Contents
- Policy settings
- File Threat Protection
- Exclusion scopes
- Exclusions by process
- Firewall Management
- Web Threat Protection
- Network Threat Protection
- Kaspersky Security Network
- Application Сontrol
- Anti-Cryptor
- System Integrity Monitoring
- Device Control
- Behavior Detection
- Task management
- Removable Drives Scan
- Proxy server settings
- Application settings
- Container scan settings
- Network settings
- Global exclusions
- Excluding process memory
- Storage settings
Policy settings
You can use the policy to configure Kaspersky Embedded Systems Security settings for all client devices included in the administration group.
The set of values and default values of the policy settings may differ depending on the type of application license.
You can configure the application operation settings in the sections and subsections of the policy properties window described in the table below. For information about configuring general policy settings and event settings, refer to Kaspersky Security Center documentation.
Sections of the Policy properties window
Section |
Subsections |
|---|---|
Essential Threat Protection |
|
Advanced Threat Protection |
|
Local Tasks |
|
General settings |
File Threat Protection
File Threat Protection prevents infection of the file system on the user device. File Threat Protection starts automatically with the default settings upon Kaspersky Embedded Systems Security start. It resides in the device operating memory and scans all files that are opened, saved, and launched.
File Threat Protection settings
Setting |
Description |
|---|---|
Enable File Threat Protection |
This check box enables or disables File Threat Protection on all managed devices. The check box is selected by default. |
File Threat Protection mode |
In this drop-down list, you can select the File Threat Protection mode:
|
Scan |
This group of settings contains buttons that open windows where you can configure the scan scopes and scan settings. |
Actions for infected objects |
This group of settings contains the Configure button. Clicking this button opens the Actions for infected objects window, where you can configure the actions that Kaspersky Embedded Systems Security performs on detected infected objects. |
Scan scopes window
The table contains the scan scopes. The application will scan files and directories located in the paths specified in the table. By default, the table contains one scan scope that includes all directories of the local file system.
Scan scope settings
Setting |
Description |
|---|---|
Scope name |
Scan scope name. |
Path |
Path to the directory that the application scans. |
Status |
The status indicates whether the application scans this scope. |
You can add, edit, delete, move up, and move down items in the table.
Kaspersky Embedded Systems Security scans objects in the specified scopes in the order they appear in the list of scopes. If necessary, place the subdirectory higher in the list than its parent directory, to configure security settings for a subdirectory that are different from the security settings of the parent directory.
Page top<Scan scope name> window
In this window, you can add and configure scan scopes.
Scan scope settings
Setting |
Description |
|---|---|
Scan scope name |
Field for entering the scan scope name. This name will be displayed in the table in the Scan scopes window. The entry field must not be blank. |
Use this scope |
This check box enables or disables scans of this scope by the application. If this check box is selected, the application processes this scan scope. If this check box is cleared, the application does not process this scan scope. You can later include this scope in the component settings by selecting the check box. The check box is selected by default. |
File system, access protocol and path |
The settings block lets you set the scan scope. You can select the file system type in the drop-down list of file systems:
|
If Shared or Mounted is selected in the drop-down list of file systems, you can select the remote access protocol in the drop-down list on the right:
|
|
If Local is selected in the drop-down list of file systems, then in the input field you can enter a path to a directory that you want to add to the scan scope. You can use masks to specify the path. The / path is specified by default – the application scans all directories of the local file system. If the Local type is selected in the drop-down list of file systems, and the path is not specified, the application scans all directories of the local file system. |
|
Filesystem name |
The field for entering the name of the file system where the directories that you want to add to the scan scope are located. The field is available if the Mounted type is selected in the drop-down list of file systems and the Custom item is selected in the drop-down list on the right. |
Masks |
The list contains name masks for the objects that the application scans. By default the list contains the * mask (all objects). |
Scan settings window
In this window, you can configure file scan settings while File Threat Protection is enabled.
File Threat Protection settings
Setting |
Description |
|---|---|
Scan archives |
This check box enables or disables scan of archives. If this check box is selected, Kaspersky Embedded Systems Security scans archives. To scan an archive, the application has to unpack it first, which may slow down scanning. You can reduce the archive scan duration by enabling and configuring the Skip object if scan takes longer than (sec) and Skip objects larger than (MB) settings in the General scan settings section. If this check box is cleared, Kaspersky Embedded Systems Security does not scan archives. This check box is cleared by default. |
Scan SFX archives |
This check box enables or disables self-extracting archive scans. Self-extracting archives are archives that contain an executable extraction module. If this check box is selected, Kaspersky Embedded Systems Security scans self-extracting archives. If this check box is cleared, Kaspersky Embedded Systems Security does not scan self-extracting archives. This check box is available if the Scan archives check box is unchecked. This check box is cleared by default. |
Scan mail databases |
This check box enables or disables scans of mail databases of Microsoft Outlook, Outlook Express, The Bat!, and other mail applications. If this check box is selected, Kaspersky Embedded Systems Security scans mail database files. If this check box is cleared, Kaspersky Embedded Systems Security does not scan mail database files. This check box is cleared by default. |
Scan mail format files |
This check box enables or disables scan of files of plain-text email messages. If this check box is selected, Kaspersky Embedded Systems Security scans plain-text messages. If this check box is cleared, Kaspersky Embedded Systems Security does not scan plain-text messages. This check box is cleared by default. |
Skip text files |
Temporary exclusion of files in text format from scans. If the checkbox is selected, Kaspersky Embedded Systems Security does not scan text files if they are reused by the same process for 10 minutes after the most recent scan. This setting makes it possible to optimize scans of application logs. If this check box is unselected, Kaspersky Embedded Systems Security scans text files. This check box is cleared by default. |
Skip object if scan takes longer than (sec) |
A field for specifying the maximum time to scan an object, in seconds. After the specified time is reached, Kaspersky Embedded Systems Security stops scanning the object. Available values: 0–9999. If the value is set to 0, the scan time is unlimited. Default value: 60. |
Skip objects larger than (MB) |
The field for specifying the maximum size of an archive to scan, in megabytes. Available values: 0–999999. If the value is set to 0, Kaspersky Embedded Systems Security scans objects of any size. Default value: 0. |
Log clean objects |
This check box enables or disables the logging of ObjectProcessed type events. If this check box is selected, Kaspersky Embedded Systems Security logs ObjectProcessed type events for all scanned objects. If this check box is cleared, Kaspersky Embedded Systems Security does not log ObjectProcessed type events. This check box is cleared by default. |
Log unprocessed objects |
This check box enables or disables the logging ObjectNotProcessed type events if a file cannot be processed during a scan. If this check box is selected, Kaspersky Embedded Systems Security logs ObjectNotProcessed type events. If this check box is cleared, Kaspersky Embedded Systems Security does not log ObjectNotProcessed type events. This check box is cleared by default. |
Log packed objects |
This check box enables or disables the logging of PackedObjectDetected type events for all packed objects that are detected. If this check box is selected, Kaspersky Embedded Systems Security logs PackedObjectDetected type events. If this check box is cleared, Kaspersky Embedded Systems Security does not log PackedObjectDetected type events. This check box is cleared by default. |
Use iChecker technology |
This check box enables or disables scan of only new and modified since the last scan files. If the check box is selected, Kaspersky Embedded Systems Security scans only new or modified since the last scan files. If the check box is cleared, Kaspersky Embedded Systems Security scans files regardless to the date of creation or modification. The check box is selected by default. |
Use heuristic analysis |
This check box enables or disables heuristic analysis during file scans. The check box is selected by default. |
Heuristic analysis level |
If the Use heuristic analysis check box is selected, you can select the heuristic analysis level in the drop-down list:
|
Actions for infected objects window
In this window, you can configure actions to be performed by Kaspersky Embedded Systems Security on detected infected objects:
File Threat Protection settings
Setting |
Description |
|---|---|
First action |
In this drop-down list, you can select the first action to be performed by Kaspersky Embedded Systems Security on an infected object that has been detected:
|
Second action |
In this drop-down list, you can select the second action to be performed by Kaspersky Embedded Systems Security on an infected object, in case the first action is unsuccessful:
|
Exclusion scopes
Scan exclusion is a set of conditions. When these conditions are met, Kaspersky Embedded Systems Security does not scan the objects for viruses and other malware. You can also exclude objects from scans by masks and threat names.
