Kaspersky Embedded Systems Security for Linux
3.4.0
English

Contents

Appendix 3. Configuration files and default application settings

The following configuration files are used for managing Kaspersky Embedded Systems Security:

In this section

Rules for editing task configuration files

Preset configuration files

Default settings for command line tasks

General application settings

Encrypted connections scan settings

Tasks schedule settings
Page top
[Topic 264013]

Rules for editing application task configuration files

When editing a configuration file, adhere to the following rules:

  • Specify all mandatory settings in the configuration file. You can specify individual task settings without a file using the command line.
  • If a setting belongs to a certain section, specify it only in this section. You can specify the settings in any order within the one section.
  • Enclose the names of sections in square brackets [ ].
  • Enter the values of settings in the format <setting name>=<setting value> (spaces between the a setting name and its value are not processed).

    Example:

    [ScanScope.item_0000]

    AreaDesc=Home

    AreaMask.item_0000=*doc

    Path=/home

    Space and tab characters are ignored before the first quotation mark and after the last quotation mark of a string value, and at the beginning and end of a string value that is not enclosed in quotation marks.

  • If you need to specify several values for a setting, repeat the setting the same number of times as the number of values that you want to specify.

    Example:

    AreaMask.item_0000=*xml

    AreaMask.item_0001=*doc
  • Be case-sensitive when entering values for the following types of settings:
    • Names (masks) of scanned objects and excluded objects.
    • Names (masks) of threats.

    The remaining setting values are not case-sensitive.

  • Specify Boolean setting values as follows: Yes / No.
  • Use quotation marks to enclose string values containing a space character (for example, names of files and directories and their paths, expressions containing the date and time in the format "YYYY-MM-DD HH:MM:SS").

    You can enter the remaining values with or without quotation marks.

    Example:

    AreaDesc="Scanning of email databases"

    A single quotation mark in the beginning or end of a string is considered an error.

Page top
[Topic 201432]

Preset configuration files

After the post-installation configuration, the application creates the following configuration files:

  • /var/opt/kaspersky/kess/common/agreements.ini

    The agreements.ini configuration file contains settings related to the License Agreement, Privacy Policy, and Kaspersky Security Network Statement.

  • /var/opt/kaspersky/kess/common/kess.ini

    The kess.ini configuration file contains the settings described in the following table.

If necessary, you can edit the values of the settings in these files.

The default values in these files should be changed only under the supervision of Technical Support specialists and in accordance with their instructions.

The kess.ini configuration file settings

Setting

Description

Values

The [General] section contains the following settings:

Locale

The locale used for the localization of texts sent by Kaspersky Embedded Systems Security to Kaspersky Security Center (events, notifications, task results, etc.).

The locale of the graphical interface and the application command line depends on the value of the LANG environment variable. If the locale that is not supported by Kaspersky Embedded Systems Security is specified as the value of the LANG environment variable, the graphical interface and the command line are displayed in English.

The locale in the format specified by RFC 3066.

If the Locale setting is not specified, the operating system locale is used. If the application fails to determine the operating system localization language or the operating system localization is not supported, the default value will be used – en_US.utf8.

PackageType

Format of the installed application package.

We do not recommend changing the value of this setting manually. The value of the setting is filled in automatically during initial application configuration.

rpm – an RPM package is installed.

deb – a DEB package is installed.

UseFanotify

Using the fanotify technology to intercept file operations.

We do not recommend changing the value of this setting manually. This setting is specified during the initial configuration of the application.

true/yes – the application uses the fanotify technology to intercept file operations.

false/no – the fanotify technology is not used.

StartupTraces

Enables generation of trace files at application startup.

true/yes – Create trace files at application startup.

false/no (default value) – Do not create trace files at application startup.

RevealSensitiveInfoInTraces

Display information in trace files that may contain personal data (for example, passwords).

true/yes (default value) — display information in application trace files that may contain personal data.

false/no (default value) — do not display information that may contain personal data in trace files.

AsyncTraces

Enables asynchronous tracing, in which information is logged to trace files in asynchronously.

true/yes – enable asynchronous tracing.

false/no (default value) – do not enable asynchronous tracing.

