Kaspersky Embedded Systems Security for Linux
3.3.0
English

Contents

Remote application administration using Kaspersky Security Center Web Console and Kaspersky Security Center Cloud Console

This section contains information about managing Kaspersky Embedded Systems Security using Kaspersky Security Center Cloud Console and Kaspersky Security Center Web Console.

This description is provided for Kaspersky Security Center 14.2.

The Kaspersky Security Center Cloud Console is the cloud version of Kaspersky Security Center. This means that the Administration Server and other components of Kaspersky Security Center are installed in the cloud infrastructure of Kaspersky. Kaspersky Security Center Cloud Console is managed using the cloud-based Administration Console called Kaspersky Security Center Cloud Console. Interface of this console is similar to Kaspersky Security Center Web Console interface. For detailed information about Kaspersky Security Center Cloud Console, refer to the Kaspersky Security Center Cloud Console documentation.

Kaspersky Security Center Web Console (hereinafter also referred to as "Web Console") is a web interface for managing a protection system based on Kaspersky applications. You can work in Kaspersky Security Center Web Console using a browser on any device that has access to the Administration Server. For detailed information about Kaspersky Security Center Web Console, refer to Kaspersky Security Center documentation.

Kaspersky Security Center Web Console lets you do the following:

  • Monitor the status of your organization's security system.
  • Install Kaspersky applications on devices within your network.
  • Manage installed applications.
  • View reports on the security system status.

Kaspersky Embedded Systems Security is managed using Kaspersky Security Center Cloud Console and Kaspersky Security Center Web Console by means of Kaspersky Embedded Systems Security web administration plug-in.

To manage Kaspersky Embedded Systems Security operation using Kaspersky Security Center Cloud Console or Kaspersky Security Center Web Console, assign the devices, on which Kaspersky Embedded Systems Security is installed, to

administration groups
. You can create administration groups in Kaspersky Security Center before Kaspersky Embedded Systems Security installation and configure rules to automatically move the devices to administration groups. You can also manually move the devices to the administration groups after installing Kaspersky Embedded Systems Security (for details, refer to Kaspersky Security Center documentation).

In this Help section

Logging in and out of the Web Console and Cloud Console

Starting and stopping the application on a client device

Viewing the protection status of a device

Updating application databases and modules

Managing policies in the Web Console

Policy settings

Managing tasks in the Web Console

Task settings

Configuring remote diagnostics of client devices
Page top
[Topic 245583]

Logging in and out of the Web Console and Cloud Console

Kaspersky Security Center Web Console

To log in to the Web Console, you need to know the web address and the port number of the Administration Server specified during the Web Console installation (port 8080 is used by default). JavaScript must also be enabled in your browser.

To log in to Web Console:

  1. In your browser, go to the <Administration Server web address>:<port number> address.

    The login page is displayed.

  2. Enter the user name and password for your account.

    It is recommended to make sure that the password complexity and anti-bruteforce mechanisms ensure that the password cannot be guessed within 6 months.

  3. Click Log in.

    If the Administration Server is not responding, or if you enter incorrect credentials, an error message is displayed.

After logging in, a dashboard is displayed with the last language and theme used.

For more details about the Web Console interface, refer to Kaspersky Security Center documentation.

To log out of Web Console:

select <Account name>Exit in the lower left corner of the screen.

The Web Console is closed, and the login page is displayed.

Kaspersky Security Center Cloud Console

For the Kaspersky Security Center Cloud Console, use a web token to log in to your account on the Cloud Console portal.

For detailed information about Kaspersky Security Center Cloud Console, refer to the Kaspersky Security Center Cloud Console documentation.

Page top
[Topic 202114]

Starting and stopping the application on a client device

After installing Kaspersky Embedded Systems Security to a user device, the application is started automatically. Subsequently, the application is launched by default immediately after the operating system starts.

You can monitor the application operation status by using the Protection status web widget in the Monitoring and reports / Dashboard window.

To start or stop the application remotely:

  1. In the main window of the Web Console, select DevicesManaged devices.

    The list of managed devices opens.

  2. In the list, select the device on which you want to start or stop the application, and click the link with the device name to open the device properties window.
  3. Select the Applications tab.
  4. Select the Kaspersky Embedded Systems Security 3.3 for Linux check box.
  5. Click the Start or Stop button.
Page top
[Topic 202131]

Viewing the protection status of a device

To view the protection status of a device:

  1. In the main window of the Web Console, select DevicesManaged devices.

    The list of managed devices opens.

  2. In the list, select the device for which you want to view information, and click the link with the device name to open the device properties window.
  3. On the General tab, select the Protection section.

The Protection section displays the following information about the selected device:

  • Visible in the network is the visibility of the selected device in the network: Yes or No.
  • Device status represents a current status of the selected device, such as OK, Critical, or Warning.
  • Status description represents the reasons for changing the status of the device to Critical or Warning.
  • Protection status represents a status of the File Threat Protection task, such as Running, Stopped, or Paused.
  • Last full check represents date and time when the last full scan task was completed on the selected device.
  • Viruses detected represents a total number of malicious objects detected on the selected device (detected threat counter) since Kaspersky Embedded Systems Security was installed.
  • Objects that failed disinfection represents a number of infected objects that Kaspersky Embedded Systems Security was unable to disinfect.
Page top
[Topic 202138]

Updating application databases and modules

Updating the databases and application modules of Kaspersky Embedded Systems Security ensures up-to-date protection on your device. New viruses, malware, and other types of threats appear worldwide on a daily basis. Kaspersky Embedded Systems Security databases contain information about threats and ways of neutralizing them. To detect threats quickly, you are urged to regularly update the application databases and modules.

The following objects are updated on users' devices:

  • Application databases. Application databases include databases of malware signatures, a description of network attacks, databases of malicious and phishing web addresses, databases of banners, spam databases, and other data.
  • Application modules. Module updates are intended to eliminate vulnerabilities in the application and to improve methods of protecting devices. Module updates may change the behavior of application components and add new capabilities.

Kaspersky Embedded Systems Security supports the following scenarios for updating databases and application modules:

  • Update from Kaspersky servers. Kaspersky update servers are located in different countries around the world, which ensures a high reliability of updates. If an update cannot be performed from one server, Kaspersky Embedded Systems Security switches over to the next server.
  • Centralized update Centralized update reduces external Internet traffic, and provides for convenient monitoring of the update.

    Centralized update consists of the following steps:

    1. Download the update package to a repository within the organization's network.

      The update package is downloaded to the repository by the Download updates to Administration Server repository task of the Administration Server.

    2. Distribute the update package to client devices

      The update package is distributed to the client devices by the Update task of Kaspersky Embedded Systems Security. You can create an unlimited number of update tasks for each administration group.

For the Web Console, by default, the list of update sources contains Kaspersky update servers and Kaspersky Security Center Administration Server. For the Kaspersky Security Center Cloud Console, the default list of update sources contains distribution points and Kaspersky update servers. For more details about distribution points, refer to Kaspersky Security Center Cloud Console documentation.

You can add other update sources to the list. You can specify FTP-, HTTP-, or HTTPS servers as update sources. If an update cannot be performed from an update source, Kaspersky Embedded Systems Security switches to the next update source.

Updates are downloaded from Kaspersky update servers or from other FTP, HTTP, or HTTPS servers over standard network protocols. If connection to a proxy server is required to access the update sources, specify the proxy server settings in the Kaspersky Embedded Systems Security policy settings.

In this section

Updating from the Administration Server repository

Updating using Kaspersky Update Utility

Using a proxy server for updates
Page top
[Topic 202132]

Updating from the Administration Server repository

To save Internet traffic, you can configure updates of application databases and modules on devices on the organization's LAN from a server repository. To do this, in Kaspersky Security Center you need to configure downloading the update package from Kaspersky update servers in the Administration Server repository. Other devices on the organization's LAN will be able to receive the update package from the server repository.

Configuring application database and module updates from the server repository consists of the following steps:

  1. Download application databases and modules to the Administration Server repository using the Download updates to the Administration Server repository task of Kaspersky Security Center.
  2. Configure updates of application databases and modules from the Administration Server repository on the remaining hosts using the Update task.

To configure updates of application databases and modules from the Administration Server repository:

  1. In the main window of Web Console, select DevicesTasks.

    The list of tasks opens.

  2. In the list of tasks, select the Update task for Kaspersky Embedded Systems Security and click the link with the task name to open the task properties window.

    The Update task is created automatically by the Web Console Initial Setup Wizard. To create the Update task, install Kaspersky Embedded Systems Security web plug-in while running the Wizard.

  3. In the task properties window, select the Application settings tab.
  4. In the list on the left, select the Database update source section.

    The task settings are displayed in the right part of the window.

  5. In the Database update source section, select the Kaspersky Security Center Administration Server option.
  6. Select the Use Kaspersky update servers if other update sources are not available check box if you want to the Update task to use Kaspersky update servers if the Administration Server repository is unavailable.
  7. Click Save.
Page top
[Topic 247142]

Updating using Kaspersky Update Utility

To reduce Internet traffic, you can configure updates of application databases and modules on devices of the organization's LAN from a shared directory by using the Kaspersky Update Utility. For this purpose, one of the devices in the organization's LAN must receive update packages from the Kaspersky Security Center Administration Server or from Kaspersky update servers and use the utility to copy the received update packages to the shared directory. Other devices on the organization's LAN will be able to receive the update package from this shared directory.

Configuring application database and module updates from a shared directory consists of the following steps:

  1. Install Kaspersky Update Utility on one of the devices of the organization's LAN.
  2. Configure copying of the update package to the shared directory in the Kaspersky Update Utility settings.
  3. Configure application database and module updates from the specified shared directory to the remaining devices on the organization's LAN.

You can download the Kaspersky Update Utility distribution kit from the Kaspersky Technical Support website. After installing the utility, select the update source (for example, the Administration Server repository) and the shared directory to which the Kaspersky Update Utility will copy update packages. For detailed information about using Kaspersky Update Utility, refer to the Kaspersky Knowledge Base.

To configure updates from a shared directory:

  1. In the main window of Web Console, select DevicesTasks.

    The list of tasks opens.

  2. In the list of tasks, select the Update task for Kaspersky Embedded Systems Security and click the link with the task name to open the task properties window.

    The Update task is created automatically by the Web Console Initial Setup Wizard. To create the Update task, install Kaspersky Embedded Systems Security web plug-in while running the Wizard.

  3. In the task properties window, select the Application settings tab.
  4. In the list on the left, select the Database update source section.

    The task settings are displayed in the right part of the window.

  5. In the Database updates source section, select the Other sources on the local or global network option.
  6. In the table of update sources, click the Add button.
  7. In the Update source field, specify the path to the shared directory.

    The source address must match the address indicated in the Kaspersky Update Utility settings.

  8. Select the Use this source check box and click OK.
  9. In the table, set the order of the update sources using the Up and Down buttons.
  10. Click Save.
Page top
[Topic 202134]

Using a proxy server for updates

You may be required to specify proxy server settings to download database and application module updates from the update source. If there are multiple update sources, proxy server settings are applied for all sources. If a proxy server is not needed for some update sources, you can disable the use of a proxy server in Kaspersky Embedded Systems Security policy settings. The application will also use a proxy server to access Kaspersky Security Network and activation servers.

To enable use of a proxy server for a specific administration group:

  1. In the main window of the Web Console, select the DevicesPolicies and profiles tab.
  2. In the list of policies, select the Kaspersky Embedded Systems Security policy for the administration group on whose devices you want to disable the use of a proxy server. Click the link with the policy name to open the policy properties window.
  3. In the policy properties window, select the Application settings tab.
  4. Select the General settingsProxy server settings section.
  5. In the Proxy server settings section, select the Use specified proxy server settings and specify the required proxy server settings.
  6. Click OK.
  7. Click Save.
Page top
[Topic 202137]

Managing policies in the Web Console

A policy is a set of Kaspersky Embedded Systems Security operation settings applied to an administration group. You can use policies to apply identical Kaspersky Embedded Systems Security settings to all client devices within an administration group.

Multiple policies with different values of the settings can be configured for a single application. However, there can be only one active policy at a time for an application within an administration group. When you create a new policy, all other policies within an administration group become inactive. You can change the policy status later.

Policies have a hierarchy, similarly to administration groups. By default, a child policy inherits the settings from the parent policy. A child policy is a policy of a nested hierarchy level, that is, a policy for nested administration groups and secondary Administration Servers. You can enable inheritance of the settings from the parent policy.

You can locally modify the values of the settings specified by the policy for individual devices within the administration group, if modification of these settings is not prohibited by the policy.

Each policy setting has a "lock" attribute that indicates whether child policy settings and local application settings can be modified. The "lock" status of a setting within a policy determines whether or not an application setting on a client device can be edited:

  • When a setting is "locked" (lock_policy), you cannot edit the setting locally. The setting value specified by the policy is used for all client devices within the administration group.
  • When a setting is "unlocked" (unlock), you can edit the setting locally. For all client devices in the administration group, the settings specified locally are used. The settings specified in the policy are not applied.

After the policy is applied for the first time, the application settings change in accordance with the policy settings.

You can perform the following operations with the policies:

You can also create policy profiles. A policy profile may contain settings that differ from the "base" policy settings and apply to client devices when the configured conditions (activation rules) are met. Using policy profiles allows you to flexibly configure operation settings for different devices. You can create and configure profiles in the Policy profiles section of the policy properties.

For general information on working with policies and policy profiles, refer to Kaspersky Security Center documentation.

In this section

Creating a policy

Editing policy settings

Changing policy status

Actions with policies

Deleting a policy
Page top
[Topic 202218]

Creating a policy

To create a policy:

  1. In the main window of the Web Console, select DevicesPolicies and policy profiles.

    The list of policies opens.

  2. Select the administration group containing client devices to which the policy should be applied. To do so, click the link in the Current path field in the upper part of the window and select an administration group in the window that opens.

    The list displays only the policies configured for the selected administration group.

  3. Click Add.

    The Policy Wizard starts.

  4. Select Kaspersky Embedded Systems Security 3.3 for Linux and click Next.
  5. Decide whether you want to participate in Kaspersky Security Network. Carefully read the Kaspersky Security Network Statement and do one of the following:
    • If you agree with all the terms and conditions of the Statement and want the application to use Kaspersky Security Network, select I confirm that I have fully read, understand, and accept the terms and conditions of Kaspersky Security Network Statement.
    • If you do not want to use Kaspersky Security Network, select I do not accept the terms and conditions of the Kaspersky Security Network Statement and confirm your decision in the window that opens.

    Refusal to use Kaspersky Security Network does not interrupt the policy creation process. You can enable, disable, or change the Kaspersky Security Network mode for the managed devices in the policy settings at any time.

  6. Click Next.

    The General tab of the new policy settings window opens.

  7. On the General tab, you can configure the following policy settings:
    • Policy name.
    • Policy status:
      • Active. The policy that is currently applied to the device.

      If this option is selected, this policy becomes active on the device upon the next device synchronization with the Administration Server. This option is selected by default.

      • Inactive. The policy that is not currently applied to the device.

      If this option is selected, the policy becomes inactive but remains in the Policies folder. You can activate the inactive policy later.

      • Out-of-office. Policy that becomes active when the device leaves the corporate network.

      If this option is selected, the policy becomes active when the device leaves the organization network.

    • Policy settings inheritance:
      • Inherit settings from parent policy. If this option is enabled, the policy settings values are inherited from the upper-level group policy and, therefore, are locked. The check toggle button is switched on by default.
      • Enforce settings inheritance for child policies If this option is enabled, the settings values of the child policies are locked. The toggle button is switched off by default.

    For general information about the policy settings, refer to Kaspersky Security Center documentation.

  8. On the Application settings tab you can modify the policy settings.
  9. Click Save.

The created policy will be displayed in the list of policies. You can change the policy settings later. For general information about managing policies, refer to Kaspersky Security Center documentation.

Page top
[Topic 202224]

Editing policy settings

To edit policy settings:

  1. In the main window of the Web Console, select DevicesPolicies and policy profiles.

    The list of policies opens.

  2. Select the administration group to which the policy is applied. To do so, click the link in the Current path field in the upper part of the window and select an administration group in the window that opens.

    The list displays only the policies configured for the selected administration group.

  3. Select the policy for which you want to modify the settings, and click the link with the policy name to open the policy properties window.
  4. Edit the policy settings.
  5. Click Save.

The policy is saved with the updated settings.

Page top
[Topic 202225]

Changing policy status

To change the policy status:

  1. In the main window of the Web Console, select the DevicesPolicies and profiles tab.

    The list of policies opens.

  2. In the list, select the policy for which you want to modify the status, and click the link with the policy name to open the policy properties window.
  3. On the General tab, in the Policy status section, select the required status:
    • Active. The policy that is currently applied to the device.

    If this option is selected, this policy becomes active on the device upon the next device synchronization with the Administration Server. This option is selected by default.

