[Topic 290845]

Kaspersky for Linux Help

What's new

What's new in Kaspersky for Linux

Hardware and software requirements

Hardware and software requirements of the application

Comparison of features

Comparison of application features across different licenses

Getting started

• Updating the application from a previous version
• Preparing to install the application
• Installation and initial configuration of the application
• Updating databases and application modules on the command line during initial configuration
• Updating application databases and modules in the command line and in the application interface (after initial configuration)
  
  

Licensing

• Application licensing
• Application activation and license key management
• Activating the application during initial configuration on the command line
• Activating the application and managing license keys on the command line (after initial configuration)
  
  

Monitoring & Reporting

• Viewing the protection status of a device and information about application performance
• Viewing information about the operation of an application in the command line
• Viewing events and reports
  
  

Data provision and protection of personal information

Data provision

Additional features

• Advanced configuration of the application
• Using Kaspersky Security Network
• Backup
  

Optimizing operating system resource consumption

Resource consumption optimization

Contact Technical Support

Contact Technical Support

[Topic 283296]

About Kaspersky for Linux

Kaspersky for Linux ("the Kaspersky application" or "the application") is designed to protect devices running Linux operating systems against various types of threats, network attacks, and scams.

Before you start working with the application, we recommend familiarizing yourself with the basic methods of managing the application.

You can manage the Kaspersky application:

• Using management commands on the command line.
• Using the application interface.

To use the Kaspersky app, you need to have basic knowledge of Alt, RED OS, Ubuntu or Uncom (depending on which of these operating systems is installed on your device). We recommend familiarizing yourself with the official Linux documentation, which will introduce you to the basic principles of managing the operating system:

• Alt
• RED OS
• Ubuntu
• Uncom

The following functional components and tasks of the application provide the main functions of device protection and control:

• File Threat Protection prevents infection of the file system on the user device. The File Threat Protection component starts automatically when the Kaspersky application is launched and scans all files that are opened, saved, and started in real time.

  You can also scan protected devices on demand using the following scan tasks:

  • Malware Scan. The application scans for the presence of malware in file system objects located on local disks of the device, as well as mounted and shared resources, which are accessed via SMB and NFS protocols. You can use this task to perform a full or custom scan of the device.
  • Critical Areas Scan. The application scans boot sectors, startup objects, process memory, and kernel memory.
• Removable Drives Scan. The Removable Drives Scan component allows you to monitor the connection of media to the device in real time and scan removable media with its boot sectors for malware. The Kaspersky application can scan the following removable media: CDs, DVDs, Blu-ray discs, flash drives (including USB modems), external hard drives, and floppy disks.
• Web Threat Protection. The Web Threat Protection component allows you to scan inbound traffic, prevent downloads of malicious files from the Internet, and block phishing, adware, and other malicious websites. The Kaspersky application can scan encrypted connections.
• Behavior Detection. The Behavior Detection component allows you to monitor for any malicious activity from applications in the operating system. When malicious activity is detected, the Kaspersky application can terminate the process of the application that is performing malicious activity.

The Kaspersky application lets you detect infected objects and neutralize threats detected in them. For this, the application can use:

• Application databases to detect and disinfect infected files. During the scan process, the application analyzes each file for the presence of a threat: it compares the file code with the code of a specific threat and looks for possible matches.
• Kaspersky Security Network. The use of data from Kaspersky Security Network ensures faster responses by the Kaspersky application to various threats, improves the performance of some protection components, and reduces the likelihood of false positives.

Before disinfection or removal, the Kaspersky application saves backup copies of files in the Backup located on the device. If after disinfection, you partially or completely lose access to important information in a disinfected file, you can restore the file from the copy.

While performing scan tasks, the Kaspersky application can disinfect and delete files that are protected from modification: files with the 'immutable' and 'append-only' attributes and files in directories with the 'immutable' and 'append-only' attributes. Backup stores copies of these files that were created before disinfection or deletion. You can restore files from backup copies, if necessary. When scan tasks are completed, the 'immutable' and 'append-only' attributes of disinfected files are reset.

The Kaspersky application can operate in Notify-only mode. Notify-only mode is an operation mode for the application in which, if a threat is detected, application components and tasks do not attempt to disinfect or delete malicious objects, deny access or block the activity of applications. Instead, the application only informs the user about the detected threat.

To keep the application up to date, additional application functions are provided:

• Activating the application using an activation code.
• Updating the databases and application modules from Kaspersky update servers or from a user-specified source on schedule and on demand.
• User access control for the application functions according to the user roles.
• Notification of the administrator about events that occurred while the application was running.
• Integrity check of application components using the integrity check tool.

The Kaspersky application is available under a subscription. The application is included in the following subscription plans:

• Kaspersky Standard
• Kaspersky Plus
• Kaspersky Premium

A subscription plan is a subscription option that includes a specific set of applications and their features.

The Kaspersky Premium subscription plan is not available in all regions.

The set of features available in the Kaspersky application does not depend on the selected subscription plan.

[Topic 283297]

Distribution kit

You can purchase the Kaspersky app in one of the following ways:

• On the Kaspersky website (http://www.kaspersky.com) or on the website of a Kaspersky partner.

  When you purchase an application on the website, you download the files required to install the application from the website or from the My Kaspersky portal.

• In the store of a Kaspersky partner.

  When you purchase the application from a Kaspersky partner, you receive an installation disk for or download the files needed to install the application from the My Kaspersky portal.

  When you purchase the application, you get a subscription to use the app. To manage your subscription, you must creating an account on the My Kaspersky portal.

The distribution kit of the Kaspersky application includes the following files:

• kfl-2.0.0-<build number>.x86_64.rpm.setup is the installation package for distributions that use the RPM format.

  Contains a distribution package with the main application files, a distribution package with files of the application interface, and an installation script.

  The package can be installed on 64-bit operating systems that use the corresponding package manager.

• kfl_2.0.0-<build number>_amd64.deb.setup is the installation package for distributions that use the DEB format.

  Contains a distribution package with the main application files, a distribution package with files of the application interface, and an installation script.

  The package can be installed on 64-bit operating systems that use the corresponding package manager.

• ksn_license.<language ID>.