CoreDumps

Enables the creation of a dump file when application failure occurs.

true/yes – Create a dump file when the application crashes.

false/no (default value) – Do not create a dump file when the application crashes.

CoreDumpsPath

Path to the directory where the dump files are stored.

Default value: /var/opt/kaspersky/kess/common/dumps.

Root privileges are required to access the default dump file directory.

MinFreeDiskSpace

The minimum amount of disk memory that will remain after writing a dump file, in megabytes.

Default value: 300.

ScanMemoryLimit

Limit on the application's use of memory in megabytes.

Default value: 8192.

MachineId

The user's unique device ID.

The value of the setting is filled in automatically during installation of the application.

SocketPath

The path to the socket for remote connection, through which, for example, the graphical interface and the kess-control utility are connected.

Default value: /var/run/bl4control.

MaxInotifyWatches

Limit on the number of subscriptions to changes in files and directories (user watches) in /proc/sys/fs/inotify/max_user_watches.

Default value: 300000.

MaxInotifyInstances

Limit on the number of subscriptions to changes in files and directories for a single user.

Default value: 2048.

ExecEnvMax

The number of environment variables that the application captures from the command call.

Default value: 50.

ExecArgMax

Number of arguments that the application captures from the exec call.

Default value: 20.

AdditionalDNSLookup

Indicates use of a public DNS.

If there are errors accessing servers through the system DNS, the application uses a public DNS. This is needed for updating application databases and maintaining device security. The application will use the following public DNSes in this order:

  • Google Public DNS (8.8.8.8).
  • Cloudflare DNS (1.1.1.1).
  • Alibaba Cloud DNS (223.6.6.6).
  • Quad9 DNS (9.9.9.9).
  • CleanBrowsing (185.228.168.168).

true/yes – Use a public DNS to access Kaspersky servers.

false/no (default value) – Do not use a public DNS to access Kaspersky servers.

The application's requests may contain domain addresses and the user's external IP address, since the application establishes a TCP/UDP connection with the DNS server. This information is necessary, for example, to check the certificate of a web resource when interacting via HTTPS. If the application is using a public DNS server, data processing rules are governed by the Privacy Policy of the corresponding service. If you need to block the application from using a public DNS server, contact Technical Support for a private patch.

The [Network] section contains the following settings:

WtpFwMark

A mark in the iptables rules for forwarding traffic to the application for processing by Web Threat Protection component. You may need to change this mark if a device with the application runs other software that uses the ninth bit of the TCP packet mask, and a conflict occurs.

A decimal value or hexadecimal number with the prefix 0x.

Default value: 0x100.

NtpFwMark

A mark in the iptables rules for forwarding traffic to the application for processing by Network Threat Protection component.

You may need to change this mark if a device with the application runs other software that uses the ninth bit of the TCP packet mask, and a conflict occurs.

A decimal value or hexadecimal number with the prefix 0x.

Default value: 0x200.

BypassFwMark

A mark used to indicate packets created or scanned by the application, so that the application does not scan them again.

A decimal value or hexadecimal number with the prefix 0x.

Default value: 0x400.

BypassNFlogMark

A mark used to indicate packages created or scanned by the application to prevent them from being logged by the iptable utility.

A decimal value or hexadecimal number with the prefix 0x.

Default value: 0x800.

ProxyRouteTable

Number of the routing table.

Default value: 101.

The [ScannerImpactStats] section contains the following settings:

CollectFileScanStatistics

Enables the tallying of statistics of file and process scanning by the File Threat Protection and Behavior Detection components.

true/yes (default value) enables the tallying of file and process scanning statistics.

false/no disables the tallying of file and process scanning statistics.

StatCollectionPeriod

The time interval for which the application keeps a tally of file and process scanning statistics by the File Threat Protection and Behavior Detection components before saving the statistics to a trace file and reports.

Default value: 10 minutes.

StatCollectionCount

The number of files and processes counted by the application during the time interval specified by the StatCollectionPeriod parameter and that will be included in the report and trace files.

Default value: 10.

ReportStatAmount

The number of records to be written to reports on the most frequently scanned files and processes for the day.

Default value: 20.

