Preset configuration files
After the post-installation configuration, the application creates the following configuration files:
- /var/opt/kaspersky/kess/common/agreements.ini
The agreements.ini configuration file contains settings related to the License Agreement, Privacy Policy, and Kaspersky Security Network Statement.
- /var/opt/kaspersky/kess/common/kess.ini
The kess.ini configuration file contains the settings described in the following table.
If necessary, you can edit the values of the settings in these files.
The default values in these files should be changed only under the supervision of Technical Support specialists and in accordance with their instructions.
The kess.ini configuration file settings
Setting |
Description |
Values |
|---|---|---|
The [General] section contains the following settings: |
||
|
The locale used for the localization of texts sent by Kaspersky Embedded Systems Security to Kaspersky Security Center (events, notifications, task results, etc.). The locale of the graphical interface and the application command line depends on the value of the |
The locale in the format specified by RFC 3066. If the |
|
Format of the installed application package. We do not recommend changing the value of this setting manually. The value of the setting is filled in automatically during initial application configuration. |
|
|
Using the fanotify technology to intercept file operations. We do not recommend changing the value of this setting manually. This setting is specified during the initial configuration of the application. |
|
|
Enables generation of trace files at application startup. |
|
|
Display information in trace files that may contain personal data (for example, passwords). |
|
|
Enables asynchronous tracing, in which information is logged to trace files in asynchronously. |
|
|
Enables the creation of a dump file when application failure occurs. |
|
|
Path to the directory where the dump files are stored. |
Default value: /var/opt/kaspersky/kess/common/dumps. Root privileges are required to access the default dump file directory. |
|
The minimum amount of disk memory that will remain after writing a dump file, in megabytes. |
Default value: 300. |
|
Limit on the application's use of memory in megabytes. |
Default value: 8192. |
|
The user's unique device ID. |
The value of the setting is filled in automatically during installation of the application. |
|
The path to the socket for remote connection, through which, for example, the graphical interface and the kess-control utility are connected. |
Default value: /var/run/bl4control. |
|
Limit on the number of subscriptions to changes in files and directories (user watches) in /proc/sys/fs/inotify/max_user_watches. |
Default value: 300000. |
|
Limit on the number of subscriptions to changes in files and directories for a single user. |
Default value: 2048. |
|
The number of environment variables that the application captures from the command call. |
Default value: 50. |
|
Number of arguments that the application captures from the exec call. |
Default value: 20. |
|
Indicates use of a public DNS. If there are errors accessing servers through the system DNS, the application uses a public DNS. This is needed for updating application databases and maintaining device security. The application will use the following public DNSes in this order:
|
The application's requests may contain domain addresses and the user's external IP address, since the application establishes a TCP/UDP connection with the DNS server. This information is necessary, for example, to check the certificate of a web resource when interacting via HTTPS. If the application is using a public DNS server, data processing rules are governed by the Privacy Policy of the corresponding service. If you need to block the application from using a public DNS server, contact Technical Support for a private patch. |
The [Network] section contains the following settings: |
||
|
A mark in the iptables rules for forwarding traffic to the application for processing by Web Threat Protection component. You may need to change this mark if a device with the application runs other software that uses the ninth bit of the TCP packet mask, and a conflict occurs. |
A decimal value or hexadecimal number with the prefix 0x. Default value: 0x100. |
|
A mark in the iptables rules for forwarding traffic to the application for processing by Network Threat Protection component. You may need to change this mark if a device with the application runs other software that uses the ninth bit of the TCP packet mask, and a conflict occurs. |
A decimal value or hexadecimal number with the prefix 0x. Default value: 0x200. |
|
A mark used to indicate packets created or scanned by the application, so that the application does not scan them again. |
A decimal value or hexadecimal number with the prefix 0x. Default value: 0x400. |
|
A mark used to indicate packages created or scanned by the application to prevent them from being logged by the iptable utility. |