    • Inactive. The policy that is not currently applied to the device.

    If this option is selected, the policy becomes inactive but remains in the Policies folder. You can activate the inactive policy later.

    • Out-of-office. Policy that becomes active when the device leaves the corporate network.

    If this option is selected, the policy becomes active when the device leaves the organization network.

  4. Click Save.

The policy status is changed.

Page top
[Topic 202227]

Actions with policies

To copy, move, export, or import a policy:

  1. In the main window of the Web Console, select the DevicesPolicies and profiles tab.

    The list of policies opens.

  2. In the list of policies, check the box next to the name of the required policy and click the action button above the list of policies.
Page top
[Topic 246014]

Deleting a policy

To delete a policy:

  1. In the main window of the Web Console, select the DevicesPolicies and profiles tab.

    The list of policies opens.

  2. In the list of policies, select a check box next to the policy that you want to delete.

    You can select several policies to delete them simultaneously.

  3. Click the Delete button above the list of policies.
  4. Confirm the deletion.
Page top
[Topic 202226][Topic 202235]

Application settings tab

On the Application settings tab, you can select a section containing the settings you want to configure.

Sections and subsections

Section

Subsections

Essential Threat Protection

File Threat Protection

Scan exclusions

Firewall Management

Web Threat Protection

Network Threat Protection

Advanced Threat Protection

Kaspersky Security Network

Anti-Cryptor

System Integrity Monitoring

Application Сontrol

Device Control

Behavior Detection

Local Tasks

Task management

Removable Drives Scan

General settings

Proxy server settings

Application settings

Container Scan settings

Network settings

Global exclusions

Storage settings

Page top

[Topic 246052]

File Threat Protection

File Threat Protection prevents infection of the file system on the user device. File Threat Protection starts automatically with the default settings upon Kaspersky Embedded Systems Security start. It resides in the device operating memory and scans all files that are opened, saved, and launched.

File Threat Protection settings

Setting

Description

File Threat Protection enabled / disabled

This toggle button enables or disables File Threat Protection on all managed devices.

The check toggle button is switched on by default.

File Threat Protection mode

In this drop-down list, you can select the File Threat Protection mode:

  • Smart check (default value) – scan a file when there is an attempt to open it and scan it again when there is an attempt to close it if the file has been modified. If a process accesses and modifies a file multiple times in a certain period, the application scans the file again only when the process closes it for the last time.
  • When opened – scan the file on an attempt to open it for reading, execution, or modification.
  • When opened and modified – scan a file on an attempt to open it, and scan it again on an attempt to close it if the file has been modified.

First action

In this drop-down list, you can select the first action to be performed by the application on an infected object that has been detected:

  • Disinfect the object. A copy of the infected object will be moved to the Storage.
  • Remove the object. A copy of the infected object will be moved to the Storage.
  • Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it (default value).
  • Block access to the object.

Second action

In this drop-down list, you can select the second action to be performed by the application on an infected object, in case the first action is unsuccessful:

  • Disinfect the object. A copy of the infected object will be moved to the Storage.
  • Remove the object. A copy of the infected object will be moved to the Storage.
  • Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it.
  • Block access to the object (default value).

Scan scopes

Clicking the Configure scan scopes link opens the Scan scopes window.

Scan archives

This check box enables or disables scan of archives.

If the check box is selected, the application scans the archives.

To scan an archive, the application has to unpack it first, which may slow down scanning. You can reduce the archive scan duration by enabling and configuring the Skip object if scan takes longer than (sec) and Skip objects larger than (MB) settings.

If the check box is cleared, the application does not scan the archives.

This check box is cleared by default.

Scan SFX archives

This check box enables or disables self-extracting archive scans. Self-extracting archives are archives that contain an executable extraction module.

If the check box is selected, the application scans self-extracting archives.

If the check box is cleared, the application does not scan self-extracting archives.

This check box is available if the Scan archives check box is unchecked.

This check box is cleared by default.

Scan mail databases

This check box enables or disables scans of mail databases of Microsoft Outlook, Outlook Express, The Bat!, and other mail applications.

If the check box is selected, the application scans mail database files.

If the check box is cleared, the application does not scan mail database files.

This check box is cleared by default.

Scan mail format files

This check box enables or disables scan of files of plain-text email messages.

If this check box is selected, the application scans plain-text messages.

If this check box is cleared, the application does not scan plain-text messages.

This check box is cleared by default.

Skip text files

Temporary exclusion of files in text format from scans.

If the checkbox is selected, Kaspersky Embedded Systems Security does not scan text files if they are reused by the same process for 10 minutes after the most recent scan. This setting makes it possible to optimize scans of application logs.

If this check box is unselected, Kaspersky Embedded Systems Security scans text files.

This check box is cleared by default.

Skip object if scan takes longer than (sec)

A field for specifying the maximum time to scan an object, in seconds. After the specified time, the application stops scanning the object.

Available values: 0–9999. If the value is set to 0, the scan time is unlimited.

The default value is 60.

Skip objects larger than (MB)

The field for specifying the maximum size of an archive to scan, in megabytes.

Available values: 0–999999. If the value is set to 0, the application scans objects of any size.

The default value is 0.

Log clean objects

This check box enables or disables logging of the ObjectProcessed event.

If this check box is selected, the application logs the ObjectProcessed event for all scanned objects.

If the check box is cleared, the application does not log the event.

This check box is cleared by default.

Log unprocessed objects

This check box enables or disables logging of the ObjectNotProcessed event if a file cannot be processed during scan.

If this check box is selected, the application logs the ObjectNotProcessed event.

If the check box is cleared, the application does not log the event.

This check box is cleared by default.

Log packed objects

This check box enables or disables logging of the PackedObjectDetected event for all packed objects that are detected.

If this check box is selected, the application logs the PackedObjectDetected event.

If the check box is cleared, the application does not log the event.

This check box is cleared by default.

Use iChecker technology

This check box enables or disables scan of only new and modified since the last scan files.

If the check box is selected, the application scans only new files or the files modified since the last scan.

If the check box is cleared, the application scans the files regardless of the creation or modification date.

The check box is selected by default.

Use heuristic analysis

This check box enables or disables heuristic analysis during an object scan.

The check box is selected by default.

Heuristic analysis level

If the Use heuristic analysis check box is selected, you can select the heuristic analysis level in the drop-down list:

  • Light is the least detailed scan with minimal system load.
  • Medium is a medium scan with balanced system load.
  • Deep is the most detailed scan with maximum system load.
  • Recommended (default value) is the optimal level recommended by Kaspersky experts. It ensures an optimal combination of quality of protection and impact on the performance of protected servers.

Page top

[Topic 236891]

Scan scopes window

The table contains the scan scopes. The application will scan files and directories located in the paths specified in the table. By default, the table contains one scan scope that includes all directories of the local file system.

Scan scope settings

Setting

Description

Scope name

Scan scope name.

Path

Path to the directory that the application scans.

Status

The status indicates whether the application scans this scope.

You can add, edit, delete, move up, and move down items in the table.

Clicking the Move down button moves the selected item down in the table.

Kaspersky Embedded Systems Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table.

This button is available if a scope is selected in the table.

Clicking the Move up button moves the selected item up in the table.

Kaspersky Embedded Systems Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table.

This button is available if a scope is selected in the table.

Clicking the Delete button excludes the selected scope from scans.

This button is available if at least one scan scope is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Kaspersky Embedded Systems Security scans objects in the specified scopes in the order they appear in the list of scopes. If necessary, place the subdirectory higher in the list than its parent directory, to configure security settings for a subdirectory that are different from the security settings of the parent directory.

Page top
[Topic 202257_4]

Add scan scope window

In this window, you can add and configure scan scopes.

Scan scope settings

Setting

Description

Scan scope name

Field for entering the scan scope name. This name will be displayed in the table in the Scan scopes window.

The entry field must not be blank.

Use this scope

This check box enables or disables scans of this scope by the application.

If this check box is selected, the application processes this scan scope.

If this check box is cleared, the application does not process this scan scope. You can later include this scope in the component settings by selecting the check box.

The check box is selected by default.

File system, access protocol and path

You can select the type of file system in the drop-down list:

  • Local (default value) – local directories. If this item is selected, you need to indicate the path to the local directory.
  • Mounted – Mounted remote or local directories. If this item is selected, you need to indicate the protocol or name of the file system.
  • Shared — The protected server's file system resources accessible via the Samba or NFS protocol.
  • All remote mounted – all remote directories mounted on the device using the Samba and NFS protocols.
  • All shared — All of the protected server's file system resources accessible via the Samba and NFS protocols.

Access protocol

You can select the remote access protocol in the drop-down list:

  • NFS: remote directories mounted on a device using the NFS protocol.
  • Samba: remote directories mounted on a device using the Samba protocol.
  • Custom – resources of the device's file system specified in the field below.

This drop-down list is available if the Shared or Mounted type is selected in the drop-down list of file systems.

Path

This is the entry field for specifying the path to the directory that you want to include in the scan scope. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

You can use a single ? character to represent any one character in the file or directory name.

The / path is specified by default – the application scans all directories of the local file system.

This field is available if the Local type is selected in the drop-down list of file systems.

If the Local type is selected in the drop-down list of file systems, and the path is not specified, the application scans all directories of the local file system.

Name of shared resource

The field for entering the name of the file system shared resource, where the directories that you want to add to the scan scope are located.

The field is available if the Mounted type is selected in the File system drop-down list and the Custom item is selected in the Access protocol drop-down list.

Masks

The list contains name masks for the objects that the application scans.

By default the list contains the * mask (all objects).

You can add, edit, or delete masks.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top

[Topic 248956]

Scan exclusions

Scan exclusion is a set of conditions. When these conditions are met, Kaspersky Embedded Systems Security does not scan the objects for viruses and other malware. You can also exclude objects by masks and threat names, and configure exclusions for processes.

Settings of scan exclusions

Setting

Description

Exclusion scopes

Clicking the Configure exclusions link opens the Exclusion scopes window. In this window, you can define the list of scan exclusions.

Exclusions by mask

Clicking the Configure exclusions by mask link opens the Exclusions by mask window. In this window, you can configure the exclusion of objects from scans by name mask.

Exclusions by threat name

Clicking the Configure exclusions by threat name link opens the Exclusions by threat name window. In this window, you can configure the exclusion of objects from scans based on threat name.

Exclusions by process

Clicking the Configure exclusions by process link opens the Exclusions by process window. In this window, you can exclude the activity of processes.

Page top

[Topic 249321]

Exclusion scopes window

This table contains scan exclusion scopes. The application does not scan files and directories located at the paths specified in the table. By default, the table is empty.

Exclusion scope settings

Setting

Description

Exclusion scope name

Exclusion scope name.

Path

Path to the directory excluded from scan.

Status

The status indicates whether the application uses this exclusion.

You can add, edit, and delete items in the table.

Clicking the Delete button excludes the selected scope from scans.

This button is available if at least one scan scope is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top
[Topic 197613]

Add exclusion scope window

In this window, you can add and configure exclusion scopes.

Exclusion scope settings

Setting

Description

Exclusion scope name

Field for entering the exclusion scope name. This name will be displayed in the table in the Exclusion scopes window.

The entry field must not be blank.

Use this scope

This check box enables or disables the exclusion of the scope when the application is running.

If the check box is selected, the application excludes this scope from scan or protection during its operation.

If this check box is cleared, the application includes this scan or protection scope during its operation. You can later exclude this scope from scan or protection by selecting the check box.

The check box is selected by default.

File system, access protocol and path

In this drop-down list, you can select the type of file system where the directories that you want to add to scan exclusions are located:

  • Local, for local directories.
  • Mounted, for remote directories mounted on the device.
  • All remote mounted – all remote directories mounted on the device using the Samba and NFS protocols.

Access protocol

You can select the remote access protocol in the drop-down list:

  • NFS: remote directories mounted on a device using the NFS protocol.
  • Samba: remote directories mounted on a device using the Samba protocol.
  • Custom – resources of the device's file system specified in the field below.

This drop-down list is available if the Mounted type is selected in the drop-down list of file systems.

Path

Entry field for the path to the directory that you want to add to the exclusion scope. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

To exclude the mount point /dir, you need to specifically indicate /dir (no asterisk).

The mask /dir/* excludes all mount points at the level below /dir but not /dir itself. The /dir/** mask excludes all mount points below the level of /dir but not /dir itself.

You can use a single ? character to represent any one character in the file or directory name.

The / path is specified by default. The application excludes all directories of the local file system from scan.

This field is available if the Local type is selected in the drop-down list of file systems.

Name of shared resource

The field for entering the name of the file system shared resource, where the directories that you want to add to the exclusion scope are located.

The field is available if the Mounted type is selected in the File system drop-down list and the Custom item is selected in the Access protocol drop-down list.

Masks

The list contains name masks of the objects that the application excludes from scan. Masks are only applied to objects in the directory specified in the Path field.

By default the list contains the * mask (all objects).

You can add, edit, or delete masks.

Clicking the Delete button causes Kaspersky Embedded Systems Security to remove the selected name mask of files excluded from a scan.

This button is available if at least one file mask is selected in the list.

Clicking the mask opens the Object mask window. In this window, in the Define object mask field, you can modify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Clicking the Add button opens the Object mask window. In this window, in the Define object mask field, you can specify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Examples:

The *.txt mask refers to all text files.

The *_my_file_??.html mask refers to html files starting with any characters, and ending with _my_file_ followed by any two characters (for example, 2020_my_file_09.html).

 

Page top

[Topic 248957]

Exclusions by mask window

You can configure the exclusion of objects from scans based on name mask. The application will not scan files whose names contain the specified mask. By default, the list of masks is empty.

You can add, edit, or delete masks.

Clicking the Delete button causes Kaspersky Embedded Systems Security to remove the selected name mask of files excluded from a scan.

This button is available if at least one file mask is selected in the list.

Clicking the mask opens the Object mask window. In this window, in the Define object mask field, you can modify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Clicking the Add button opens the Object mask window. In this window, in the Define object mask field, you can specify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Examples:

The *.txt mask refers to all text files.

The *_my_file_??.html mask refers to html files starting with any characters, and ending with _my_file_ followed by any two characters (for example, 2020_my_file_09.html).

Page top
[Topic 202356]

Exclusions by threat name window

You can configure the exclusion of objects from scans based on threat name. The application will not block the specified threats. By default, the list of threat names is empty.

You can add, edit, and delete threat names.

Clicking the Delete button causes Kaspersky Embedded Systems Security to remove the selected threat from the exclusion list.

This button is available if at least one threat name is selected in the list.

Clicking the threat name in the table opens the Threat name window. In this window, you can edit the name of the threat to be excluded from a scan.

Clicking the Add button opens the Threat name window. In this window, you can define the name of the threat to be excluded from a scan.

Page top
[Topic 246682]

Exclusions by process window

The table contains the exclusion scopes for exclusion by process The exclusion scope for exclusion by process lets you exclude from scans the activity of the indicated process and files modified by the indicated process. By default, the table includes two exclusion scopes that contain paths to the Network Agents. You can remove these exclusions, if necessary.

Exclusion scope settings for exclusion by process

Setting

Description

Exclusion scope name

Exclusion scope name.

Path

Full path to excluded process.

Status

The status indicates whether the application uses this exclusion.

You can add, edit, and delete items in the table.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

Page top
[Topic 249195]

Trusted process window

In this window, you can add and configure exclusion scopes for exclusion by process.

Exclusion scope settings

Setting

Description

Process-based exclusion scope name

Field for entering the Process-based exclusion scope name. This name will be displayed in a table in the Exclusions by process window.

The entry field must not be blank.

Use / Do not use this exclusion

This toggle button enables or disables this scan scope exclusion.

The check toggle button is switched on by default.

Apply to child processes

Exclude child processes of the excluded process indicated by the Path to excluded process setting.

This check box is cleared by default.

Path to excluded process

Full path to the process you want to exclude from scans.

File system, access protocol and path

This group of settings lets you set scan exclusions for files modified by the process.

In the drop-down list of file systems, you can select the type of file system of the directories to be excluded from scans:

  • Local, for local directories.
  • Mounted – mounted directories.
  • Shared displays server file system resources accessible via the Samba or NFS protocol.
  • All remote mounted – all remote directories mounted on the device using the Samba and NFS protocols.
  • All shared displays all server file system resources accessible via the Samba and NFS protocols.

Access protocol

You can select the remote access protocol in the drop-down list:

  • NFS: remote directories mounted on a device using the NFS protocol.
  • Samba: remote directories mounted on a device using the Samba protocol.
  • Custom – resources of the device's file system specified in the field below.

     

The Access protocol drop-down list is available if Mounted or Shared is selected in the drop-down list of file systems.

Path

In the input field, you can enter the path to the directory that you want to add to the exclusion scope. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

To exclude the mount point /dir, you need to specifically indicate /dir (no asterisk).