The [Watchdog] section contains the following settings:

TimeoutAfterHeadshot

Maximum time to wait for the kess process to finish from the moment the Watchdog server sends the HEADSHOT signal to the kess process.

Default value: 2 minutes.

StartupTimeout

The maximum time to wait for the application to start (in minutes), after which the Watchdog server starts the procedure for restarting the kess process.

Default value: 3 minutes.

TimeoutAfterKill

Maximum time to wait for the controlled kess process to complete from the moment the Watchdog server sends the SIGKILL signal to the kess process.

If the kess process does not finish before this time elapses, the action specified by the --failed-kill setting is performed.

Default value: 2 days.

PingInterval

The interval with which the application attempts to send a PONG message to the Watchdog server in response to a received PING message.

Default value: 2000 milliseconds.

MaxRestartCount

Maximum number of consecutive unsuccessful attempts to start the application.

Default value: 5.

ActivityTimeout

Maximum time interval during which the application should send a message to the Watchdog server.

If a message is not received from the application within this time interval, the Watchdog server begins the procedure to restart the kess process.

Default value: 2 minutes.

ConnectTimeout

Maximum time from the start of the kess process to the moment when a connection with the Watchdog server is established by the application.

If the application does not establish a connection in this time interval, the Watchdog server begins the procedure to restart the kess process.

Default value: 3 minutes.

RegisterTimeout

Maximum time from the moment the application connects to the Watchdog server to the moment the server receives a REGISTER message.

Default value: 500 milliseconds.

TimeoutAfterShutdown

Maximum time to wait for the kess process to finish from the moment the Watchdog server sends the SHUTDOWN signal to the kess process.

Default value: 2 minutes.

MaxMemory

Limit on the use of resident memory by the kess process.

If the managed process uses more resident memory than this limit, the Watchdog server begins the procedure to restart the kess process.

off – the resident set size is not limited.

<value>% – a value between 1 and 100, expressing a percentage of memory.

<value>MB – a value in megabytes.

lowest/<value>%/<value>MB – the smaller value between the value as a percentage and the value in megabytes.

highest/<value>%/<value>MB – the larger value between the value as a percentage and the value in megabytes.

auto – up to 50% of available memory, but not less than 2GB and not more than 16GB.

Default value: auto.

MaxVirtualMemory

 

Limit on the use of virtual memory by the kess process.

If the managed process uses more virtual memory than this limit, the Watchdog server begins the procedure to restart the kess process.

off (default value) – The virtual memory size is not limited.

<value>MB – a value in megabytes.

MaxSwapMemory

 

Limit on the size of the swap file of the kess process.

If the swap file of the managed process exceeds this limit, the Watchdog server begins the procedure to restart the kess process.

off (default value) – The size of the swap file is not limited.

<value >% – a value between 0 and 100, expressing a percentage of memory.

<value>MB – a value in megabytes.

lowest/<value>%/<value>MB – the smaller value between the value as a percentage and the value in megabytes.

highest/<value>%/<value>MB– the larger value between the value as a percentage and the value in megabytes.

TrackProductCrashes

Enabling application stability monitoring.

If application stability monitoring is enabled, the Watchdog server tracks the number of abnormal halts of the application.

true/yes – enable application stability monitoring.

false/no (default value) – disable application stability monitoring.

ProductHealthLogFile

The path to the file used for application stability monitoring.

Default value: /var/opt/kaspersky/kess/private/kess_health.log.

WarnThreshold

Time interval (in seconds) in which the application must experience the specified number of abnormal halts before displaying a notification about unstable operation.

Default value: 3600 seconds.

WarnAfter_#_crash

Number of abnormal halts of the application that are required before displaying a notification about unstable application operation.

Default value: 10.

If the value is 0, an unstable application notification is not displayed.

WarnRemovingThreshold

Time interval (in seconds) after which the application's unstable status will be cleared.

Default value: 86400 seconds.

SyscallHangProbePeriod

The period with which the Watchdog server calls the open and execve system functions and increments the success counters for these functions.

Default value: 3 seconds.

SyscallHangCheckPeriod

The period with which the Watchdog server checks the success counters for the open and execve functions.

