Kaspersky Embedded Systems Security for Linux
- Kaspersky Embedded Systems Security 3.4 for Linux Help
- Kaspersky Embedded Systems Security 3.4 for Linux
- What's new
- Preparing to install Kaspersky Embedded Systems Security
- Installation and initial configuration of Kaspersky Embedded Systems Security
- The installation and initial configuration of Kaspersky Security Center Network Agent
- Installing the Kaspersky Embedded Systems Security management plug-ins
- Installing and initially configuring the application using Kaspersky Security Center
- Creating an installation package in the Web Console
- Creating an installation package in the Administration Console
- Preparing an archive with application databases in order to create an installation package with integrated databases
- Autoinstall.ini configuration file parameters
- Getting started using Kaspersky Security Center
- Installing and initially configuring the application using the command line
- Installing the application using the command line
- Post-installation configuration of the application in interactive mode
- Selecting the locale
- Viewing the End User License Agreement and the Privacy Policy
- Accepting the End User License Agreement
- Accepting the Privacy Policy
- Using Kaspersky Security Network
- Removing users from privileged groups
- Assigning the Administrator role to a user
- Determining the file operation interceptor type
- Enabling automatic configuration of SELinux
- Configuring the update source
- Configuring proxy server settings
- Starting an application database update
- Enabling automatic application database update
- Application activation
- Post-installation configuration of the application in automatic mode
- Settings in the configuration file for post-installation configuration
- Configuring permissive rules in the SELinux system
- Running the application on Astra Linux OS in closed software environment mode
- Updating the application from a previous version
- Uninstalling the application
- Application licensing
- Data provision
- Application management concept
- Managing the application using Kaspersky Security Center
- About Kaspersky Embedded Systems Security management plug-ins
- Kaspersky Security Center policies
- Tasks for Kaspersky Embedded Systems Security created in Kaspersky Security Center
- Logging in and out of the Web Console and Cloud Console
- Managing policies in the Web Console
- Managing policies in the Administration Console
- Managing tasks in the Web Console
- Managing tasks in the Administration Console
- Managing the application using the command line
- Enabling automatic addition of kess-control commands (bash completion)
- Task management in the command line
- Displaying task settings in the command line
- Editing task settings in the command line
- Configuring task schedule in the command line
- Managing general application settings in the command line
- Using filters to limit results of queries
- Exporting and importing application settings
- Managing user roles using the command line
- Managing the application using Kaspersky Security Center
- Starting and stopping the application
- Viewing the protection status of a device and information about application performance
- Viewing the protection status of a device in the Web Console
- Viewing the protection status of a device in the Administration Console
- Viewing information about the operation of an application in the Web Console
- Viewing information about the operation of an application in the Administration Console
- Viewing information about the operation of an application in the command line
- Viewing application statistics
- Viewing application statistics in the Web Console
- Viewing application statistics in the Administration Console
- Viewing a list of mount points in the Web Console
- Viewing the list of mount points in the Administration Console
- Viewing application statistics and the list of mount points in the command line
- Collecting system performance metrics
- Updating application databases and modules
- Updating databases and modules
- Updating sources and update scenarios
- Updating application databases and modules in the Web Console
- Updating application databases and modules in the Administration Console
- Updating application databases and modules in the command line
- Updating using Kaspersky Update Utility
- Rolling back application database and module updates
- File Threat Protection
- Malware Scan
- Critical Areas Scan
- Removable Drives Scan
- Firewall Management
- Web Threat Protection
- Encrypted connections scan
- Network Threat Protection
- Protection against remote malicious encryption
- Managing blocked devices
- Application Control
- Inventory
- Device Control
- System Integrity Monitoring
- Real-time System Integrity Monitoring
- System Integrity Check
- Behavior Detection
- Using Kaspersky Security Network
- Advanced application settings
- Configuring a proxy server
- Configuring global exclusions
- Exclude process memory from scans
- Selecting the interception mode for file operations
- Configuring detection of applications that hackers can use to harm
- Enabling application stability monitoring
- Configuring application startup settings
- Limiting the use of resident memory by the application
- Limiting the use of memory and processor resources
- Limiting the number of Custom Scan tasks
- Configuring the transfer of data to Kaspersky Security Center storage
- Configuring permissions for task management
- Enabling or disabling monitoring of namespaces
- Backup
- Viewing events and reports
- Application management via the graphical user interface
