Kaspersky Embedded Systems Security for Linux

General application settings

General application settings define the operation of the application as a whole and the operation of individual functions.

General application settings

Setting

Description

Values

SambaConfigPath

Directory that stores the Samba configuration file. The Samba configuration file is required to ensure that the AllShared or Shared:SMB values can be used for the Path setting.

The standard directory of the SAMBA configuration file on the computer is specified by default.

Default value: /etc/samba/smb.conf.

The application must be restarted after this setting is changed.

NfsExportPath

The directory where the NFS configuration file is stored. The NFS configuration file is required to ensure that the AllShared or Shared:NFS values can be used for the Path setting.

The standard directory of the NFS configuration file on the computer is specified by default.

Default value: /etc/exports.

The application must be restarted after this setting is changed.

TraceLevel

Enable application tracing and the level of detail in the trace files.

Detailed – Generate a detailed trace file.

MediumDetailed – Generate a trace file that contains informational messages and error messages.

NotDetailed – Generate a trace file that contains error messages.

None (default value) — Do not generate a trace file.

TraceFolder

The directory that stores the application trace files.

Default value: /var/log/kaspersky/kess.

If you specify a different directory, make sure that the account under which Kaspersky Embedded Systems Security is running has read/write permissions for this directory. Root privileges are required to access the default trace files directory.

The application must be restarted after this setting is changed.

TraceMaxFileCount

Maximum number of application trace files.

1–10000

Default value: 10.

The application must be restarted after this setting is changed.

TraceMaxFileSize

Specifies the maximum size of an application trace file (in megabytes).

1–1000

Default value: 500.

The application must be restarted after this setting is changed.

BlockFilesGreaterMaxFileNamePath

Blocks access to files for which the full path length exceeds the defined settings value specified in bytes. If the length of the full path to the scanned file exceeds the value of this setting, scan tasks skip this file during scanning.

This setting is not available for operating systems that use the fanotify technology.

4096–33554432

Default value: 16384.

After changing the value of this setting, the File Threat Protection task needs to be restarted.

DetectOtherObjects

Enable detection of legitimate applications that intruders can use to compromise devices or data.

Yes: enable detection of legitimate applications that intruders can use to compromise devices or data.

No (default): disable detection of legitimate applications that intruders can use to compromise devices or data.

NamespaceMonitoring

Enabling the use of the namespace mechanism, which also allows scanning files in containers and mandatory access control sessions of the Astra Linux operating system.

The application does not scan namespaces or containers unless components for managing namespaces are installed in the operating system.

Yes (default value) – Enable the namespace mechanism.

No – disable the namespace mechanism.

FileBlockDuringScan

Enabling the file operation intercept mode with blocking access to files for the duration of the scan. The file operation interception mode affects the File Threat Protection and Device Control components.

Yes (default value) to block access to files for the duration of the scan.

No to allow access to files during the scan. Requests to any file is allowed, scanning is done asynchronously. This file operation interception mode has less impact on the system performance, but there is a risk that a threat in a file will not be disinfected or deleted if the file can, for example, change its name during a scan before the application makes a decision on the status of the file.

UseKSN

Enabling Kaspersky Security Network usage:

Basic - enable use of Kaspersky Security Network in standard mode.

Extended - enable use of Kaspersky Security Network in extended mode.

No (default value) — disable use of Kaspersky Security Network.

CloudMode

Enable cloud mode. Cloud mode is available if use of KSN is enabled.

If you plan to use cloud mode, make sure KSN is available on your device.

Yes — enable the mode in which Kaspersky Embedded Systems Security uses a lightweight version of the malware databases.

No (default value) – use the full version of the malware databases.

Cloud mode is disabled automatically if use of KSN is disabled.

UseProxy

Enables the use of a proxy server by Kaspersky Embedded Systems Security components. The proxy server can be used for access to Kaspersky activation servers, to update sources for databases and application modules, to Kaspersky Security Network, and when verifying website certificates using the Web Threat Protection component.

Yes - enable the use of a proxy server.

No (default) - Disable the use of a proxy server.