Settings of scan exclusions
Group of settings |
Description |
|---|---|
Exclusions |
This group of settings contains the Configure button. Clicking this button opens the Exclusion scopes window. In this window, you can define the list of scopes to be excluded from scans. |
Exclusions by mask |
This group of settings contains the Configure button, which opens the Exclusions by mask window. In this window, you can configure the exclusion of objects from scans by name mask. |
Exclusions by threat name |
This group of settings contains the Configure button, which opens the Exclusions by threat name window. In this window, you can configure the exclusion of objects from scans based on threat name. |
Exclusion scopes window
This table contains scan exclusion scopes. The application does not scan files and directories located at the paths specified in the table. By default, the table is empty.
Exclusion scope settings
Setting |
Description |
|---|---|
Exclusion scope name |
Exclusion scope name. |
Path |
Path to the directory excluded from scan. |
Status |
The status indicates whether the application uses this exclusion. |
You can add, edit, and delete items in the table.
Page top<Exclusion scope name> window
In this window, you can add and configure scan exclusion scopes.
Exclusion scope settings
Setting |
Description |
|---|---|
Exclusion scope name |
Field for entering the exclusion scope name. This name will be displayed in the table in the Exclusion scopes window. The entry field must not be blank. |
Use this scope |
The check box enables or disables exclusion of the scope from scan when the application is running. If this check box is selected, the application excludes this area during scans. If this check box is cleared, the application includes this area in the scan scope. You can later exclude this scope by selecting the check box. The check box is selected by default. |
File system, access protocol and path |
The settings block lets you set the exclusion scope. In the drop-down list of file systems, you can select the type of file system of the directories to be excluded from scans:
|
If Mounted is selected in the drop-down list of file systems, you can select the remote access protocol in the drop-down list on the right:
|
|
If Local is selected in the drop-down list of file systems, then in the input field you can enter a path to a directory that you want add to the exclusion scope. You can use masks to specify the path. The / path is specified by default. The application excludes all directories of the local file system from scan. |
|
Filesystem name |
The field for entering the name of the file system where the directories that you want to add to the exclusion scope are located. The field is available if the Mounted type is selected in the drop-down list of file systems and the Custom item is selected in the drop-down list on the right. |
Masks |
The list contains name masks of the objects that the application excludes from scan. Masks are only applied to objects in the directory specified in the path field. By default the list contains the * mask (all objects). |
Exclusions by mask window
You can configure the exclusion of objects from scans based on name mask. The application will not scan files whose names contain the specified mask. By default, the list of masks is empty.
You can add, edit, or delete masks.
Page topExclusions by threat name window
You can configure the exclusion of objects from scans based on threat name. The application will not block the specified threats. By default, the list of threat names is empty.
You can add, edit, and delete threat names.
Page topExclusions by process
You can exclude process activity from scans. The application does not scan the activity of the indicated processes. You can also exclude the files modified by the indicated processes.
The Exclusions by process settings group contains a Configure button, which opens the Exclusions by process window. In this window, you can define the list of exclusion scopes for exclusion by process.
Page topExclusions by process window
The table contains the exclusion scopes for exclusion by process The exclusion scope for exclusion by process lets you exclude from scans the activity of the indicated process and files modified by the indicated process. By default, the table includes two exclusion scopes that contain paths to the Network Agents. You can remove these exclusions, if necessary.
Exclusion scope settings for exclusion by process
Setting |
Description |
|---|---|
Exclusion scope name |
Exclusion scope name. |
Path |
Full path to excluded process. |
Status |
The status indicates whether the application uses this exclusion. |
You can add, edit, and delete items in the table.
Page topTrusted process window
In this window, you can add and configure exclusion scopes for exclusion by process.
Exclusion scope settings for exclusion by process
Setting |
Description |
|---|---|
Exclusion scope name |
Field for entering the exclusion scope name. This name will be displayed in a table in the Exclusions by process window. The entry field must not be blank. |
Path to excluded process |
Full path to the process you want to exclude from scans. |
Apply to child processes |
Exclude child processes of the excluded process indicated by the Path to excluded process setting. This check box is cleared by default. |
Use this scope |
The check box enables or disables this exclusion scope. If this check box is selected, the application excludes this area during scans. If this check box is cleared, the application includes this area in the scan scope. You can later exclude this scope by selecting the check box. The check box is selected by default. |
Path to modified files |
This group of settings lets you set scan exclusions for files modified by the process. In the drop-down list of file systems, you can select the type of file system of the directories to be excluded from scans:
|
If Mounted or Shared is selected in the drop-down list of file systems, then you can select the remote access protocol in the drop-down list of access protocols:
|
|
If Local is selected in the drop-down list of file systems, then in the input field you can enter a path to a directory that you want add to the exclusion scope. You can use masks to specify the path. The entry field must not be blank. |
|
Filesystem name |
The field for entering the name of the file system where the directories that you want to add to the exclusion scope are located. The field is available if the Mounted type is selected in the drop-down list of file systems and the Custom item is selected in the drop-down list on the right. |
Masks |
The list contains name masks of the objects that the application excludes from scan. Masks are only applied to objects in the directory specified in the Path to modified files field. |
Firewall Management
The operating system firewall protects personal data that is stored on the user's device. The firewall blocks most threats to the operating system when the device is connected to the Internet or a LAN. Firewall Management detects all network connections by the user's device and provides a list of IP addresses, as well as an indication of the default network connection's status.
The Firewall Management component filters all network activity according to the network packet rules. Configuring network packet rules lets you specify the desired level of the device protection, from blocking Internet access for all applications to allowing unlimited access.
It is recommended to disable other operating system firewall management tools before enabling the Firewall Management component.
Firewall Management settings
Setting |
Description |
|---|---|
Enable Firewall Management |
This check box enables or disables Firewall Management. The check box is selected by default. |
Network packet rules |
This group of settings contains the Configure button. Clicking this button opens the Network packet rules window. In this window, you can configure network packet rules that are applied by the Firewall Management component when it detects the network connection attempt. |
Available networks |
This group of settings contains the Configure button. Clicking this button opens the List of available networks window. In this window, you can configure the list of networks that the Firewall Management component will monitor. |
Incoming connections |
In this drop-down list, you can select the action to be performed for incoming network connections:
|
Incoming packets |
In this drop-down list you can select the action to be performed for incoming packets:
|
Always add allowing rules for Network Agent ports |
This check box enables or disables automatic adding allowing rules for Network Agent ports. The check box is selected by default. |
Network packet rules window
The Network packet rules table contains network packet rules that the Firewall Management component uses for network activity monitoring. You can configure the settings described in the table below for network packet rules.
