Kaspersky Embedded Systems Security for Linux
3.3.0
English

Contents

Container Scan

When the Container Scan task is running, Kaspersky Embedded Systems Security scans containers and images for viruses and other malware. You can run multiple Container Scan tasks simultaneously.

Integration with Docker container management system, CRI-O framework, and Podman and runc utilities is supported.

To use the task, a license that includes the corresponding function is required.

Container scan task settings

Setting

Description

Scan

This group of settings contains buttons that open windows where you can configure the container scan settings and general scan settings.

Task priority

This section lets you specify a priority for a scan task:

  • Low— the scan task is executed with a low priority: no more than 10% of processor resource consumption. Execution of the task takes more time, but the application allocates resources for other tasks.
  • Normal (default value) — the scan task is executed with a normal priority: no more than 50% of all processor resources.
  • High — the scan task is executed with a high priority, without limiting the consumption of processor resources. Specify this value to perform the current scan task faster.

Actions for infected objects

This group of settings contains the Configure button. Clicking this button opens the Actions for infected objects window, where you can configure the actions that the application performs on detected infected objects.

In the Exclusions section, you can also configure exclusions by mask and by the threat name for the Container scan task.

Page top
[Topic 210891]

Container Scan settings window

In this window, you can configure container and image scan settings.

Container and image scan settings

Setting

Description

Scan containers

This check box enables or disables container scans. If the check box is selected, you can specify a name or a name mask for containers to be scanned.

The check box is selected by default.

Name mask

Entry field for a name or a name mask for containers to be scanned.

By default, the * mask is specified – all containers will be scanned.

Action on threat detection

In the drop-down list, you can select the action to be performed on a container when an infected object is detected:

  • Skip container – do not perform any actions on the container when an infected object is detected.
  • Stop container – stop container when an infected object is detected.
  • Stop container if disinfection fails (default value) – stop the container if disinfection of the infected object or elimination of the threat fails.

Due to the way a CRI-O environment works, an infected object is not disinfected or deleted in a container in a CRI-O environment. We recommend to select the Stop Container action.

Scan images

This check box enables or disables the image scan. If the check box is selected, you can specify a name or a name mask for images to be scanned.

The check box is selected by default.

Name mask

Entry field for a name or a name mask for images to be scanned.

By default, the * mask is specified (all images are scanned).

Action on threat detection

In the drop-down list, you can select the action to be performed on an image when an infected object is detected:

  • Skip image (default value) – do not perform any actions on the image when an infected object is detected.
  • Delete image when an infected object is detected (not recommended). All dependencies will also be deleted. Running containers will be stopped, and then deleted.

Scan each layer

This check box enables or disables the scanning of all layers of images and running containers.

This check box is cleared by default.

Page top

[Topic 210893]

Scan settings window

In this window, you can configure the file scan settings for the task.

Scan settings

Setting

Description

Scan archives

This check box enables or disables scan of archives.

If the check box is selected, the application scans the archives.

To scan an archive, the application has to unpack it first, which may slow down scanning. You can reduce the archive scan time by configuring the Skip object if scan takes longer than (sec) and Skip objects larger than (MB) settings in the General scan settings section.

If the check box is cleared, the application does not scan the archives.

The check box is selected by default.

Scan SFX archives

This check box enables or disables self-extracting archive scans. Self-extracting archives are the archives that contain an executable extraction module.

If the check box is selected, the application scans self-extracting archives.

If the check box is cleared, the application does not scan self-extracting archives.

This check box is available if the Scan archives check box is unchecked.

The check box is selected by default.

Scan mail databases

This check box enables or disables scans of mail databases of Microsoft Outlook, Outlook Express, The Bat!, and other mail applications.

If the check box is selected, the application scans mail database files.

If the check box is cleared, the application does not scan mail database files.

This check box is cleared by default.

Scan mail format files

This check box enables or disables scan of files of plain-text email messages.

If this check box is selected, the application scans plain-text messages.

If this check box is cleared, the application does not scan plain-text messages.

This check box is cleared by default.

Skip object if scan takes longer than (sec)

A field for specifying the maximum time to scan an object, in seconds. After the specified time, the application stops scanning the object.

Available values: 0–9999. If the value is set to 0, the scan time is unlimited.

Default value: 0.

Skip objects larger than (MB)

The field for specifying the maximum size of an archive to scan, in megabytes.

Available values: 0–999999. If the value is set to 0, the application scans objects of any size.

Default value: 0.

Log clean objects

This check box enables or disables the logging of ObjectProcessed type events.

If this check box is selected, the application logs events of the ObjectProcessed type for all scanned objects.

If this check box is cleared, the application does not log events of the ObjectProcessed type for any scanned object.

This check box is cleared by default.

Log unprocessed objects

This check box enables or disables the logging ObjectNotProcessed type events if a file cannot be processed during a scan.

If this check box is selected, the application logs the events of the ObjectNotProcessed type.

If this check box is cleared, the application does not log the events of the ObjectNotProcessed type.

This check box is cleared by default.

Log packed objects

This check box enables or disables the logging of PackedObjectDetected type events for all packed objects that are detected.

If this check box is selected, the application logs the events of the PackedObjectDetected type.

If this check box is cleared, the application does not log the events of the PackedObjectDetected type.

This check box is cleared by default.

Use iChecker technology

This check box enables or disables scan of only new and modified since the last scan files.

If the check box is selected, the application scans only new files or the files modified since the last scan.

If the check box is cleared, the application scans the files regardless of the creation or modification date.

The check box is selected by default.

Use heuristic analysis

This check box enables or disables heuristic analysis during file scans.

The check box is selected by default.

Heuristic analysis level

If the Use heuristic analysis check box is selected, you can select the heuristic analysis level in the drop-down list:

  • Light is the least detailed scan with minimal system load.
  • Medium is a medium scan with balanced system load.
  • Deep is the most detailed scan with maximum system load.
  • Recommended (default value) is the optimal level recommended by Kaspersky experts. It ensures an optimal combination of protection quality and impact on the performance of the protected devices.

Page top

[Topic 210861_2]

Actions for infected objects window

In this window, you can configure actions to be performed by Kaspersky Embedded Systems Security on detected infected objects:

Actions for infected objects

Setting

Description

First action

In this drop-down list, you can select the first action to be performed by the application on an infected object that has been detected:

  • Disinfect the object. A copy of the infected object will be saved in the Storage.
  • Remove the object. A copy of the infected object will be saved in the Storage.
  • Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it (default value).
  • Skip the object.

Second action

In this drop-down list, you can select the second action to be performed by the application on an infected object, in case the first action is unsuccessful:

  • Disinfect the object. A copy of the infected object will be saved in the Storage.
  • Remove the object. A copy of the infected object will be saved in the Storage.
  • Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it.
  • Skip the object (default value).

     

Page top

[Topic 210864_2]

Exclusions section

Settings of scan exclusions

Group of settings

Description

Exclusions by mask

This group of settings contains the Configure button, which opens the Exclusions by mask window. In this window, you can configure the exclusion of objects from scans by name mask.

Exclusions by threat name

This group of settings contains the Configure button, which opens the Exclusions by threat name window. In this window, you can configure the exclusion of objects from scans based on threat name.

Page top

[Topic 215330]