  This file contains the text of the Statement on Kaspersky Security Network. After installing the application, you can find the Kaspersky Security Network Statement in the /opt/kaspersky/kfl/doc/ directory.

• license.<language ID>.

  This file contains the text of the End User License Agreement. The End User License Agreement specifies the terms for using the application. After installing the application, you can find the End User License Agreement in the /opt/kaspersky/kfl/doc/ directory.

Independently changing application files using means not described in the application documentation or not recommended by Technical Support specialists may lead to poor performance and failures in the application and operating system, reduced protection of your device, inaccessible and corrupted data, as well as enabling the sending of additional statistics to KSN.

Page top

[Topic 283298]

Hardware and software requirements

Hardware requirements

The Kaspersky application has the following hardware requirements:

• Core 2 Duo 1.86 GHz or faster processor
• swap partition at least 1 GB
• 2 GB of RAM for 64-bit operating systems
• 4 GB of free hard disk space for installation of the application and storage of temporary and log files
• When using the application interface, the monitor must be able to display windows that are 1000 pixels wide and 600 pixels high (if screen scaling is used, these dimensions are also scaled)

Software requirements

To install the Kaspersky application, one of the following operating systems must be installed on the device:

• Alt 10 or later, 64-bit
• RED OS 7 or later, 64-bit
• Ubuntu 24.04 or later, 64-bit
• Uncom 2.3.5 or later, 64-bit

[Topic 283345]

What's new

This version of the application introduces the following features and improvements:

• The application runs in the background.
• The application interface has been completely redesigned.
• The application activation functionality has been implemented.
• The following new features have been added:
  • Web Threat Protection.
  • Behavior Detection.
  • Custom Scan.
  • Critical Areas Scan.
  • Rollback.
  • Removable Drives Scan.

The Kaspersky application is updated by installing a new version of the application.

[Topic 283305]

Preparing to install the Kaspersky application

Before installing the Kaspersky application, you need to do the following:

• Make sure your device meets the hardware and software requirements of the application.
• Make sure you do not have third-party antivirus software or one of the following applications installed on your device:
  • Kaspersky Endpoint Security for Linux.
  • Kaspersky Industrial CyberSecurity for Linux Nodes.
  • Kaspersky Industrial CyberSecurity for Networks.
  • Kaspersky Embedded Systems Security for Linux.
• Make sure that the Perl interpreter 5.10 or later is installed on your device.
• Make sure the semanage utility is installed in the system. If the utility is not installed, install the policycoreutils-python or policycoreutils-python-utils package, depending on the package manager.
• On devices with operating systems that do not support fanotify technology, make sure that the following are installed:
  • Packages for compiling applications and running tasks (gcc, binutils, glibc, glibc-devel, make)
  • Package with operating system kernel header files that are needed to compile Kaspersky modules
• To use the Web Threat Protection component, you need to install the iptables package on your device.
• For the application to run correctly, make sure that the root account is the owner of the following directories and that only the owner has the right to write to them: /var, /var/opt, /var/opt/kaspersky, /var/log/kaspersky, /opt, /opt/kaspersky, /usr/bin, /usr/lib, /usr/lib64.

[Topic 284325]

How to install and configure the application

Before installing the Kaspersky application you need to make preparations for installation.

The Kaspersky application is distributed as DEB and RPM packages. You need to install the Kaspersky application from the package with the required format.

If the version of the apt package manager is lower than 1.1.X, use the dpkg/rpm package manager (depending on the operating system) for installation.

You need to perform the initial application configuration during installation of the application or after installation is complete. The application needs initial configuration to prepare it for operation and enable the protection of the client device.

The steps required for the installation and initial configuration of the application depend on how you purchase the application.

If you purchase the application on the Kaspersky website or on the website of a Kaspersky partner, installing and configuring the application consists of the following steps:

1. Select a subscription plan and purchase the application on the website

   You are subscribing to use the application. The subscription period starts from the moment you subscribe. To manage your subscription, you must creating an account on the My Kaspersky portal. On the portal you will be able to get an activation code, which you will need to activate the application.

2. Get the files for installing the application

   After completing your purchase, log in to your account on the My Kaspersky portal and click the Download button in the subscription information window to download the application installation files to your device.

3. Install and perform initial configuration of the application

   Install the application and perform its initial configuration.

   To prepare to use the application, you need to activate it using the activation code and update the application databases. You can do this during the initial configuration process or after installation is complete.

   To activate the application during initial configuration, enter the activation code when prompted by the initial configuration script or specify the activation code in the initial configuration file. You can copy the activation code from your My Kaspersky account.

   You can also activate the application and update the databases after installing and performing the initial configuration of the application.

If you purchase the application from a store of a Kaspersky partner, installing and configuring the application consists of the following steps:

1. Select a subscription plan and subscribe

   You register your subscription to use the application, as well as a box with an installation disk and an activation code or an activation card with an activation code. An activation code is required to activate the application.

   To manage your subscription, you must creating an account on the My Kaspersky portal.

2. Get the files for installing the application

   If you purchased an application activation card:

   1. Log in to your account on the My Kaspersky portal.
   2. In the Do you have an activation code? block at the bottom of the page, enter the activation code from the activation card in the input field.
   3. Click Add.

      If the activation code is successfully added, the subscription panel will appear in the Subscriptions section.

   4. Click the Download button in the subscription information window to download the application installation files to your device.

   If you purchased a box with an installation disk, you do not need to download the application installation files. All necessary files are located on the installation disk. You can add the activation code from the box to your account on the My Kaspersky portal. If you lose your activation code, you can recover it from the portal.

3. Install and perform initial configuration of the application

   Install the application and perform its initial configuration.

   To prepare to use the application, you need to activate it using the activation code and update the application databases. You can do this during the initial configuration process or after installation is complete.

   To activate the application during initial configuration, enter the activation code when prompted by the initial configuration script or specify the activation code in the initial configuration file. Your activation code is located on the box with the installation disk or on the activation card.

   You can also activate the application and update the databases after installing and performing the initial configuration of the application.

[Topic 284344]

How to install the application and perform its initial configuration

You can install the application in the following ways:

• install and perform the initial configuration of the application interactively and simultaneously
• install and perform the initial configuration of the application automatically and simultaneously
• install the application and then perform the initial configuration automatically
• install the application and then perform the initial configuration interactively

Initial configuration of the application is performed by running the initial configuration script. The initial configuration script is included in the Kaspersky distribution kit.