If the value of the counters is unchanged after this time, the Watchdog server starts the procedure for restarting the kess process.

Default value: 12 seconds.

DumpSupendPeriod

The maximum time to wait for the creation of an application dump file, during which the Watchdog server suspends the checking of application activity.

If the dump creation has not completed after this time, the Watchdog server starts the procedure for restarting the kess process.

Possible values: 1–30 minutes.

Default value: 2 minutes.

Page top

[Topic 197654][Topic 265762]

Default settings for the File_Threat_Protection task (ID:1)

ScanArchived=No

ScanSfxArchived=No

ScanMailBases=No

ScanPlainMail=No

SkipPlainTextFiles=No

TimeLimit=60

SizeLimit=0

FirstAction=Recommended

SecondAction=Block

UseExcludeMasks=No

UseExcludeThreats=No

ReportCleanObjects=No

ReportPackedObjects=No

ReportUnprocessedObjects=No

UseAnalyzer=Yes

HeuristicLevel=Recommended

UseIChecker=Yes

ScanByAccessType=SmartCheck

[ScanScope.item_0000]

AreaDesc=All objects

UseScanArea=Yes

Path=/

AreaMask.item_0000=*

Page top
[Topic 197277]

Default settings for the Scan_My_Computer task (ID:2)

ScanFiles=Yes

ScanBootSectors=Yes

ScanComputerMemory=Yes

ScanStartupObjects=Yes

ScanArchived=Yes

ScanSfxArchived=Yes

ScanMailBases=No

ScanPlainMail=No

TimeLimit=0

SizeLimit=0

FirstAction=Recommended

SecondAction=Skip

UseExcludeMasks=No

UseExcludeThreats=No

ReportCleanObjects=No

ReportPackedObjects=No

ReportUnprocessedObjects=No

UseAnalyzer=Yes

HeuristicLevel=Recommended

UseIChecker=Yes

UseGlobalExclusions=Yes

UseOASExclusions=Yes

DeviceNameMasks.item_0000=/**

[ScanScope.item_0000]

AreaDesc=All objects

UseScanArea=Yes

Path=/

AreaMask.item_0000=*

Page top
[Topic 197282]

Default settings for the Scan_File task (ID:3)

ScanFiles=Yes

ScanBootSectors=No

ScanComputerMemory=No

ScanStartupObjects=No

ScanArchived=Yes

ScanSfxArchived=Yes

ScanMailBases=No

ScanPlainMail=No

TimeLimit=0

SizeLimit=0

FirstAction=Recommended

SecondAction=Skip

UseExcludeMasks=No

UseExcludeThreats=No

ReportCleanObjects=No

ReportPackedObjects=No

ReportUnprocessedObjects=No

UseAnalyzer=Yes

HeuristicLevel=Recommended

UseIChecker=Yes

UseGlobalExclusions=Yes

UseOASExclusions=Yes

DeviceNameMasks.item_0000=/**

[ScanScope.item_0000]

AreaDesc=All objects

UseScanArea=Yes

Path=/

AreaMask.item_0000=*

Page top
[Topic 197285]

Default settings for the Critical_Areas_Scan task (ID:4)

ScanFiles=No

ScanBootSectors=Yes

ScanComputerMemory=Yes

ScanStartupObjects=Yes

ScanArchived=Yes

ScanSfxArchived=Yes

ScanMailBases=No

ScanPlainMail=No

TimeLimit=0

SizeLimit=0

FirstAction=Recommended

SecondAction=Skip

UseExcludeMasks=No

UseExcludeThreats=No

ReportCleanObjects=No

ReportPackedObjects=No

ReportUnprocessedObjects=No

UseAnalyzer=Yes

HeuristicLevel=Recommended

UseIChecker=Yes

UseGlobalExclusions=Yes

UseOASExclusions=Yes

DeviceNameMasks.item_0000=/**

[ScanScope.item_0000]

AreaDesc=All objects

UseScanArea=Yes

Path=/

AreaMask.item_0000=*

Page top
[Topic 197288]

Default settings for the Update task (ID:6)

SourceType=KLServers

UseKLServersWhenUnavailable=Yes

ApplicationUpdateMode=DownloadOnly

ConnectionTimeout=10

Page top
[Topic 197292]

