the synchronization interval is specified in the Network Agent policy properties; the default setting is 15 minutes). If you create a new policy and there are no other active ones, the list will be empty.

Adding device from list

Page top

Device type window

In this window, you can configure access rule for various types of devices.

Access rules for device types

In the Configuring device access rule window, which opens by double-clicking the device type, you can configure access rules and access schedules for devices to which access with restrictions is allowed.

Configuring device access rule window

In this window, you can configure access rules and schedules for the selected device type.

This window is opened by double-clicking the device type in the Device type window.

Device access rules and schedules

Page top

Principal name window

In this window, you can configure the settings of the device access rule being created.

Configuring a device access rule

Page top

Schedule for access to devices window

In this window, you can configure the device access schedule. You can configure schedules only for hard drives, removable drives, floppy disks, and CD/DVD drives.

In the General settings->Application settings section, if the Block access to files during scans check box is cleared, then it is not possible to block access to devices using a device access schedule.

Schedule for access to devices

Page top

Connection buses window

In this window, you can configure access rules for connection buses.

Connection rules for buses

Page top

Behavior Detection

By default, the Behavior Detection component starts when Kaspersky Embedded Systems Security starts and monitors the malicious activity of the applications in the operating system. When malicious activity is detected, Kaspersky Embedded Systems Security can terminate the process of the application that performs malicious activity.

Behavior Detection component settings

Page top

Exclusions by process window

The table contains the exclusion scopes for exclusion by process The exclusion scope for exclusion by process lets you exclude the activity of an indicated process. By default, the table is empty.

Exclusion scope settings for exclusion by process

You can add, edit, and delete items in the table.

Page top

Trusted process window

In this window, you can add and configure exclusion scopes for exclusion by process.

Exclusion scope settings for exclusion by process

Page top

Managing tasks

You can configure the ability to view and manage Kaspersky Embedded Systems Security tasks on managed devices.

Task management settings

Page top

Removable Drives Scan

When the Removable Drives Scan task is running, the application scans the removable device and its boot sectors for viruses and other malware. The following removable drives are scanned: CDs, DVDs, Blu-ray discs, flash drives (including USB modems), external hard drives, and floppy disks.

Removable drives scan task settings

Page top

Proxy server settings

You can configure proxy server settings if the users of the client devices use a proxy server to connect to the internet. Kaspersky Embedded Systems Security may use a proxy server to connect to Kaspersky servers, for example, when updating application databases and modules or when communicating with Kaspersky Security Network.

Proxy server settings

Page top

Application settings

You can configure the general settings of Kaspersky Embedded Systems Security.

General application settings

Page top

Container scan settings

You can configure the settings for namespace and container scan by Kaspersky Embedded Systems Security.

Container scan settings

Page top

Container Scan settings window

In this window, you can configure the settings for container scan by Kaspersky Embedded Systems Security.

The application does not scan namespaces and containers unless components for working with containers and namespaces are installed in the operating system. Moreover, in the device properties in the Applications section, in the application properties in the Components section for container scans, the Stopped status is displayed.

Container scan settings

Page top

Network settings

You can configure the settings of encrypted connection scans. These settings are used by the Web Threat Protection component.

When the encrypted connection scan settings are changed, the application generates a Network settings changed event.

Network settings

Page top

Trusted domains window

This list contains the domain names and domain name masks that will be excluded from encrypted connection scans.

Example: *example.com. For example, *example.com/* is incorrect because a domain address, not a web page, needs to be specified.

By default, the list is empty.

You can add, edit and remove domains from the list of trusted domains.

Trusted certificates window

You can configure a list of certificates considered trusted by Kaspersky Embedded Systems Security. The list of trusted certificates is used when scanning encrypted connections.

The following information is displayed for each certificate:

• Subject – certificate subject
• Serial number – serial number of the certificate
• Issuer – issuer of the certificate
• Valid from – certificate start date
• Expires on – certificate expiration date
• SHA-256 fingerprint – SHA-256 certificate thumbprint

By default, the certificate list is empty.

You can add and remove certificates.

Add certificate window

In this window, you can add a certificate to the trusted certificate list in one of the following ways:

• Indicate the path to the certificate file. The Browse button opens the standard file selection window. Indicate the path to the file that contains the certificate, in DER or PEM format.
• Copy the contents of the certificate file to the Enter certificate details field.

