Kaspersky Embedded Systems Security for Linux
3.3.0
English

Contents

File Threat Protection

File Threat Protection prevents infection of the file system on the user device. File Threat Protection starts automatically with the default settings upon Kaspersky Embedded Systems Security start. It resides in the device operating memory and scans all files that are opened, saved, and launched.

File Threat Protection settings

Setting

Description

Enable File Threat Protection

This check box enables or disables File Threat Protection on all managed devices.

The check box is selected by default.

File Threat Protection mode

In this drop-down list, you can select the File Threat Protection mode:

  • Smart check (default value) – scan a file when there is an attempt to open it and scan it again when there is an attempt to close it if the file has been modified. If a process accesses and modifies a file multiple times in a certain period, the application scans the file again only when the process closes it for the last time.
  • When opened – scan the file on an attempt to open it for reading, execution, or modification.
  • When opened and modified – scan a file on an attempt to open it, and scan it again on an attempt to close it if the file has been modified.

Scan

This group of settings contains buttons that open windows where you can configure the scan scopes and scan settings.

Actions for infected objects

This group of settings contains the Configure button. Clicking this button opens the Actions for infected objects window, where you can configure the actions that Kaspersky Embedded Systems Security performs on detected infected objects.

Page top

[Topic 210477]

Scan scopes window

The table contains the scan scopes. The application will scan files and directories located in the paths specified in the table. By default, the table contains one scan scope that includes all directories of the local file system.

Scan scope settings

Setting

Description

Scope name

Scan scope name.

Path

Path to the directory that the application scans.

Status

The status indicates whether the application scans this scope.

You can add, edit, delete, move up, and move down items in the table.

Clicking the Move down button moves the selected item down in the table.

Kaspersky Embedded Systems Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table.

This button is available if a scope is selected in the table.

Clicking the Move up button moves the selected item up in the table.

Kaspersky Embedded Systems Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table.

This button is available if a scope is selected in the table.

Clicking the Delete button excludes the selected scope from scans.

This button is available if at least one scan scope is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Kaspersky Embedded Systems Security scans objects in the specified scopes in the order they appear in the list of scopes. If necessary, place the subdirectory higher in the list than its parent directory, to configure security settings for a subdirectory that are different from the security settings of the parent directory.

Page top
[Topic 202257]

<Scan scope name> window

In this window, you can add and configure scan scopes.

Scan scope settings

Setting

Description

Scan scope name

Field for entering the scan scope name. This name will be displayed in the table in the Scan scopes window.

The entry field must not be blank.

Use this scope

This check box enables or disables scans of this scope by the application.

If this check box is selected, the application processes this scan scope.

If this check box is cleared, the application does not process this scan scope. You can later include this scope in the component settings by selecting the check box.

The check box is selected by default.

File system, access protocol and path

The settings block lets you set the scan scope.

You can select the file system type in the drop-down list of file systems:

  • Local (default value) – local directories. If this item is selected, you need to indicate the path to the local directory.
  • Mounted – Mounted remote or local directories. If this item is selected, you need to indicate the protocol or name of the file system.
  • Shared — The protected server's file system resources accessible via the Samba or NFS protocol.
  • All remote mounted – all remote directories mounted on the device using the Samba and NFS protocols.
  • All shared — All of the protected server's file system resources accessible via the Samba and NFS protocols.

If Shared or Mounted is selected in the drop-down list of file systems, you can select the remote access protocol in the drop-down list on the right:

  • NFS: remote directories mounted on a device using the NFS protocol.
  • Samba: remote directories mounted on a device using the Samba protocol.
  • Custom – resources of the device's file system specified in the field below.

If Local is selected in the drop-down list of file systems, then in the input field you can enter a path to a directory that you want to add to the scan scope. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

You can use a single ? character to represent any one character in the file or directory name.

The / path is specified by default – the application scans all directories of the local file system.

If the Local type is selected in the drop-down list of file systems, and the path is not specified, the application scans all directories of the local file system.

Filesystem name

The field for entering the name of the file system where the directories that you want to add to the scan scope are located.

The field is available if the Mounted type is selected in the drop-down list of file systems and the Custom item is selected in the drop-down list on the right.

Masks

The list contains name masks for the objects that the application scans.

By default the list contains the * mask (all objects).

You can add, edit, or delete masks.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top

[Topic 248962]

Scan settings window

In this window, you can configure file scan settings while File Threat Protection is enabled.

File Threat Protection settings

Setting

Description

Scan archives

This check box enables or disables scan of archives.

If this check box is selected, Kaspersky Embedded Systems Security scans archives.

To scan an archive, the application has to unpack it first, which may slow down scanning. You can reduce the archive scan duration by enabling and configuring the Skip object if scan takes longer than (sec) and Skip objects larger than (MB) settings in the General scan settings section.