Network packet rules settings
Setting |
Description |
|---|---|
Name |
Network packet rule name. |
Action |
Action to be performed by Firewall Management when it detects the network activity. |
Local address |
Network addresses of devices that have Kaspersky Embedded Systems Security installed and can send and/or receive network packets. |
Remote address |
Network addresses of remote devices that can send and/or receive network packets. |
Logging |
This column shows if the application logs actions of the network packet rule. If the value is Yes, the application logs the actions of the network packet rule. If the value is No, the application does not log the actions of the network packet rule. |
By default, the table of network packet rules is empty.
You can add, edit, delete, move up, and move down network packet rules in the table.
Page topAdded network packet rule window
In this window, you can configure the added network packet rule settings.
Network packet rule settings
Setting |
Description |
|---|---|
Protocol |
You can select the type of data transfer protocol for which you want to monitor network activity:
|
Direction |
You can specify the direction of network activity being monitored:
|
ICMP type |
You can specify the ICMP type. The Firewall Management component monitors messages of the specified type sent by the host or gateway. If the Specified option is selected, the field for entering the ICMP type will be displayed. This window is displayed if the ICMP or ICMPv6 data transfer protocol is selected in the Protocol drop-down list. |
ICMP code |
You can specify the ICMP code. The Firewall Management component monitors messages of the type specified in the ICMP type field, with the code specified in the ICMP code field, and sent by the host or gateway. If the Specified option is selected, the field for entering the ICMP code will be displayed. This window is displayed if the ICMP or ICMPv6 data transfer protocol is selected in the Protocol drop-down list. |
Remote ports |
You can specify the port numbers of the remote devices between which the connection is to be monitored. If the Specified option is selected, the field for entering the port numbers will be displayed. This window is displayed only if TCP or UDP data transfer protocol is selected in the Protocol drop-down list. |
Local ports |
You can specify the port numbers of the local devices between which the connection is to be monitored. If the Specified option is selected, the field for entering the port numbers will be displayed. This window is displayed only if TCP or UDP data transfer protocol is selected in the Protocol drop-down list. |
Remote addresses |
You can specify the network addresses of the remote devices that can send and receive network packets:
|
Local addresses |
You can specify the network addresses of the devices with Kaspersky Embedded Systems Security installed that can send and receive network packets:
|
Action |
You can select an action to be performed by the Firewall Management component when it detects network activity:
|
Logging |
You can specify whether the actions of the network rule will be logged in the report. |
Rule name |
The field for entering the name of the network packet rule. |
Available networks window
The Available networks table contains the networks controlled by the Firewall Management component. The table of available networks is empty by default.
Available networks settings
Setting |
Description |
|---|---|
IP address |
Network IP address. |
Network type |
Network type (Public network, Local network, or Trusted network). |
Network connection window
In this window, you can configure the network connection that the Firewall Management component will monitor.
Network connection
Setting |
Description |
|---|---|
IP address |
The field for entering IP address of the network. |
Network type |
You can select the type of the network:
|
Web Threat Protection
While the Web Threat Protection component is running, Kaspersky Embedded Systems Security scans inbound traffic and prevents downloads of malicious files from the Internet and also blocks phishing, adware, or other malicious websites.
The application scans HTTP, HTTPS, and FTP traffic. Also, the application scans websites and IP addresses. You can specify the network ports or network port ranges to be monitored.
To monitor HTTPS traffic, enable encrypted connection scans. To monitor FTP traffic, select the Monitor all network ports check box.
Web Threat Protection settings
Setting |
Description |
|---|---|
Enable Web Threat Protection |
This check box enables or disables Web Threat Protection. This check box is cleared by default. |
Trusted web addresses |
This group of settings contains the Configure button, which opens the Trusted web addresses window, where you can specify the list of trusted web addresses. Kaspersky Embedded Systems Security will not scan the contents of websites whose web addresses are included in this list. |
Action on threat detection |
Action that the application performs on a web resource where a dangerous object is detected:
|
Scan settings |
This group of settings contains the Configure button, which opens the Scan settings window, where you can configure the settings for scanning incoming traffic. |
Trusted web addresses window
In this window, you can add web addresses and web pages whose content you consider trusted.
You can only add HTTP/HTTPS web addresses to the list of trusted web addresses. You can use masks to specify web addresses. Masks are not supported to specify IP addresses. By default, the list is empty.
Web address window
In this window, you can add a web address or a web address mask to the list of trusted web addresses.
You can add only HTTP/HTTPS web addresses to the list of trusted web addresses. You can use masks to specify web addresses. Masks are not supported to specify IP addresses.
Page topScan settings window
In this window, you can configure the settings for scanning incoming traffic during operation of the Web Threat Protection component.
Web Threat Protection settings
Setting |
Description |
|---|---|
Detect malicious objects |
This check box enables or disables checking of links against the databases of malicious web addresses. The check box is selected by default. |
Detect phishing links |
This check box enables or disables checking of links against the databases of phishing web addresses. The check box is selected by default. |
Use heuristic analysis for detecting phishing links |
This check box enables or disables the use of heuristic analysis for detecting phishing links. This check box is available if the Detect phishing links check box is selected, and is selected by default. |
Detect adware |
This check box enables or disables checking links against the databases of adware web addresses. This check box is cleared by default. |
Detect legitimate applications that may be used by hackers to harm devices or data |
This check box enables or disables checking links against the databases of legitimate applications that can be used by hackers to harm devices or data. This check box is cleared by default. |
Network Threat Protection
While the Network Threat Protection component is running, the application scans inbound network traffic for activity that is typical for network attacks. Network Threat Protection is started by default when the application starts.
The application receives the numbers of the TCP ports from the current application databases and scans incoming traffic for these ports. Upon detecting an attempt of a network attack that targets your device, the application blocks network activity from the attacking device and logs an event about the detected network activity.
To scan network traffic, the Network Threat Protection task receives port numbers from the application databases and accepts connections via all these ports. During the network scan process, it may look like an open port on the device, even if no application on the system is listening to this port. It is recommended to close unused ports by means of a firewall.
Network Threat Protection settings
Setting |
Description |
|---|---|
Enable Network Threat Protection |
This check box enables or disables Network Threat Protection. The check box is selected by default. |
Action on threat detection |
Actions performed upon detection of network activity that is typical of network attacks.
|
Block attacking hosts |
This check box enables or disables the blocking of network activity when a network attack attempt is detected. The check box is selected by default. |
Block the attacking host for (min) |
In this field you can specify the duration an attacking device is blocked in minutes. After the specified time, Kaspersky Embedded Systems Security allows network activity from this device. Available values: integer from 1 to 32768. Default value: 60. |
Exclusions |
This group of settings contains the Configure button, which opens the Exclusions window, where you can specify a list of IP addresses. Network attacks from these IP addresses will not be blocked. |
Exclusions window
In this window, you can add IP addresses from which network attacks will not be blocked.
By default, the list is empty.
IP address window
In this window, you can add and edit IP addresses. Network attacks from these IP addresses will not be blocked by Kaspersky Embedded Systems Security.