Network ports window

Network ports settings

Page top

Global exclusions

Global exclusions allow you to set the mount points that will be excluded from the scan scope for the application components that use the file operation interceptor (File Threat Protection and Anti-Cryptor).

Global exclusion settings

Page top

Excluded mount points window

The list contains paths to excluded mount points. By default, the list is empty.

You can add, edit, and delete items in the list.

Mount point path window

Mount point settings

Page top

Excluding process memory

You can exclude process memory from scans. The application does not scan the memory of the specified processes.

You can create a list of exclusions in the Excluding process memory from scan block of the window that opens when you click the Configure button.

Excluding process memory from scan window

The list contains paths to processes whose memory Kaspersky Embedded Systems Security excludes from process memory scans. You can use masks to specify the path. By default, the list is empty.

You can add, edit, and delete items in the list.

Storage settings

The Storage is a list of backup copies of files that have been deleted or modified during the disinfection process. A backup copy is a copy of a file created before the first attempt to disinfect or delete this file. Backup copies of files are stored in a special format and do not pose a threat. By default, the Storage is located in the /var/opt/kaspersky/kess/common/objects-backup/ directory. Files in the Storage may contain personal data. Root privileges are required to access files in the Storage.

Storage settings

Page top

Managing tasks in the Administration Console

You can create the following tasks for working with Kaspersky Embedded Systems Security using Kaspersky Security Center Administration Console:

• Local tasks that are configured for an individual device
• Group tasks that are configured for devices within administration groups
• Tasks for sets of devices that do not belong to administration groups

  The tasks for the sets of devices are performed only on the devices that are specified in the task settings. If new devices are added to the device selection for which the task is created, this task is not applied to the new devices. To apply the task to these computers, you must create a new task or edit the settings of the existing task.

You can create any number of group tasks, tasks for a set of devices, or local tasks.

The set and default values of the task settings may differ depending on the license type.

You can perform the following actions with tasks:

• Start, stop, pause, and resume tasks.

  The Update task cannot be paused or resumed, it can only be started or stopped.

• Create new tasks.
• Edit task settings.

  If the user account which is used to access the Administration Server does not have permissions to edit the settings of certain functional scopes, the settings of these functional scopes are not available for editing.

• Compare task versions in the Revision history section of the task properties window.

General information about the tasks in the Administration Console is provided in Kaspersky Security Center documentation.

Creating a local task

To create a local task:

1. Open the Administration Console of Kaspersky Security Center.
2. In the Managed devices folder, open the folder with the name of the administration group that includes the required device.
3. In the workspace, select the Devices tab.
4. In the list of managed devices, select the device for which you want to create a local task. In the device context menu, select Properties.
5. In the Properties: <Device name> window, select the Task section.
6. Click Add.

   The Task Wizard starts.

7. Follow the Task wizard instructions.

Page top

Creating a group task

To create a group task:

1. Open the Administration Console of Kaspersky Security Center.
2. In the Administration Console tree, select the Tasks folder.
3. In the workspace, click the New task button.

   The Task Wizard starts.

4. Follow the Task wizard instructions.

Page top

Creating a task for device sets

To create a task for a set of devices:

1. Open the Administration Console of Kaspersky Security Center.
2. In the Administration Console tree, select the Tasks folder.
3. In the workspace, click the New task button.

   The Task Wizard starts.

4. Follow the Task wizard instructions.
5. In the Select devices to which the task will be assigned window of the Wizard, click the Assign task to a device selection button.
6. In the next window of the Wizard, click the Browse button.

   The Device selection window will open.

7. Select the required devices and click OK in the Device selection window.
8. Click Next.
9. Follow the Task wizard instructions.

Manually starting, stopping, pausing, and resuming a task

If Kaspersky Embedded Systems Security is running on the client device, you can start, stop, pause, and resume the task on this client device using Kaspersky Security Center. When Kaspersky Embedded Systems Security is paused, running tasks are paused as well, and it becomes impossible to start, stop, pause, or resume a task using Kaspersky Security Center.