If this check box is cleared, Kaspersky Embedded Systems Security does not scan archives.

This check box is cleared by default.

Scan SFX archives

This check box enables or disables self-extracting archive scans. Self-extracting archives are archives that contain an executable extraction module.

If this check box is selected, Kaspersky Embedded Systems Security scans self-extracting archives.

If this check box is cleared, Kaspersky Embedded Systems Security does not scan self-extracting archives.

This check box is available if the Scan archives check box is unchecked.

This check box is cleared by default.

Scan mail databases

This check box enables or disables scans of mail databases of Microsoft Outlook, Outlook Express, The Bat!, and other mail applications.

If this check box is selected, Kaspersky Embedded Systems Security scans mail database files.

If this check box is cleared, Kaspersky Embedded Systems Security does not scan mail database files.

This check box is cleared by default.

Scan mail format files

This check box enables or disables scan of files of plain-text email messages.

If this check box is selected, Kaspersky Embedded Systems Security scans plain-text messages.

If this check box is cleared, Kaspersky Embedded Systems Security does not scan plain-text messages.

This check box is cleared by default.

Skip text files

Temporary exclusion of files in text format from scans.

If the checkbox is selected, Kaspersky Embedded Systems Security does not scan text files if they are reused by the same process for 10 minutes after the most recent scan. This setting makes it possible to optimize scans of application logs.

If this check box is unselected, Kaspersky Embedded Systems Security scans text files.

This check box is cleared by default.

Skip object if scan takes longer than (sec)

A field for specifying the maximum time to scan an object, in seconds. After the specified time is reached, Kaspersky Embedded Systems Security stops scanning the object.

Available values: 0–9999. If the value is set to 0, the scan time is unlimited.

Default value: 60.

Skip objects larger than (MB)

The field for specifying the maximum size of an archive to scan, in megabytes.

Available values: 0–999999. If the value is set to 0, Kaspersky Embedded Systems Security scans objects of any size.

Default value: 0.

Log clean objects

This check box enables or disables the logging of ObjectProcessed type events.

If this check box is selected, Kaspersky Embedded Systems Security logs ObjectProcessed type events for all scanned objects.

If this check box is cleared, Kaspersky Embedded Systems Security does not log ObjectProcessed type events.

This check box is cleared by default.

Log unprocessed objects

This check box enables or disables the logging ObjectNotProcessed type events if a file cannot be processed during a scan.

If this check box is selected, Kaspersky Embedded Systems Security logs ObjectNotProcessed type events.

If this check box is cleared, Kaspersky Embedded Systems Security does not log ObjectNotProcessed type events.

This check box is cleared by default.

Log packed objects

This check box enables or disables the logging of PackedObjectDetected type events for all packed objects that are detected.

If this check box is selected, Kaspersky Embedded Systems Security logs PackedObjectDetected type events.

If this check box is cleared, Kaspersky Embedded Systems Security does not log PackedObjectDetected type events.

This check box is cleared by default.

Use iChecker technology

This check box enables or disables scan of only new and modified since the last scan files.

If the check box is selected, Kaspersky Embedded Systems Security scans only new or modified since the last scan files.

If the check box is cleared, Kaspersky Embedded Systems Security scans files regardless to the date of creation or modification.

The check box is selected by default.

Use heuristic analysis

This check box enables or disables heuristic analysis during file scans.

The check box is selected by default.

Heuristic analysis level

If the Use heuristic analysis check box is selected, you can select the heuristic analysis level in the drop-down list:

  • Light is the least detailed scan with minimal system load.
  • Medium is a medium scan with balanced system load.
  • Deep is the most detailed scan with maximum system load.
  • Recommended (default value) is the optimal level recommended by Kaspersky experts. It ensures an optimal combination of protection quality and impact on the performance of the protected devices.

Page top

[Topic 236888]

Actions for infected objects window

In this window, you can configure actions to be performed by Kaspersky Embedded Systems Security on detected infected objects:

File Threat Protection settings

Setting

Description

First action

In this drop-down list, you can select the first action to be performed by Kaspersky Embedded Systems Security on an infected object that has been detected:

  • Disinfect the object. A copy of the infected object will be saved in the Storage.
  • Remove the object. A copy of the infected object will be saved in the Storage.
  • Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it (default value).
  • Block access to the object.

Second action

In this drop-down list, you can select the second action to be performed by Kaspersky Embedded Systems Security on an infected object, in case the first action is unsuccessful:

  • Disinfect the object. A copy of the infected object will be saved in the Storage.
  • Remove the object. A copy of the infected object will be saved in the Storage.
  • Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it.
  • Block access to the object (default value).

Page top

[Topic 210480]