IP addresses
Setting |
Description |
|---|---|
Enter an IP address (IPv4 or IPv6) |
Entry field for an IP address. You can specify IP addresses of IPv4 and IPv6 versions. |
Kaspersky Security Network
To increase the protection of devices and user data, Kaspersky Embedded Systems Security can use Kaspersky's cloud-based knowledge base Kaspersky Security Network (KSN) to check the reputation of files, Internet resources, and software. The use of Kaspersky Security Network data ensures a faster response to various threats, high protection component performance, and fewer false positives.
Kaspersky Embedded Systems Security supports the following infrastructure solutions to work with Kaspersky's reputation databases:
- Kaspersky Security Network (KSN) – A solution that receives information from Kaspersky and sends data about objects detected on user devices to Kaspersky for additional verification by Kaspersky analysts and to add to reputation and statistical databases.
- Kaspersky Private Security Network (KPSN) – A solution that allows users of devices with Kaspersky Embedded Systems Security installed to access the reputation databases of Kaspersky, as well as other statistical data, without sending data to Kaspersky from their devices. KPSN is designed for corporate clients who can't use Kaspersky Security Network, for example, for the following reasons:
- No connection of local workplaces to the Internet
- Legal prohibition or corporate security restrictions on sending any data outside the country or the organization's local network
After changing the Kaspersky Embedded Systems Security license, submit the details of the new key to the service provider in order to be able to use KPSN. Otherwise, data exchange with KPSN will be impossible due to an authentication error.
Use of Kaspersky Security Network is voluntary. Kaspersky Embedded Systems Security suggests using KSN during installation. You can start or stop using KSN at any time.
There are two options for using KSN:
- KSN with statistics sharing (extended KSN mode) – you can receive information from the Kaspersky knowledge base, while Kaspersky Embedded Systems Security automatically sends statistical information to KSN obtained during its operation. The application can also send to Kaspersky for additional scanning certain files (or parts of files) that intruders can use to harm the device or data.
- KSN without statistics sharing – you can receive information from the Kaspersky knowledge base, while Kaspersky Embedded Systems Security does not send anonymous statistics and data about the types and sources of threats.
You can start or stop using Kaspersky Security Network at any time. You can also select another Kaspersky Security Network usage option by clicking the Edit button.
No personal data is collected, processed, or stored. Detailed information about the storage, and destruction, and/or submission to Kaspersky of statistical information generated during participation in KSN is available in the Kaspersky Security Network Statement and on Kaspersky's website.
You can read the text of the Kaspersky Security Network Statement in the Kaspersky Security Network Statement window, which can be opened by clicking the Kaspersky Security Network Statement link.
User devices managed by Kaspersky Security Center Administration Server can interact with KSN via the KSN proxy server service. You can configure the KSN proxy server settings in the Kaspersky Security Center Administration Server properties. For details about the KSN proxy server service refer to Kaspersky Security Center documentation.
Page topKaspersky Security Network settings
In this window, you can configure Kaspersky Security Network participation settings.
Kaspersky Security Network settings
Setting |
Description |
|---|---|
More info... |
Clicking this link opens the Kaspersky website. |
Do not use KSN |
By selecting this option, you decline to use Kaspersky Security Network. |
KSN without statistics sharing |
By selecting this option, you accept the terms of use of Kaspersky Security Network. You will be able to receive information from Kaspersky's online knowledge base about the reputation of files, web resources, and software. |
KSN with statistics sharing (extended KSN mode) |
By selecting this option, you accept the terms of use of Kaspersky Security Network. You will be able to receive information from Kaspersky's online knowledge base about the reputation of files, web resources, and software. Also, anonymous statistics and information about the types and sources of various threats will be sent to Kaspersky to improve Kaspersky Security Network. |
Kaspersky Security Network Statement |
Clicking this link opens the Kaspersky Security Network Statement window. In this window, you can read the text of the Kaspersky Security Network Statement. |
Kaspersky Security Network Statement
In this window, you can read the text of the Kaspersky Security Network Statement and accept its terms and conditions.
Kaspersky Security Network settings
Setting |
Description |
|---|---|
I confirm that I have fully read, understand, and accept the terms and conditions of the Kaspersky Security Network Statement |
By selecting this option, you confirm that you want to use the Kaspersky Security Network, and you have fully read, understood, and accept the terms and conditions of the Kaspersky Security Network Statement that is displayed. The option is available if you select the KSN without statistics sharing option or the KSN with statistics sharing (extended KSN mode) option in the Kaspersky Security Network Settings window. |
I do not accept the terms and conditions of the Kaspersky Security Network Statement |
By selecting this option, you confirm that you do not want to use Kaspersky Security Network. The option is available if you select the Kaspersky Security Network without statistics sharing option or the Kaspersky Security Network with statistics sharing (extended KSN mode) option in the Kaspersky Security Network Settings window. |
Kaspersky Private Security Network Statement
In this window, you can read the text of the Kaspersky Private Security Network Statement and accept its terms and conditions.
Kaspersky Security Network settings
Setting |
Description |
|---|---|
I confirm that I have fully read, understand, and accept the terms and conditions of the Kaspersky Security Network Statement |
By selecting this option, you confirm that you want to participate in the Kaspersky Security Network, and you have fully read, understood, and accept the terms and conditions of the Kaspersky Private Security Network Statement that is displayed. |
I do not accept the terms and conditions of the Kaspersky Security Network Statement |
By selecting this option, you confirm that you do not want to use Kaspersky Security Network. |
Application Сontrol
During execution of the Application Control task, Kaspersky Embedded Systems Security controls the launching of applications on user devices. This helps reduce the risk of device infection by restricting access to applications. Application launching is regulated by Application Control rules.
Application Control can operate in two modes:
- Denylist. In this mode Kaspersky Embedded Systems Security allows all users to launch any applications that are not specified in the Application Control rules. This is the default operation mode of the Application Control component.
- Allowlist. In this mode Kaspersky Embedded Systems Security prevents all users from launching any applications that are not specified in the Application Control rules.
For each Application Control operation mode, separate rules can be created and an action can be specified: apply rules or test rules. Kaspersky Embedded Systems Security performs this action when it detects an attempt to start an application.
The Application Control settings are described in the following table.
Application Control settings
Setting |
Description |
|---|---|
Enable Application Control |
The check box enables the Application Control component. This check box is cleared by default. |
Action on application startup attempt |
The action that Kaspersky Embedded Systems Security performs upon detecting an attempt to start an application that matches the configured rules:
|
Application Control mode |
Application Control task operation mode:
|
Application Control rules |
This group of settings contains the Configure button. Clicking this button opens the Application Control rules window. |
Application Control rules window
The Application Control rules table contains the rules used by the Application Control component. The Application Control rules table is empty by default.
Application Control rules settings
Setting |
Description |
|---|---|
Category name |
The name of the application category that is used by the rule. |
Status |
Operation status of the Application Control rule:
You can change the rule status in the Add new rule window. |
You can add, modify and remove Application Control rules.
Page topAdding rule window
In this window, you can configure the settings for the created Application Control rule.
Adding the Application Control rule
Setting |
Description |
|---|---|
Description |
Description of the Application Control rule. |
Rule status |
In the drop-down list, you can select the status of the Application Control rule:
|
Category |
This group of settings contains the Configure button. Clicking this button opens the Application Control categories window. |
Access control list |
The table contains a list of users or user groups to which the Application Control rule applies, and the types of access assigned to them, and consists of the following columns:
|
Application Control categories window
In this window, you can add a new category or configure the category settings for an Application Control rule.
Kaspersky Embedded Systems Security does not support use of the KL categories of Kaspersky Security Center.