To start, stop, pause, or resume a local task:

1. Open the Administration Console of Kaspersky Security Center.
2. In the Managed devices folder, open the folder with the name of the administration group that includes the required device.
3. In the workspace, select the Devices tab.
4. In the list of managed devices, select the device on which you want to start, stop, pause, or resume a local task.
5. In the device context menu, select Properties.
6. In the Properties: <Device name> window, select the Task section.

   A list of local tasks appears in the right part of the window.

7. Select a local task that you want to start, stop, pause, or resume.
8. Do one of the following:
   • In the context menu of the local task, select Start / Stop / Pause / Resume.
   • To start or stop a local task, click the / button to the right of the local tasks list.
   • Click the Properties button under the list of local tasks and in the Properties: <Local task name> window that opens, on the General tab, click the Start / Stop / Pause / Resume button.

To start, stop, pause, or resume a group task:

1. Open the Administration Console of Kaspersky Security Center.
2. In the Managed devices folder, select the folder with the name of the administration group for which you want to start, stop, pause, or resume a group task.
3. In the workspace, select the Tasks tab.

   A list of group tasks appears in the right part of the window.

4. Select a group task that you want to start, stop, pause, or resume.
5. In the context menu of the group task, select Start / Stop / Pause / Resume.

Page top

Editing local task settings

To edit the local task settings:

1. Open the Administration Console of Kaspersky Security Center.
2. In the Managed devices folder, open the folder with the name of the administration group that includes the required device.
3. In the workspace, select the Devices tab.
4. In the list of managed devices, select the device for which you want to configure the application settings. In the device context menu, select Properties.
5. In the Properties: <Device name> window, select the Task section.

   A list of local tasks appears in the right part of the window.

6. Select the required local task and in the context menu of the task, select Properties.

   The Properties: <Local task name> window will open.

7. Edit the local task settings.
8. In the Properties: <Local task name> window, click OK to save the changes.

The number and the contents of the sections depend on the type of the selected task. The contents of the General, Notifications, Schedule, and Revision history sections are identical for all tasks. For a detailed description of these sections, please refer to the Kaspersky Security Center documentation.

Page top

Editing group task settings

to edit the group task settings:

1. Open the Administration Console of Kaspersky Security Center.
2. In the Managed devices folder, open the folder with the name of the required administration group.
3. In the workspace, select the Tasks tab.
4. In the list of group tasks, select the required group task and select Properties in the task context menu.

   The Properties: <Group task name> window will open.

5. Edit the group task settings.
6. In the Properties: <Group task name> window, click OK to save the changes.

The number and the contents of the sections depend on the type of the selected task. The contents of the General, Notifications, Schedule, and Revision history sections are identical for all tasks. For a detailed description of these sections, please refer to the Kaspersky Security Center documentation.

Editing device sets task settings

To edit the task settings for a set of devices:

1. Open the Administration Console of Kaspersky Security Center.
2. Select the Tasks folder.
3. In the Tasks folder, in the list of tasks, select the task for the set of devices. To change the settings of this task, select Properties from the task context menu.

   The Properties: <Task name> window will open.

4. Edit the task settings for the set of devices.
5. In the Properties: <Task name> window click OK.

The number and the contents of the sections depend on the type of the selected task. The contents of the General, Notifications, Schedule, and Revision history sections are identical for all tasks. For a detailed description of these sections, please refer to the Kaspersky Security Center documentation.

Task settings

The following types of tasks are provided for managing Kaspersky Embedded Systems Security by means of Kaspersky Security Center:

• Malware Scan. During the task execution, the application scans the device areas that are specified in the task settings for viruses and other malware.
• Add Key. During the task execution, the application adds a key, including a reserve one, to activate the application.
• Inventory. During the task execution, the application receives information about all executable files stored on the devices.
• Update. During the task execution, the application updates the databases in accordance with the configured update settings.
• Rollback. During the task execution, the application rolls back the last database update.
• Critical Areas Scan. During the task execution, the application scans boot sectors, startup objects, process memory, and kernel memory.
• Container Scan. During the task execution, the application scans containers and images for viruses and other malware.
• System Integrity Check. During the task execution, the application determines changes of each object by comparing the current state of the monitored object to its original state, which was previously established as a baseline.

The set and default values of the task settings may differ depending on the license type.

Add a key

Using the Add Key task, you can add a key to activate Kaspersky Embedded Systems Security.