The mask /dir/* excludes all mount points at the level below /dir but not /dir itself. The /dir/** mask excludes all mount points below the level of /dir but not /dir itself.

You can use a single ? character to represent any one character in the file or directory name.

This field is available if the Local type is selected in the drop-down list of file systems.

Name of shared resource

The field for entering the name of the file system shared resource, where the directories that you want to add to the exclusion scope are located.

The field is available if the Mounted type is selected in the File system drop-down list and the Custom item is selected in the Access protocol drop-down list.

Masks

The list contains name masks of the objects that the application excludes from scan. Masks are applied to objects only inside the directory indicated in the File system, access protocol and path block.

By default the list contains the * mask (all objects).

You can add, edit, or delete masks.

Clicking the Delete button causes Kaspersky Embedded Systems Security to remove the selected name mask of files excluded from a scan.

This button is available if at least one file mask is selected in the list.

Clicking the mask opens the Object mask window. In this window, in the Define object mask field, you can modify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Clicking the Add button opens the Object mask window. In this window, in the Define object mask field, you can specify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Examples:

The *.txt mask refers to all text files.

The *_my_file_??.html mask refers to html files starting with any characters, and ending with _my_file_ followed by any two characters (for example, 2020_my_file_09.html).

 

Page top

[Topic 248959]

Firewall Management

The operating system firewall protects personal data that is stored on the user's device. The firewall blocks most threats to the operating system when the device is connected to the Internet or a LAN. Firewall Management detects all network connections by the user's device and provides a list of IP addresses, as well as an indication of the default network connection's status.

The Firewall Management component filters all network activity according to the network packet rules. Configuring network packet rules lets you specify the desired level of the device protection, from blocking Internet access for all applications to allowing unlimited access.

It is recommended to disable other operating system firewall management tools before enabling the Firewall Management component.

Firewall Management settings

Setting

Description

Firewall Management enabled / disabled

This toggle button enables or disables Firewall Management.

The toggle button is switched off by default.

Network packet rules

Clicking the Configure network packet rules link opens the Network packet rules window. In this window, you can configure the list of network packet rules that are applied by the Firewall Management component when it detects the network connection attempt.

Available networks

Clicking the Configure available networks link opens the Available networks window. In this window, you can configure the list of networks that the Firewall Management component will monitor.

Incoming connections

In this drop-down list, you can select the action to be performed for incoming network connections:

  • Allow network connections (default value).
  • Block network connections.

Incoming packets

In this drop-down list you can select the action to be performed for incoming packets:

  • Allow incoming packets (default value).
  • Block incoming packets.

Always add allowing rules for Network Agent ports

This check box enables or disables automatic adding allowing rules for Network Agent ports.

The check box is selected by default.

Page top

[Topic 202310]

Network packet rules window

The Network packet rules table contains network packet rules that the Firewall Management component uses for network activity monitoring. You can configure the settings described in the table below for network packet rules.

Network packet rules settings

Setting

Description

Name

Network packet rule name.

Action

Action to be performed by Firewall Management when it detects the network activity.

Local address

Network addresses of devices that have Kaspersky Embedded Systems Security installed and can send and/or receive network packets.

Remote address

Network addresses of remote devices that can send and/or receive network packets.

Logging

This column shows if the application logs actions of the network packet rule.

If the value is Yes, the application logs the actions of the network packet rule.

If the value is No, the application does not log the actions of the network packet rule.

By default, the table of network packet rules is empty.

You can add, edit, delete, move up, and move down network packet rules in the table.

Clicking the Move down button moves the selected item down in the table.

This button is available if only one item is selected in the table.

Clicking the Move up button moves the selected item up in the table.

This button is available if only one item is selected in the table.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top
[Topic 202312_1]

Network packet rule window

In this window, you can configure the network packet rule.

Network packet rule settings

Setting

Description

Rule name

The field for entering the name of the network packet rule.

Action

In the drop-down list, you can select an action to be performed by the Firewall Management component when it detects network activity:

  • Block network activity.
  • Allow network activity (default value).

Protocol

In the drop-down list, you can select the type of data transfer protocol for which you want to monitor network activity:

  • Any (default value)
  • GRE
  • ICMP
  • ICMPv6
  • IGMP
  • TCP
  • UDP

Specify ICMP type

This check box lets you specify the ICMP type. The Firewall Management component monitors messages of the specified type sent by the host or gateway.

If this check box is selected, the field for entering the ICMP type is displayed.

This check box is displayed only if ICMP or ICMPv6 data transfer protocol is selected in the Protocol drop-down list.

This check box is cleared by default.

Specify ICMP code

This check box lets you specify the ICMP code. The Firewall Management component monitors messages of the type specified in the field under the ICMP type check box, with the code specified in the field under the ICMP code check box, and sent by the host or gateway.

If this check box is selected, the field for entering the ICMP code is displayed.

This check box is displayed only if ICMP or ICMPv6 data transfer protocol is selected in the Protocol drop-down list. It is available only if the Specify ICMP type check box is selected.

This check box is cleared by default.

Direction

In this drop-down list, you can specify the direction of the monitored network activity:

  • Incoming packets (default value). If this option is selected, the Firewall Management component monitors incoming packets.
  • Incoming. If this option is selected, the Firewall Management component monitors incoming network activity.
  • Incoming/Outgoing. If this option is selected, the Firewall Management component monitors both incoming and outgoing network activity.
  • Incoming/Outgoing packets. If this option is selected, the Firewall Management component monitors both incoming and outgoing packets.
  • Outgoing packets. If this option is selected, the Firewall Management component monitors outgoing packets.
  • Outgoing. If this option is selected, the Firewall Management component monitors outgoing network activity.

Remote address

In this drop-down list, you can specify network addresses of the remote devices that can send and receive network packets:

  • Any address (default value). If this option is selected, the network rule controls network packets sent and received by remote devices with any IP address.
  • All subnet addresses. If this option is selected, the network rule controls network packets sent and received by remote devices with the IP addresses associated with the selected network type: Public networks, Local networks, or Trusted networks.
  • Specified address. If this option is selected, the network rule controls network packets sent and received by the remote devices with IP addresses specified in the Address field.

Specify remote ports

This check box allows you to specify the port numbers of the remote devices between which the connection must be monitored.

If this check box is selected, the field for entering port numbers is displayed.

This check box is displayed only if TCP or UDP data transfer protocol is selected in the Protocol drop-down list.

This check box is cleared by default.

Local address

In this drop-down list, you can specify the network addresses of the devices with Kaspersky Embedded Systems Security installed that can send and receive network packets:

  • Any address (default value). If this item is selected, the network rule controls sending and receiving of network packets by the devices with Kaspersky Embedded Systems Security installed and with any IP address.
  • Specified address. If this item is selected, the network rule controls the specified in the Address field network addresses of the devices with Kaspersky Embedded Systems Security installed that can send and receive network packets.

Specify local ports

This check box allows you to specify the port numbers of the local devices between which the connection must be monitored.

If this check box is selected, the field for entering port numbers is displayed.

This check box is displayed only if TCP or UDP data transfer protocol is selected in the Protocol drop-down list.

This check box is cleared by default.

Log events

This check box lets you specify whether the actions of the network rule are recorded in the report.

If the check box is selected, the application writes the actions of the network rule to the report.

If the check box is cleared, the application does not write the actions of the network rule to the report.

This check box is cleared by default.

Page top

[Topic 202313]

Available networks window

The Available networks table contains the networks controlled by the Firewall Management component. The table of available networks is empty by default.

Available networks settings

Setting

Description

IP address

Network IP address.

Network type

Network type (Public network, Local network, or Trusted network).

You can add, edit, and delete available networks.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top

[Topic 210497_1]

Network connection window

In this window, you can configure the network connection that the Firewall Management component will monitor.

Network connection

Setting

Description

IP address

The field for entering IP address of the network.

Network type

You can select the type of the network:

  • Public
  • Local
  • Trusted

     

Page top

[Topic 214875_1]

Web Threat Protection

While the Web Threat Protection component is running, Kaspersky Embedded Systems Security scans inbound traffic and prevents downloads of malicious files from the Internet and also blocks phishing, adware, or other malicious websites.

The application scans HTTP, HTTPS, and FTP traffic. Also, the application scans websites and IP addresses. You can specify the network ports or network port ranges to be monitored

To monitor HTTPS traffic, enable encrypted connection scans. To monitor FTP traffic, select the Monitor all network ports check box.

Web Threat Protection settings

Setting

Description

Web Threat Protection enabled / disabled

This toggle button enables or disables the Web Threat Protection component.

The toggle button is switched off by default.

Action on threat detection

In this section, you can specify the action that the application performs on the web resource where the dangerous object is detected:

  • Inform the user when a dangerous object is detected in web traffic. Web Threat Protection allows this object to be downloaded to the device. At that, the application logs the information about the dangerous object and adds it to the list of active threats.
  • Block access to all dangerous objects detected in web traffic, display a notification about the blocked access attempts, and log information about the dangerous objects (default value).

Detect malicious objects

This check box enables or disables checking of links against the databases of malicious web addresses.

The check box is selected by default.

Detect phishing links

This check box enables or disables checking of links against the databases of phishing web addresses.

The check box is selected by default.

Use heuristic analysis for detecting phishing links

This check box enables or disables the use of heuristic analysis for detecting phishing links.

This check box is available if the Detect phishing links check box is selected, and is selected by default.

Detect adware

This check box enables or disables checking links against the databases of adware web addresses.

This check box is cleared by default.

Detect legitimate applications that may be used by hackers to harm devices or data

This check box enables or disables checking links against the databases of legitimate applications that can be used by hackers to harm devices or data.

This check box is cleared by default.

Trusted web addresses

This table contains addresses of URLs and web pages whose content you consider trusted.

You can only add HTTP/HTTPS web addresses to the list of trusted web addresses.

You can use masks to specify web addresses. Masks are not supported to specify IP addresses.

When creating an address mask, use an asterisk (*) as a placeholder for one or more characters. If you enter the *abc* address mask, it is applied to all web resources that contain the "abc" sequence (for example, www.virus.com/download_virus/page_0-9abcdef.html). To include the asterisk in the address mask as a character, but not as a mask, enter the * character twice (for example, www.virus.com/**/page_0-9abcdef.html means www.virus.com/*/page_0-9abcdef.html).

By default, the table is empty.

You can add, edit, and remove web addresses in the table.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top

[Topic 234620]

Web address window

In this window, you can add a web address or a web address mask to the list of trusted web addresses.

You can add only HTTP/HTTPS web addresses to the list of trusted web addresses. You can use masks to specify web addresses. Masks are not supported to specify IP addresses.

When creating an address mask, use an asterisk (*) as a placeholder for one or more characters. If you enter the *abc* address mask, it is applied to all web resources that contain the "abc" sequence (for example, www.virus.com/download_virus/page_0-9abcdef.html). To include the asterisk in the address mask as a character, but not as a mask, enter the * character twice (for example, www.virus.com/**/page_0-9abcdef.html means www.virus.com/*/page_0-9abcdef.html).

Page top
[Topic 202328_1]

Network Threat Protection

While the Network Threat Protection component is running, the application scans inbound network traffic for activity that is typical for network attacks. Network Threat Protection is started by default when the application starts.

The application receives the numbers of the TCP ports from the current application databases and scans incoming traffic for these ports. Upon detecting an attempt of a network attack that targets your device, the application blocks network activity from the attacking device and logs an event about the detected network activity.

To scan network traffic, the Network Threat Protection task receives port numbers from the application databases and accepts connections via all these ports. During the network scan process, it may look like an open port on the device, even if no application on the system is listening to this port. It is recommended to close unused ports by means of a firewall.

Network Threat Protection settings

Setting

Description

Network Threat Protection enabled / disabled

This toggle button enables or disables Network Threat Protection.

The check toggle button is switched on by default.

Action on threat detection

Actions performed upon detection of network activity that is typical of network attacks.

  • Inform user. The application allows network activity and logs information about detected network activity.
  • Block network activity from an attacking device and log information about detected network activity (default value).

Blocking attacking devices enabled / disabled

This toggle button enables or disables blocking network activity when a network attack attempt is detected.

The check toggle button is switched on by default.

Block the attacking host for (min)

In this field you can specify the duration an attacking device is blocked in minutes. After the specified time, Kaspersky Embedded Systems Security allows network activity from this device.

Available values: integer from 1 to 32768.

Default value: 60.

Trusted IP addresses

The table contains a list of IP addresses. Network attacks from these addresses will not be blocked. By default, the list is empty.

You can add, edit, and remove IP addresses in the table.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top

[Topic 11396]

IP address window

In this window, you can add and edit IP addresses. Network attacks from these IP addresses will not be blocked by Kaspersky Embedded Systems Security.

IP addresses

Setting

Description

Enter an IP address (IPv4 or IPv6)

Entry field for an IP address.

You can specify IP addresses of IPv4 and IPv6 versions.

Page top

[Topic 202336_1]

Kaspersky Security Network

To increase the protection of devices and user data, Kaspersky Embedded Systems Security can use Kaspersky's cloud-based knowledge base Kaspersky Security Network (KSN) to check the reputation of files, Internet resources, and software. The use of Kaspersky Security Network data ensures a faster response to various threats, high protection component performance, and fewer false positives.

Kaspersky Embedded Systems Security supports the following infrastructure solutions to work with Kaspersky's reputation databases:

  • Kaspersky Security Network (KSN) – A solution that receives information from Kaspersky and sends data about objects detected on user devices to Kaspersky for additional verification by Kaspersky analysts and to add to reputation and statistical databases.
  • Kaspersky Private Security Network (KPSN) – A solution that allows users of devices with Kaspersky Embedded Systems Security installed to access the reputation databases of Kaspersky, as well as other statistical data, without sending data to Kaspersky from their devices. KPSN is designed for corporate clients who can't use Kaspersky Security Network, for example, for the following reasons:
    • No connection of local workplaces to the Internet
    • Legal prohibition or corporate security restrictions on sending any data outside the country or the organization's local network

After changing the Kaspersky Embedded Systems Security license, submit the details of the new key to the service provider in order to be able to use KPSN. Otherwise, data exchange with KPSN will be impossible due to an authentication error.

Use of Kaspersky Security Network is voluntary. Kaspersky Embedded Systems Security suggests using KSN during installation. You can start or stop using KSN at any time.

There are two options for using KSN:

  • KSN with statistics sharing (extended KSN mode) – you can receive information from the Kaspersky knowledge base, while Kaspersky Embedded Systems Security automatically sends statistical information to KSN obtained during its operation. The application can also send to Kaspersky for additional scanning certain files (or parts of files) that intruders can use to harm the device or data.
  • KSN without statistics sharing – you can receive information from the Kaspersky knowledge base, while Kaspersky Embedded Systems Security does not send anonymous statistics and data about the types and sources of threats.

You can start or stop using Kaspersky Security Network at any time. You can also select another Kaspersky Security Network usage option.

No personal data is collected, processed, or stored. Detailed information about the storage, and destruction, and/or submission to Kaspersky of statistical information generated during participation in KSN is available in the Kaspersky Security Network Statement and on Kaspersky's website.

You can read the text of the Kaspersky Security Network Statement in the Kaspersky Security Network Statement window, which can be opened by clicking the Kaspersky Security Network Statement link.

Kaspersky Security Network settings

Setting

Description

Do not use KSN

By selecting this option, you decline to use Kaspersky Security Network.

KSN with statistics sharing (extended KSN mode)

By selecting this option, you accept the terms of use of Kaspersky Security Network. You will be able to receive information from Kaspersky's online knowledge base about the reputation of files, web resources, and software. Also, anonymous statistics and information about the types and sources of various threats will be sent to Kaspersky to improve Kaspersky Security Network.

KSN without statistics sharing

By selecting this option, you accept the terms of use of Kaspersky Security Network. You will be able to receive information from Kaspersky's online knowledge base about the reputation of files, web resources, and software.

Kaspersky Security Network Statement

Clicking this link opens the Kaspersky Security Network Statement window. In this window, you can read the text of the Kaspersky Security Network Statement.

Page top

[Topic 246795]

Kaspersky Security Network Statement

In this window, you can read the text of the Kaspersky Security Network Statement and accept its terms and conditions.

Kaspersky Security Network settings

Setting

Description

I confirm that I have fully read, understand, and accept the terms and conditions of the Kaspersky Security Network Statement

By selecting this option, you confirm that you want to use the Kaspersky Security Network, and you have fully read, understood, and accept the terms and conditions of the Kaspersky Security Network Statement that is displayed.

I do not accept the terms and conditions of the Kaspersky Security Network Statement

By selecting this option, you confirm that you do not want to use Kaspersky Security Network.

Page top

[Topic 246797]

Anti-Cryptor

Anti-Cryptor allows you to protect your files in local directories with network access by SMB/NFS protocols from remote malicious encryption.

