Kaspersky Embedded Systems Security for Linux
- Kaspersky Embedded Systems Security 3.4 for Linux Help
- Kaspersky Embedded Systems Security 3.4 for Linux
- What's new
- Preparing to install Kaspersky Embedded Systems Security
- Installation and initial configuration of Kaspersky Embedded Systems Security
- The installation and initial configuration of Kaspersky Security Center Network Agent
- Installing the Kaspersky Embedded Systems Security management plug-ins
- Installing and initially configuring the application using Kaspersky Security Center
- Creating an installation package in the Web Console
- Creating an installation package in the Administration Console
- Preparing an archive with application databases in order to create an installation package with integrated databases
- Autoinstall.ini configuration file parameters
- Getting started using Kaspersky Security Center
- Installing and initially configuring the application using the command line
- Installing the application using the command line
- Post-installation configuration of the application in interactive mode
- Selecting the locale
- Viewing the End User License Agreement and the Privacy Policy
- Accepting the End User License Agreement
- Accepting the Privacy Policy
- Using Kaspersky Security Network
- Removing users from privileged groups
- Assigning the Administrator role to a user
- Determining the file operation interceptor type
- Enabling automatic configuration of SELinux
- Configuring the update source
- Configuring proxy server settings
- Starting an application database update
- Enabling automatic application database update
- Application activation
- Post-installation configuration of the application in automatic mode
- Settings in the configuration file for post-installation configuration
- Configuring permissive rules in the SELinux system
- Running the application on Astra Linux OS in closed software environment mode
- Updating the application from a previous version
- Uninstalling the application
- Application licensing
- Data provision
- Application management concept
- Managing the application using Kaspersky Security Center
- About Kaspersky Embedded Systems Security management plug-ins
- Kaspersky Security Center policies
- Tasks for Kaspersky Embedded Systems Security created in Kaspersky Security Center
- Logging in and out of the Web Console and Cloud Console
- Managing policies in the Web Console
- Managing policies in the Administration Console
- Managing tasks in the Web Console
- Managing tasks in the Administration Console
- Managing the application using the command line
- Enabling automatic addition of kess-control commands (bash completion)
- Task management in the command line
- Displaying task settings in the command line
- Editing task settings in the command line
- Configuring task schedule in the command line
- Managing general application settings in the command line
- Using filters to limit results of queries
- Exporting and importing application settings
- Managing user roles using the command line
- Managing the application using Kaspersky Security Center
- Starting and stopping the application
- Viewing the protection status of a device and information about application performance
- Viewing the protection status of a device in the Web Console
- Viewing the protection status of a device in the Administration Console
- Viewing information about the operation of an application in the Web Console
- Viewing information about the operation of an application in the Administration Console
- Viewing information about the operation of an application in the command line
- Viewing application statistics
- Viewing application statistics in the Web Console
- Viewing application statistics in the Administration Console
- Viewing a list of mount points in the Web Console
- Viewing the list of mount points in the Administration Console
- Viewing application statistics and the list of mount points in the command line
- Collecting system performance metrics
- Updating application databases and modules
- Updating databases and modules
- Updating sources and update scenarios
- Updating application databases and modules in the Web Console
- Updating application databases and modules in the Administration Console
- Updating application databases and modules in the command line
- Updating using Kaspersky Update Utility
- Rolling back application database and module updates
- File Threat Protection
- Malware Scan
- Critical Areas Scan
- Removable Drives Scan
- Firewall Management
- Web Threat Protection
- Encrypted connections scan
- Network Threat Protection
- Protection against remote malicious encryption
- Managing blocked devices
- Application Control
- Inventory
- Device Control
- System Integrity Monitoring
- Real-time System Integrity Monitoring
- System Integrity Check
- Behavior Detection