Application Control categories
Setting |
Description |
|---|---|
Category name |
List of the added Application Control categories. |
Add |
Clicking the button starts the category creation wizard. Follow the instructions of the Wizard. |
Edit |
Clicking this button opens the category properties window, where you can change the category settings. |
Principal name window
In this window, you can specify a local or domain user or user group for which you want to configure a rule.
Adding the Application Control rule
Setting |
Description |
|---|---|
Principal type |
Principal type to which the rule applies: User or Group. |
User or group name |
Name of the user or user group to which the Application Control rule applies. |
Access |
Access type: Allow access or Block access. |
Anti-Cryptor
Anti-Cryptor allows you to protect your files in local directories with network access by SMB/NFS protocols from remote malicious encryption.
While the Anti-Cryptor component is running, Kaspersky Embedded Systems Security scans remote devices calls to access the files located in the shared network directories of the protected device. If the application considers a remote device actions on network file resources to be malicious encrypting, this device is added to a list of untrusted devices and loses access to the shared network directories. The application does not consider activity to be malicious encryption if it is detected in the directories excluded from the protection scope of the Anti-Cryptor component.
For the Anti-Cryptor component to operate correctly, at least one of the services (Samba or NFS) must be installed in the operating system. For the NFS service, the rpcbind package must be installed.
Anti-Cryptor operates correctly with the SMB1, SMB2, SMB3, NFS3, TCP/UDP, and IP/IPv6 protocols. Working with NFS2 and NFS4 protocols is not supported. It is recommended to configure your server settings so that the NFS2 and NFS4 protocols cannot be used to mount resources.
Anti-Cryptor does not block access to network file resources until the device activity is identified as malicious. So, at least one file will be encrypted before the application detects malicious activity.
Anti-Cryptor settings
Setting |
Description |
|---|---|
Enable Anti-Cryptor |
This check box enables or disables the protection of files in local directories with network access by SMB/NFS protocols from remote malicious encryption. The check box is selected by default. |
Protection scopes |
This group of settings contains buttons that open the windows where you can configure scan scopes and protection settings. |
Exclusions |
This group of settings contains the Configure button. Clicking this button opens the Exclusion scopes window. In this window, you can define the list of scopes to be excluded from scans. |
Exclusions by mask |
This group of settings contains the Configure button, which opens the Exclusions by mask window. In this window, you can configure the exclusion of objects from scans by name mask. |
Scan scopes window
The table contains the scan scopes. The application will scan files and directories located in the paths specified in the table. By default, the table contains one scan scope that includes all directories of the local file system.
Scan scope settings
Setting |
Description |
|---|---|
Scope name |
Scan scope name. |
Path |
Path to the directory that the application scans. |
Status |
The status indicates whether the application scans this scope. |
You can add, edit, delete, move up, and move down items in the table.
Kaspersky Embedded Systems Security scans objects in the specified scopes in the order they appear in the list of scopes. If necessary, place the subdirectory higher in the list than its parent directory, to configure security settings for a subdirectory that are different from the security settings of the parent directory.
Page top<New scan scope> window
In this window, you can add or configure protection scope for the Anti-Cryptor component.
Protection scope settings
Setting |
Description |
|---|---|
Scope name |
Field for entering the protection scope name. This name will be displayed in the table in the Scan scopes window. The entry field must not be blank. |
Use this scope |
This check box enables or disables scans of this scope by the application. If this check box is selected, the application processes this protection scope during the component operation. If this check box is cleared, the application does not process this protection scope during the component operation. You can later include this scope in the component operation settings by selecting the check box. The check box is selected by default. |
File system, access protocol and path |
The settings block lets you set the scan scope. You can select the file system type in the drop-down list of file systems:
|
If Shared is selected in the drop-down list of file systems, you can select the remote access protocol in the drop-down list on the right:
|
|
If Local is selected in the drop-down list of file systems, then in the input field you can enter a path to a directory that you want to add to the protection scope. You can use masks to specify the path. The field must not be blank. |
|
Masks |
This list contains name masks of the objects that the application scans during operation of the Anti-Cryptor component. By default the list contains the * mask (all objects). |
Protection settings window
Protection settings
Setting |
Description |
|---|---|
Enable untrusted hosts blocking |
This check box enables or disables untrusted hosts blocking. The check box is selected by default. |
Block untrusted host for (min) |
In this field you can specify the untrusted host blocking duration in minutes. After the specified time, Kaspersky Embedded Systems Security removes the untrusted devices from the list of blocked devices. The access of the host to network file resources is restored automatically, after it is deleted from the list of untrusted hosts. If a compromised host is blocked and you change this setting value, the blocking time for this host will not change. The blocking time is not a dynamic value, and it is calculated at the moment of blocking. Available values: integer from 1 to 4294967295. Default value: 30. |
Exclusion scopes window
This table contains scan exclusion scopes. The application does not scan files and directories located at the paths specified in the table. By default, the table is empty.
Exclusion scope settings
Setting |
Description |
|---|---|
Exclusion scope name |
Exclusion scope name. |
Path |
Path to the directory excluded from scan. |
Status |
The status indicates whether the application uses this exclusion. |
You can add, edit, and delete items in the table.
Page top<Exclusion scope name> window
In this window, you can add and configure scan exclusion scopes.
Exclusion scope settings
Setting |
Description |
|---|---|
Exclusion scope name |
Field for entering the exclusion scope name. This name will be displayed in the table in the Exclusion scopes window. The entry field must not be blank. |
Use this scope |
The check box enables or disables exclusion of the scope from scan when the application is running. If this check box is selected, the application excludes this area during scans. If this check box is cleared, the application includes this area in the scan scope. You can later exclude this scope by selecting the check box. The check box is selected by default. |
File system, access protocol and path |
The settings block lets you set the exclusion scope. In the drop-down list of file systems, you can select the type of file system of the directories to be excluded from scans:
|
If Mounted is selected in the drop-down list of file systems, you can select the remote access protocol in the drop-down list on the right:
|
|
If Local is selected in the drop-down list of file systems, then in the input field you can enter a path to a directory that you want add to the exclusion scope. You can use masks to specify the path. The / path is specified by default. The application excludes all directories of the local file system from scan. |
|
Filesystem name |
The field for entering the name of the file system where the directories that you want to add to the exclusion scope are located. The field is available if the Mounted type is selected in the drop-down list of file systems and the Custom item is selected in the drop-down list on the right. |
Masks |
The list contains name masks of the objects that the application excludes from scan. Masks are only applied to objects in the directory specified in the path field. By default the list contains the * mask (all objects). |
Exclusions by mask window
You can configure the exclusion of objects from scans based on name mask. The application will not scan files whose names contain the specified mask. By default, the list of masks is empty.
You can add, edit, or delete masks.
Page topSystem Integrity Monitoring
System Integrity Monitoring is designed to track the actions performed on files and directories in the monitoring scope specified in the component operation settings. You can use System Integrity Monitoring to track the file changes that may indicate a security breach on a protected device.
To use the component, a license that includes the corresponding function is required.
System Integrity Monitoring settings
Setting |
Description |
|---|---|
Enable System Integrity Monitoring |
This check box enables or disables System Integrity Monitoring. This check box is cleared by default. |
Monitoring scopes |
The group of settings contains the Configure button. Clicking this button opens the Scan scopes window. |
Monitoring exclusions |
This group of settings contains the Configure button. Clicking this button opens the Exclusion scopes window. |
Exclusions by mask |
This group of settings contains the Configure button, which opens the Exclusions by mask window. |
Scan scopes window
The table contains monitoring scopes for the System Integrity Monitoring component. The application monitors files and directories located in the paths specified in the table. By default, the table contains one monitoring scope, Kaspersky internal objects (/opt/kaspersky/kess/).