While the Anti-Cryptor component is running, Kaspersky Embedded Systems Security scans remote devices calls to access the files located in the shared network directories of the protected device. If the application considers a remote device actions on network file resources to be malicious encrypting, this device is added to a list of untrusted devices and loses access to the shared network directories. The application does not consider activity to be malicious encryption if it is detected in the directories excluded from the protection scope of the Anti-Cryptor component.

For the Anti-Cryptor component to operate correctly, at least one of the services (Samba or NFS) must be installed in the operating system. For the NFS service, the rpcbind package must be installed.

Anti-Cryptor operates correctly with the SMB1, SMB2, SMB3, NFS3, TCP/UDP, and IP/IPv6 protocols. Working with NFS2 and NFS4 protocols is not supported. It is recommended to configure your server settings so that the NFS2 and NFS4 protocols cannot be used to mount resources.

Anti-Cryptor does not block access to network file resources until the device activity is identified as malicious. So, at least one file will be encrypted before the application detects malicious activity.

Anti-Cryptor settings

Setting

Description

Anti-Cryptor protection enabled / disabled

This toggle button enables or disables protection of files in the local directories with network access by SMB/NFS protocols from remote malicious encryption.

The toggle button is switched off by default.

Protection scopes

Clicking the Configure protection scope link opens the Protection scopes window.

Untrusted hosts blocking enabled / disabled

This toggle button enables or disables untrusted hosts blocking.

The check toggle button is switched on by default.

Block untrusted host for (min)

In this field you can specify the untrusted host blocking duration in minutes. After the specified time, Kaspersky Embedded Systems Security removes the untrusted devices from the list of blocked devices. The access of the host to network file resources is restored automatically, after it is deleted from the list of untrusted hosts.

If a compromised host is blocked and you change this setting value, the blocking time for this host will not change. The blocking time is not a dynamic value, and it is calculated at the moment of blocking.

Available values: integer from 1 to 4294967295.

Default value: 30.

Exclusions

Clicking the Configure exclusions link opens the Exclusion scopes window.

Exclusions by mask

Clicking the Configure exclusions by mask link opens the Exclusions by mask window.

Page top

[Topic 202351]

Protection scopes window

The table contains protection scopes of the Anti-Cryptor component. The application will scan files and directories located in the paths specified in the table. By default, the table contains one scan scope that includes all directories of the local file system.

Protection scope settings

Setting

Description

Scope name

Protection scope name.

Path

Path to the directory that the application protects.

Status

The status indicates whether the application scans this scope.

You can add, edit, delete, move up, and move down items in the table.

Clicking the Move down button moves the selected item down in the table.

This button is available if only one item is selected in the table.

Clicking the Move up button moves the selected item up in the table.

This button is available if only one item is selected in the table.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Kaspersky Embedded Systems Security protects objects in the specified scopes in the order they appear in the list of scopes. If necessary, place the subdirectory higher in the list than its parent directory, to configure security settings for a subdirectory that are different from the security settings of the parent directory.

Page top
[Topic 202352]

Add scan scope window

In this window, you can add or configure protection scope for the Anti-Cryptor component.

Protection scope settings

Setting

Description

Scan scope name

Field for entering the protection scope name. This name will be displayed in the table in the Protection scopes window.

The entry field must not be blank.

Use this scope

This check box enables or disables scans of this scope by the application.

If this check box is selected, the application processes this protection scope during the component operation.

If this check box is cleared, the application does not process this protection scope during the component operation. You can later include this scope in the component operation settings by selecting the check box.

The check box is selected by default.

File system, access protocol and path

You can select the type of file system in the drop-down list:

  • Local (default value) – local directories.
  • Shared displays server file system resources accessible via the Samba or NFS protocol.
  • All shared displays all server file system resources accessible via the Samba and NFS protocols.

Access protocol

You can select the remote access protocol in the drop-down list:

  • NFS: remote directories mounted on a device using the NFS protocol.
  • Samba: remote directories mounted on a device using the Samba protocol.

This drop-down list is available if the Shared option is selected in the drop-down list of file systems.

Path

The entry field for specifying the path to the directory that you want to include in the protection scope. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

You can use a single ? character to represent any one character in the file or directory name.

This field is available if the Local type is selected in the drop-down list of file systems.

The field must not be blank.

By default, the / path is specified (root directory).

Masks

This list contains name masks of the objects that the application scans during operation of the Anti-Cryptor component.

By default the list contains the * mask (all objects).

You can add, edit, or delete masks.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top

[Topic 202353]

Exclusion scopes window

This table contains scan exclusion scopes. The application does not scan files and directories located at the paths specified in the table. By default, the table is empty.

Exclusion scope settings

Setting

Description

Exclusion scope name

Exclusion scope name.

Path

Path to the directory excluded from scan.

Status

The status indicates whether the application uses this exclusion.

You can add, edit, and delete items in the table.

Clicking the Delete button excludes the selected scope from scans.

This button is available if at least one scan scope is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top
[Topic 210496_3]

Add exclusion scope window

In this window, you can add and configure exclusion scopes.

Exclusion scope settings

Setting

Description

Exclusion scope name

Field for entering the exclusion scope name. This name will be displayed in the table in the Exclusion scopes window.

The entry field must not be blank.

Use this scope

This check box enables or disables the exclusion of the scope when the application is running.

If the check box is selected, the application excludes this scope from scan or protection during its operation.

If this check box is cleared, the application includes this scan or protection scope during its operation. You can later exclude this scope from scan or protection by selecting the check box.

The check box is selected by default.

File system, access protocol and path

In this drop-down list, you can select the type of file system where the directories that you want to add to scan exclusions are located:

  • Local, for local directories.
  • Mounted, for remote directories mounted on the device.
  • All remote mounted – all remote directories mounted on the device using the Samba and NFS protocols.

Access protocol

You can select the remote access protocol in the drop-down list:

  • NFS: remote directories mounted on a device using the NFS protocol.
  • Samba: remote directories mounted on a device using the Samba protocol.
  • Custom – resources of the device's file system specified in the field below.

This drop-down list is available if the Mounted type is selected in the drop-down list of file systems.

Path

Entry field for the path to the directory that you want to add to the exclusion scope. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

To exclude the mount point /dir, you need to specifically indicate /dir (no asterisk).

The mask /dir/* excludes all mount points at the level below /dir but not /dir itself. The /dir/** mask excludes all mount points below the level of /dir but not /dir itself.

You can use a single ? character to represent any one character in the file or directory name.

The / path is specified by default. The application excludes all directories of the local file system from scan.

This field is available if the Local type is selected in the drop-down list of file systems.

Name of shared resource

The field for entering the name of the file system shared resource, where the directories that you want to add to the exclusion scope are located.

The field is available if the Mounted type is selected in the File system drop-down list and the Custom item is selected in the Access protocol drop-down list.

Masks

The list contains name masks of the objects that the application excludes from scan. Masks are only applied to objects in the directory specified in the Path field.

By default the list contains the * mask (all objects).

You can add, edit, or delete masks.

Clicking the Delete button causes Kaspersky Embedded Systems Security to remove the selected name mask of files excluded from a scan.

This button is available if at least one file mask is selected in the list.

Clicking the mask opens the Object mask window. In this window, in the Define object mask field, you can modify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Clicking the Add button opens the Object mask window. In this window, in the Define object mask field, you can specify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Examples:

The *.txt mask refers to all text files.

The *_my_file_??.html mask refers to html files starting with any characters, and ending with _my_file_ followed by any two characters (for example, 2020_my_file_09.html).

 

Page top

[Topic 248957_1]

Exclusions by mask window

You can configure the exclusion of objects from scans based on name mask. The application will not scan files whose names contain the specified mask. By default, the list of masks is empty.

You can add, edit, or delete masks.

Clicking the Delete button causes Kaspersky Embedded Systems Security to remove the selected name mask of files excluded from a scan.

This button is available if at least one file mask is selected in the list.

Clicking the mask opens the Object mask window. In this window, in the Define object mask field, you can modify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Clicking the Add button opens the Object mask window. In this window, in the Define object mask field, you can specify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Examples:

The *.txt mask refers to all text files.

The *_my_file_??.html mask refers to html files starting with any characters, and ending with _my_file_ followed by any two characters (for example, 2020_my_file_09.html).

Page top
[Topic 202356_1]

System Integrity Monitoring

System Integrity Monitoring is designed to track the actions performed on files and directories in the monitoring scope specified in the component operation settings. You can use System Integrity Monitoring to track the file changes that may indicate a security breach on a protected device.

To use the component, a license that includes the corresponding function is required.

System Integrity Monitoring settings

Setting

Description

System Integrity Monitoring enabled / disabled

This toggle button enables or disables System Integrity Monitoring.

The toggle button is switched off by default.

Monitoring scopes

Clicking the Configure monitoring scopes link opens the Monitoring scopes window.

Monitoring exclusions

Clicking the Configure monitoring exclusion scopes link opens the Exclusion scopes window.

Exclusions by mask

Clicking the Configure exclusions by mask link opens the Exclusions by mask window.

Page top

[Topic 202363]

Monitoring scopes window

The table contains monitoring scopes for the System Integrity Monitoring component. The application monitors files and directories located in the paths specified in the table. By default, the table contains the Kaspersky internal objects (/opt/kaspersky/kess/) monitoring scope.

Monitoring scope settings for System Integrity Monitoring

Setting

Description

Scope name

Monitoring scope name.

Path

Path to the directory that the application protects.

Status

The status indicates whether the application scans this scope.

You can add, edit, delete, move up, and move down items in the table.

Clicking the Move down button moves the selected item down in the table.

This button is available if only one item is selected in the table.

Clicking the Move up button moves the selected item up in the table.

This button is available if only one item is selected in the table.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Kaspersky Embedded Systems Security scans objects in the specified scopes, in the order they appear in the list of scopes. If necessary, place the subdirectory higher in the list than its parent directory, to configure security settings for a subdirectory that are different from the security settings of the parent directory.

Page top

[Topic 202280]

Add monitoring scope window

In this window, you can add and configure monitoring scope for the System Integrity Monitoring component.

Monitoring scope settings

Setting

Description

Scan scope name

Field for entering the monitoring scope name. This name will be displayed in the table in the Monitoring scopes window.

The entry field must not be blank.

Use this scope

This check box enables or disables scans of this scope by the application.

If this check box is selected, the application controls this monitoring scope during the operation.

If this check box is cleared, the application does not control this monitoring scope during the operation. You can later include this scope in the component settings by selecting the check box.

The check box is selected by default.

File system, access protocol and path

Entry field for the path to the local directory that you want to include in the monitoring scope. You can use masks to specify the path. The field must not be blank.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

You can use a single ? character to represent any one character in the file or directory name.

The / path is specified by default – the application scans all directories of the local file system.

Masks

The list contains name masks for the objects that the application scans.

By default the list contains the * mask (all objects).

You can add, edit, or delete masks.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top

[Topic 218554]

Exclusion scopes window

The table contains monitoring exclusion scopes for the System Integrity Monitoring component. The application does not scan files and directories located at the paths specified in the table. By default, the table is empty.

Monitoring exclusion scope settings

Setting

Description

Exclusion scope name

Exclusion scope name.

Path

Path to the directory excluded from monitoring.

Status

Indicates whether the application excludes this scope from monitoring during the component operation.

You can add, edit, and delete items in the table.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top
[Topic 202410_1]

Add exclusion scope window

In this window, you can add or configure the monitoring exclusion scope for the System Integrity Monitoring component.

Monitoring exclusion scope settings

Setting

Description

Exclusion scope name

Field for entering the exclusion scope name. This name will be displayed in the table in the Exclusion scopes window. The entry field must not be blank.

Use this scope

The check box enables or disables the exclusion of the scope from monitoring when the application is running.

If this check box is selected, the application excludes this scope from monitoring during the component operation.

If this check box is cleared, the application monitors this scope during the component operation. You can later exclude this scope from monitoring by selecting the check box.

The check box is selected by default.

File system, access protocol and path

Entry field for the path to the local directory that you want to add to the exclusion scope. You can use masks to specify the path. The field must not be blank.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

To exclude the mount point /dir, you need to specifically indicate /dir (no asterisk).

The mask /dir/* excludes all mount points at the level below /dir but not /dir itself. The /dir/** mask excludes all mount points below the level of /dir but not /dir itself.

You can use a single ? character to represent any one character in the file or directory name.

The / path is specified by default. The application excludes all directories of the local file system from scan.

Masks

The list contains name masks of the objects that the application excludes from the monitoring.

By default the list contains the * mask (all objects).

You can add, edit, or delete masks.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top

[Topic 219604]

Exclusions by mask window

You can configure the exclusion of objects from monitoring based on name masks. The application does not scan the files with the names containing the specified masks. By default, the list of masks is empty.

You can add, edit, or delete masks.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens the Object mask window. In this window, in the Define object mask field, you can specify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Examples:

The *.txt mask refers to all text files.

The *_my_file_??.html mask refers to html files starting with any characters, and ending with _my_file_ followed by any two characters (for example, 2020_my_file_09.html).

Page top
[Topic 202412_2]

Application Сontrol

During execution of the Application Control task, Kaspersky Embedded Systems Security controls the launching of applications on user devices. This helps reduce the risk of device infection by restricting access to applications. Application launching is regulated by Application Control rules.

Application Control can operate in two modes:

  • Denylist. In this mode Kaspersky Embedded Systems Security allows all users to launch any applications that are not specified in the Application Control rules. This is the default operation mode of the Application Control component.
  • Allowlist. In this mode Kaspersky Embedded Systems Security prevents all users from launching any applications that are not specified in the Application Control rules.

For each Application Control operation mode, separate rules can be created and an action can be specified: apply rules or test rules. Kaspersky Embedded Systems Security performs this action when it detects an attempt to start an application.

The Application Control settings are described in the following table.

Application Control settings

Setting

Description

Application Control enabled / disabled

This toggle button enables or disables Application Control.

The toggle button is switched off by default.

Application Control action

The action that Kaspersky Embedded Systems Security performs upon detecting an attempt to start an application that matches the configured rules:

  • Test rules. If you select this option, Kaspersky Embedded Systems Security tests the rules and generates an event about detection of the applications that match the rules.
  • Apply rules (default value). If you select this option, Kaspersky Embedded Systems Security applies Application Control rules and performs the action specified in the rules.

Application Control mode

Application Control task operation mode:

  • Allowlist. If you select this option, Kaspersky Embedded Systems Security prevents all users from launching any applications except those specified in the Application Control rules.
  • Denylist (default value). If you select this option, Kaspersky Embedded Systems Security allows all users to launch any applications except those specified in the Application Control rules.

Application Control rules

Clicking the Configure rules link opens the Application Control rules window.

Page top

[Topic 246368]

Application Control rules window

The Application Control rules table has the tabs with the rules for each operation mode: Denylist (active) and Allowlist. Both tabs of the Application Control rules table are empty by default.

Application Control rules settings

Setting

Description

Category

The name of the application category that is used by the rule.

Status

Operation status of the Application Control rule:

  • Enabled – the rule is enabled, Application Control applies this rule during operation.
  • Disabled – the rule is disabled and is not used when the Application Control is running.
  • Test – Application Control allows launching applications that meet the rule criteria, but logs information about launches of these applications in the report.

You can add, modify and remove Application Control rules.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Page top

[Topic 246370]

Application Control rule window

In this window, you can configure the settings for the Application Control rule.

Configuring an Application Control rule

Setting

Description

Rule description

Description of the Application Control rule.

Status

You can select the operation status of the Application Control rule:

  • Enabled – the rule is enabled, Application Control applies this rule during operation.
  • Disabled – the rule is disabled and is not used when the Application Control is running.
  • Test – Application Control allows launching applications that meet the rule criteria, but logs information about launches of these applications in the report.

Category

Clicking the Configure category link opens the Application Control categories window.

Access control list

The table contains a list of users or user groups to which the Application Control rule applies, and the types of access assigned to them, and consists of the following columns:

  • Principal name is a name of the user or user group to which the Application Control rule applies.
  • Access – access type (allow or block launching applications). This toggle button switches access type: Allow launching the applications or Block launching the applications.

     

You can add, edit, and delete users or user groups.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

Page top

[Topic 246371]

Application Control categories window

In this window, you can add a new category or configure the category settings for an Application Control rule.

Kaspersky Embedded Systems Security does not support use of the KL categories of Kaspersky Security Center.

Application Control categories

Setting

Description

Category name

List to search for the added Application Control categories.

Add

Clicking the button starts the category creation wizard. Follow the instructions of the Wizard.

Edit

Clicking this button opens the category properties window, where you can change the category settings.

Page top

[Topic 246372]

Select user or group window

In this window, you can specify a local or domain user or user group for which you want to configure a rule.

Configuring an Application Control rule

Setting

Description

Manually

If this option is selected, in the field below enter the name of the local or domain user or the name of a user group, to which the Application Control rule will apply.

