- Kaspersky Endpoint Security 11.2.0 for Linux
- What's new
- Installing the application
- Installing Kaspersky Endpoint Security using the command line
- Initial configuration of the application in interactive mode
- Selecting the locale
- Viewing the End User License Agreement and the Privacy Policy
- Accepting the End User License Agreement
- Accepting the Privacy Policy
- Using Kaspersky Security Network
- Assigning the Administrator role to a user
- Determining the file operation interceptor type
- Configuring the update source
- Configuring proxy server settings
- Downloading application databases
- Enabling automatic application database update
- Application activation
- Initial configuration of the application in automatic mode
- Settings of the Kaspersky Endpoint Security initial setup configuration file
- Installing Network Agent using the command line
- Initial configuration of the Network Agent using the command line
- About Kaspersky Endpoint Security administration web plug-in
- Installing Kaspersky Endpoint Security via Kaspersky Security Center
- Installing Kaspersky Endpoint Security using the Web Console
- Getting started using Kaspersky Security Center
- Activating the application using Kaspersky Security Center
- Running the application on Astra Linux in closed software environment mode
- Configuring permissive rules in the SELinux system
- Updating the application from a previous version
- Uninstalling the application
- Application licensing
- About providing and processing data
- Managing the application using the command line
- Starting and stopping the application
- Displaying Help on the commands
- Enabling the display of events
- Viewing information about the application
- Description of the application commands
- Using filters to limit query results
- Exporting and importing application settings
- Setting the application memory usage limit
- Application components integrity check
- General application settings
- Encrypted connections scan
- User roles
- Managing application tasks using the command line
- View the list of tasks
- Creating a new task
- Editing task settings using a configuration file
- Editing task settings using the command line
- Resetting task settings to their default values
- Starting and stopping a task
- Managing scan scopes from the command line
- Managing exclusion scopes from the command line
- Viewing a task state
- Scheduling a task
- Deleting a task
- File Threat Protection task (File_Threat_Protection, ID:1)
- Virus Scan task (Scan_My_Computer, ID:2)
- Custom Scan task (Scan_File, ID:3)
- Critical Areas Scan task (Critical_Areas_Scan, ID:4)
- Update task (Update, ID:6)
- Rollback task (Rollback, ID:7)
- Licensing task (License, ID:9)
- Storage management task (Backup, ID:10)
- System Integrity Monitoring task (System_Integrity_Monitoring, ID:11)
- Firewall Management task (Firewall_Management, ID:12)
- About network packet rules
- About dynamic rules
- About the predefined network zone names
- Firewall Management task settings
- Adding a network packet rule
- Deleting a network packet rule
- Changing the execution priority of a network packet rule
- Adding a network address to a zone section
- Deleting a network address from a zone section
- Anti-Cryptor task (Anti_Cryptor, ID:13)
- Web Threat Protection task (Web_Threat_Protection, ID:14)
- Device Control task (Device_Control, ID:15)
- Removable Drives Scan task (Removable_Drives_Scan, ID:16)
- Network Threat Protection task (Network_Threat_Protection, ID:17)
- Container Scan task (Container_Scan, ID:18)
- Custom Container Scan task (Custom_Container_Scan, ID:19)
- Behavior Detection task (Behavior_Detection, ID:20)
- Application Control task (Application_Control, ID:21)
- Inventory Scan task (Inventory_Scan, ID:22)
- Participating in Kaspersky Security Network
- Integration with Kaspersky Managed Detection and Response
- KESL container
- Events and reports
- Managing the application using Kaspersky Security Center Administration Console
- Starting and stopping the application on a client device
- Viewing the protection status of a device
- Viewing application settings
- Updating application databases and modules
- Managing policies in the Administration Console
- Policy settings
- File Threat Protection
- Exclusion scopes
- Firewall Management
- Web Threat Protection
- Network Threat Protection
- Kaspersky Security Network
- Application Control
- Anti-Cryptor
- System Integrity Monitoring
- Device Control
- Behavior Detection
- Task management
- Removable Drives Scan
- Proxy server settings
- Application settings
- Container Scan settings
- Managed Detection and Response
- Network settings
- Global exclusions
- Storage settings
- Managing tasks in the Administration Console
- Task settings
- Configuring integration with Kaspersky Managed Detection and Response
- Configuring KESL container settings
- Manually checking the connection with the Administration Server. Klnagchk utility
- Manually connecting to the Administration Server. Klmover utility
- Remote application administration using Kaspersky Security Center Web Console and Kaspersky Security Center Cloud Console
- Logging in and out of the Web Console and Cloud Console
- Starting and stopping the application on a client device
- Updating application databases and modules
- Viewing the protection status of a device
- Managing policies in the Web Console