Monitoring scope settings
Setting |
Description |
|---|---|
Scope name |
Monitoring scope name. |
Path |
Path to the directory that the application protects. |
Status |
The status indicates whether the application scans this scope. |
You can add, edit, delete, move up, and move down items in the table.
Kaspersky Embedded Systems Security scans objects in the specified scopes, in the order they appear in the list of scopes. If necessary, place the subdirectory higher in the list than its parent directory, to configure security settings for a subdirectory that are different from the security settings of the parent directory.
Page top<New scan scope> window
In this window, you can add and configure monitoring scopes for the System Integrity Monitoring component.
Monitoring scope settings
Setting |
Description |
|---|---|
Scan scope name |
Field for entering the monitoring scope name. This name will be displayed in the table in the Scan scopes window. The entry field must not be blank. |
Use this scope |
This check box enables or disables scans of this scope by the application. If this check box is selected, the application controls this monitoring scope during the application's operation. If this check box is cleared, the application does not control this monitoring scope during the operation. You can later include this scope in the component settings by selecting the check box. The check box is selected by default. |
File system, access protocol and path |
Entry field for the path to the local directory that you want to include in the monitoring scope. The field must not be blank. The default path is /opt/kaspersky/kess. |
Masks |
The list contains name masks for the objects that the application scans. By default the list contains the * mask (all objects). |
Exclusion scopes window
The table contains monitoring exclusion scopes for the System Integrity Monitoring component. The application does not scan files and directories located at the paths specified in the table. By default, the table is empty.
Monitoring exclusion scope settings
Setting |
Description |
|---|---|
Exclusion scope name |
Exclusion scope name. |
Path |
Path to the directory excluded from monitoring. |
Status |
Indicates whether the application excludes this scope from monitoring during the component operation. |
You can add, edit, and delete items in the table.
Page top<Exclusion scope name> window
In this window, you can add or configure the monitoring exclusion scope for the System Integrity Monitoring component.
Monitoring exclusion scope settings
Setting |
Description |
|---|---|
Exclusion scope name |
Field for entering the exclusion scope name. This name will be displayed in the table in the Exclusion scopes window. The entry field must not be blank. |
Use this scope |
The check box enables or disables the exclusion of the scope from monitoring when the application is running. If this check box is selected, the application excludes this scope from monitoring during the component operation. If this check box is cleared, the application monitors this scope during the component operation. You can later exclude this scope from monitoring by selecting the check box. The check box is selected by default. |
File system, access protocol and path |
Entry field for the path to the local directory that you want to add to the exclusion scope. The field must not be blank. The / path is specified by default. The application excludes all directories of the local file system from scan. |
Masks |
The list contains name masks of the objects that the application excludes from the monitoring. By default the list contains the * mask (all objects). |
Exclusions by mask window
You can configure the exclusion of objects from monitoring based on name masks. The application does not scan the files with the names containing the specified masks. By default, the list of masks is empty.
You can add, edit, or delete masks.
Page topDevice Control
When the Device Control task is running, Kaspersky Embedded Systems Security manages user access to the devices that are installed on or connected to the client device (for example, hard drives, cameras, or Wi-Fi modules). This lets you protect the client device from infection when external devices are connected, and prevent data loss or leaks. Device Control manages user access to devices using the access rules.
When a device, access to which is denied by the Device Control task, connects to a client device, the application denies the users specified in the rule access to this device and displays a notification. During attempts to read and write on this device, the application silently blocks the users specified in the rule from reading/writing.
Device Control settings
Setting |
Description |
|---|---|
Enable Device Control |
This check box enables or disables Device Control. The check box is selected by default. |
Trusted devices |
This group of settings contains the Configure button. Clicking this button opens the Trusted devices window. In this window, you can add a device to a list of trusted devices by the device ID or by selecting it from the list of devices detected on the client devices. |
Device Control action |
Action performed by the application when an attempt is made to access a device to which access is denied in accordance with the access rule:
|
Device Control settings |
This group of settings contains buttons that open windows where you can configure access rules for various types of devices as well as connection bus access rules. |
Trusted devices window
The table contains a list of trusted devices. The table is empty by default.
Trusted device settings
Setting |
Description |
|---|---|
Device ID |
Trusted device ID. |
Device name |
Name of a trusted device. |
Device type |
Trusted device type (for example, Hard drive or Smart card reader). |
Host name |
Name of the client device the trusted device is connected to. |
Comment |
Comment related to a trusted device. |
You can add a device to the list of trusted devices by ID or by mask or by selecting the required device in the list of devices detected on the user device.
You can edit and delete trusted devices in the table.
Page topTrusted device window
In this window, you can add a device to the list of trusted devices by its identifier.
Adding device by ID
Setting |
Description |
|---|---|
Device ID |
The field for entering the identifier or the identifier mask of the device that you want to add to the list of trusted devices. To specify an identifier, you can use the following wildcards: * (any sequence of characters) or ? (any single character). For example, you can specify the USBSTOR* mask to allow access to all USB drives. |
Find on hosts |
Clicking the button displays the devices found on the connected client devices using the specified ID or mask. The button is available if the Device ID field is not empty. |
Devices found |
The table contains the following columns:
|
Comment |
The field for entering a comment for the device that you want to add to the list of trusted devices (optional). |
Device window on client devices
In this window you can add a device to the list of trusted devices by selecting it in the list of existing devices detected on client devices.
Information about existing devices is available only if an active policy exists and synchronization with the Network Agent has been completed (the synchronization interval is specified in the Network Agent policy properties; the default setting is 15 minutes). If you create a new policy and there are no other active ones, the list will be empty.
Adding device from list
Setting |
Description |
|---|---|
Host name |
Field for entering the name or the name mask for the managed device for which you want to find connected devices. The default mask is * – all managed devices. |
Device type |
In this drop-down list, you can select the type of connected device to search for (for example, Hard drives or Smart card readers). The All devices option is selected by default. |
Device ID |
Field for entering the identifier or identifier mask for the device you want to find. The default mask is * – all devices. |
Find on hosts |
When you click this button, the application searches the device with the specified settings. The search results are displayed in the table below. |
Device type window
In this window, you can configure access rule for various types of devices.
Access rules for device types
Setting |
Description |
|---|---|
Device type |
Device type (for example, Hard drives, Printers). |
Access |
Device access type. Right-clicking opens a context menu where you can select one of the following options:
|
In the Configuring device access rule window, which opens by double-clicking the device type, you can configure access rules and access schedules for devices to which access with restrictions is allowed.
Page topConfiguring device access rule window
In this window, you can configure access rules and schedules for the selected device type.
This window is opened by double-clicking the device type in the Device type window.
Device access rules and schedules
Setting |
Description |
|---|---|
Users and/or user groups |
The list contains users and groups for which you can configure access schedule. By default, the table contains the \Everyone item (all users). You can add, edit, and delete users or user groups. |
Rules for the selected user group by access schedules |
This table contains access schedules for users and user groups. It consists of the following columns:
You can configure schedules only for hard drives, removable drives, floppy disks, and CD/DVD drives. By default, the table contains the Default access schedule, which provides all users with full access to devices (the \Everyone item is selected in the Users and/or user groups list) at any time if access via the connection bus is allowed for this type of device. You can add, edit, and delete access schedules for the selected users. The Default schedule cannot be modified or removed. |
Principal name window
In this window, you can configure the settings of the device access rule being created.