List of groups or users

If this option is selected, in the search field you can enter search criteria for the name of the user or name of the user group, to which the Application Control rule will apply, or you can select the name of the user group in the list below.

Page top

[Topic 247145]

Device Control

When the Device Control task is running, Kaspersky Embedded Systems Security manages user access to the devices that are installed on or connected to the client device (for example, hard drives, cameras, or Wi-Fi modules). This lets you protect the client device from infection when external devices are connected, and prevent data loss or leaks. Device Control manages user access to devices using the access rules.

When a device, access to which is denied by the Device Control task, connects to a client device, the application denies the users specified in the rule access to this device and displays a notification. During attempts to read and write on this device, the application silently blocks the users specified in the rule from reading/writing.

Device Control settings

Setting

Description

Device Control enabled / disabled

This toggle button enables or disables Device Control.

The check toggle button is switched on by default.

Configure trusted devices

Clicking this link opens the Trusted devices window. In this window, you can add devices to a list of trusted devices by ID or by selecting them from the list of devices detected on the client devices.

Device Control action

Action performed by the application when an attempt is made to access a device to which access is denied in accordance with Device Control rules.

  • Test rules. If you select this option, Kaspersky Embedded Systems Security tests the access rules and generates an event about detection of an attempt to access a device.
  • Apply rules (default value). If you select this option, Kaspersky Embedded Systems Security applies Access Control rules and performs the action specified in the rules.

Configure settings for device types

Clicking this link opens the Device types window. In this window, you can configure access rules for various types of devices.

Configure settings for connection buses

Clicking this link opens the Connection buses window. In this window, you can configure access rules for connection buses.

Page top

[Topic 197568]

Trusted devices window

The table contains a list of trusted devices. The table is empty by default.

Trusted device settings

Setting

Description

Device ID

Trusted device ID.

Device name

Name of a trusted device.

Device type

Trusted device type (for example, Hard drive or Smart card reader).

Host name

Name of the client device the trusted device is connected to.

Comment

Comment related to a trusted device.

You can add a device to the list of trusted devices by the device ID or by selecting the required device in the list of devices detected on the user device.

You can edit and delete trusted devices in the table.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Page top
[Topic 246343]

Trusted device (Device ID) window

In this window, you can add a device to the list of trusted devices by its identifier.

Adding device by ID

Setting

Description

Device ID

Entry field for a device ID or device ID mask. You can manually specify the device ID or copy the ID of the required device from the Devices detected on hosts list.

To specify an identifier, you can use the following wildcards: * (any sequence of characters) or ? (any single character). For example, you can specify the USBSTOR* mask to allow access to all USB drives.

Comment

Entry field for a comment (optional). This field is available after you enter the device ID, and click the Next button.

Page top

[Topic 246347]

Trusted device window (List of detected devices)

In this window you can add a device to the list of trusted devices by selecting it in the list of existing managed devices.

Information about existing devices is available only if an active policy exists and synchronization with the Network Agent has been completed (the synchronization interval is specified in the Network Agent policy properties; the default setting is 15 minutes). If you create a new policy and there are no other active ones, the list will be empty.

Adding device from list

Setting

Description

Device type

In this drop-down list, you can select type of devices to be displayed in the Devices detected on hosts table.

Device ID mask

Entry field for a device ID mask.

Comment

Entry field for a comment (optional). This field is available after you select the devices, and click the Next button.

Clicking the Filter button opens the window, where you can set up the filtering of displayed information about devices.

Page top
[Topic 246348]

Device types window

In this window, you can configure access rules for various types of devices.

Access rules for device types

Setting

Description

Access to data storage devices

The table contains the following columns:

  • Type represents device types (for example, Hard drives, Printers).
  • Access represents the access mode for devices of this type. You can select one of the following access modes:
    • Allow, to allow access to devices of this type.
    • Block, to block access to devices of this type.
    • Depends on bus (default value), to allow or block access to devices depending on the access rule for a bus used for connecting a device.
    • By rule – allow or block access to devices, depending on the access rule and schedule. You can configure the access rule and its schedule by clicking the required device type.

Access to other devices

The table contains the following columns:

  • Type – type of device (for example, Input devices, Sound adapters).
  • Access represents the access mode for devices of this type. You can select one of the following access modes:
    • Allow, to allow access to devices of this type.
    • Block, to block access to devices of this type. The Block access rule cannot be selected for network adapters.
    • Depends on bus (default value), to allow or block access to devices depending on the access rule for a bus used for connecting a device.

Page top

[Topic 238846]

Device access rules window

In this window, you can configure access rules and schedules for the selected device type.

Device access rules and schedules

Setting

Description

Access to device

Access rule for devices of the selected type:

  • Allow: allow access to devices of the selected type.
  • Block: prohibit access to devices of the selected type.
  • Depends on bus (default value), to allow or block access to devices depending on the access rule for a bus used for connecting a device.
  • By rule – allow or block access to devices, depending on the access rule and schedule.

List of device access rules

The table contains a list of access rules and consists of the following columns:

  • Access schedule – names of existing access schedules.
  • Users and/or groups of users – names of users or names of user groups, to which the access rule will apply.
  • Access – access type for the schedule: Allow (grant access to devices of the selected type) or Block (deny access to devices of the selected type).

By default, the table contains the Default schedule access schedule, which provides all users with full access to devices (the \Everyone option is selected in the list of users and groups) at any time, if access by the connection bus is allowed for this type of device.

You can add, edit, and delete access rules.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

Page top

[Topic 247147]

Device access rules window

In this window, you can configure the device access rule.

Device access rule

Setting

Description

Device access rule settings

Access to devices of the selected type:

  • Allow (default value) – provide access to the devices of the selected type.
  • Block: prohibit access to devices of the selected type.

Users and/or user groups

Name of the user or user group to which the rule applies.

The default value is \All (all users).

You can add, edit, and delete users or user groups.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

Schedule for access to devices

Schedule for the specified users' access to devices. The default value is Default schedule. The Default schedule link opens the Schedules window, in which you can configure a different access schedule.

Page top

[Topic 247148]

Select user or group window

In this window, you can specify a local or domain user or user group for which you want to configure an access rule.

Configuring an access rule

Setting

Description

Manually

If this option is selected, in the field below enter the name of the local or domain users or the name of a user group, to which the device access rule will apply.

List of groups or users

If this option is selected, in the search field you can enter search criteria for the name of the user or name of the user group, to which the device access control rule will apply, or you can select the name of the user group in the list below.

Page top

[Topic 247150]

Schedules window

In this window, you can specify the schedule for the selected device access rule.

You can add, edit, and delete access schedule.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

You cannot delete the Default schedule.

Page top

[Topic 202423]

Schedule for access to devices window

In this window, you can configure the device access schedule. You can configure schedules only for hard drives, removable drives, floppy disks, and CD/DVD drives.

In the General settings->Application settings section, if the Block access to files during scans check box is cleared, then it is not possible to block access to devices using a device access schedule.

Schedule for access to devices

Setting

Description

Name

Entry field for the access schedule name.

Time intervals

The table where you can select time intervals for the schedule (days and hours).

Intervals highlighted in green are included to the schedule.

To exclude an interval from the schedule, click the corresponding cells. Intervals excluded from the schedule are highlighted in gray.

By default, all intervals (24/7) are included to the schedule.

Page top

[Topic 202424_1]

Connection buses window

In this window, you can configure access rules for connection buses.

Connection rules for buses

Setting

Description

Connection bus

Connection bus used to connect devices to the client device:

  • FireWire
  • USB

Access

This toggle button enables or disables access to devices that use this connection bus:

  • Allow (default value), to provide access to the devices connected using this connection bus.
  • Block, to deny access to the devices connected using this connection bus.

Page top

[Topic 202425]

Behavior Detection

By default, the Behavior Detection component starts when Kaspersky Embedded Systems Security starts and monitors the malicious activity of the applications in the operating system. When malicious activity is detected, Kaspersky Embedded Systems Security can terminate the process of the application that performs malicious activity.

Behavior Detection component settings

Setting

Description

Behavior Detection enabled / disabled

This toggle button enables or disables the Behavior Detection component.

The check toggle button is switched on by default.

Behavior Detection component operating mode

The action to be performed by Kaspersky Embedded Systems Security upon detecting malicious activity in the operating system:

  • Inform user. Kaspersky Embedded Systems Security does not terminate the process that performs malicious activity; it only records the detection of malicious activity in the event log.
  • Block the application that performs malicious activity (default value). Kaspersky Embedded Systems Security terminates the process that performs malicious activity and logs information about the detected malicious activity.

Exclusions by process

Clicking the Configure exclusions by process link opens the Exclusions by process window. In this window, you can exclude the activity of processes.

Page top

[Topic 237048]

Exclusions by process window

The table contains the exclusion scopes for exclusion by process The exclusion scope for exclusion by process lets you exclude the activity of the indicated process and files modified by the indicated process. By default, the table is empty.

Exclusion scope settings for exclusion by process

Setting

Description

Exclude / Do not exclude trusted processes from scans

The switch enables or disables the configured exclusions by process in the operation of the Behavior Detection component.

The toggle button is switched off by default.

Exclusion scope name

Exclusion scope name.

Path

Full path to excluded process.

Status

The status indicates whether the application uses this exclusion.

You can add, edit, and delete items in the table.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

Page top
[Topic 197235]

Adding a process exclusion scope window

In this window, you can add and configure exclusion scopes for exclusion by process.

Exclusion scope settings

Setting

Description

Process-based exclusion scope name

Field for entering the Process-based exclusion scope name. This name will be displayed in a table in the Exclusions by process window.

The entry field must not be blank.

Use this exclusion

This check box enables or disables this scan scope exclusion when the application is running.

The check box is selected by default.

Path to excluded process

Full path to the process you want to exclude from scans. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

You can use a single ? character to represent any one character in the file or directory name.

The entry field must not be blank.

Apply to child processes

Exclude child processes of the excluded process indicated by the Path to excluded process setting.

This check box is cleared by default.

Page top

[Topic 237043]

Managing tasks

You can configure the ability to view and manage Kaspersky Embedded Systems Security tasks on managed devices.

Task management settings

Setting

Description

Allow users to view and manage local tasks

This check box allows or blocks the users from viewing local tasks created in Kaspersky Embedded Systems Security and control of these tasks on the managed client devices.

This check box is cleared by default.

Allow users to view and manage tasks created through KSC

The check box allows or prohibits the users from viewing tasks created in Kaspersky Security Center Web Console and managing these tasks on managed client devices.

This check box is cleared by default.

Page top

[Topic 233441]

Removable Drives Scan

When the Removable Drives Scan task is running, the application scans the removable device and its boot sectors for viruses and other malware. The following removable drives are scanned: CDs, DVDs, Blu-ray discs, flash drives (including USB modems), external hard drives, and floppy disks.

Removable drives scan task settings

Setting

Description

Removable drives scan enabled / disabled

This option enables or disables the scan of removable drives when they are connected to the user device.

The toggle button is switched off by default.

Action on a removable drive connection

In the drop-down list, you can select an action to be performed by the application upon connection of removable drives to the user device:

  • Do not scan removable drives when connected (default value).
  • Quick scan – only scan files of certain types on removable drives (except CD/DVD drives and Blu-ray discs) and do not unpack compound objects. For the quick scan, the default settings of the File Threat Protection component are used.
  • Detailed scan – scan all files on removable drives (except CD/DVD drives and Blu-ray discs). For a detailed scan, the default settings of the Malware Scan task are used.

Action on a CD / DVD drive connection

In the drop-down list, you can select an action to be performed by the application upon connection of CD/DVD drives and Blu-ray discs to the user device:

  • Do not scan CD/DVD drives and Blu-ray discs when connected (default value).
  • Quick scan – only scan files of certain types on CD/DVD drives and Blu-ray discs. For the quick scan, the default settings of the File Threat Protection component are used.
  • Detailed scan – scan all files on CD/DVD drives and Blu-ray discs. For a detailed scan, the default settings of the Malware Scan task are used.

Block access to the removable drive while scanning

This check box enables or disables blocking of files on the connected drive during execution of the Removable Drives Scan task.

This check box is cleared by default.

Page top

[Topic 247217]

Proxy server settings

You can configure proxy server settings if the users of the client devices use a proxy server to connect to the internet. Kaspersky Embedded Systems Security may use a proxy server to connect to Kaspersky servers, for example, when updating application databases and modules or when communicating with Kaspersky Security Network.

Proxy server settings

Setting

Description

Do not use proxy server

If this option is selected, Kaspersky Embedded Systems Security does not use a proxy server.

Use specified proxy server settings

If this option is selected, Kaspersky Embedded Systems Security uses the specified proxy server settings.

Address

Field for entering the proxy server's IP address or domain name.

This field is available if the Use specified proxy server settings option is selected.

Port

Field for entering the proxy server's port.

Default value: 3128.

This field is available if the Use specified proxy server settings option is selected.

Use user name and password

Enables or disables proxy server authentication using a user name and password.

This check box is available if the Use specified proxy server settings option is selected.

This check box is cleared by default.

When connecting via an HTTP proxy, we recommend to use a separate account that is not used to sign in to other systems. An HTTP proxy uses an insecure connection, and the account may be compromised.

User name

Entry field for the user name used for proxy server authentication.

This entry field is available if the Use user name and password check box is selected.

Edit

Allows you to specify a password for authenticating on the proxy server. The Password field cannot be edited. By default, the password is empty.

To specify a password, click Edit. In the window that opens, enter the password and click OK.

Password must not contain any of the following characters: "&'<>#%/?@.

Clicking the Show button in the window displays the password in clear text in the password entry window.

This button is available if the Use user name and password check box is selected.

Use Kaspersky Security Center as a proxy server for the application activation

This check box enables or disables use of Kaspersky Security Center as a proxy server for application activation.

If this check box is selected, Kaspersky Embedded Systems Security uses Kaspersky Security Center as a proxy server for the application activation.

This check box is cleared by default.

Page top

[Topic 197958]

Application settings

You can configure the general settings of Kaspersky Embedded Systems Security.

General application settings

Setting

Description

Detect legitimate applications that may be used by hackers to harm devices or data

This check box enables or disables the detection of legitimate software that could be used by hackers to harm computers or data of users.

This check box is cleared by default.

Event notifications

Clicking the Configure event notifications link opens the Notification settings window. In this window, you can select the events that the application logs in the operating system log (syslog). To do this, select the check box next to each type of event that you want to log.

You can also select the check box next to the event severity level (Functional failures, Informational messages, Warnings, Critical events). In this case, the check boxes will be automatically selected next to each type of event that belongs to the group of the selected importance level.

All check boxes are cleared by default.

Block files during scan

This check box enables or disables the blocking of access to files while they are being scanned by the File Threat Protection, Anti-Cryptor, and Device Control components or the Removable Drives Scan task.

Removing the flag enables information mode for File Threat Protection, Device Control and Removable Drive Scan.

The check box is selected by default.

Excluding process memory from scan

The Configure excluding process memory from scan link opens the Excluding process memory from scan window where you can create a list of processes to exclude during process memory scans.

Page top

[Topic 246285]

Excluding process memory from scan window

The list contains paths to processes whose memory Kaspersky Embedded Systems Security excludes from process memory scans. You can use masks to specify the path. By default, the list is empty.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

To exclude the mount point /dir, you need to specifically indicate /dir (no asterisk).

The mask /dir/* excludes all mount points at the level below /dir but not /dir itself. The /dir/** mask excludes all mount points below the level of /dir but not /dir itself.

You can use a single ? character to represent any one character in the file or directory name.

You can add, edit, and delete items in the list.

Clicking the Delete button causes Kaspersky Embedded Systems Security to remove the selected process path from the list.

This button is available if at least one process path is selected in the list.

The Edit button a window where you can change the process path. Kaspersky Embedded Systems Security excludes the memory of the indicated process from scans.

The Add button opens a window where you can enter the full path to a process. Kaspersky Embedded Systems Security excludes the memory of the indicated process from scans.

Page top
[Topic 236898_1]

Container scan settings

You can configure the settings for namespace and container scan by Kaspersky Embedded Systems Security.

Container scan settings

Setting

Description

Namespace and container scan enabled / disabled

This toggle button enables or disables namespace and container scans.

The check toggle button is switched on by default.

Action with container upon threat detection

You can select the action that the application performs on a container when it detects an infected object:

  • Skip container: if an infected object is detected, the application does not perform any action on the container.
  • Stop container: if an infected object is detected, the application stops the container.
  • Stop container if disinfection fails (default value) – the application stops the container if disinfection of the infected object fails.

This setting is available when using the application under a license that supports this function.

Use Docker

This check box enables or disables the use of the Docker environment.

The check box is selected by default.

Docker socket path

Entry field for the path or URI (Uniform Resource Identifier) of the Docker socket.

The default value is /var/run/docker.sock.