A decimal value or hexadecimal number with the prefix 0x. Default value: 0x800. |
|
Number of the routing table. |
Default value: 101. |
The [ScannerImpactStats] section contains the following settings: |
||
|
Enables the tallying of statistics of file and process scanning by the File Threat Protection and Behavior Detection components. |
|
|
The time interval for which the application keeps a tally of file and process scanning statistics by the File Threat Protection and Behavior Detection components before saving the statistics to a trace file and reports. |
Default value: 10 minutes. |
|
The number of files and processes counted by the application during the time interval specified by the |
Default value: 10. |
|
The number of records to be written to reports on the most frequently scanned files and processes for the day. |
Default value: 20. |
The [Watchdog] section contains the following settings: |
||
|
Maximum time to wait for the kess process to finish from the moment the Watchdog server sends the HEADSHOT signal to the kess process. |
Default value: 2 minutes. |
|
The maximum time to wait for the application to start (in minutes), after which the Watchdog server starts the procedure for restarting the kess process. |
Default value: 3 minutes. |
|
Maximum time to wait for the controlled kess process to complete from the moment the Watchdog server sends the SIGKILL signal to the kess process. If the kess process does not finish before this time elapses, the action specified by the --failed-kill setting is performed. |
Default value: 2 days. |
|
The interval with which the application attempts to send a PONG message to the Watchdog server in response to a received PING message. |
Default value: 2000 milliseconds. |
|
Maximum number of consecutive unsuccessful attempts to start the application. |
Default value: 5. |
|
Maximum time interval during which the application should send a message to the Watchdog server. If a message is not received from the application within this time interval, the Watchdog server begins the procedure to restart the kess process. |
Default value: 2 minutes. |
|
Maximum time from the start of the kess process to the moment when a connection with the Watchdog server is established by the application. If the application does not establish a connection in this time interval, the Watchdog server begins the procedure to restart the kess process. |
Default value: 3 minutes. |
|
Maximum time from the moment the application connects to the Watchdog server to the moment the server receives a REGISTER message. |
Default value: 500 milliseconds. |
|
Maximum time to wait for the kess process to finish from the moment the Watchdog server sends the SHUTDOWN signal to the kess process. |
Default value: 2 minutes. |
|
Limit on the use of resident memory by the kess process. If the managed process uses more resident memory than this limit, the Watchdog server begins the procedure to restart the kess process. |
Default value: |
|
Limit on the use of virtual memory by the kess process. If the managed process uses more virtual memory than this limit, the Watchdog server begins the procedure to restart the kess process. |
|
|
Limit on the size of the swap file of the kess process. If the swap file of the managed process exceeds this limit, the Watchdog server begins the procedure to restart the kess process. |
|
|
Enabling application stability monitoring. If application stability monitoring is enabled, the Watchdog server tracks the number of abnormal halts of the application. |
|
|
The path to the file used for application stability monitoring. |
Default value: /var/opt/kaspersky/kess/private/kess_health.log. |
|
Time interval (in seconds) in which the application must experience the specified number of abnormal halts before displaying a notification about unstable operation. |
Default value: 3600 seconds. |
|
Number of abnormal halts of the application that are required before displaying a notification about unstable application operation. |
Default value: 10. If the value is 0, an unstable application notification is not displayed. |
|
Time interval (in seconds) after which the application's unstable status will be cleared. |
Default value: 86400 seconds. |
|
The period with which the Watchdog server calls the open and execve system functions and increments the success counters for these functions. |
Default value: 3 seconds. |
|
The period with which the Watchdog server checks the success counters for the open and execve functions. If the value of the counters is unchanged after this time, the Watchdog server starts the procedure for restarting the kess process. |
Default value: 12 seconds. |
|
The maximum time to wait for the creation of an application dump file, during which the Watchdog server suspends the checking of application activity. If the dump creation has not completed after this time, the Watchdog server starts the procedure for restarting the kess process. |
Possible values: 1–30 minutes. Default value: 2 minutes. |