Default settings for the System_Integrity_Monitoring task (ID:11)

UseExcludeMasks=No

[ScanScope.item_0000]

AreaDesc=Kaspersky internal objects

UseScanArea=Yes

Path=/opt/kaspersky/kess/

AreaMask.item_0000=*

Page top
[Topic 197310]

Default settings for the Firewall_Management task (ID:12)

DefaultIncomingAction=Allow

DefaultIncomingPacketAction=Allow

OpenNagentPorts=Yes

[NetworkZonesTrusted]

[NetworkZonesLocal]

[NetworkZonesPublic]

Page top
[Topic 197663]

Default settings for the Anti_Cryptor task (ID:13)

ActionOnDetect=Block

BlockTime=30

UseExcludeMasks=No

[ScanScope.item_0000]

AreaDesc=All shared directories

UseScanArea=Yes

Path=AllShared

AreaMask.item_0000=*

Page top
[Topic 197652]

Default settings for the Web_Threat_Protection task (ID:14)

UseTrustedAddresses=Yes

ActionOnDetect=Block

CheckMalicious=Yes

CheckPhishing=Yes

UseHeuristicForPhishing=Yes

CheckAdware=No

CheckOther=No

Page top
[Topic 197329]

Default settings for the Device_Control task (ID:15)

OperationMode=Block

[DeviceClass]

HardDrive=DependsOnBus

RemovableDrive=DependsOnBus

Printer=DependsOnBus

FloppyDrive=DependsOnBus

OpticalDrive=DependsOnBus

Modem=DependsOnBus

TapeDrive=DependsOnBus

MultifuncDevice=DependsOnBus

SmartCardReader=DependsOnBus

PortableDevice=DependsOnBus

WiFiAdapter=DependsOnBus

NetworkAdapter=DependsOnBus

BluetoothDevice=DependsOnBus

ImagingDevice=DependsOnBus

SerialPortDevice=DependsOnBus

ParallelPortDevice=DependsOnBus

InputDevice=DependsOnBus

SoundAdapter=DependsOnBus

[DeviceBus]

USB=Allow

FireWire=Allow

[Schedules.item_0000]

ScheduleName=Default

DaysHours=All

[HardDrivePrincipals.item_0000]

Principal=\Everyone

[HardDrivePrincipals.item_0000.AccessRules.item_0000]

UseRule=Yes

ScheduleName=Default

Access=Allow

[RemovableDrivePrincipals.item_0000]

Principal=\Everyone

[RemovableDrivePrincipals.item_0000.AccessRules.item_0000]

UseRule=Yes

ScheduleName=Default

Access=Allow

[FloppyDrivePrincipals.item_0000]

Principal=\Everyone

[FloppyDrivePrincipals.item_0000.AccessRules.item_0000]

UseRule=Yes

ScheduleName=Default

Access=Allow

[OpticalDrivePrincipals.item_0000]

Principal=\Everyone

[OpticalDrivePrincipals.item_0000.AccessRules.item_0000]

UseRule=Yes

ScheduleName=Default

Access=Allow

Page top
[Topic 197332]

Default settings for the Removable_Drives_Scan task (ID:16)

ScanRemovableDrives=NoScan

ScanOpticalDrives=NoScan

BlockDuringScan=No

Page top
[Topic 197336]

Default settings for the Network_Threat_Protection task (ID:17)

ActionOnDetect=Block

BlockAttackingHosts=Yes

BlockDurationMinutes=60

UseExcludeIPs=No

Page top
[Topic 197339]

Default settings for the Behavior_Detection task (ID:20)

UseTrustedPrograms=No

TaskMode=Block

Page top
[Topic 197349]

Default settings for the Application_Control task (ID:21)

AppControlMode=DenyList

AppControlRulesAction=ApplyRules

UseTrustedCustomCerts=Yes

Page top
[Topic 197709]

Default settings for the Inventory_Scan task (ID:22)

ScanScripts=Yes

ScanBinaries=Yes

ScanAllExecutable=Yes

GoldenImageAction=DoNothing

[ScanScope.item_0000]

AreaDesc=All objects

UseScanArea=Yes

Path=/usr/bin

AreaMask.item_0000=*

Page top
[Topic 197651]

General application settings

General application settings define the operation of the application as a whole and the operation of individual functions.