Use CRI-O

The check box enables or disables the use of the CRI-O environment.

The check box is selected by default.

File path

Entry field for the path to CRI-O configuration file.

Default value: /etc/crio/crio.conf.

Use Podman

The check box enables or disables the use of the Podman utility.

The check box is selected by default.

File path

Entry field for the path to the Podman utility executable file.

Default value: /usr/bin/podman.

Root folder

Entry field for the path to the root directory of the container storage.

Default value: /var/lib/containers/storage.

Use runc

The check box enables or disables the use of the runc utility.

The check box is selected by default.

File path

Entry field for the path to the runc utility executable file.

Default value: /usr/bin/runc.

Root folder

Entry field for the path to the root directory of the container state storage.

Default value: /run/runc-ctrs.

Page top

[Topic 207662]

Network settings

You can configure the settings of encrypted connection scans. These settings are used by the Web Threat Protection component.

When the encrypted connection scan settings are changed, the application generates a Network settings changed event.

Network settings

Setting

Description

Encrypted connections scan enabled / disabled

This toggle button enables or disables scanning of encrypted connections.

The check toggle button is switched on by default.

Trusted certificates

The Configure list of trusted certificates link opens a window where you can configure a list of trusted certificates. Trusted certificates are used when scanning encrypted connections.

Action when an untrusted certificate is encountered

You can select the action that the application performs on a container when it detects an untrusted certificate:

  • Allow connection to a domain with an untrusted certificate (default value).
  • Block connection to a domain with an untrusted certificate.

Action on errors during an encrypted connections scan

You can select the action that the application performs when an error occurs during an encrypted connection scan:

  • Add website to exclusions (default value) – add the domain that resulted in the error to the list of domains with scan errors and do not scan encrypted network traffic when this domain is visited.
  • Disconnect from website – block the network connection.

Certificate verification policy

You can select how the application verifies certificates:

  • Local check: the application does not use the internet to validate a certificate.
  • Full check (default value): the application uses the Internet to check and download the missing chains that are required to validate a certificate.

Trusted domains

Clicking the Configure list of trusted domains link opens the Trusted domains window.

Network ports

Clicking the Configure network port settings link opens the Network ports window, where you can specify the network ports to be monitored by the application.

Monitor all network ports

If this option is selected, the application monitors all network ports.

Monitor specified ports only

If this option is selected, the application monitors only the network ports specified in the Network ports window.

This option is selected by default.

Page top

[Topic 237096]

Trusted certificates window

You can configure a list of certificates considered trusted by Kaspersky Embedded Systems Security. The list of trusted certificates is used when scanning encrypted connections.

The following information is displayed for each certificate:

  • certificate subject
  • serial number
  • certificate issuer
  • certificate start date
  • certificate expiration date
  • SHA-256 certificate thumbprint

By default, the certificate list is empty.

You can add and remove certificates.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

See also:

Adding a trusted certificate window

Trusted domains window

Network ports window
Page top
[Topic 7588]

Adding a trusted certificate window

In this window, you can add a certificate that will be trusted by Kaspersky Embedded Systems Security.

The Add certificate link opens the standard file selection window. Indicate the path to the file that contains the certificate, in DER or PEM format.

After the certificate file is selected, the window displays certificate information and the file path.

Page top
[Topic 197621]

Trusted domains window

This list contains the domain names and domain name masks that will be excluded from encrypted connection scans.

Example: *example.com. For example, *example.com/* is incorrect because a domain address, not a web page, needs to be specified.

By default, the list is empty.

You can add, edit and remove domains from the list of trusted domains.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top
[Topic 238852]

Network ports window

This table contains the network ports monitored by the application if the Monitor specified ports only option is selected in the Network settings window.

The table contains two columns:

  • Port – monitored port.
  • Description – description of the monitored port.

By default, the table displays a list of network ports that are usually used for the transmission of mail and network traffic. The list of network ports is included in the application package.

You can add, edit, and delete items in the table.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top
[Topic 202457]

Global exclusions

The table contains mount points that will be excluded from the scan scope for the application components that use the file operation interceptor (File Threat Protection and Anti-Cryptor).

The Path column displays the paths to the excluded mount points. The table is empty by default.

You can add, edit, and delete items in the table.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

Page top
[Topic 202461]

Adding a mount point exclusion window

Mount point settings

Setting

Description

File system, access protocol and path

In this drop-down list, you can select the type of file system where the directories that you want to add to scan exclusions are located:

  • Local: local mount points.
  • Mounted: remote directories mounted on the device using the Samba or NFS protocol.
  • All remote mounted – all remote directories mounted on the device using the Samba and NFS protocols.

Access protocol

You can select the remote access protocol in the drop-down list:

  • NFS: remote directories mounted on a device using the NFS protocol.
  • Samba: remote directories mounted on a device using the Samba protocol.
  • Custom – resources of the device's file system specified in the field below.

This drop-down list is available if the Mounted type is selected in the drop-down list of file systems.

Path

Field for entering the path to the mount point that you want to exclude from file operation interception. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

To exclude the mount point /dir, you need to specifically indicate /dir (no asterisk).

The mask /dir/* excludes all mount points at the level below /dir but not /dir itself. The /dir/** mask excludes all mount points below the level of /dir but not /dir itself.

You can use a single ? character to represent any one character in the file or directory name.

This field is available if the Local type is selected in the drop-down list of file systems.

Name of shared resource

The field for entering the name of the file system shared resource, where the directories that you want to add to the file operation interception exclusions are located.

The field is available if the Mounted type is selected in the File system drop-down list and the Custom item is selected in the Access protocol drop-down list.

Page top

[Topic 248961]

Storage settings

The Storage is a list of backup copies of files that have been deleted or modified during the disinfection process. Backup copy is a file copy created at the first attempt to disinfect or delete this file. Backup copies of files are stored in a special format and do not pose a threat. By default, the Storage is located in the /var/opt/kaspersky/kess/common/objects-backup/ directory. Files in the Storage may contain personal data. Root privileges are required to access files in the Storage.

Storage settings

Setting

Description

Informing about unprocessed files enabled / disabled

This toggle button enables or disables sending notifications about the files, that cannot be processed during the scan, to the Administration Server.

The check toggle button is switched on by default.

Informing about installed devices enabled / disabled

This toggle button enables or disables sending information about the devices installed on the managed client device to the Administration Server.

The check toggle button is switched on by default.

Informing about files in Storage enabled / disabled

This toggle button enables or disables sending of notifications about files in the Storage to the Administration Server.

The check toggle button is switched on by default.

Store objects no longer than (days)

The entry field to specify the period for storing objects in the Storage.

Available values: 0–3653.

Default value: 90. If 0 is specified, the period for storing objects in the Storage is unlimited.

Maximum size of Storage (MB)

The entry field to specify the maximum size of the Storage (MB).

Available values: 0–999999. Default value: 0 (the size of Storage is unlimited).

Page top

[Topic 202462]

Managing tasks in the Web Console

You can create the following tasks for managing Kaspersky Embedded Systems Security using the Web Console:

  • Local tasks that are configured for an individual device
  • Group tasks that are configured for devices within administration groups
  • Tasks for sets of devices that do not belong to administration groups

    The tasks for the sets of devices are performed only on the devices that are specified in the task settings. If new devices are added to the device selection for which the task is created, this task is not applied to the new devices. To apply the task to these computers, you must create a new task or edit the settings of the existing task.

You can create any number of local tasks, group tasks, and tasks for device sets.

The tasks are executed only if Kaspersky Embedded Systems Security is running on the devices.

You can perform the following actions with tasks:

For general information about the tasks in the Web Console, refer to Kaspersky Security Center documentation.

In this section

Creating a new task

Editing task settings

Actions on tasks

Deleting a task
Page top
[Topic 208716]

Creating a new task

To create a task:

  1. In the main window of Web Console, select DevicesTasks.

    The list of tasks opens.

  2. Click Add.

    The Task Wizard starts.

  3. In the New task window, configure the task settings:
    1. In the Application drop-down list, select Kaspersky Embedded Systems Security 3.3 for Linux.
    2. In the Task type drop-down list, select the type of task that you want to create.
    3. In the Task name field, enter a brief description, for example, Update the application for Accounting.
    4. In the Select devices to which the task will be assigned section, select a method for specifying devices.
    5. Click Next.
  4. In the Task scope window, select the devices and click Next.
  5. Complete the wizard.

A new task will be displayed in the list of tasks. The task will have the default settings. To configure the task settings, go to the task properties window. To run a task, select the check box next to the task and click the Start button.

In the list of tasks, you can monitor the task execution results, which include the task status and the statistics for task performance on the devices. You can also create a selection of events to monitor the task execution (Monitoring and reportsEvent selections). For details on event selection, refer to Kaspersky Security Center documentation.

Task execution results are also saved locally and in Kaspersky Security Center reports.

Page top
[Topic 202142]

Editing task settings

To edit task settings:

  1. In the main window of Web Console, select DevicesTasks.

    The list of tasks opens.

  2. In the list, select the task for which you want to modify the settings, and click the link with the task name to open the task properties window.
  3. Edit the task settings.
  4. Click Save.

The task is saved with the updated settings.

Page top
[Topic 202144]

Actions on tasks

To start, pause, resume, stop, export, or import a task:

  1. In the main window of Web Console, select DevicesTasks.

    The list of tasks opens.

  2. In the list of tasks, check the box next to the name of the required task and click the action button above the list of tasks.
Page top
[Topic 246013]

Deleting a task

To delete the task:

  1. In the main window of Web Console, select DevicesTasks.

    The list of tasks opens.

  2. In the list of tasks, select the check box next to the task that you want to delete.

    You can select several tasks to delete them simultaneously.

  3. Click the Delete button above the list of tasks.
  4. Confirm the deletion.
Page top
[Topic 246016]

Task settings

The tasks are executed only if Kaspersky Embedded Systems Security is running on the devices.

The following types of tasks are provided for managing Kaspersky Embedded Systems Security by means of the Web Console:

  • Add Key. During the task execution, the application adds a key, including a reserve one, to activate the application.
  • Inventory. During the task execution, the application receives information about all executable files stored on the devices.
  • Update. During the task execution, the application updates the databases in accordance with the configured update settings.
  • Rollback. During the task execution, the application rolls back the last database update.
  • Malware Scan. During the task execution, the application scans the device areas that are specified in the task settings for viruses and other malware.
  • Critical Areas Scan. During the task execution, the application scans boot sectors, startup objects, process memory, and kernel memory.
  • Container Scan. During the task execution, the application scans containers and images for viruses and other malware.
  • System Integrity Check. During the task execution, the application determines changes of each object by comparing the current state of the monitored object to its original state, which was previously established as a baseline.

The set and default values of the task settings may differ depending on the application license type.

In this section

Add Key

Inventory

Update

Rollback

Malware Scan

Critical Areas Scan

Container Scan

System Integrity Check
Page top
[Topic 246684]

Add a key

Using the Add Key task, you can add a key to activate Kaspersky Embedded Systems Security.

Add Key task settings

Setting

Description

Use as a reserve key

This check box enables or disables the usage of the key as a reserve key.

If this check box is selected, the application uses the key as a reserve key.

If this check box is cleared, the application uses the key as an active key.

This check box is cleared by default.

The check box is unavailable if you are adding a trial license key or a subscription key.

A trial license key and a subscription key cannot be added as a reserve key.

License information

This section contains information about the key and the license corresponding to this key:

  • License key – unique alphanumeric sequence.
  • License type can be trial, commercial, or commercial (subscription).
  • License validity period is the number of days during which you can use the application activated by this key (for example, 365 days). This information is not displayed if you use the application under a subscription.
  • Expires on is the date and time when the application activated by this key expires, in UTC. If you use the application under an unlimited subscription, the license expiration date is not specified.
  • Limit is the maximum number of devices that the application can protect.
  • Application name is the name of the application for which you add the activation key.

Add

Clicking this button opens the Kaspersky Security Center key storage window. In this window, you can select keys added to Kaspersky Security Center key storage and add keys to Kaspersky Security Center key storage.

Page top

[Topic 247232]

Kaspersky Security Center key storage window

In this window, you can select keys added to Kaspersky Security Center key storage and add keys to Kaspersky Security Center key storage.

Settings in the Kaspersky Security Center key storage window

Setting

Description

Key table

The table contains the keys added to Kaspersky Security Center key storage and consists of the following columns:

  • License type can be one of the following: trial, commercial, or commercial (subscription).
  • Expires on is the expiration date of the application activated by this key.
  • Grace period is the grace period.
  • Limit is the maximum number of devices that the application can protect.
  • Application name is the name of the application for which the activation key was added.
  • License key – unique alphanumeric sequence.

Add a key

Clicking this button launches the Add license key wizard. The key will be added to Kaspersky Security Center key storage. After adding a key, information about it will be displayed in the key table.

Page top

[Topic 247237]

Inventory

The Inventory task provides information about all applications executable files stored on the client devices. Obtaining information about the applications installed on the devices can be useful, for example, for creating Application Control rules.

The Kaspersky Security Center database can store information about up to 150,000 processed files. When this number of records is reached, new files will not be processed. To resume the Inventory Scan task, delete the files registered in the Kaspersky Security Center database as a result of previous inventories, from the device where Kaspersky Embedded Systems Security is installed.

Page top

[Topic 246661]

Scan settings section (Inventory)

Inventory task settings

Setting

Description

Task priority

In this group of settings you can select the task priority:

  • Low— the scan task is executed with a low priority: no more than 10% of processor resource consumption. Execution of the task takes more time, but the application allocates resources for other tasks.
  • Normal (default value) — the scan task is executed with a normal priority: no more than 50% of all processor resources.
  • High — the scan task is executed with a high priority, without limiting the consumption of processor resources. Specify this value to perform the current scan task faster.

Create golden image

This check box enables or disables the creation of the "Golden Image" category of applications based on the list of applications detected on the device by the Inventory Scan task. If the check box is selected, you can use the "Golden Image" category in the Application Control rules.

This check box is cleared by default.

Scan all executables

This check box enables or disables of executable file scans.

The check box is selected by default.

Scan binaries

This check box enables or disables of binary file scans (with extensions elf, java, and pyc).

The check box is selected by default.

Scan scripts

This check box enables or disables script scans.

The check box is selected by default.

Inventory scopes

The table contains the inventory scopes scanned by the application. The application will scan files and directories located in the paths specified in the table. By default, the table contains one inventory scope – /usr/bin.

You can add, configure, delete, move up, or move down inventory scopes in the table.

Clicking the Move down button moves the selected item down in the table.

Kaspersky Embedded Systems Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table.

This button is available if a scope is selected in the table.

Clicking the Move up button moves the selected item up in the table.

Kaspersky Embedded Systems Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table.

This button is available if a scope is selected in the table.

Clicking the Delete button excludes the selected scope from scans.

This button is available if at least one scan scope is selected in the table.

Clicking the scan scope name opens the <Scan scope name> window. In this window, you can modify the settings of the selected scan scope.

Clicking the Add button opens the <New scan scope> window. In this window, you can define a new scan scope.

Page top

[Topic 246662]

Add scan scope window

In this window, you can add and configure scan scope for the Inventory task.

Inventory scope settings

Setting

Description

Scan scope name

Field for entering the inventory scope name. This name will be displayed in the table in the Scan settings section.

The entry field must not be blank.

Use this scope

This check box enables or disables the scan of this scope when the task is performed.

If this check box is selected, the application processes this inventory scope while running the task.

If this check box is cleared, the application does not process this inventory scope while running the task. You can later include this scope in task settings by selecting the check box.

The check box is selected by default.

File system, access protocol and path

Entry field for the path to the local directory that you want to include in the inventory scan scope. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

You can use a single ? character to represent any one character in the file or directory name.

The field must not be blank. The / path is specified by default – the application scans all directories of the local file system.

Masks

This list contains name masks of the objects that the application scans while running the task.

By default the list contains the * mask (all objects).

You can add, edit, or delete masks.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top

[Topic 218706]

Exclusion scopes section

In the Exclusion scopes section for the Inventory task, you can configure the scopes to be excluded from scans.

Page top
[Topic 246663]

Exclusion scopes window

This table contains scan exclusion scopes. The application does not scan files and directories located at the paths specified in the table. By default, the table is empty.

Exclusion scope settings

Setting

Description

Exclusion scope name

Exclusion scope name.

Path

Path to the directory excluded from scan.

Status

The status indicates whether the application uses this exclusion.

You can add, edit, and delete items in the table.

Clicking the Delete button excludes the selected scope from scans.

This button is available if at least one scan scope is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top
[Topic 197613_1]

Add exclusion scope window

In this window, you can add and configure scan exclusion scope for the Inventory task.

Exclusion scope settings

Setting

Description

Exclusion scope name

Field for entering the exclusion scope name. This name will be displayed in the table in the Exclusion scopes window.

The entry field must not be blank.