- Application components integrity check
- Contact Technical Support
- Appendices
- Appendix 1. Resource consumption optimization
- Appendix 2. Commands for managing Kaspersky Embedded Systems Security
- Commands for managing application tasks and settings
- Statistics commands
- Commands for displaying events
- Commands for managing application events
- Commands for managing license keys
- Commands for Firewall Management
- Commands used to manage blocked devices
- Commands for managing Device Control
- Commands for managing Application Control
- Commands for managing Backup
- Commands for managing users and roles
- Commands for managing system performance metrics
- Appendix 3. Configuration files and default application settings
- Rules for editing application task configuration files
- Preset configuration files
- Default settings for command line tasks
- Default settings for the File_Threat_Protection task (ID:1)
- Default settings for the Scan_My_Computer task (ID:2)
- Default settings for the Scan_File task (ID:3)
- Default settings for the Critical_Areas_Scan task (ID:4)
- Default settings for the Update task (ID:6)
- Default settings for the System_Integrity_Monitoring task (ID:11)
- Default settings for the Firewall_Management task (ID:12)
- Default settings for the Anti_Cryptor task (ID:13)
- Default settings for the Web_Threat_Protection task (ID:14)
- Default settings for the Device_Control task (ID:15)
- Default settings for the Removable_Drives_Scan task (ID:16)
- Default settings for the Network_Threat_Protection task (ID:17)
- Default settings for the Behavior_Detection task (ID:20)
- Default settings for the Application_Control task (ID:21)
- Default settings for the Inventory_Scan task (ID:22)
- General application settings
- Encrypted connections scan settings
- Tasks schedule settings
- Appendix 4. Command line return codes
- Sources of information about Kaspersky Embedded Systems Security
- Glossary
- Active key
- Active policy
- Administration group
- Administration Server
- Application activation
- Application databases
- Application settings
- Database of malicious web addresses
- Database of phishing web addresses
- Exclusion
- False positive
- File mask
- Group policy
- Group task
- Infected object
- Kaspersky update servers
- License
- License certificate
- Object disinfection
- Policy
- Proxy server
- Reserve key
- Startup objects
- Subscription
- Trusted device
- Information about third-party code
- Trademark notices
Commands for managing encrypted connections scan settings
-N is a prefix indicating that the command belongs to the group of commands for managing secure connections scan settings.
kess-control -N --query
The command outputs lists of exclusions from encrypted connections scanning:
- a list of exclusions added by the user;
- a list of exclusions added by the application;
- list of exclusions received from the application databases.
Command syntax
kess-control -N --query user
kess-control -N --query auto
kess-control -N --query kl
kess-control --clear-web-auto-excluded
This command clears the list of domains that the application has automatically excluded from scanning.
Command syntax
kess-control -N --clear-web-auto-excluded
kess-control --get-net-settings
The command outputs the current encrypted connections scan settings to the console or a configuration file.
Command syntax
kess-control [-N] --get-net-settings [--file <configuration file path>] [--json]
Arguments and options
--file <configuration file path>: the path to the configuration file to output the encrypted connections scan settings to. If you do not specify the --file option, settings will be output to the console.
If you specify the name of a file without its path, the file will be created in the current directory. If a file already exists in the specified path, it will be overwritten. If the specified directory does not exist, no configuration file will be generated.
--json is specified to output the settings in JSON format. If the --json option is not specified, the settings are output in the INI format.
kess-control --set-net-settings
The command configures the encrypted connections scan settings with command options or by importing settings from a configuration file.
Command syntax
Define settings via command options:
kess-control [-N] --set-net-settings <setting name>=<setting value> [<setting name>=<setting value>]
Define settings via a configuration file:
kess-control [-N] --set-net-settings --file <configuration file path> [--json]
Arguments and options
<option name> = <option value >: the name and value of an encrypted connections scan option.
--file <configuration file path>: the full path to the configuration file to import encrypted connections scan settings from.
--json is specified to import the settings from the configuration file into the application in JSON format. If the --json option is not specified, the application attempts to import from an INI file. If the import fails, an error is displayed.
kess-control --list-certificates
This command outputs a list of trusted root certificates.
Command syntax
kess-control [-N] --list-certificates
kess-control --add-certificate
This command adds a certificate to the list of trusted root certificates.
Command syntax
kess-control [-N] --add-certificate <path to certificate>
Arguments and options
<path to certificate> is the path to the certificate file that you want to add (PEM or DER format).
kess-control --remove-certificate
This command removes a certificate from the list of trusted root certificates.
Command syntax
kess-control [-N] --remove-certificate <certificate subject>