ProxyServer

Proxy server settings in the following format: <connection protocol>://[<user>[:<password>]@]<proxy server address>[:<port>].

Connecting to a proxy server over HTTPS is not supported.

When connecting via an HTTP proxy, we recommend to use a separate account that is not used to sign in to other systems. An HTTP proxy uses an insecure connection, and the account may be compromised.

 

ProxyBypass

List of addresses in the [<address>[:<port>] format for which the proxy server is to be bypassed. To specify addresses, you can use masks (* symbols) and comments (after a \ symbol).

 

MaxEventsNumber

The maximum number of events stored by the application. When the specified number of events is exceeded, the application deletes the oldest events.

Default value: 500000.

If 0 is specified, events are not saved.

LimitNumberOfScanFileTasks

The maximum number of custom scan tasks that a non-privileged user can simultaneously start on the device. This setting does not limit the number of tasks that a user with root privileges can start.

0–100000

0 means a non-privileged user cannot start custom scan tasks.

Default value: 5.

UseSyslog

Enable logging of information about events to syslog

Root privileges are required to access syslog.

Yes — Enable logging of information about events to syslog.

No (default value) — Disable logging of information about events to syslog.

EventsStoragePath

The database directory where the application saves information about events.

Root privileges are required to access the default event database.

Default value: /var/opt/kaspersky/kess/private/storage/events.db.

ExcludedMountPoint.item_#

The mount point to exclude from the scan scope. The exclusion applies to the operation of the File Threat Protection and Anti-Cryptor components, the Removable Drives Scan task, and is also configured for scan tasks of the ODS type.

You can specify several mount points to be excluded from scans.

Mount points must be specified in the same way as they are displayed in the mount command output.

The ExcludedMountPoint.item_# setting is left unspecified by default.

AllRemoteMounted — Exclude all remote directories mounted on the device using SMB and NFS protocols from file operation interception.

Mounted:NFS — Exclude all remote directories mounted on the device using the NFS protocol from file operation interception.

Mounted:SMB — Exclude all remote directories mounted on the device using the SMB protocol from file operation interception.

Mounted:<file system type> — Exclude all mounted directories with the specified file system type from file operation interception.

/mnt — Exclude objects in the /mnt mount point (including subdirectories) from file operation interception. This directory is used as the temporary mount point for removable drives.

<path that contains the /mnt/user* or /mnt/**/user_share> — Exclude objects in mount points whose names contain the specified mask from file operation interception.

MemScanExcludedProgramPath.item_#

Exclude process memory from scans.

The application does not scan the memory of the indicated process.

<full path to process> – Do not scan the process in the indicated local directory. You can use masks to specify the path.

UseOnDemandCPULimit

Enables CPU usage limits for tasks of the ODS and InventoryScan type.

Yes: enable the CPU usage limit for ODS and InventoryScan tasks.

No (default): disable CPU usage limits for tasks.

OnDemandCPULimit

The maximum utilization of all processor cores (as a percentage) when running tasks of the ODS and InventoryScan type.

10–100

Default value: 100.

BackupDaysToLive

Time period for storing objects in the Backup storage (in days). After the specified time has elapsed, the application deletes the oldest backup copies of files.

To remove the object retention limit, set 0.

0–10000

0–unlimited retention.

Default value: 30.

BackupSizeLimit

Maximum Backup size in MB. When the maximum Backup storage size is reached, the application deletes the oldest backup copies of files.

To remove the Backup size limit, set 0.

0–999999

0–unlimited size.

Default value: 0.

BackupFolder

Path to the Backup directory. You can specify a custom Backup storage directory that is different from the default directory. You can use directories on any device as the Backup storage. It is not recommended to assign directories that are located on remote devices, such as those mounted via the Samba and NFS protocols.

If the specified directory does not exist or is unavailable, the application uses the default directory.

Default value: /var/opt/kaspersky/kess/common/objects-backup/

Root privileges are required to access the default Backup storage directory.

ShowPopUpNotifications

Enables displaying pop-up notifications in the graphical user interface.

Yes (default value) – show pop-up notifications in the graphical user interface.

No – do not show pop-up notifications in the graphical user interface.