Use this scope

This check box enables or disables the exclusion of the scope when the task is executed.

If this check box is selected, the application excludes this scope during task execution.

If this check box is cleared, the application includes this scope during task execution. You can later exclude this scope from scanning by selecting the check box.

The check box is selected by default.

File system, access protocol and path

Entry field for the path to the local directory that you want to exclude from the inventory. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

You can use a single ? character to represent any one character in the file or directory name.

The field must not be blank.

Masks

The list contains name masks of the objects that the application excludes from scan.

You can add, edit, or delete masks.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top

[Topic 219608]

Update

Updating the databases and application modules of Kaspersky Embedded Systems Security ensures up-to-date protection on your device. New viruses and other types of malware appear worldwide on a daily basis. The application databases contain information about the threats and the ways to neutralize them. To detect threats quickly, you are urged to regularly update the application databases and modules.

Page top
[Topic 246656]

Database update source section

An update source is a resource that contains updates for Kaspersky Embedded Systems Security databases and application modules. Update sources can be FTP, HTTP, or HTTPS servers (such as Kaspersky Security Center and Kaspersky update servers), as well as local or network directories mounted by the user.

Update source settings for the Update task

Setting

Description

Database update source

In this section, you can select the source of updates:

  • Kaspersky update servers, where database updates for Kaspersky applications are published (default value).
  • Kaspersky Security Center Administration Server (this option is available only for the Web Console).
  • Distribution Points (this option is available only for the Kaspersky Security Center Cloud Console).
  • Other sources on the local or global network – HTTP, HTTPS, or FTP servers or directories on local network servers.

Use Kaspersky update servers if other update sources are not available

The check box enables or disables usage Kaspersky update servers as the update source, if the selected update sources are not available.

This check box is available if the Other sources on the local or global network or the Kaspersky Security Center Administration Server option is selected.

The check box is selected by default.

Custom update sources

This table contains a list of custom sources of database updates. During the update process, the application accesses update sources in the order they appear in the table.

The table contains the following columns:

  • Update source is HTTP, HTTPS, or FTP servers or directories on local network servers.
  • The toggle button shows whether the source is used in the task (Enabled or Disabled). You can enable or disable the toggle button in the table, as well as select or clear the Use this source check box in the Update source window, which opens by clicking the link with the source name.

     

This table is available if the Other sources on the local or global network option is selected.

The table is empty by default.

You can add, edit, delete, move up, or move down update sources in the table.

Clicking the Move down button moves the selected item down in the table.

This button is available if only one item is selected in the table.

Clicking the Move up button moves the selected item up in the table.

This button is available if only one item is selected in the table.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top

[Topic 246657]

Settings section

In the Settings section, you can specify the response timeout and the application update download settings.

Update task settings

Setting

Description

Maximum time to wait for a response from the update source (sec)

The maximum period of time that the application waits for a response from the selected update source. When no response has arrived by this time, an event involving a loss of communication with the update source is logged in the task log.

Available values: 0-120. If 0 is specified, the period of time that the application waits for a response from the selected source is unlimited.

Default value: 10.

Application update download mode

In the drop-down list, you can select the application database update mode:

  • Do not download update files. The application cannot be updated.
  • Download only update files, but do not install them on user devices (default value).
  • Download and install update files on user devices.

Page top

[Topic 246659]

Rollback

After the application databases are updated for the first time, the rollback of the application databases to their previous versions becomes available.

Every time a user starts the update process, Kaspersky Embedded Systems Security creates a backup copy of the current application databases. This allows you to roll back the application databases to a previous version if needed.

Rolling back the last database update may be useful, for example, if the new application database version contains invalid signatures, which causes Kaspersky Embedded Systems Security to block safe applications.

The rollback task does not have any settings.

Page top
[Topic 246687]

Malware Scan

Malware Scan is a one-time full or custom scan of files on the device performed by the application. The application can carry out multiple malware scanning tasks at the same time.

By default, the application creates one standard virus scan task — a full scan. The application scans all the objects located on the local drives of the device, as well as all mounted and shared objects that are accessed via the Samba and NFS protocols with the recommended security settings.

During a full disk scan, the processor is busy. It is recommended to run the full scan task when the business is idle.

Page top
[Topic 246648]

Scan settings section (Malware Scan)

Malware Scan task settings

Setting

Description

Task priority

In this group of settings you can select the task priority:

  • Low— the scan task is executed with a low priority: no more than 10% of processor resource consumption. Execution of the task takes more time, but the application allocates resources for other tasks.
  • Normal (default value) — the scan task is executed with a normal priority: no more than 50% of all processor resources.
  • High — the scan task is executed with a high priority, without limiting the consumption of processor resources. Specify this value to perform the current scan task faster.

Scan archives

This check box enables or disables scan of archives.

If the check box is selected, the application scans the archives.

To scan an archive, the application has to unpack it first, which may slow down scanning. You can reduce the archive scan time by configuring the Skip object if scan takes longer than (sec) and Skip objects larger than (MB) settings in the General scan settings section.

If the check box is cleared, the application does not scan the archives.

The check box is selected by default.

Scan SFX archives

This check box enables or disables self-extracting archive scans. Self-extracting archives are the archives that contain an executable extraction module.

If the check box is selected, the application scans self-extracting archives.

If the check box is cleared, the application does not scan self-extracting archives.

This check box is available if the Scan archives check box is unchecked.

The check box is selected by default.

Scan mail databases

This check box enables or disables scans of mail databases of Microsoft Outlook, Outlook Express, The Bat!, and other mail applications.

If the check box is selected, the application scans mail database files.

If the check box is cleared, the application does not scan mail database files.

This check box is cleared by default.

Scan mail format files

This check box enables or disables scan of files of plain-text email messages.

If this check box is selected, the application scans plain-text messages.

If this check box is cleared, the application does not scan plain-text messages.

This check box is cleared by default.

Skip object if scan takes longer than (sec)

A field for specifying the maximum time to scan an object, in seconds. After the specified time, the application stops scanning the object.

Available values: 0–9999. If the value is set to 0, the scan time is unlimited.

Default value: 0.

Skip objects larger than (MB)

The field for specifying the maximum size of an archive to scan, in megabytes.

Available values: 0–999999. If the value is set to 0, the application scans objects of any size.

Default value: 0.

Log clean objects

This check box enables or disables the logging of ObjectProcessed type events.

If this check box is selected, the application logs events of the ObjectProcessed type for all scanned objects.

If this check box is cleared, the application does not log events of the ObjectProcessed type for any scanned object.

This check box is cleared by default.

Log unprocessed objects

This check box enables or disables the logging ObjectNotProcessed type events if a file cannot be processed during a scan.

If this check box is selected, the application logs the events of the ObjectNotProcessed type.

If this check box is cleared, the application does not log the events of the ObjectNotProcessed type.

This check box is cleared by default.

Log packed objects

This check box enables or disables the logging of PackedObjectDetected type events for all packed objects that are detected.

If this check box is selected, the application logs the events of the PackedObjectDetected type.

If this check box is cleared, the application does not log the events of the PackedObjectDetected type.

This check box is cleared by default.

Use iChecker technology

This check box enables or disables scan of only new and modified since the last scan files.

If the check box is selected, the application scans only new files or the files modified since the last scan.

If the check box is cleared, the application scans the files regardless of the creation or modification date.

The check box is selected by default.

Use heuristic analysis

This check box enables or disables heuristic analysis during file scans.

The check box is selected by default.

Heuristic analysis level

If the Use heuristic analysis check box is selected, you can select the heuristic analysis level in the drop-down list:

  • Light is the least detailed scan with minimal system load.
  • Medium is a medium scan with balanced system load.
  • Deep is the most detailed scan with maximum system load.
  • Recommended (default value) is the optimal level recommended by Kaspersky experts. It ensures an optimal combination of protection quality and impact on the performance of the protected devices.

First action

In this drop-down list, you can select the first action to be performed by the application on an infected object that has been detected:

  • Disinfect the object. A copy of the infected object will be saved in the Storage.
  • Remove the object. A copy of the infected object will be saved in the Storage.
  • Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it (default value).
  • Skip the object.

Second action

In this drop-down list, you can select the second action to be performed by the application on an infected object, in case the first action is unsuccessful:

  • Disinfect the object. A copy of the infected object will be saved in the Storage.
  • Remove the object. A copy of the infected object will be saved in the Storage.
  • Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it.
  • Skip the object (default value).

Scan scopes

The table that contains the scopes scanned by the task. By default, the table contains one scan scope that includes all directories of the local file system.

You can add, configure, delete, move up, or move down scan scopes in the table.

Clicking the Move down button moves the selected item down in the table.

Kaspersky Embedded Systems Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table.

This button is available if a scope is selected in the table.

Clicking the Move up button moves the selected item up in the table.

Kaspersky Embedded Systems Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table.

This button is available if a scope is selected in the table.

Clicking the Delete button excludes the selected scope from scans.

This button is available if at least one scan scope is selected in the table.

Clicking the scan scope name opens the <Scan scope name> window. In this window, you can modify the settings of the selected scan scope.

Clicking the Add button opens the <New scan scope> window. In this window, you can define a new scan scope.

Page top

[Topic 246653]

Add scan scope window

In this window, you can add and configure scan scopes.

Scan scope settings

Setting

Description

Scan scope name

Field for entering the scan scope name. This name will be displayed in the table in the Scan scopes window.

The entry field must not be blank.

Use this scope

This check box enables or disables scans of this scope by the application.

If this check box is selected, the application processes this scan scope.

If this check box is cleared, the application does not process this scan scope. You can later include this scope in the component settings by selecting the check box.

The check box is selected by default.

File system, access protocol and path

You can select the type of file system in the drop-down list:

  • Local (default value) – local directories. If this item is selected, you need to indicate the path to the local directory.
  • Mounted – Mounted remote or local directories. If this item is selected, you need to indicate the protocol or name of the file system.
  • Shared — The protected server's file system resources accessible via the Samba or NFS protocol.
  • All remote mounted – all remote directories mounted on the device using the Samba and NFS protocols.
  • All shared — All of the protected server's file system resources accessible via the Samba and NFS protocols.

Access protocol

You can select the remote access protocol in the drop-down list:

  • NFS: remote directories mounted on a device using the NFS protocol.
  • Samba: remote directories mounted on a device using the Samba protocol.
  • Custom – resources of the device's file system specified in the field below.

This drop-down list is available if the Shared or Mounted type is selected in the drop-down list of file systems.

Path

This is the entry field for specifying the path to the directory that you want to include in the scan scope. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

You can use a single ? character to represent any one character in the file or directory name.

The / path is specified by default – the application scans all directories of the local file system.

This field is available if the Local type is selected in the drop-down list of file systems.

If the Local type is selected in the drop-down list of file systems, and the path is not specified, the application scans all directories of the local file system.

Name of shared resource

The field for entering the name of the file system shared resource, where the directories that you want to add to the scan scope are located.

The field is available if the Mounted type is selected in the File system drop-down list and the Custom item is selected in the Access protocol drop-down list.

Masks

The list contains name masks for the objects that the application scans.

By default the list contains the * mask (all objects).

You can add, edit, or delete masks.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top

[Topic 248956_1]

Scan scope section (Malware Scan)

You can configure scan scope settings for the Malware Scan task. The application allows you to scan files, boot sectors, client device memory, and startup objects.

Malware Scan scope task settings

Setting

Description

Scan files

This check box enables or disables file scans.

If the check box is selected, the application scans the files.

If the check box is cleared, the application does not scan the files.

The check box is selected by default.

Scan boot sectors

This check box enables or disables boot sector scans.

If the check box is selected, the application scans the boot sectors.

If the check box is cleared, the application does not scan the boot sectors.

This check box is cleared by default.

Scan device memory

This check box enables or disables client device memory scan.

If this check box is selected, the application scans process memory and kernel memory.

If this check box is cleared, the application does not scan process memory and kernel memory.

This check box is cleared by default.

Scan startup objects

This check box enables or disables startup object scans.

If the check box is selected, the application scans startup objects.

If the check box is cleared, the application does not scan startup objects.

This check box is cleared by default.

Devices to scan

Clicking the Configure device masks link opens the Scan scopes window, where you can specify the devices whose boot sectors will be scanned.

Page top

[Topic 246654]

Scan scopes window

The table contains name masks of the devices, whose boot sectors the application must scan. By default, the table contains the /** device name mask (all devices).

You can add, edit, and delete items in the table.

Clicking the Delete button excludes the selected scope from scans.

This button is available if at least one scan scope is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top
[Topic 215174_2]

Exclusion scopes section (Malware Scan)

In the Exclusion scope section, you can configure exclusion scopes as well as exclusions by mask and by the threat name for the Malware Scan task.

Page top
[Topic 246655]

Critical Areas Scan

The Critical Areas Scan task allows you to scan files, boot sectors, startup objects, process memory, and kernel memory.

Page top
[Topic 246665]

Scan settings section (Critical Areas Scan)

Critical Areas Scan task settings

Setting

Description

Task priority

In this group of settings you can select the task priority:

  • Low— the scan task is executed with a low priority: no more than 10% of processor resource consumption. Execution of the task takes more time, but the application allocates resources for other tasks.
  • Normal (default value) — the scan task is executed with a normal priority: no more than 50% of all processor resources.
  • High — the scan task is executed with a high priority, without limiting the consumption of processor resources. Specify this value to perform the current scan task faster.

Scan archives

This check box enables or disables scan of archives.

If the check box is selected, the application scans the archives.

To scan an archive, the application has to unpack it first, which may slow down scanning. You can reduce the archive scan time by configuring the Skip object if scan takes longer than (sec) and Skip objects larger than (MB) settings in the General scan settings section.

If the check box is cleared, the application does not scan the archives.

The check box is selected by default.

Scan SFX archives

This check box enables or disables self-extracting archive scans. Self-extracting archives are the archives that contain an executable extraction module.

If the check box is selected, the application scans self-extracting archives.

If the check box is cleared, the application does not scan self-extracting archives.

This check box is available if the Scan archives check box is unchecked.

The check box is selected by default.

Scan mail databases

This check box enables or disables scans of mail databases of Microsoft Outlook, Outlook Express, The Bat!, and other mail applications.

If the check box is selected, the application scans mail database files.

If the check box is cleared, the application does not scan mail database files.

This check box is cleared by default.

Scan mail format files

This check box enables or disables scan of files of plain-text email messages.

If this check box is selected, the application scans plain-text messages.

If this check box is cleared, the application does not scan plain-text messages.

This check box is cleared by default.

Skip object if scan takes longer than (sec)

A field for specifying the maximum time to scan an object, in seconds. After the specified time, the application stops scanning the object.

Available values: 0–9999. If the value is set to 0, the scan time is unlimited.

Default value: 0.

Skip objects larger than (MB)

The field for specifying the maximum size of an archive to scan, in megabytes.

Available values: 0–999999. If the value is set to 0, the application scans objects of any size.

Default value: 0.

Log clean objects

This check box enables or disables the logging of ObjectProcessed type events.

If this check box is selected, the application logs events of the ObjectProcessed type for all scanned objects.

If this check box is cleared, the application does not log events of the ObjectProcessed type for any scanned object.

This check box is cleared by default.

Notify about unprocessed files

This check box enables or disables the logging ObjectNotProcessed type events if a file cannot be processed during a scan.

If this check box is selected, the application logs the events of the ObjectNotProcessed type.

If this check box is cleared, the application does not log the events of the ObjectNotProcessed type.

This check box is cleared by default.

Log packed objects

This check box enables or disables the logging of PackedObjectDetected type events for all packed objects that are detected.

If this check box is selected, the application logs the events of the PackedObjectDetected type.

If this check box is cleared, the application does not log the events of the PackedObjectDetected type.

This check box is cleared by default.

Use iChecker technology

This check box enables or disables scan of only new and modified since the last scan files.

If the check box is selected, the application scans only new files or the files modified since the last scan.

If the check box is cleared, the application scans the files regardless of the creation or modification date.

The check box is selected by default.

Use heuristic analysis

This check box enables or disables heuristic analysis during file scans.

The check box is selected by default.

Heuristic analysis level

If the Use heuristic analysis check box is selected, you can select the heuristic analysis level in the drop-down list:

  • Light is the least detailed scan with minimal system load.
  • Medium is a medium scan with balanced system load.
  • Deep is the most detailed scan with maximum system load.
  • Recommended (default value) is the optimal level recommended by Kaspersky experts. It ensures an optimal combination of protection quality and impact on the performance of the protected devices.

First action

In this drop-down list, you can select the first action to be performed by the application on an infected object that has been detected:

  • Disinfect the object. A copy of the infected object will be saved in the Storage.
  • Remove the object. A copy of the infected object will be saved in the Storage.
  • Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it (default value).
  • Skip the object.