If initial configuration of the application has not been completed on a device, you cannot use or update the application on that device.

The Kaspersky application protects the device only after the application databases are updated.

To correctly update application modules after the script has finished, you may need to restart the application. You can check the status of updates for the application using the following command: kfl-control --app-info.

Simultaneous interactive installation and initial configuration of the application

To install and set up the Kaspersky application interactively:

1. Allow the configuration file to run by executing one of the following commands, depending on your operating system:
   • For a Debian-based OS: chmod +x ./kfl_2.0.0-<build number>_amd64.deb.setup
   • For an OS with the RPM package manager: chmod +x ./kfl_2.0.0-<build number>.x86_64.rpm.setup
2. Start the installation and initial configuration of the application by executing one of the following commands, depending on your operating system:
   • For a Debian-based OS: sudo ./kfl_2.0.0-<build number>_amd64.deb.setup
   • For an OS with the RPM package manager: sudo ./kfl_2.0.0-<build number>.x86_64.rpm.setup
3. When prompted by the script that runs after installation is complete, perform the initial configuration of the application interactively.

   The initial configuration script prompts you to enter values of Kaspersky settings step by step.

   To manage application settings and task settings in the graphical interface of the application and on the command line without using the sudo command, you need privileges of the Administrator role.

The script finishing and the console being released indicate that the installation and initial configuration of the application are complete.

Simultaneous automatic installation and initial configuration of the application

To install and set up the Kaspersky application automatically:

1. Allow the configuration file to run by executing one of the following commands, depending on your operating system:
   • For a Debian-based OS: chmod +x ./kfl_2.0.0-<build number>_amd64.deb.setup
   • For an OS with the RPM package manager: chmod +x ./kfl_2.0.0-<build number>.x86_64.rpm.setup
2. Start the installation and initial configuration of the application by executing one of the following commands, depending on your operating system:
   • For a Debian-based OS: sudo ./kfl_2.0.0-<build number>_amd64.deb.setup --autoinstall <full path to the configuration file>
   • For an OS with the RPM package manager: sudo ./kfl_2.0.0-<build number>.x86_64.rpm.setup --autoinstall <full path to the configuration file>

The script finishing and the console being released indicate that the installation and initial configuration of the application are complete.

Step-by-step installation and initial configuration of the application

To install the Kaspersky application and then perform initial configuration:

1. Extract one of the following installation packages:
   • For an OS with the RPM package manager: kfl-2.0.0-<build number>.x86_64.rpm.setup.
   • For a Debian-based OS: kfl_2.0.0-<build number>_amd64.deb.setup.
2. Run one of the following sequences of commands to install the Kaspersky application:
   • For an OS with the RPM package manager:
     1. To install the application: # rpm -i kfl_2.0.0-<build number>.x86_64.rpm
     2. To install the application interface: # rpm -i kfl-gui_2.0.0-<build number>.x86_64.rpm
   • For a Debian-based OS:
     1. To install the application: # apt-get install ./kfl_2.0.0-<build number>_amd64.deb
     2. To install the application interface: # apt-get install ./kfl-gui_2.0.0-<build number>_amd64.deb
3. Perform initial configuration of the application automatically or interactively.

[Topic 294782]

Post-installation configuration of the application in interactive mode

This section describes the process of performing the initial configuration of the application interactively.

[Topic 284330]

Selecting the locale

At this step, the application displays the list of supported locale identifiers in RFC 3066 format.

Specify the locale in the format as identified in this list. This locale will be used when displaying the texts of the End User License Agreement, the Privacy Policy and the Kaspersky Security Network Statement.

The locale of the application interface and the command line interface depends on the value of the LANG environment variable. If a locale that is not supported by the Kaspersky application is specified in the LANG environment variable, the application interface and the command line interface are displayed in English.

[Topic 199016]

Viewing the End User License Agreement and the Privacy Policy

At this step, read the End User License Agreement concluded between you and Kaspersky, and the Privacy Policy describing the handling and transmission of data.

Page top

[Topic 197899]

Accepting the End User License Agreement

At this step, you must either accept or decline the terms of the End User License Agreement.

After exiting viewing mode, enter one of the following values:

• yes (or y), if you accept the terms of the End User License Agreement.
• no (or n), if you do not accept the terms of the End User License Agreement.

If you do not accept the terms and conditions of the End User License Agreement, the installation process of the Kaspersky application is aborted.

Page top

[Topic 197900]

Accepting the Privacy Policy

At this step, you must either accept or decline the terms of the Privacy Policy.

After exiting viewing mode, enter one of the following values:

• yes (or y), if you accept the terms of the Privacy Policy.
• no (or n), if you do not accept the terms of the Privacy Policy.

If you do not accept the terms and conditions of the Privacy Policy, the installation process of the Kaspersky application is aborted.

[Topic 284331]

Using Kaspersky Security Network

At this step, you must either accept or decline the terms of use of the Kaspersky Security Network Statement. The file ksn_license.<language ID> containing the text of the Kaspersky Security Network Statement is located in the /opt/kaspersky/kfl/doc/ directory.

Enter one of the following values:

• yes (or y), if you accept the terms of the Kaspersky Security Network Statement.

  Use of Kaspersky Security Network will be enabled.

• no (or n), if you do not accept the terms of the Kaspersky Security Network Statement.

  Use of Kaspersky Security Network will be disabled.

We recommend selecting yes (or y).

Refusal to accept the terms and conditions of the Kaspersky Security Network Statement does not abort the initial configuration of the Kaspersky application. You can enable or disable the use of Kaspersky Security Network at any time.

[Topic 290580]

Removing users from the privileged group

This step is displayed only if users are found in the kfladmin group.

At this step, specify whether or not to remove users from the kfladmin privileged group. Users included in the kfladmin group get privileged access to the functionality of the application.

Enter yes to remove all detected users from the kfladmin group. Users whose primary group is kfladmin are moved to the nogroup group. If there is no nogroup group, the installation will fail and you will be prompted to manually remove users from privileged groups.

Enter no if you do not want the application to remove users from the privileged group.