General application settings

Setting

Description

Values

SambaConfigPath

Directory that stores the Samba configuration file. The Samba configuration file is required to ensure that the AllShared or Shared:SMB values can be used for the Path setting.

The standard directory of the SAMBA configuration file on the computer is specified by default.

Default value: /etc/samba/smb.conf.

The application must be restarted after this setting is changed.

NfsExportPath

The directory where the NFS configuration file is stored. The NFS configuration file is required to ensure that the AllShared or Shared:NFS values can be used for the Path setting.

The standard directory of the NFS configuration file on the computer is specified by default.

Default value: /etc/exports.

The application must be restarted after this setting is changed.

TraceLevel

Enable application tracing and the level of detail in the trace files.

Detailed – Generate a detailed trace file.

MediumDetailed – Generate a trace file that contains informational messages and error messages.

NotDetailed – Generate a trace file that contains error messages.

None (default value) — Do not generate a trace file.

TraceFolder

The directory that stores the application trace files.

Default value: /var/log/kaspersky/kess.

If you specify a different directory, make sure that the account under which Kaspersky Embedded Systems Security is running has read/write permissions for this directory. Root privileges are required to access the default trace files directory.

The application must be restarted after this setting is changed.

TraceMaxFileCount

Maximum number of application trace files.

1–10000

Default value: 10.

The application must be restarted after this setting is changed.

TraceMaxFileSize

Specifies the maximum size of an application trace file (in megabytes).

1–1000

Default value: 500.

The application must be restarted after this setting is changed.

BlockFilesGreaterMaxFileNamePath

Blocks access to files for which the full path length exceeds the defined settings value specified in bytes. If the length of the full path to the scanned file exceeds the value of this setting, scan tasks skip this file during scanning.

This setting is not available for operating systems that use the fanotify technology.

4096–33554432

Default value: 16384.

After changing the value of this setting, the File Threat Protection task needs to be restarted.

DetectOtherObjects

Enable detection of legitimate applications that intruders can use to compromise devices or data.

Yes: enable detection of legitimate applications that intruders can use to compromise devices or data.

No (default): disable detection of legitimate applications that intruders can use to compromise devices or data.

NamespaceMonitoring

Enabling the use of the namespace mechanism, which also allows scanning files in containers and mandatory access control sessions of the Astra Linux operating system.

The application does not scan namespaces or containers unless components for managing namespaces are installed in the operating system.

Yes (default value) – Enable the namespace mechanism.

No – disable the namespace mechanism.

FileBlockDuringScan

Enabling the file operation intercept mode with blocking access to files for the duration of the scan. The file operation interception mode affects the File Threat Protection and Device Control components.

Yes (default value) to block access to files for the duration of the scan.

No to allow access to files during the scan. Requests to any file is allowed, scanning is done asynchronously. This file operation interception mode has less impact on the system performance, but there is a risk that a threat in a file will not be disinfected or deleted if the file can, for example, change its name during a scan before the application makes a decision on the status of the file.

UseKSN

Enabling Kaspersky Security Network usage:

Basic - enable use of Kaspersky Security Network in standard mode.

Extended - enable use of Kaspersky Security Network in extended mode.

No (default value) — disable use of Kaspersky Security Network.

CloudMode

Enable cloud mode. Cloud mode is available if use of KSN is enabled.

If you plan to use cloud mode, make sure KSN is available on your device.

Yes — enable the mode in which Kaspersky Embedded Systems Security uses a lightweight version of the malware databases.

No (default value) – use the full version of the malware databases.

Cloud mode is disabled automatically if use of KSN is disabled.

UseProxy

Enables the use of a proxy server by Kaspersky Embedded Systems Security components. The proxy server can be used for access to Kaspersky activation servers, to update sources for databases and application modules, to Kaspersky Security Network, and when verifying website certificates using the Web Threat Protection component.

Yes - enable the use of a proxy server.

No (default) - Disable the use of a proxy server.

