Inventory task (Inventory_Scan, ID:22)

The Inventory Scan task provides information about all application executable files stored on the user devices. Obtaining information about the applications installed on the devices can be useful, for example, for creating Application Control rules.

In this Help section

Inventory Scan task settings

Viewing a list of detected applications

Page top

Inventory task settings

The table describes all available values and the default values of all the settings that you can specify for the Inventory task.

Inventory task settings

Setting	Description	Values

`ScanScripts`	Enables script scanning.	`Yes` (default value) — Scan scripts. `No` — Do not scan scripts.
`ScanBinaries`	Enables binary files scanning (elf, java, and pyc).	`Yes` (default value) — Scan binaries. `No` — Do not scan binaries.
`ScanAllExecutable`	Enables the scanning of files with an executable bit.	`Yes` (default value) — Scan files with an executable bit. `No` — Do not scan files with an executable bit.
`ScanPriority`	Task priority. Task priority is a setting that combines a number of internal Kaspersky Embedded Systems Security settings and process start settings. By using this setting, you can specify the way the application consumes system resources for running tasks.	`Idle` — Run the task with a low priority: no more than 10% of processor resource consumption. Specify this value to release the application resources for other tasks, including user processes. The current scan task takes longer to complete. `Normal` (default value) — Run the task with a normal priority: no more than 50% of all processors resources. `High` — Run the task with a high priority, without limiting the consumption of processor resources. Specify this value to perform the current scan task faster.
`CreateGoldenImage`	Enables creation of the "Golden Image" category of applications based on the list of applications detected on the device by the Inventory Scan task. If `CreateGoldenImage=Yes`, then you can use the "Golden Image" application category in the Application Control rules.	`Yes`: create the "Golden Image" category of applications. `No` (default value): do not create the "Golden Image" category of applications.
The [ScanScope.item_#] section contains the following settings:
`AreaDesc`	Description of inventory scan scope; contains additional information about the inventory scan scope. The maximum length of the string specified using this setting is 4096 characters.	Default value: `All objects`.
`UseScanArea`	Enables scans of the specified inventory scope. To run the task, enable scans of at least one inventory scope.	`Yes` (default value) — Scan the specified inventory scope. `No` — Do not scan the specified inventory scope.
`AreaMask`	Inventory scope limitation. In the inventory scope, the application scans only the files that are specified using the masks in the shell format. If this setting is not specified, the application scans all the objects in the inventory scope. You can specify several values for this setting.	The default value is `*` (scan all objects).
`Path`	Path to the directory with objects to be scanned.	`<path to local directory>` — Scan objects in the specified directory. You can use masks to specify the path. You can use the `` (asterisk) character to create a file or directory name mask. You can indicate a single `` character to represent any set of characters (including an empty set) preceding the `/` character in the file or directory name. For example, `/dir//file` or `/dir///file`. You can indicate two consecutive `` characters to represent any set of characters (including an empty set and the `/` character) in the file or directory name. For example, `/dir/*/file/` or `/dir/file/`. The `` mask can be used only once in a directory name. For example, `/dir///file` is an incorrect mask. You can use a single `?` character to represent any one character in the file or directory name. Default value: `/usr/bin`
The [ExcludedFromScanScope.item_#] section contains the following settings:
`AreaDesc`	Description of the inventory exclusion scope; contains additional information about the inventory scan scope.	The default value is not defined.
`UseScanArea`	Excludes the specified scope from the inventory.	`Yes` (default value) — Exclude the specified scope. `No` — Do not exclude the specified scope.
`AreaMask`	Limiting the inventory exclusion scope using shell masks. If this setting is not specified, the application excludes all the objects in the inventory scope. You can specify several values for this setting.	Default value: `*` (exclude all objects)
`Path`	Path to the directory with objects to be excluded.	`<path to local directory>` — Exclude objects in the specified directory from scan. You can use masks to specify the path. You can use the `` (asterisk) character to create a file or directory name mask. You can indicate a single `` character to represent any set of characters (including an empty set) preceding the `/` character in the file or directory name. For example, `/dir//file` or `/dir///file`. You can indicate two consecutive `` characters to represent any set of characters (including an empty set and the `/` character) in the file or directory name. For example, `/dir/*/file/` or `/dir/file/`. The `` mask can be used only once in a directory name. For example, `/dir///file` is an incorrect mask. You can use a single `?` character to represent any one character in the file or directory name.

Page top

Viewing a list of detected applications

You can view the list of applications detected on the device by executing the Inventory Scan task. Obtaining information about the applications installed on the devices can be useful, for example, for creating Application Control rules.

To view the list of applications detected on the device, execute the following command:

kess-control [-A] --get-app-list

Kaspersky Embedded Systems Security displays the following information about the detected applications:

Inventory date and time. Date and time when the Inventory task was performed
Number of applications. The number of applications detected on the device
The list of applications containing the following information:
- Path. Path to the application.
- Hash. Application hash sum.
- Type. Application type. For example, Script, Executable.
- Categories. Categories that the application belongs to (if they were previously created). You can view the list of created application categories using the kess-control [-A] --get-categories command.
When you add a new category, its information is not automatically updated in the application list. To update the application list, you need to restart the Inventory task.

Page top

Contents

Inventory task (Inventory_Scan, ID:22)

Inventory task settings

Viewing a list of detected applications