[Topic 206406]

Assigning the Administrator role to a user

At this step, you can grant the administrator (admin) role to the user.

Enter the name of the user to whom you want to grant the administrator role. You need the Administrator role to manage application settings and task settings in the graphical interface of the application and on the command line without using the sudo command.

You can grant the administrator role to the user later at any time.

Page top

[Topic 197903]

Determining the file operation interceptor type

At this step, the file operation interceptor type for the utilized operating system is determined. For operating systems that do not support fanotify technology, kernel module compilation will begin.

If all the required packages are available, the kernel module will be automatically compiled when the File Threat Protection task starts.

If, during the compilation of the kernel module, any dependencies are not found on the device, the Kaspersky application suggests installing the relevant packages. If the package download fails, an error message will be displayed.

[Topic 237159]

Enabling automatic configuration of SELinux

This step is displayed only if SELinux is installed on your operating system.

At this step, you can enable automatic configuration of SELinux for working with the Kaspersky application.

Enter yes to enable automatic configuration of SELinux. If SELinux cannot be configured automatically, the application displays an error message and prompts the user to configure SELinux manually.

Enter no if you do not want the application to automatically configure SELinux.

By default, the application suggests yes.

If necessary, you can manually configure SELinux to work with the application later, after the initial configuration of the Kaspersky application is complete.

[Topic 284332]

Configuring the update source

At this step, specify the update sources for databases and application modules.

Enter one of the following values:

• KLServers: the application receives updates from one of the Kaspersky update servers.
• <URL>: the application downloads updates from a custom source. You can specify the address of the custom source of updates in the local area network or on the Internet.
• <path> – the application receives updates from the specified directory.

Page top

[Topic 284333]

Configuring proxy server settings

At this step, you must specify the proxy server settings if you are using a proxy server to access the Internet. Internet connection is required to download the application databases from the update servers.

To configure proxy server settings, perform one of the following actions:

• If you use a proxy server to connect to the Internet, specify the address of the proxy server using one of the following formats:
  • <IP address of the proxy server>:<port number>, if the proxy server connection does not require authentication;
  • <user name>:<password>@<IP address of the proxy server>:<port number>, if the proxy server connection requires authentication.

    When connecting via an HTTP proxy, we recommend to use a separate account that is not used to sign in to other systems. An HTTP proxy uses an insecure connection, and the account may be compromised.

• If you do not use a proxy server to connect to the Internet, enter no as your answer.

By default, the application suggests no.

You can configure the proxy server settings later, without using the post-installation configuration script.

[Topic 284334]

Starting an application database update

At this step, you can run the application database update task on the device. The application databases contain descriptions of the threat signatures and methods of countering them. The application uses these records when searching and neutralizing threats. Kaspersky virus analysts regularly add new records about threats.

If you do not want to start to download the application databases, enter no.

If you want to start the database update task on the device, enter yes.

By default, the application suggests yes.

If yes is selected, the application will be automatically restarted after the databases are updated.

The Kaspersky application protects the device only after the application databases are updated.

You can start the Update task later without using the initial configuration script.

[Topic 284335]

Enabling automatic application database update

At this step, you can enable automatic update of the application databases.

Enter yes to enable automatic application database update. By default, the application checks for available database updates every 60 minutes. If updates are available, the application downloads the updated databases.

Enter no if you do not want the application to automatically update the databases.

You can enable automatic database update later without using the post-installation configuration by configuring the update task schedule.

[Topic 284337]

Application activation

At this step, you can activate the application.

To activate the application, you need to enter an activation code.

You can copy the activation code from your My Kaspersky account, from the activation card or from the box with the installation disk.

You can activate the application later without using the initial configuration script.

[Topic 284339]

Initial configuration of the application after installation

You can perform the initial configuration of the application after installing the application:

• automatically
• interactively

If initial configuration of the application has not been completed on a device, you cannot use or update the application on that device.

Post-installation configuration of the application in automatic mode

You can perform post-installation configuration of the application in automatic mode.

To start the initial configuration of the application in automatic mode, run the following command:

# /opt/kaspersky/kfl/bin/kfl-setup.pl --autoinstall=<initial configuration file>

where <post-installation configuration file> is the path to the configuration file that contains the initial configuration settings. You need to create this file and copy its structure from the /opt/kaspersky/kfl/doc/autoinstall.ini configuration file.

When the post-installation configuration script is finished and releases the console, the post-installation configuration of the application is complete.

To check the return code, execute the following command:

echo $?

If the command returns code 0, the initial configuration of the application has finished successfully.

Post-installation configuration of the application in interactive mode

You can perform the initial configuration of the application interactively.

To begin with the interactive initial configuration of the Kaspersky application:

1. Execute the following command:

   # /opt/kaspersky/kfl/bin/kfl-setup.pl

   The initial configuration script starts.

   You must run the initial configuration script as root.

2. Select the values of Kaspersky application settings interactively.

   The initial configuration script prompts you to enter values of Kaspersky settings step by step.

When the post-installation configuration script is finished and releases the console, the post-installation configuration of the application is complete.

To check the return code, execute the following command:

echo $?

If the command returns code 0, the initial configuration of the application has finished successfully.

The Kaspersky application protects the device only after the application databases are updated.

To correctly update application modules after the script has finished, you may need to restart the application. You can check the status of updates for the application using the following command: kfl-control --app-info.

[Topic 284338]

Settings in the configuration file for post-installation configuration

In the post-installation configuration file, you can specify the settings shown in the table below.

Settings in the configuration file for post-installation configuration

If you want to change the settings in the configuration file for initial setup of the application, specify the values of settings in the following format: <setting_name>=<setting_value> (the application does not process spaces between the name of a setting and its value).

Page top

[Topic 284340]

Configuring allowing rules in the SELinux system

Manually configuring SELinux for working with the application

If SELinux could not be configured automatically during the initial configuration of the application, or if you declined automatic configuration, you can manually configure SELinux to work with the Kaspersky application.