Configuring a device access rule
Setting |
Description |
|---|---|
Principal type |
Principal type to which the rule applies: User or Group. |
User or group name |
Name of the user or user group to which the rule applies. |
Schedule for access to devices window
In this window, you can configure the device access schedule. You can configure schedules only for hard drives, removable drives, floppy disks, and CD/DVD drives.
In the General settings->Application settings section, if the Block access to files during scans check box is cleared, then it is not possible to block access to devices using a device access schedule.
Schedule for access to devices
Setting |
Description |
|---|---|
Name |
Entry field for the access schedule name. |
Time intervals |
The table where you can select time intervals for the schedule (days and hours). Intervals highlighted in green are included to the schedule. To exclude an interval from the schedule, click the corresponding cells. Intervals excluded from the schedule are highlighted in gray. By default, all intervals (24/7) are included to the schedule. |
Connection buses window
In this window, you can configure access rules for connection buses.
Connection rules for buses
Setting |
Description |
|---|---|
Connection bus |
Connection bus used to connect the device to the client device:
|
Access |
Connection bus access rule. Right-clicking opens a context menu where you can select one of the following options:
|
Behavior Detection
By default, the Behavior Detection component starts when Kaspersky Embedded Systems Security starts and monitors the malicious activity of the applications in the operating system. When malicious activity is detected, Kaspersky Embedded Systems Security can terminate the process of the application that performs malicious activity.
Behavior Detection component settings
Setting |
Description |
|---|---|
Enable Behavior Detection |
This check box enables or disables the Behavior Detection component. The check box is selected by default. |
Behavior Detection component operating mode |
The action to be performed by Kaspersky Embedded Systems Security upon detecting malicious activity in the operating system:
|
Use exclusions by process |
This check box enables or disables exclusions by process in the operation of the Behavior Detection component. This check box is cleared by default. The Configure button opens the Exclusions by process window. In this window, you can exclude the activity of processes. |
Exclusions by process window
The table contains the exclusion scopes for exclusion by process The exclusion scope for exclusion by process lets you exclude the activity of an indicated process. By default, the table is empty.
Exclusion scope settings for exclusion by process
Setting |
Description |
|---|---|
Exclusion scope name |
Exclusion scope name. |
Path |
Full path to excluded process. |
Status |
The status indicates whether the application uses this exclusion. |
Trusted process window
In this window, you can add and configure exclusion scopes for exclusion by process.
Exclusion scope settings for exclusion by process
Setting |
Description |
|---|---|
Exclusion scope name |
Field for entering the exclusion scope name. This name will be displayed in a table in the Exclusions by process window. |
Path to excluded process |
Full path to the process you want to exclude from scans. You can use masks to specify the path. The entry field must not be blank. |
Apply to child processes |
Exclude child processes of the excluded process indicated by the Path to excluded process setting. This check box is cleared by default. |
Use this scope |
The check box enables or disables this exclusion scope. If this check box is selected, the application excludes this scope. If this check box is cleared, the application includes this scope. You can later exclude this scope by selecting the check box. The check box is selected by default. |
Managing tasks
You can configure the ability to view and manage Kaspersky Embedded Systems Security tasks on managed devices.
Task management settings
Setting |
Description |
|---|---|
Allow users to view and manage local tasks |
This check box allows or blocks the users from viewing local tasks created in Kaspersky Embedded Systems Security and control of these tasks on the managed client devices. This check box is cleared by default. |
Allow users to view and manage tasks created through KSC |
The check box allows or prohibits the users from viewing the tasks created in Kaspersky Security Center and managing these tasks on the managed client devices. This check box is cleared by default. |
Removable Drives Scan
When the Removable Drives Scan task is running, the application scans the removable device and its boot sectors for viruses and other malware. The following removable drives are scanned: CDs, DVDs, Blu-ray discs, flash drives (including USB modems), external hard drives, and floppy disks.
Removable drives scan task settings
Setting |
Description |
|---|---|
Enable removable drives scan when connected to the device |
This check box enables or disables the scan of removable drives when they are connected to the user device. This check box is cleared by default. |
Action on a removable drive connection |
In the drop-down list, you can select an action to be performed by the application upon connection of removable drives to the user device:
|
Action on a CD / DVD drive connection |
In the drop-down list, you can select an action to be performed by the application upon connection of CD/DVD drives and Blu-ray discs to the user device:
|
Block access to the removable drive while scanning |
This check box enables or disables blocking of files on the connected drive during execution of the Removable Drives Scan task. This check box is cleared by default. |
Proxy server settings
You can configure proxy server settings if the users of the client devices use a proxy server to connect to the internet. Kaspersky Embedded Systems Security may use a proxy server to connect to Kaspersky servers, for example, when updating application databases and modules or when communicating with Kaspersky Security Network.
Proxy server settings
Setting |
Description |
|---|---|
Do not use proxy server |
If this option is selected, Kaspersky Embedded Systems Security does not use a proxy server. |
Use specified proxy server settings |
If this option is selected, Kaspersky Embedded Systems Security uses the specified proxy server settings. |
Address and port |
Fields for entering the proxy server's IP address or domain name as well as its port. Default port: 3128. The fields are available if the Use specified proxy server settings option is selected. |
Use user name and password |
This check box enables or disables proxy server authentication using a user name and password. This check box is available if the Use specified proxy server settings option is selected. This check box is cleared by default. When connecting via an HTTP proxy, we recommend to use a separate account that is not used to sign in to other systems. An HTTP proxy uses an insecure connection, and the account may be compromised. |
User name |
Entry field for the user name used for proxy server authentication. This entry field is available if the Use user name and password check box is selected. |
Password |
Entry field for entering the user password for proxy server authentication. Clicking the Show button causes the user's password to be displayed in clear text in the Password field. By default, the user password is hidden and is displayed as asterisks. The entry field and button are available if the Use user name and password check box is selected. |
Use Kaspersky Security Center as a proxy server for the application activation |
This check box enables or disables use of Kaspersky Security Center as a proxy server for application activation. If this check box is selected, Kaspersky Embedded Systems Security uses Kaspersky Security Center as a proxy server for the application activation. This check box is cleared by default. |
Application settings
You can configure the general settings of Kaspersky Embedded Systems Security.
General application settings
Setting |
Description |
|---|---|
Detect legitimate applications that may be used by hackers to harm devices or data |
This check box enables or disables the detection of legitimate software that could be used by hackers to harm computers or data of users. This check box is cleared by default. |
Event notifications |
This group of settings contains the Configure button. Clicking this button opens the Notification settings window. In this window, you can select the events that the application logs in the operating system log (syslog). To do this, select the check box next to each type of event that you want to log. You can also select the check box next to the importance level of events (Critical events, Informational messages, Functional failures, and Warnings). In this case, the check boxes will be automatically selected next to each type of event that belongs to the group of the selected importance level. All check boxes are cleared by default. |
Block files during scan |
This check box enables or disables the blocking of access to files while they are being scanned by the File Threat Protection, Anti-Cryptor, and Device Control components or the Removable Drives Scan task. Removing the flag enables information mode for File Threat Protection, Device Control and Removable Drive Scan. The check box is selected by default. |
Container scan settings
You can configure the settings for namespace and container scan by Kaspersky Embedded Systems Security.