Second action

In this drop-down list, you can select the second action to be performed by the application on an infected object, in case the first action is unsuccessful:

  • Disinfect the object. A copy of the infected object will be saved in the Storage.
  • Remove the object. A copy of the infected object will be saved in the Storage.
  • Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it.
  • Skip the object (default value).

Scan scopes

The table that contains the scopes scanned by the task. By default, the table contains one scan scope that includes all directories of the local file system.

You can add, configure, delete, move up, or move down scan scopes in the table.

Clicking the Move down button moves the selected item down in the table.

Kaspersky Embedded Systems Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table.

This button is available if a scope is selected in the table.

Clicking the Move up button moves the selected item up in the table.

Kaspersky Embedded Systems Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table.

This button is available if a scope is selected in the table.

Clicking the Delete button excludes the selected scope from scans.

This button is available if at least one scan scope is selected in the table.

Clicking the scan scope name opens the <Scan scope name> window. In this window, you can modify the settings of the selected scan scope.

Clicking the Add button opens the <New scan scope> window. In this window, you can define a new scan scope.

Page top

[Topic 246664]

Add scan scope window

In this window, you can add and configure scan scopes.

Scan scope settings

Setting

Description

Scan scope name

Field for entering the scan scope name. This name will be displayed in the table in the Scan scopes window.

The entry field must not be blank.

Use this scope

This check box enables or disables scans of this scope by the application.

If this check box is selected, the application processes this scan scope.

If this check box is cleared, the application does not process this scan scope. You can later include this scope in the component settings by selecting the check box.

The check box is selected by default.

File system, access protocol and path

You can select the type of file system in the drop-down list:

  • Local (default value) – local directories. If this item is selected, you need to indicate the path to the local directory.
  • Mounted – Mounted remote or local directories. If this item is selected, you need to indicate the protocol or name of the file system.
  • Shared — The protected server's file system resources accessible via the Samba or NFS protocol.
  • All remote mounted – all remote directories mounted on the device using the Samba and NFS protocols.
  • All shared — All of the protected server's file system resources accessible via the Samba and NFS protocols.

Access protocol

You can select the remote access protocol in the drop-down list:

  • NFS: remote directories mounted on a device using the NFS protocol.
  • Samba: remote directories mounted on a device using the Samba protocol.
  • Custom – resources of the device's file system specified in the field below.

This drop-down list is available if the Shared or Mounted type is selected in the drop-down list of file systems.

Path

This is the entry field for specifying the path to the directory that you want to include in the scan scope. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

You can use a single ? character to represent any one character in the file or directory name.

The / path is specified by default – the application scans all directories of the local file system.

This field is available if the Local type is selected in the drop-down list of file systems.

If the Local type is selected in the drop-down list of file systems, and the path is not specified, the application scans all directories of the local file system.

Name of shared resource

The field for entering the name of the file system shared resource, where the directories that you want to add to the scan scope are located.

The field is available if the Mounted type is selected in the File system drop-down list and the Custom item is selected in the Access protocol drop-down list.

Masks

The list contains name masks for the objects that the application scans.

By default the list contains the * mask (all objects).

You can add, edit, or delete masks.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top

[Topic 248956_2]

Scan scope section (Critical Areas Scan)

Scan scope settings for the Critical area scan task

Setting

Description

Scan files

This check box enables or disables file scans.

If the check box is selected, the application scans the files.

If the check box is cleared, the application does not scan the files.

This check box is cleared by default.

Scan boot sectors

This check box enables or disables boot sector scans.

If the check box is selected, the application scans the boot sectors.

If the check box is cleared, the application does not scan the boot sectors.

The check box is selected by default.

Scan device memory

This check box enables or disables client device memory scan.

If this check box is selected, the application scans process memory and kernel memory.

If this check box is cleared, the application does not scan process memory and kernel memory.

The check box is selected by default.

Scan startup objects

This check box enables or disables startup object scans.

If the check box is selected, the application scans startup objects.

If the check box is cleared, the application does not scan startup objects.

The check box is selected by default.

Devices to scan

Clicking the Configure device masks link opens the Scan scopes window, where you can specify the devices whose boot sectors will be scanned.

Page top

[Topic 246666]

Scan scopes window

The table contains name masks of the devices, whose boot sectors the application must scan. By default, the table contains the /** device name mask (all devices).

You can add, edit, and delete items in the table.

Clicking the Delete button excludes the selected scope from scans.

This button is available if at least one scan scope is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top
[Topic 215174_3]

Exclusion scopes section (Critical Areas Scan)

In the Exclusion scope section, you can configure exclusion scopes as well as exclusions by mask and by the threat name for the Critical Areas Scan task.

Page top

[Topic 246667]

Container Scan

When the Container Scan task is running, Kaspersky Embedded Systems Security scans containers and images for viruses and other malware. You can run multiple Container Scan tasks simultaneously.

Integration with Docker container management system, CRI-O framework, and Podman and runc utilities is supported.

To use the task, a license that includes the corresponding function is required.

Page top
[Topic 246679]

Scan settings section (Container Scan)

Container scan task settings

Setting

Description

Task priority

In this group of settings you can select the task priority:

  • Low— the scan task is executed with a low priority: no more than 10% of processor resource consumption. Execution of the task takes more time, but the application allocates resources for other tasks.
  • Normal (default value) — the scan task is executed with a normal priority: no more than 50% of all processor resources.
  • High — the scan task is executed with a high priority, without limiting the consumption of processor resources. Specify this value to perform the current scan task faster.

Scan archives

This check box enables or disables scan of archives.

If the check box is selected, the application scans the archives.

To scan an archive, the application has to unpack it first, which may slow down scanning. You can reduce the archive scan time by configuring the Skip object if scan takes longer than (sec) and Skip objects larger than (MB) settings in the General scan settings section.

If the check box is cleared, the application does not scan the archives.

The check box is selected by default.

Scan SFX archives

This check box enables or disables self-extracting archive scans. Self-extracting archives are the archives that contain an executable extraction module.

If the check box is selected, the application scans self-extracting archives.

If the check box is cleared, the application does not scan self-extracting archives.

This check box is available if the Scan archives check box is unchecked.

The check box is selected by default.

Scan mail databases

This check box enables or disables scans of mail databases of Microsoft Outlook, Outlook Express, The Bat!, and other mail applications.

If the check box is selected, the application scans mail database files.

If the check box is cleared, the application does not scan mail database files.

This check box is cleared by default.

Scan mail format files

This check box enables or disables scan of files of plain-text email messages.

If this check box is selected, the application scans plain-text messages.

If this check box is cleared, the application does not scan plain-text messages.

This check box is cleared by default.

Skip object if scan takes longer than (sec)

A field for specifying the maximum time to scan an object, in seconds. After the specified time, the application stops scanning the object.

Available values: 0–9999. If the value is set to 0, the scan time is unlimited.

Default value: 0.

Skip objects larger than (MB)

The field for specifying the maximum size of an archive to scan, in megabytes.

Available values: 0–999999. If the value is set to 0, the application scans objects of any size.

Default value: 0.

Log clean objects

This check box enables or disables the logging of ObjectProcessed type events.

If this check box is selected, the application logs events of the ObjectProcessed type for all scanned objects.

If this check box is cleared, the application does not log events of the ObjectProcessed type for any scanned object.

This check box is cleared by default.

Log unprocessed objects

This check box enables or disables the logging ObjectNotProcessed type events if a file cannot be processed during a scan.

If this check box is selected, the application logs the events of the ObjectNotProcessed type.

If this check box is cleared, the application does not log the events of the ObjectNotProcessed type.

This check box is cleared by default.

Log packed objects

This check box enables or disables the logging of PackedObjectDetected type events for all packed objects that are detected.

If this check box is selected, the application logs the events of the PackedObjectDetected type.

If this check box is cleared, the application does not log the events of the PackedObjectDetected type.

This check box is cleared by default.

Use iChecker technology

This check box enables or disables scan of only new and modified since the last scan files.

If the check box is selected, the application scans only new files or the files modified since the last scan.

If the check box is cleared, the application scans the files regardless of the creation or modification date.

The check box is selected by default.

Use heuristic analysis

This check box enables or disables heuristic analysis during file scans.

The check box is selected by default.

Heuristic analysis level

If the Use heuristic analysis check box is selected, you can select the heuristic analysis level in the drop-down list:

  • Light is the least detailed scan with minimal system load.
  • Medium is a medium scan with balanced system load.
  • Deep is the most detailed scan with maximum system load.
  • Recommended (default value) is the optimal level recommended by Kaspersky experts. It ensures an optimal combination of protection quality and impact on the performance of the protected devices.

First action

In this drop-down list, you can select the first action to be performed by the application on an infected object that has been detected:

  • Disinfect the object. A copy of the infected object will be saved in the Storage.
  • Remove the object. A copy of the infected object will be saved in the Storage.
  • Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it (default value).
  • Skip the object.

Second action

In this drop-down list, you can select the second action to be performed by the application on an infected object, in case the first action is unsuccessful:

  • Disinfect the object. A copy of the infected object will be saved in the Storage.
  • Remove the object. A copy of the infected object will be saved in the Storage.
  • Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it.
  • Skip the object (default value).

Scan containers

This check box enables or disables container scans. If the check box is selected, you can specify a name or a name mask for containers to be scanned.

The check box is selected by default.

Name mask

Entry field for a name or a name mask for containers to be scanned.

By default, the * mask is specified – all containers will be scanned.

Action on threat detection

You can select the action that the application performs on a container when it detects an infected object:

  • Skip container – do not perform any actions on the container when an infected object is detected.
  • Stop container – stop container when an infected object is detected.
  • Stop container if disinfection fails (default value) – stop the container if disinfection of the infected object or elimination of the threat fails.

Scan images

This check box enables or disables the image scan. If the check box is selected, you can specify a name or a name mask for images to be scanned.

The check box is selected by default.

Name mask

Entry field for a name or a name mask for images to be scanned.

By default, the * mask is specified (all images are scanned).

Action on threat detection

You can select the action that the application performs on a container when it detects an infected object:

  • Skip image (default value) – do not perform any actions on the image when an infected object is detected.
  • Delete image when an infected object is detected (not recommended). All dependencies will also be deleted. Running containers will be stopped, and then deleted.

Scan each layer

This check box enables or disables the scanning of all layers of images and running containers.

This check box is cleared by default.

Page top

[Topic 246680]

Exclusion scopes section (Container Scan)

In the Exclusion scopes section, you can configure exclusions by mask and by threat name for the Container scan task.

Page top
[Topic 246681]

System Integrity Check

While the System Integrity Check (ODFIM) task is running, each object change is determined by comparing the current state of the monitored objects with its original state, which was previously established as a baseline.

To use the task, a license that includes the corresponding function is required.

The system baseline is created during the first run of the ODFIM task on the device. You can create several ODFIM tasks. For each ODFIM task, a separate baseline is created. The task is performed only if the baseline corresponds to the monitoring scope. If the baseline does not match the monitoring scope, Kaspersky Embedded Systems Security generates a system integrity violation event.

The baseline is rebuilt after an ODFIM task has finished. You can rebuild a baseline for a task using the corresponding setting. Also, a baseline is rebuilt when the settings of a task change, for example, if a new monitoring scope is added. The baseline will be rebuilt during the next task run. You can delete a baseline by deleting the corresponding ODFIM task.

Page top
[Topic 246668]

Scan settings section (System Integrity Check)

System Integrity Check task settings

Setting

Description

Rebuild baseline on each task start

This check box enables or disables the rebuilding of the system baseline every time the System Integrity Check task is started.

This check box is cleared by default.

Use hash for monitoring (SHA-256)

This check box enables or disables use of the SHA-256 hash for the System Integrity Check task.

SHA-256 is a cryptographic hash function that produces a 256-bit hash value. The 256-bit hash value is represented as a sequence of 64 hexadecimal digits.

This check box is cleared by default.

Track directories in monitoring scopes

This check box enables or disables checking of the specified directories while the System Integrity Check task is running.

This check box is cleared by default.

Track last file access time

This check box enables or disables the tracking of file access time while the System Integrity Check task is running.

This check box is cleared by default.

Monitoring scopes

The table that contains the monitoring scopes scanned by the task.

By default, the table contains the Kaspersky internal objects (/opt/kaspersky/kess/) monitoring scope.

You can add, configure, delete, move up, or move down monitoring scopes in the table.

Clicking the Move down button moves the selected item down in the table.

Kaspersky Embedded Systems Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table.

This button is available if a scope is selected in the table.

Clicking the Move up button moves the selected item up in the table.

Kaspersky Embedded Systems Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table.

This button is available if a scope is selected in the table.

Clicking the Delete button excludes the selected scope from scans.

This button is available if at least one scan scope is selected in the table.

Clicking the scan scope name opens the <Scan scope name> window. In this window, you can modify the settings of the selected scan scope.

Clicking the Add button opens the <New scan scope> window. In this window, you can define a new scan scope.

Page top

[Topic 246669]

Add scan scope window

In this window, you can add or configure the monitoring scope for the System Integrity Check task.

Monitoring scope settings

Setting

Description

Scan scope name

Field for entering the monitoring scope name. This name will be displayed in the table in the Scan settings section.

The entry field must not be blank.

Use this scope

This check box enables or disables scans of this scope by the application.

If this check box is selected, the application controls this monitoring scope during the application's operation.

If this check box is cleared, the application does not control this monitoring scope during the operation. You can later include this scope in the component settings by selecting the check box.

The check box is selected by default.

File system, access protocol and path

Entry field for the path to the local directory that you want to include in the monitoring scope. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

You can use a single ? character to represent any one character in the file or directory name.

The field must not be blank.

The / path is specified by default – the application scans all directories of the local file system.

Masks

The list contains name masks for the objects that the application scans.

By default the list contains the * mask (all objects).

You can add, edit, or delete masks.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top

[Topic 218702]

Exclusion scopes section

In the Exclusion scopes section for the System Integrity Check task, you can also configure exclusion scopes for the scan and exclusions by mask.

Page top
[Topic 246675]

Exclusion scopes window

The table contains monitoring exclusion scopes for the System Integrity Check component. The application does not scan files and directories located at the paths specified in the table. By default, the table is empty.

Monitoring exclusion scope settings

Setting

Description

Exclusion scope name

Exclusion scope name.

Path

Path to the directory excluded from monitoring.

Status

Indicates whether the application excludes this scope from monitoring during the task operation.

You can add, edit, and delete items in the table.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top
[Topic 246676]

Add exclusion scope window

In this window, you can add and configure the monitoring exclusion scope for the System Integrity Check task.

Monitoring exclusion scope settings

Setting

Description

Exclusion scope name

Field for entering the exclusion scope name. This name will be displayed in the table in the Exclusion scopes window. The entry field must not be blank.

Use this scope

The check box enables or disables the exclusion of the scope from monitoring when the application is running.

If this check box is selected, the application excludes this scope from monitoring during the task operation.

If this check box is cleared, the application monitors this scope during the task operation. You can later exclude this scope from monitoring by selecting the check box.

The check box is selected by default.

File system, access protocol and path

Entry field for the path to the local directory that you want to add to the exclusion scope. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

You can use a single ? character to represent any one character in the file or directory name.

The field must not be blank.

The / path is specified by default. The application excludes all directories of the local file system from scan.

Masks

The list contains name masks of the objects that the application excludes from the monitoring.

By default the list contains the * mask (all objects).

You can add, edit, or delete masks.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top

[Topic 246677]

Exclusions by mask window

You can configure the exclusion of objects from monitoring based on name masks. The application does not scan the files with the names containing the specified masks. By default, the list of masks is empty.

You can add, edit, or delete masks.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens the Object mask window. In this window, in the Define object mask field, you can specify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Examples:

The *.txt mask refers to all text files.

The *_my_file_??.html mask refers to html files starting with any characters, and ending with _my_file_ followed by any two characters (for example, 2020_my_file_09.html).

Page top
[Topic 202412_3]

Configuring remote diagnostics of client devices

You can use remote diagnostics to perform the following operations remotely on client devices:

  • Enable or disable tracing.
  • Change the trace level.
  • Load a trace file.
  • Downloading a remote application installation log.
  • Download system event (syslog) logs.
  • Starting, stopping, and restarting applications.

Remote diagnostics of a client device is performed using the Administration Server in the remote diagnostics window.

For more information about the remote diagnostics, refer to Kaspersky Security Center Web Console documentation.

To open the remote device diagnostics window for a device:

  1. In the main window of the Web Console, select DevicesManaged devices.

    The list of managed devices opens.

  2. In the list of managed devices, select the device for which you want to perform remote diagnostics, and click the link with the device name to open the device properties window.
  3. On the Advanced tab, select the Remote diagnostics section.

In the device remote diagnostics window, you can view the remote installation log.

To view the remote installation log on a device, do as follows:

  1. Open the remote device diagnostics window.
  2. On the Event logs tab, under Trace files, click Remote installation logs.

    The Device trace event logs window opens.

Page top
[Topic 256545]