ProxyServer

Proxy server settings in the following format: <connection protocol>://[<user>[:<password>]@]<proxy server address>[:<port>].

Connecting to a proxy server over HTTPS is not supported.

When connecting via an HTTP proxy, we recommend to use a separate account that is not used to sign in to other systems. An HTTP proxy uses an insecure connection, and the account may be compromised.

 

ProxyBypass

List of addresses in the [<address>[:<port>] format for which the proxy server is to be bypassed. To specify addresses, you can use masks (* symbols) and comments (after a \ symbol).

 

MaxEventsNumber

The maximum number of events stored by the application. When the specified number of events is exceeded, the application deletes the oldest events.

Default value: 500000.

If 0 is specified, events are not saved.

LimitNumberOfScanFileTasks

The maximum number of custom scan tasks that a non-privileged user can simultaneously start on the device. This setting does not limit the number of tasks that a user with root privileges can start.

0–100000

0 means a non-privileged user cannot start custom scan tasks.

Default value: 5.

UseSyslog

Enable logging of information about events to syslog

Root privileges are required to access syslog.

Yes — Enable logging of information about events to syslog.

No (default value) — Disable logging of information about events to syslog.

EventsStoragePath

The database directory where the application saves information about events.

Root privileges are required to access the default event database.

Default value: /var/opt/kaspersky/kess/private/storage/events.db.

ExcludedMountPoint.item_#

The mount point to exclude from the scan scope. The exclusion applies to the operation of the File Threat Protection and Anti-Cryptor components, the Removable Drives Scan task, and is also configured for scan tasks of the ODS type.

You can specify several mount points to be excluded from scans.

Mount points must be specified in the same way as they are displayed in the mount command output.

The ExcludedMountPoint.item_# setting is left unspecified by default.

AllRemoteMounted — Exclude all remote directories mounted on the device using SMB and NFS protocols from file operation interception.

Mounted:NFS — Exclude all remote directories mounted on the device using the NFS protocol from file operation interception.

Mounted:SMB — Exclude all remote directories mounted on the device using the SMB protocol from file operation interception.

Mounted:<file system type> — Exclude all mounted directories with the specified file system type from file operation interception.

/mnt — Exclude objects in the /mnt mount point (including subdirectories) from file operation interception. This directory is used as the temporary mount point for removable drives.

<path that contains the /mnt/user* or /mnt/**/user_share> — Exclude objects in mount points whose names contain the specified mask from file operation interception.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

To exclude the mount point /dir, you need to specifically indicate /dir (no asterisk).

The mask /dir/* excludes all mount points at the level below /dir but not /dir itself. The /dir/** mask excludes all mount points below the level of /dir but not /dir itself.

You can use a single ? character to represent any one character in the file or directory name.

MemScanExcludedProgramPath.item_#

Exclude process memory from scans.

The application does not scan the memory of the indicated process.

<full path to process> – Do not scan the process in the indicated local directory. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

You can use a single ? character to represent any one character in the file or directory name.

UseOnDemandCPULimit

Enables CPU usage limits for tasks of the ODS and InventoryScan type.

Yes: enable the CPU usage limit for ODS and InventoryScan tasks.

No (default): disable CPU usage limits for tasks.

OnDemandCPULimit

The maximum utilization of all processor cores (as a percentage) when running tasks of the ODS and InventoryScan type.

10–100

Default value: 100.

BackupDaysToLive

Time period for storing objects in the Backup storage (in days). After the specified time has elapsed, the application deletes the oldest backup copies of files.

To remove the object retention limit, set 0.

0–10000

0–unlimited retention.

Default value: 30.

BackupSizeLimit

Maximum Backup size in MB. When the maximum Backup storage size is reached, the application deletes the oldest backup copies of files.

To remove the Backup size limit, set 0.

0–999999

0–unlimited size.

Default value: 0.

BackupFolder

Path to the Backup directory. You can specify a custom Backup storage directory that is different from the default directory. You can use directories on any device as the Backup storage. It is not recommended to assign directories that are located on remote devices, such as those mounted via the Samba and NFS protocols.

If the specified directory does not exist or is unavailable, the application uses the default directory.

