- Kaspersky for Linux Help
- About Kaspersky for Linux
- Preparing to install the Kaspersky application
- How to install and configure the application
- How to install the application and perform its initial configuration
- Post-installation configuration of the application in interactive mode
- Selecting the locale
- Viewing the End User License Agreement and the Privacy Policy
- Accepting the End User License Agreement
- Accepting the Privacy Policy
- Using Kaspersky Security Network
- Removing users from the privileged group
- Assigning the Administrator role to a user
- Determining the file operation interceptor type
- Enabling automatic configuration of SELinux
- Configuring the update source
- Configuring proxy server settings
- Starting an application database update
- Enabling automatic application database update
- Application activation
- Initial configuration of the application after installation
- Settings in the configuration file for post-installation configuration
- Configuring allowing rules in the SELinux system
- How to update a previous version of the application
- How to remove the application
- Application licensing
- Data provision
- Managing the application on the My Kaspersky portal
- How to activate the application and manage license keys
- How to subscribe
- How to add or remove a license key using the command line
- How to view license information on the command line
- How to add or remove a license key using the application interface
- How to view license information in the application interface
- How to renew your subscription
- How to recover an activation code
- How to manage the application
- How to manage the application using the command line
- How to enable autocomplete of the kfl-control command (bash completion)
- How to manage tasks using the command line
- How to view the list of tasks on the command line
- How to view the status of a task on the command line
- How to create a task on the command line
- How to start, stop, pause, and resume a task on the command line
- How to delete a task on the command line
- How to output task settings to the console or into a configuration file
- How to manage task settings on the command line
- How to configure the task schedule on the command line
- How to manage general application settings on the command line
- How to filter query results on the command line
- How to export and import application settings on the command line
- How to manage user roles
- How to manage the application using the application interface
- How to manage the application using the command line
- How to start and stop the application
- How to view device protection status and app performance information in the command line
- How to update application databases and modules
- How to configure File Threat Protection
- How to configure the Malware Scan
- How to configure the Critical Areas Scan
- How to configure the Removable Drives Scan
- How to configure Web Threat Protection
- How to configure the Encrypted connections scan
- How to configure Behavior Detection
- How to check the integrity of application components
- Using Kaspersky Security Network
- Advanced application settings
- How to configure a proxy server
- How to configure global exclusions
- How to exclude process memory from scanning
- How to configure the file operation interception mode
- How to configure detection of applications that intruders can use to compromise devices or data
- How to enable application stability monitoring
- How to edit application startup settings
- How to limit memory and CPU resource usage
- How to limit resident memory usage
- How to limit the number of Custom Scan tasks
- Viewing events and reports
- How to manage Backup
- Contact Technical Support
- Limitations and warnings
- Appendices
- Appendix 1. Resource consumption optimization
- Appendix 2. Commands for managing the Kaspersky application
- Appendix 3. Configuration files and default application settings
- Rules for editing application task configuration files
- Preset configuration files
- Default settings for command line tasks
- Default settings for the File_Threat_Protection task (ID:1)
- Default settings for the Scan_My_Computer task (ID:2)
- Default settings for the Scan_File task (ID:3)
- Default settings for the Critical_Areas_Scan task (ID:4)
- Default settings for Update task (ID:6)
- Default settings for the Web_Threat_Protection task (ID:14)
- Default settings for the Removable_Drives_Scan task (ID:16)
- Default settings for the Behavior_Detection task (ID:20)
- General application settings
- Encrypted connections scan settings
- Tasks schedule settings
- Appendix 4. Command line return codes
- Sources of information about the Kaspersky application
- Glossary
- Active key
- Application activation
- Application databases
- Application settings
- Database of malicious web addresses
- Database of phishing web addresses
- Exclusion
- False positive
- File mask
- Infected object
- Kaspersky update servers
- License
- License certificate
- Object disinfection
- Proxy server
- Reserve key
- Startup objects
- Subscription
- Trusted device
- Information about third-party code
- Trademark notices
How to configure global exclusions
You can configure the exclusion of mount points from file operation interception for the File Threat Protection component, as well as from scanning by the Malware Scan and Critical Areas Scan tasks. Exclusion of mount points allows you to exclude local or remote directories mounted on a device from interception of file operations. In addition, global exclusions affect the Removable Drives Scan task.
You can define mount point exclusions in the command line via the ExcludedMountPoint.item_# option in the general application settings.
You can edit the setting using command line options or a configuration file that contains all general application settings.
The ExcludedMountPoint.item_# option accepts the following values:
AllRemoteMounted— Exclude all remote directories mounted on the device using SMB and NFS protocols from file operation interception.Mounted:NFS— Exclude all remote directories mounted on the device using the NFS protocol from file operation interception.Mounted:SMB— Exclude all remote directories mounted on the device using the SMB protocol from file operation interception.Mounted:<file system type>— Exclude all mounted directories with the specified file system type from file operation interception./mnt— Exclude objects in the /mnt mount point (including subdirectories) from file operation interception. This directory is used as the temporary mount point for removable drives.<path that contains the/mnt/user*or/mnt/**/user_share>— Exclude objects in mount points whose names contain the specified mask from file operation interception.You can use the
*(asterisk) character to create a file or directory name mask.You can indicate a single
*character to represent any set of characters (including an empty set) preceding the/character in the file or directory name. For example,/dir/*/fileor/dir/*/*/file.You can indicate two consecutive
*characters to represent any set of characters (including an empty set and the/character) in the file or directory name. For example,/dir/**/file*/or/dir/file**/.The
**mask can be used only once in a directory name. For example,/dir/**/**/fileis an incorrect mask.To exclude the mount point
/dir, you need to specifically indicate/dir(no asterisk).The mask
/dir/*excludes all mount points at the level below/dirbut not/diritself. The/dir/**mask excludes all mount points below the level of/dirbut not/diritself.You can use a single
?character to represent any one character in the file or directory name.
You can specify several mount points to exclude from scanning.
Mount points must be specified in the same way as they are displayed in the mount command output.