To manually configure SELinux to work with the application:

1. Switch SELinux to permissive mode:
   • If SELinux has been activated, run the following command:

     # setenforce Permissive

   • If SELinux was disabled, set the SELINUX=permissive setting in the configuration file / etc / selinux / config and restart the operating system.
2. Make sure the semanage utility is installed on the system. If the utility is not installed, install the policycoreutils-python or policycoreutils-python-utils package, depending on the package manager.
3. If you are using a custom SELinux policy instead of the default targeted policy, assign a label to each source executable file of the Kaspersky application in accordance with the SELinux policy being used; to do so, run the following commands:

   # semanage fcontext -a -t bin_t <executable file>

   # restorecon -v <executable file>

   where <executable file> is:

   • /var/opt/kaspersky/kfl/2.0.0.<build number>_<installation timestamp>/opt/kaspersky/kfl/libexec/kfl
   • /var/opt/kaspersky/kfl/2.0.0.<build number>_<installation timestamp>/opt/kaspersky/kfl/bin/kfl-control
   • /var/opt/kaspersky/kfl/2.0.0.<build number>_<installation timestamp>/opt/kaspersky/kfl/libexec/kfl-gui
   • /var/opt/kaspersky/kfl/2.0.0.<build number>_<installation timestamp>/opt/kaspersky/kfl/shared/kfl
4. Run the following tasks:
   • File Threat Protection task:

     kfl-control --start-task 1

   • Critical Areas Scan task:

     kfl-control --start-task 4 -W

   We recommend running all the tasks that you plan to run while using the Kaspersky application.

5. Launch the application interface.
6. Ensure that there are no errors in the audit.log file:

   # grep kfl /var/log/audit/audit.log

7. If there are errors in the audit.log file, create and download a new rule module based on blocking records in order to fix the errors, and then re-run all the tasks that you plan to run while using the Kaspersky application; to do so, run the following commands:

   # grep kfl /var/log/audit/audit.log | audit2allow -M kfl

   # semodule -i kfl.pp

   If new audit messages related to the Kaspersky application appear, the rule module file must be updated.

8. Switch SELinux to blocking mode:

   # setenforce Enforcing

If you use a custom SELinux policy, manually assign a label to the original executable files of the Kaspersky application after installing application updates (follow steps 1, 3–8).

For additional information, please refer to the documentation on the relevant operating system.

[Topic 283301]

How to update a previous version of the application

The Kaspersky application is updated by installing a new version of the application. There is no need to remove the previous version of the application from your device. You can use both versions at the same time.

To update the Kaspersky application:

1. Prepare to install the application.

   Before you begin the installation, make sure you have completed all the necessary preparatory steps to install the Kaspersky application.

2. Install the new version of Kaspersky.

   Please note that installing a new version of the application does not automatically remove the previous version from your device.

3. Remove the previous version of the application (optional step).

   If you want to remove the previous version of the application, remove the following from your device:

   • the kaspl.run file from the directory where you placed it before installing the previous version
   • /var/opt/kaspersky/Kaspersky 24.0 (for a user with root rights)
   • /home/<username>/kaspersky/Kaspersky 24.0 (for a regular user)

[Topic 283302]

How to remove the application

To remove the Kaspersky application, you need to remove the application package from the protected device.

As part of the removal process, all Kaspersky tasks on the device are stopped.

After removing the application, all information saved by the application is deleted, except for the license database. Installed application certificates are also removed. The license database is saved, and you can use it to reinstall the application.

If the application was installed in a systemd-based system, systemd settings are restored to their initial state after the application removal.

To remove an application installed from an RPM package, run the following command:

# rpm -e kfl

To remove an application installed from a DEB package, run the following command:

# apt-get purge kfl

[Topic 69238]

Application licensing

This section provides information about basic concepts of Kaspersky licensing.

[Topic 284327]

About the End User License Agreement

The End User License Agreement is a binding agreement between you and AO Kaspersky Lab, stipulating the terms on which you may use the application.

Read through the terms of the End User License Agreement carefully before you start using the application.

You can review the terms and conditions of the End User License Agreement for the Kaspersky application and the Privacy Policy, which describes the processing and transmission of information, in the following ways:

• By reading the text in the license.<language ID> file. This file is included in the application distribution kit.
• During the installation of the Kaspersky application.

  By confirming that you agree with the text of the End User License Agreement and the Privacy Policy during the initial configuration of the application, you accept the terms and conditions of the End User License Agreement and the Privacy Policy. If you do not accept the terms of the End User License Agreement or Privacy Policy, you must cancel the installation of the application and may not use the application.

• After installing the Kaspersky application.

  After the application is installed, the files containing the texts of the End User License Agreement of the Kaspersky application and the Privacy Policy are located on the protected device in the /opt/kaspersky/kfl/doc/license.<language ID> directory.

[Topic 293720]

About the license

A license is a time-limited right to use the Kaspersky application, granted under the End User License Agreement.

You can purchase a license by subscribing.

The main functions of the application stop working when the license expires. To ensure continued protection of your device from computer security threats, you must renew your license no later than its expiration date. You can extend the license term by renewing your subscription to use the application.

[Topic 293721]

About subscription

A subscription to use the Kaspersky application is a purchase order for the application with specific parameters (subscription expiration date, number of protected devices). The Kaspersky application is included in each of the following subscription plans:

• Kaspersky Standard
• Kaspersky Plus
• Kaspersky Premium

A subscription plan is a subscription option that includes a specific set of applications and features.

The Kaspersky Premium subscription plan is not available in all regions.

The set of features available in the Kaspersky application does not depend on the selected subscription plan.

You subscribe when you purchase the application. To use the Kaspersky application with a subscription, you need to activate the application using the activation code you received when you subscribed.

Activation codes purchased under subscription may not be used to activate previous versions of the Kaspersky application.

To manage your subscription, you must creating an account on the My Kaspersky portal. You can also manage your subscription in the application interface and on the Kaspersky partner website where you subscribed.

Subscription can be limited (for one year, for example) or unlimited (without an expiry date). To continue using the application after the limited subscription expires, you need to renew your subscription. An unlimited subscription may renew automatically if payment is made on time. Automatic renewal of your subscription is paid for using the bank card details that you specified on the My Kaspersky portal or on the Kaspersky partner website where you purchased your subscription. The information you provide will not be used until your subscription is due for renewal.

You can enable or disable automatic renewal of your subscription in the subscription settings on the My Kaspersky portal or on the Kaspersky partner website where you subscribed. If automatic renewal is disabled, you can renew your subscription manually after it expires.