Default value: /var/opt/kaspersky/kess/common/objects-backup/

Root privileges are required to access the default Backup storage directory.

ShowPopUpNotifications

Enables displaying pop-up notifications in the graphical user interface.

Yes (default value) – show pop-up notifications in the graphical user interface.

No – do not show pop-up notifications in the graphical user interface.

Page top

[Topic 264014]

Encrypted connections scan settings

Encrypted connections scan settings

Setting

Description

Values

EncryptedConnectionsScan

Enables or disables encrypted traffic scan.

For the FTP protocol, secure connections scan is disabled by default.

Yes (default value)—Enable secure connection scans.

No: disable encrypted connection scanning. The application does not decrypt the encrypted traffic.

EncryptedConnectionsScanErrorAction

Specifies the action to perform when a secure connection scan error occurs on a website.

AddToAutoExclusions (default value) — Add the domain where an error occurred to the list of domains with scan errors. The application will not monitor encrypted network traffic when this domain is visited.

Disconnect — Block the network connection.

CertificateVerificationPolicy

Specifies the way Kaspersky Embedded Systems Security checks certificates.

If a certificate is self-signed, the application does not perform additional verification.

FullCheck (default value) — The application uses the Internet to check and download the missing chains that are required to verify a certificate.

LocalCheck — The application does not use the Internet to verify a certificate.

UntrustedCertificateAction

The action to take when an unconfirmed certificate is detected.

Allow (default value) — Allow network connections established while visiting a domain with an untrusted certificate.

Block — Block network connections established while visiting a domain with an untrusted certificate.

ManageExclusions

Using exclusions when scanning encrypted traffic.

Yes — Do not scan websites specified under [Exclusions.item_#] (see below).

No (default value) — Scan all websites.

MonitorNetworkPorts

Specifies the way Kaspersky Embedded Systems Security monitors network ports.

Selected (default value) — Monitor only network ports specified in the [NetworkPorts.item_#] section (see below).

All — Monitor all network ports.

Specifying this value may significantly increase an operating system load.

The [Exclusions.item_#] section contains domains excluded from scans. The application does not scan secure connections established when visiting specified domains.

DomainName

Specifies the domain name. You can use masks to specify the domain.

The default value is not defined.

The [NetworkPorts.item_#] section contains the network ports monitored by the application.

PortName

Network port description.

The default value is not defined.

Port

Network port numbers to be monitored by the application.

165535.

The default value is not defined.

Page top

[Topic 261136]

Tasks schedule settings

Task start schedule settings

Setting

Description

Values

RuleType

Task launch schedule.

Once: run the task once.

Monthly: run the task on the specified day and time every month.

Weekly: run the task on the specified day and time every week.

Daily: run the task regularly, at the specified interval in days.

Hourly: run the task regularly, at the specified interval in hours, starting on the specified date and time.

Minutely: run the task regularly, at the specified interval in minutes, starting at the specified time.

Manual – start the task manually.

PS – start the task after starting the application.

BR – start the task after the application databases have been updated.

StartTime

Task start date and time.

The StartTime option is required if the RuleType option is set to one of the following: Once, Monthly, Weekly, Daily, Hourly, or Minutely.

[<year>/<month>/<day of the month>] [hh]:[mm]:[ss]; [<day of the month>|<day of the week>]; [<start periodicity>].

RandomInterval

A time interval from 0 to the specified value (in minutes), which will be added to the task start time to avoid starting tasks at the same time.

Default value: 99 minutes.

RunMissedStartRules

Runs a missed task after the application is started.

Yes (default value) – enable running a missed task after the application is launched.

No: does not enable running a missed task after the application starts.

UseWorkingTimeout

Stops the task upon reaching the maximum task execution time specified by the WorkingTimeout setting. The task will be stopped even if it is not completed. The next launch of the task will be performed according to the schedule.

Yes – Stop the task when the maximum task execution time has been reached.

No (default value) – Do not stop the task when the maximum task execution time has been reached.

WorkingTimeout

The maximum task execution time (in minutes) after which the application stops executing the task if UseWorkingTimeout=yes.

Default value: 120 minutes.

Page top

[Topic 261123]