Add Key task settings

Page top

Kaspersky Security Center key storage window

In this window, you can select keys added to Kaspersky Security Center key storage and add keys to Kaspersky Security Center key storage.

Settings in the Kaspersky Security Center key storage window

Page top

Inventory

The Inventory task provides information about all applications executable files stored on the client devices. Obtaining information about the applications installed on the devices can be useful, for example, for creating Application Control rules.

The Kaspersky Security Center database can store information about up to 150,000 processed files. When this number of records is reached, new files will not be processed. To resume the Inventory Scan task, delete the files registered in the Kaspersky Security Center database as a result of previous inventories, from the device where Kaspersky Embedded Systems Security is installed.

Inventory Scan task settings

In the Exclusion scopes section for the Inventory task, you can also configure scopes to be excluded from scans.

Scan scopes window

The table contains the scan scopes. The application will scan files and directories located in the paths specified in the table. By default, the table contains one scan scope – /usr/bin.

Scan scope settings for the Inventory task

You can add, edit, delete, move up, and move down items in the table.

Kaspersky Embedded Systems Security scans objects in the specified scopes in the order they appear in the list of scopes. If necessary, place the subdirectory higher in the list than its parent directory, to configure security settings for a subdirectory that are different from the security settings of the parent directory.

<New scan scope> window

In this window, you can add and configure scan scope for the Inventory task.

Inventory scope settings

Page top

Exclusion scopes window

This table contains scan exclusion scopes. The application does not scan files and directories located at the paths specified in the table. By default, the table is empty.

Exclusion scope settings

You can add, edit, and delete items in the table.

<New exclusion scope> window

In this window, you can add and configure scan exclusion scope for the Inventory task.

Exclusion scope settings

Page top

Update

Updating the databases and application modules of Kaspersky Embedded Systems Security ensures up-to-date protection on your device. New viruses and other types of malware appear worldwide on a daily basis. The application databases contain information about the threats and the ways to neutralize them. To detect threats quickly, you are urged to regularly update the application databases and modules.

An update source is a resource that contains updates for Kaspersky Embedded Systems Security databases and application modules. Update sources can be FTP, HTTP, or HTTPS servers (such as Kaspersky Security Center and Kaspersky update servers), as well as local or network directories mounted by the user.

Update source settings for the Update task

In the Settings section, you can specify the response timeout and the application update download settings.

Additional settings of the Update task

Page top

Rollback

After the application databases are updated for the first time, the rollback of the application databases to their previous versions becomes available.

Every time a user starts the update process, Kaspersky Embedded Systems Security creates a backup copy of the current application databases. This allows you to roll back the application databases to a previous version if needed.

Rolling back the last database update may be useful, for example, if the new application database version contains invalid signatures, which causes Kaspersky Embedded Systems Security to block safe applications.

The rollback task does not have any settings.

Malware Scan

Malware Scan is a one-time full or custom scan of files on the device performed by the application. The application can carry out multiple malware scanning tasks at the same time.

By default, the application creates one standard virus scan task — a full scan. The application scans all the objects located on the local drives of the device, as well as all mounted and shared objects that are accessed via the Samba and NFS protocols with the recommended security settings.

During a full disk scan, the processor is busy. It is recommended to run the full scan task when the business is idle.

You can also create custom malware scan tasks.

Malware Scan task settings

In the Exclusions section, you can also configure exclusion scopes as well as exclusions by mask and by the threat name for Malware Scans.

Page top

Scan scopes window

The table contains the scan scopes. The application will scan files and directories located in the paths specified in the table. By default, the table contains one scan scope that includes all directories of the local file system.

Scan scope settings

You can add, edit, delete, move up, and move down items in the table.

Kaspersky Embedded Systems Security scans objects in the specified scopes in the order they appear in the list of scopes. If necessary, place the subdirectory higher in the list than its parent directory, to configure security settings for a subdirectory that are different from the security settings of the parent directory.

<Scan scope name> window

In this window, you can add and configure scan scopes.

Scan scope settings

Page top

Scan scope settings window

In this window, you can configure the scan settings for the Malware Scan task. The application allows you to scan files, boot sectors, device memory, and startup objects.

Scan scope settings

Page top

Scan scopes window

The table contains name masks of the devices, whose boot sectors the application must scan. By default, the table contains the /** device name mask (all devices).

You can add, edit, and delete items in the table.