If you do not renew your subscription or if automatic renewal fails, you may be given a grace period during which you can use the application's features without restrictions. After this period, all the application's features will become unavailable.

The availability and duration of the grace period depend on the terms of the subscription plan you select. If your subscription plan does not include a grace period, your access to all features of the application will end immediately upon expiration of your license.

[Topic 293765]

About the activation code

An activation code is a unique sequence of twenty Latin letters and numbers. The activation code is provided to you when you purchase a subscription. An activation code is required to activate the Kaspersky application under a subscription. Applying the activation code adds to the application an active key corresponding to the license to use the application under the subscription.

You can find the activation code:

• On the My Kaspersky portal (if you subscribed on the Kaspersky website; or if after subscribing on the website of a Kaspersky partner, you added the activation code to the portal)
• On the activation card (if you purchased an activation card in the store of a Kaspersky partner)
• On the box with the installation disk (if you purchased a box with an installation disk from the store of a Kaspersky partner)

To activate the application with an activation code, you need Internet access in order to connect to Kaspersky activation servers.

If you lose the activation code after activating the application, you can recover it.

[Topic 197641]

About the license key

The license key is a sequence of bits that can be used to activate the application for further usage in accordance with the terms of the End User License Agreement. License key is generated by Kaspersky experts.

To add a license key to the application, you need to enter an activation code. After you add a key to the application, the license key is displayed in the application interface as a unique alphanumeric sequence.

The license key may be blocked by Kaspersky, if the terms of the End User License Agreement are violated. If the license key is blocked, add another license key for proper application operation.

A license key may be active or reserve.

Active license key is currently used to run the application. Only one active license key can be added to the application.

Reserve license key is a license key that entitles the user to use the application, but is not currently in use. The reserve license key automatically becomes active when the license associated with the current active license key expires. A reserve license key can be added only if an active license key is already added.

You can only use a reserve license key if the auto-renewal feature is disabled for your subscription.

[Topic 294940]

About the license certificate

A license certificate is a document that is provided to you along with an activation code.

A license certificate contains the following information about the license provided:

• License key or order number
• Information about the license user
• Information about the application that can be activated under the provided license
• Restrictions on the number of licensing units (for example, devices on which the application can be used under the license)
• License validity start date
• License expiration date or validity period
• License type

[Topic 250618]

Data provision

This section describes the information that the Kaspersky application may store on the device and automatically send to Kaspersky during its operation.

Kaspersky protects any information thus received in accordance with law and the applicable rules of Kaspersky. Data is transmitted over encrypted channels.

For more detailed information about the processing, storage, and destruction of information obtained during the use of the application and transmitted to Kaspersky, please read the End User License Agreement, the KSN Statement, and refer to the Privacy Policy on the Kaspersky website. The license.<language ID> and ksn_license.<language ID> files containing the End User License Agreement and Kaspersky Security Network Statement are included in the application distribution package.

[Topic 294648]

Data provided when using an activation code

After activating the Kaspersky application using an activation code, in order to verify that the application is being used legally and to obtain statistical information on the distribution and use of the application, you agree to automatically provide the following information to Kaspersky:

• Type, version, and localization of the installed application
• Versions of installed application updates
• Device ID and application installation ID on the device
• Activation code that was used to activate the application
• ID of the current license
• Application license key creation date and time
• Date and time on the user device
• Application license term expiration date and time
• Type, version, and bit size of the operating system

Page top

[Topic 294645]

Data provided when downloading updates from Kaspersky update servers

If you use Kaspersky update servers to download updates, in order to increase efficiency of the update procedure and to obtain statistical information on distribution and use of the application, you agree to automatically provide to Kaspersky the following information:

• Application ID derived from the license
• Full version of the application
• Application license ID
• Type of application license used
• Application installation ID (PCID)
• ID of the application update start
• Web address being processed

[Topic 250630]

Data provided when following links in the application interface

When clicking the links in the interface of the Kaspersky application, you agree to automatically provide the following information to Kaspersky:

• Full version of the application
• Application locale
• Application ID (PID)
• Link name

Page top

[Topic 293670]

Data provided when using Kaspersky Security Network

If you use Kaspersky Security Network, you agree to automatically provide Kaspersky with all the data listed in the Kaspersky Security Network Statement. Additionally, files (or parts of files) that intruders may use to harm the device and the data stored in its operating system may be sent to Kaspersky for scanning.

The ksn_license.<language ID> file with the text of the Kaspersky Security Network Statement is included in the application distribution kit.

[Topic 290873]

Managing the application on the My Kaspersky portal

The My Kaspersky portal serves as a one-stop shop for managing your data and subscriptions, and is also used to contact technical support. To make full use of the portal, you need to create an account that provides access to all of its functionality.

In the following sections, you will learn more about the My Kaspersky portal and how to create and use an account.

[Topic 291520]

About the My Kaspersky portal

The My Kaspersky portal is a comprehensive online resource that allows you to do the following:

• Download installation packages of applications by Kaspersky to devices.
• Subscribe or renew subscriptions.
• Get technical support.

For detailed information on working with your My Kaspersky account, see the My Kaspersky Portal Help.

[Topic 291521]

About the My Kaspersky account

You need a My Kaspersky account to sign in to the My Kaspersky portal and to manage some applications by Kaspersky.

If you subscribed on the Kaspersky website, your account was created during the registration process. An email with a link for creating a password was sent to the email address you provided during registration.

If you do not have an account yet, you can create one on the My Kaspersky portal. You can also use credentials for other Kaspersky resources to log in to the portal.

When creating an account, you must provide a valid email address and invent a password. The password must be at least 8 characters long and contain at least one numeral, one uppercase Latin letter, and one lowercase Latin letter. Spaces are not allowed.

A password that is too simple or too common cannot be used to create an account.

After creating an account, a message with an activation link will be sent to your email address.

Activate your account using the activation link from the message.

You can sign in to your My Kaspersky account using an email address and password, or your Google, Facebook*, Apple, Yandex or VK account. If you already have an account, you can set up quick login using your Google, Facebook*, Apple, Yandex or VK account in the window for connecting your device to your My Kaspersky account. You can do this if the email address used to create your My Kaspersky account from a Google, Facebook*, Apple, Yandex or VK account.