- Using Kaspersky Security Network
- Advanced application settings
- Configuring a proxy server
- Configuring global exclusions
- Exclude process memory from scans
- Selecting the interception mode for file operations
- Configuring detection of applications that hackers can use to harm
- Enabling application stability monitoring
- Configuring application startup settings
- Limiting the use of resident memory by the application
- Limiting the use of memory and processor resources
- Limiting the number of Custom Scan tasks
- Configuring the transfer of data to Kaspersky Security Center storage
- Configuring permissions for task management
- Enabling or disabling monitoring of namespaces
- Backup
- Viewing events and reports
- Application management via the graphical user interface
- Application components integrity check
- Contact Technical Support
- Appendices
- Appendix 1. Resource consumption optimization
- Appendix 2. Commands for managing Kaspersky Embedded Systems Security
- Commands for managing application tasks and settings
- Statistics commands
- Commands for displaying events
- Commands for managing application events
- Commands for managing license keys
- Commands for Firewall Management
- Commands used to manage blocked devices
- Commands for managing Device Control
- Commands for managing Application Control
- Commands for managing Backup
- Commands for managing users and roles
- Commands for managing system performance metrics
- Appendix 3. Configuration files and default application settings
- Rules for editing application task configuration files
- Preset configuration files
- Default settings for command line tasks
- Default settings for the File_Threat_Protection task (ID:1)
- Default settings for the Scan_My_Computer task (ID:2)
- Default settings for the Scan_File task (ID:3)
- Default settings for the Critical_Areas_Scan task (ID:4)
- Default settings for the Update task (ID:6)
- Default settings for the System_Integrity_Monitoring task (ID:11)
- Default settings for the Firewall_Management task (ID:12)
- Default settings for the Anti_Cryptor task (ID:13)
- Default settings for the Web_Threat_Protection task (ID:14)
- Default settings for the Device_Control task (ID:15)
- Default settings for the Removable_Drives_Scan task (ID:16)
- Default settings for the Network_Threat_Protection task (ID:17)
- Default settings for the Behavior_Detection task (ID:20)
- Default settings for the Application_Control task (ID:21)
- Default settings for the Inventory_Scan task (ID:22)
- General application settings
- Encrypted connections scan settings
- Tasks schedule settings
- Appendix 4. Command line return codes
- Sources of information about Kaspersky Embedded Systems Security
- Glossary
- Active key
- Active policy
- Administration group
- Administration Server
- Application activation
- Application databases
- Application settings
- Database of malicious web addresses
- Database of phishing web addresses
- Exclusion
- False positive
- File mask
- Group policy
- Group task
- Infected object
- Kaspersky update servers
- License
- License certificate
- Object disinfection
- Policy
- Proxy server
- Reserve key
- Startup objects
- Subscription
- Trusted device
- Information about third-party code
- Trademark notices
Application Control > Configuring Application Control in the command line > Configuring the Application Control rule list
Configuring the Application Control rule list
Configuring the Application Control rule list
To view the list of Application Control rules, run the following command:
kess-control --get-settings 21 [--file <path to configuration file>] [--json]
where:
--file <path to configuration file>– full path to the configuration file to which the settings will be exported.--json: output data in JSON format.
Kaspersky Embedded Systems Security displays the following information about Application Control rules:
- Application Control task operation mode;
- the action that Application Control takes upon detecting an attempt to launch an application that matches the configured rule;
- Description of the Application Control rule (if any);
- Operation status of the Application Control rule;
- Name of the application category the rule applies to;
- Access type assigned to a user or user group;
- User or user group to which the Application Control rule applies.
To edit the list of application categories and Application Control rules, run the following command:
kess-control --get-settings 21 [--file <path to configuration file>] [--json]
where:
--file <path to configuration file>– full path to the configuration file from which the settings will be imported.--json– import data from a JSON file.
To delete the list of application categories and Application Control rules, run the following command:
kess-control --set-settings 21 --set-to-default
Article ID: 275921, Last review: Mar 10, 2025