Scan settings window

In this window, you can configure the file scan settings for the task.

Scan settings

Page top

Actions for infected objects window

In this window, you can configure actions to be performed by Kaspersky Embedded Systems Security on detected infected objects:

Actions for infected objects

Page top

Critical Areas Scan

The Critical Areas Scan task allows you to scan files, boot sectors, startup objects, process memory, and kernel memory.

Critical Areas Scan task settings

In the Exclusions section, you can also configure exclusion scopes as well as exclusions by mask and by the threat name for the Critical Areas Scan task.

Page top

Scan scopes window

The table contains the scan scopes. The application will scan files and directories located in the paths specified in the table. By default, the table contains one scan scope that includes all directories of the local file system.

Scan scope settings

You can add, edit, delete, move up, and move down items in the table.

Kaspersky Embedded Systems Security scans objects in the specified scopes in the order they appear in the list of scopes. If necessary, place the subdirectory higher in the list than its parent directory, to configure security settings for a subdirectory that are different from the security settings of the parent directory.

<Scan scope name> window

In this window, you can add and configure scan scopes.

Scan scope settings

Page top

Scan scope settings window

In this window, you can configure the scan settings for the Critical Areas Scan task. The application allows you to scan files, boot sectors, startup objects, process memory, and kernel memory.

Scan scope settings

Page top

Scan scopes window

The table contains name masks of the devices, whose boot sectors the application must scan. By default, the table contains the /** device name mask (all devices).

You can add, edit, and delete items in the table.

Scan settings window

In this window, you can configure the file scan settings for the task.

Scan settings

Page top

Actions for infected objects window

In this window, you can configure actions to be performed by Kaspersky Embedded Systems Security on detected infected objects:

Actions for infected objects

Page top

Container Scan

When the Container Scan task is running, Kaspersky Embedded Systems Security scans containers and images for viruses and other malware. You can run multiple Container Scan tasks simultaneously.

Integration with Docker container management system, CRI-O framework, and Podman and runc utilities is supported.

To use the task, a license that includes the corresponding function is required.

Container scan task settings

In the Exclusions section, you can also configure exclusions by mask and by the threat name for the Container scan task.

Container Scan settings window

In this window, you can configure container and image scan settings.

Container and image scan settings

Page top

Scan settings window

In this window, you can configure the file scan settings for the task.

Scan settings

Page top

Actions for infected objects window

In this window, you can configure actions to be performed by Kaspersky Embedded Systems Security on detected infected objects:

Actions for infected objects

Page top

Exclusions section

Settings of scan exclusions

Page top

System Integrity Check

While the System Integrity Check (ODFIM) task is running, each object change is determined by comparing the current state of the monitored objects with its original state, which was previously established as a baseline.

To use the task, a license that includes the corresponding function is required.

The system baseline is created during the first run of the ODFIM task on the device. You can create several ODFIM tasks. For each ODFIM task, a separate baseline is created. The task is performed only if the baseline corresponds to the monitoring scope. If the baseline does not match the monitoring scope, Kaspersky Embedded Systems Security generates a system integrity violation event.

The baseline is rebuilt after an ODFIM task has finished. You can rebuild a baseline for a task using the corresponding setting. Also, a baseline is rebuilt when the settings of a task change, for example, if a new monitoring scope is added. The baseline will be rebuilt during the next task run. You can delete a baseline by deleting the corresponding ODFIM task.

System Integrity Check task settings

In the Exclusion scopes section, you can also configure monitoring exclusion scopes and exclusions by mask for the System Integrity Check task.

Scan scopes window

The table contains monitoring scopes for the System Integrity Check task. The application monitors files and directories located in the paths specified in the table. By default, the table contains one monitoring scope, Kaspersky internal objects (/opt/kaspersky/kess/).

Monitoring scope settings

You can add, edit, delete, move up, and move down items in the table.

Kaspersky Embedded Systems Security scans objects in the specified scopes, in the order they appear in the list of scopes. If necessary, place the subdirectory higher in the list than its parent directory, to configure security settings for a subdirectory that are different from the security settings of the parent directory.

<New scan scope> window

In this window, you can add and configure monitoring scopes for the System Integrity Check task.

Monitoring scope settings

Page top

Exclusion scopes section

Settings of scan exclusions

Page top