Availability of the quick login feature may depend on your region. More detailed information about restrictions in Russia can be found in this article (available only in English and Russian).

[Topic 272745]

How to activate the application and manage license keys

Activation is the process of activating a license that allows you to use a fully functional version of the application until the license expires.

To start using the Kaspersky application with a subscription, you need to activate the application using the activation code you received when you subscribed. When you add an activation code, an active license key is added to your device, activating the application.

You can activate the application in one of the following ways:

• During the initial configuration of the Kaspersky application.

  To do this, you need to enter the activation code when prompted by the initial configuration script or specify the activation code in the initial configuration file. Doing this adds an active key corresponding to the license to use the application under the subscription.

• After installation of the application is complete.

  To do this, you need to add an active key corresponding to the license to use the application under the subscription. You can add a key by applying the activation code in one of the following ways:

  • On the command line using management commands.
  • In the application interface.

A root account is required to add and remove license keys.

If you have automatic renewal disabled for your subscription, you will need to renew your subscription to continue using the application after your subscription expires. You can also add a reserve license key to the application. A reserve key becomes active when the license associated with the active key expires or when the active key is deleted. Having a reserve key lets you avoid functionality limitations when the license associated with the active key expires. You can add a reserve key to the application by applying an activation code. A reserve key is added in the same way as an active key.

A reserve license key can be added only if an active license key has already been added.

You can view information about license keys added to the application as well as license terms in one of the following ways:

• On the command line using management commands.
• In the application interface.

[Topic 287682]

How to subscribe

You purchase a subscription to use the application when you purchase the application.

If the app is already installed, you can purchase a subscription through the application interface.

To purchase a subscription through the application interface:

1. Open the main application window.
2. Do one of the following:
   • In the lower part of the main application window, click the area, which displays information about the license and the key.
   • In the lower part of the main application window, click the Support button and in the Support window that opens, open the Licenses window by clicking the link in the License key field or the Licenses link in the lower part of the window.

   This opens the Licenses window.

3. Click the Buy button in this window.

   The Kaspersky website will open in your browser. You can pay for your subscription there.

To manage your subscription, you must creating an account on the My Kaspersky portal.

Page top

[Topic 197631]

How to add or remove a license key using the command line

To manage license keys on a device, you can use license key management commands.

To add an active license key to the application, run the following command:

kfl-control [-L] --add-active-key <activation code>

where <activation code> is the activation code.

If the application is already activated and you add a new license key (use a new activation code), the new key replaces the previously added key. If the license associated with a previously added key has not yet expired, you can add that key to the application on another device.

To add a reserve license key to the application, run the following command:

kfl-control [-L] --add-reserve-key <activation code>

You can only use a reserve license key if the auto-renewal feature is disabled for your subscription.

If an active key has not yet been added to the application on the device, the command fails.

To remove the active key from the application, run the following command:

kfl-control [-L] --remove-active-key

If you remove the active license key, the application is not activated. You can use the application only after activation.

To remove a reserve key from the application, run the following command:

kfl-control [-L] --remove-reserve-key

[Topic 197271]

How to view license information on the command line

From the command line, you can use the -L --query command to view information about the active and reserve license keys added to the application as well as the license provided under your subscription to use the application.

To view information about the license keys and license on the device, run the following command:

kfl-control -L --query [--json]

where --json outputs data in JSON format. If the --json option is not specified, the settings are output in the INI format.

As a result of the command execution, the following information will be displayed in the console:

• Information about the active application key, if a key has been added:
  • Date and time when the license for using the application expires.
  • Number of days before the end of the license term.
  • Information about the limitation of protection functions.
  • Information about the limitation of the function for updating application databases.
  • Information about the status of the license key.
  • The type of license associated with the key.
  • Licensing limitation of the key (the number of licensing units).
  • Name of the application that the key is intended to activate.
  • Active license key (unique alphanumeric sequence).
  • Activation date.
• Information about the reserve application key, if a reserve key has been added:
  • Date and time when the license for using the application expires.
  • Information about the limitation of protection functions.
  • Information about the limitation of the function for updating application databases.
  • Information about the status of the license key.
  • The type of license associated with the key.
  • Licensing limitation of the key (the number of licensing units).
  • Name of the application that the key is intended to activate.
  • Reserve license key (unique alphanumeric sequence).
  • Date and time when the license associated with the active key expires, in UTC.

[Topic 280005]

How to add or remove a license key using the application interface

Using the application interface, you can add and remove application license keys, renew your subscription and view information about the license under which the application is being used as well as the license key associated with the license.

To add an active or reserve license key to the application:

1. Open the main application window.
2. Do one of the following:
   • In the lower part of the main application window, click the area, which displays information about the license and the key.
   • In the lower part of the main application window, click the Support button and in the Support window that opens, open the Licenses window by clicking the link in the License key field or the Licenses link in the lower part of the window.

   This opens the Licenses window.

3. Click Add.
4. Enter the activation code in the Add key (displayed when adding an active key) or Add reserve key (displayed when adding a reserve key) area and click the Next button.

   The window displays information about the key and the license associated with it.

5. Click the Activate button.

If the application is already activated and you add a new license key (use a new activation code), the new key replaces the previously added key. If the license associated with a previously added key has not yet expired, you can add that key to the application on another device.

To remove a license key that has been added to the application:

1. Open the main application window.
2. Do one of the following:
   • In the lower part of the main application window, click the area, which displays information about the license and the key.
   • In the lower part of the main application window, click the Support button and in the Support window that opens, open the Licenses window by clicking the link in the License key field or the Licenses link in the lower part of the window.

   This opens the Licenses window.

3. Click the Remove button to the right of the information about the key that you want to remove.
4. Confirm the removal in the window that opens.

If you remove the active license key, the application is not activated. You can use the application only after activation.

[Topic 197270]

How to view license information in the application interface

In the application interface, you can view information about the active and reserve license keys added to the application as well as the license provided under your subscription to use the application.

To view license information:

1. Open the main application window.
2. Do one of the following:
   • In the lower part of the main application window, click the area, which displays information about the license and the key.
   • In the lower part of the main application window, click the Support button and in the Support window that opens, open the Licenses window by clicking the link in the License key field or the Licenses link in the lower part of the window.