Container scan settings
Setting |
Description |
|---|---|
Enable namespace and container scan |
This check box enables or disables namespace and container scan. The check box is selected by default. |
Action with container upon threat detection |
In the drop-down list, you can select the action to be performed on a container when an infected object is detected:
This setting is available when using the application under a license that supports this function. |
Container scan settings |
The group of settings contains the Configure button. Clicking this button opens the Container scan settings window. |
Container Scan settings window
In this window, you can configure the settings for container scan by Kaspersky Embedded Systems Security.
The application does not scan namespaces and containers unless components for working with containers and namespaces are installed in the operating system. Moreover, in the device properties in the Applications section, in the application properties in the Components section for container scans, the Stopped status is displayed.
Container scan settings
Setting |
Description |
|---|---|
Use Docker |
This check box enables or disables the use of the Docker environment. The check box is selected by default. |
Docker socket path |
Entry field for the path or URI (Uniform Resource Identifier) of the Docker socket. The default value is /var/run/docker.sock. |
Use CRI-O |
The check box enables or disables the use of the CRI-O environment. The check box is selected by default. |
File path |
Entry field for the path to CRI-O configuration file. Default value: /etc/crio/crio.conf. |
Use Podman |
The check box enables or disables the use of the Podman utility. The check box is selected by default. |
File path |
Entry field for the path to the Podman utility executable file. Default value: /usr/bin/podman. |
Root folder |
Entry field for the path to the root directory of the container storage. |
Use runc |
The check box enables or disables the use of the runc utility. The check box is selected by default. |
File path |
Entry field for the path to the runc utility executable file. Default value: /usr/bin/runc. |
Root folder |
Entry field for the path to the root directory of the container state storage. Default value: /run/runc-ctrs. |
Network settings
You can configure the settings of encrypted connection scans. These settings are used by the Web Threat Protection component.
When the encrypted connection scan settings are changed, the application generates a Network settings changed event.
Network settings
Setting |
Description |
|---|---|
Enable encrypted connection scans |
This check box enables or disables encrypted connection scans. The check box is selected by default. |
Action when an untrusted certificate is encountered |
In the drop-down list, you can select an action to be performed by the application upon detection of an untrusted certificate:
|
Action on an encrypted connection scan error |
In this drop-down list, you can select an action to be performed by the application when an error occurs during an encrypted connection scan:
|
Certificate verification policy |
In the drop-down list, you can select how the application verifies certificates:
|
Trusted domains |
This group of settings contains the Configure button. Clicking this button opens the Trusted domains window. In this window, you can configure the list of trusted domain names. |
Trusted certificates |
This group of settings contains the Configure button. Clicking this button opens the Trusted certificates window. In this window, you can configure a list of trusted certificates, which is used when scanning encrypted connections. |
Network ports settings |
This group of settings contains the Configure button. Clicking this button opens the Network ports window. |
Trusted domains window
This list contains the domain names and domain name masks that will be excluded from encrypted connection scans.
Example: *example.com. For example, *example.com/* is incorrect because a domain address, not a web page, needs to be specified.
By default, the list is empty.
You can add, edit and remove domains from the list of trusted domains.
Page topTrusted certificates window
You can configure a list of certificates considered trusted by Kaspersky Embedded Systems Security. The list of trusted certificates is used when scanning encrypted connections.
The following information is displayed for each certificate:
- Subject – certificate subject
- Serial number – serial number of the certificate
- Issuer – issuer of the certificate
- Valid from – certificate start date
- Expires on – certificate expiration date
- SHA-256 fingerprint – SHA-256 certificate thumbprint
By default, the certificate list is empty.
You can add and remove certificates.
Page topAdd certificate window
In this window, you can add a certificate to the trusted certificate list in one of the following ways:
- Indicate the path to the certificate file. The Browse button opens the standard file selection window. Indicate the path to the file that contains the certificate, in DER or PEM format.
- Copy the contents of the certificate file to the Enter certificate details field.
Network ports window
Network ports settings
Setting |
Description |
|---|---|
Monitor all network ports |
If this option is selected, the application monitors all network ports. |
Monitor specified ports only |
If this option is selected, the application monitors only the network ports specified in the table. This option is selected by default. |
Network ports settings |
This table contains network ports monitored by the application if the Monitor specified ports only option is selected. The table contains two columns:
By default, the table displays a list of network ports that are usually used for the transmission of mail and network traffic. The list of network ports is included in the application package. |
Global exclusions
Global exclusions allow you to set the mount points that will be excluded from the scan scope for the application components that use the file operation interceptor (File Threat Protection and Anti-Cryptor).
Global exclusion settings
Setting |
Description |
|---|---|
Excluded mount points |
This group of settings contains the Configure button. Clicking this button opens the Excluded mount points window. |
Excluded mount points window
The list contains paths to excluded mount points. By default, the list is empty.
You can add, edit, and delete items in the list.
Page topMount point path window
Mount point settings
Setting |
Description |
|---|---|
File system, access protocol and path |
The settings block lets you set the location of the mount point. In the drop-down list of file systems, you can select the type of file system where the directories that you want to add to scan exclusions are located:
|
If Mounted is selected in the drop-down list of file systems, you can select the remote access protocol in the drop-down list on the right:
|
|
If Local is selected in the drop-down list of file systems, then in the input field you can enter a path to a mount point that you want to exclude from file operation interception. You can use masks to specify the path. |
|
Filesystem name |
The field for entering the name of the file system where the directories that you to exclude from file operation interception are located. The field is available if the Mounted type is selected in the drop-down list of file systems and the Custom item is selected in the drop-down list on the right. |
Excluding process memory
You can exclude process memory from scans. The application does not scan the memory of the specified processes.
You can create a list of exclusions in the Excluding process memory from scan block of the window that opens when you click the Configure button.
Page topExcluding process memory from scan window
The list contains paths to processes whose memory Kaspersky Embedded Systems Security excludes from process memory scans. You can use masks to specify the path. By default, the list is empty.
You can add, edit, and delete items in the list.
Page topStorage settings
The Storage is a list of backup copies of files that have been deleted or modified during the disinfection process. A backup copy is a copy of a file created before the first attempt to disinfect or delete this file. Backup copies of files are stored in a special format and do not pose a threat. By default, the Storage is located in the /var/opt/kaspersky/kess/common/objects-backup/ directory. Files in the Storage may contain personal data. Root privileges are required to access files in the Storage.
Storage settings
Setting |
Description |
|---|---|
Notify about unprocessed files |
This check box enables or disables sending notifications about the files, which cannot be processed during the scan, to the Administration Server. The check box is selected by default. |
Notify about installed devices |
This check box enables or disables the sending of information about the devices installed on the managed client device to the Administration Server. The check box is selected by default. |
Notify about files in the Storage |
This check box enables or disables sending of notifications about the files in the Storage to the Administration Server. The check box is selected by default. |
Store objects no longer than (days) |
This check box enables or disables the storage period limit (in days) for the objects in the Storage. Available values: 0–3653. Default value: 90. If 0 is specified, the period for storing objects in the Storage is unlimited. |
Maximum size of Storage (MB) |
This check box enables or disables the maximum Storage size (in megabytes). Available values: 0–999999. Default value: 0 (the size of Storage is unlimited). |