- Policy settings
- Application settings tab
- File Threat Protection
- Scan exclusions
- Firewall Management
- Web Threat Protection
- Network Threat Protection
- Kaspersky Security Network
- Anti-Cryptor
- System Integrity Monitoring
- Application Control
- Device Control
- Behavior Detection
- Task management
- Removable Drives Scan
- Proxy server settings
- Application settings
- Container Scan settings
- Managed Detection and Response
- Network settings
- Global exclusions
- Storage settings
- Managing tasks in the Web Console
- Task settings
- Virus Scan. Scan settings section
- Virus Scan. Scan scopes section
- Virus Scan. Exclusion scopes section
- Critical Areas Scan. Scan settings section
- Critical Areas Scan. Scan scopes section
- Critical Areas Scan. Exclusion scopes section
- System Integrity Check. Scan settings section
- System Integrity Check. Exclusion scopes section
- Container Scan. Scan settings section
- Container Scan. Exclusion scopes section
- Add Key
- Update. Database update source section
- Update. Settings section
- Rollback
- Inventory. Scan settings section
- Inventory. Exclusion scopes section
- Configuring integration with Kaspersky Managed Detection and Response
- Configuring KESL container settings
- Managing application using graphical user interface
- Contact Technical Support
- Appendices
- Appendix 1. Resource consumption optimization
- Appendix 2. Default task configuration files
- Rules for editing application task configuration files
- File Threat Protection task configuration file
- Virus Scan task configuration file
- Custom Scan task configuration file
- Critical Areas Scan task configuration file
- Update task configuration file
- Storage management task configuration file
- System Integrity Monitoring task configuration file
- Firewall Management task configuration file
- Anti-Cryptor task configuration file
- Web Threat Protection task configuration file
- Device Control task configuration file
- Removable Drives Scan task configuration file
- Network Threat Protection task configuration file
- Container Scan task configuration file
- Inventory Scan task configuration file
- Application Control task configuration file
- Appendix 3. Command line return codes
- Appendix 4. Managing KESL container using REST API
- Appendix 5. Configuring interaction with Kaspersky Anti-Virus for Linux Mail Server
- Sources of information about the application
- Glossary
- Active key
- Active policy
- Administration group
- Administration Server
- Application activation
- Application databases
- Application settings
- Backup
- Database of malicious web addresses
- Database of phishing web addresses
- Exclusion
- False positive
- File mask
- Group policy
- Group task
- Infected object
- Kaspersky update servers
- License
- License certificate
- Object disinfection
- Policy
- Proxy server
- Reserve key
- Startup objects
- Subscription
- Trusted device
- Trusted zone
- Information about third-party code
- Trademark notices
Appendices > Appendix 1. Resource consumption optimization > Configuring the File Threat Protection task
Configuring the File Threat Protection task
Configuring the File Threat Protection task
If, after analysis of the File Threat Protection task's operation, you have created a list of directories and files that can be excluded from the scan scope, you need to add them to the exclusions.
Virus Scan exclusions
To exclude the /tmp/logs directory and all subdirectories and files recursively, execute the following command:
kesl-control --set-settings 1 --add-exclusion /tmp/logs
To exclude a specific file or files by mask in the /tmp/logs directory, execute the following command:
kesl-control --set-settings 1 --add-exclusion /tmp/logs/*.log
To exclude all files with the .log extension in the /tmp/ directory and subdirectories using a recursive mask, execute the following command:
kesl-control --set-settings 1 --add-exclusion /tmp/**/*.log
Interception exclusions
If you want to exclude files in a certain directory not only from scan, but also from interception, you can exclude the entire mount point.
To exclude an entire mount point:
- If the directory is not a mount point, create a mount point from it. For example, to create a mount point from the /tmp directory, execute the following command:
mount --bind /tmp/ /tmp - To keep the mount point after the server reboot, add the following line to the /etc/fstab file:
/tmp /tmp none defaults,bind 0 0 - Add the /tmp directory to the global exceptions by executing the following command:
kesl-control --set-app-settings ExcludedMountPoint.item_0000=/tmp - If you want to add several directories, increase the item_0000 counter by one (item_0001, item_0002, and so on).
It is also recommended to exclude mount points that are mounted remote resources with unstable or slow connection.
Changing scan type
By default, the File Threat Protection task can scan files when they are opened or closed. If analysis of the File Threats Protection task's operation shows that too many files are being written, you can change the file interceptor mode so that it works only when the files are opened by executing the following command:
kesl-control --set-set 1 ScanByAccessType=Open
In this operation mode, changes made to the file after it is opened are not scanned until the next opening of the file.
Article ID: 206102, Last review: Jul 8, 2024