   This opens the Licenses window. The window displays information about the active and reserve keys added to the application. Click the More info link to view full information about the licenses and keys.

Click the More info link to view full information about the licenses and keys.

The Current licenses section displays information about active keys and associated licenses:

• The type of active license associated with the active key, the license limitation, and the license expiration date.
• License key – unique alphanumeric sequence.
• Key status – the status of the key or a message about the problems associated with the key (if any).
• Valid from – date when the application was activated by adding this key.
• Expires – the number of days before the license expires and the license expiration date in UTC format.
• Name – the name of the application for which the activation key was added.
• Protection – information about restrictions on protection functions and the ability to update application databases.

The Reserve keys section displays information about reserve keys and associated licenses:

• Type of reserve key, license limit, and license term associated with the key.
• License key – unique alphanumeric sequence.
• License type – the type of license associated with the reserve key.
• Name – the name of the application for which the activation key was added.
• Protection – information about restrictions on protection functions and the ability to update application databases.

[Topic 294981]

How to renew your subscription

If you have auto-renewal enabled for your subscription, it will automatically renew for a new term after your subscription expires without you having to do anything. Automatic renewal of your subscription is paid for using the bank card details that you specified on the My Kaspersky portal or on the Kaspersky partner website where you purchased your subscription. The information you provide will not be used until your subscription is due for renewal. You will receive an email reminder 15 days before your subscription expires. If you did not provide your credit card details for automatic renewal when you subscribed, you must provide them before the current subscription expires.

If automatic renewal is disabled for your subscription, you can renew your subscription manually after it expires.

To renew your subscription after it expires:

1. Open the main application window.
2. Do one of the following:
   • In the lower part of the main application window, click the area, which displays information about the license and the key.
   • In the lower part of the main application window, click the Support button and in the Support window that opens, open the Licenses window by clicking the link in the License key field or the Licenses link in the lower part of the window.

     This opens the Licenses window.

3. Click the Renew button in this window.

   The browser will open the website of Kaspersky or one of its partners. You can pay for and renew your subscription there.

   During the payment process, provide the email address associated with your My Kaspersky account. Within an hour after paying for a subscription renewal, information about the new subscription license term is sent to the application.

   You can view information about the license term:

   • On the command line using management commands.
   • In the application interface.

If you do not renew your subscription or if automatic renewal fails, you may be given a grace period during which you can use the application's features without restrictions. After this period, all the application's features will become unavailable.

The availability and duration of the grace period depend on the terms of the subscription plan you select. If your subscription plan does not include a grace period, your access to all features of the application will end immediately upon expiration of your subscription.

If auto-renewal is disabled for your subscription but you added a reserve license key to the application before your subscription expired, the application automatically activates using the reserve license key when your subscription expires.

You can use a reserve license key only if you purchased a subscription without automatic renewal.

Special offers

Special offers are available on the Kaspersky website. They may include discounts on your next subscription period when you activate the current subscription.

Renewal prices are subject to change and special offers may not be available at renewal time.

Problems with automatic renewal

Automatic renewal of your subscription may not be available for the following reasons:

• Your bank card has expired.

  Make sure your bank card is valid and has not expired. If the expiration date has passed, please update your bank card details.

• Your bank card has been blocked.

  Check if there are any blocks on your card. A card may be blocked due to suspicious activity or insufficient funds. Please contact your bank for more information.

• The automatic renewal feature is disabled.

  Make sure you have enabled the automatic renewal feature in your subscription settings on the My Kaspersky portal or on the Kaspersky partner website where you subscribed.

• Insufficient funds in the account.

  Please check your account balance to ensure there are sufficient funds to cover the renewal fee.

• Technical failures or system errors.

  Sometimes problems may arise if the service is experiencing technical problems. Please try again later or contact Technical Support.

[Topic 294982]

How to recover an activation code

If you lose the provided activation code, you can recover it in one of the following ways:

• If you have access to your My Kaspersky account, you can find your activation codes in the Licenses section on the My Kaspersky portal.
• If you do not have access to your My Kaspersky account, please contact Technical Support or the Kaspersky partner from whom you purchased the subscription to use the Kaspersky application.

For detailed information on how to recover an activation code using My Kaspersky, please refer to the Kaspersky Knowledge Base.

[Topic 284347]

How to manage the application

To use the Kaspersky app, you need to have basic knowledge of Alt, RED OS, Ubuntu or Uncom (depending on which of these operating systems is installed on your device). We recommend familiarizing yourself with the official documentation, which will introduce you to the basic principles of managing the operating system:

• Alt
• RED OS
• Ubuntu
• Uncom

To manage the Kaspersky application, you can use:

• The command line
• The application interface

The set of actions that you can perform using the interface of the Kaspersky application is limited.

[Topic 284348]

How to manage the application using the command line

Using the command line, you can install, remove, start, and stop the Kaspersky application on the device, and also manage the application locally.

The functional components of the application are supported by Kaspersky local tasks that run in the operating system. You can enable or disable functional components of the application on a device by starting or stopping Kaspersky tasks on the command line. One-time device scans are also performed by starting Kaspersky tasks. You can configure the functional components on the device and specify device scan settings by editing Kaspersky task settings.

In addition to the task settings, the following settings are provided for configuring the application:

• Encrypted connections scan settings.
• General application settings that define the operation of the application as a whole and the operation of individual functions.

You can manage the Kaspersky application on the command line using management commands.

[Topic 290440]

How to enable autocomplete of the kfl-control command (bash completion)

You can enable autocompletion for the kfl-control command in bash.

To enable autocompletion of kfl-control commands in the current bash session, run the following command:

source /opt/kaspersky/kfl/shared/bash_completion.sh

To enable autocomplete for all new bash sessions, run the following command:

echo "source /opt/kaspersky/kfl/shared/bash_completion.sh" >> ~/.bashrc

[Topic 287132]

How to manage tasks using the command line

The following application tasks are provided for managing the Kaspersky application on the command line:

• File Threat Protection. This task allows you to enable or disable File Threat Protection in real time and defines the settings for the File Threat Protection component. The task starts automatically when the application starts.
• Malware Scan. This task allows you to scan file system objects for malware on demand and defines the settings for the scan. You can use this task to perform a full or custom scan of the device.
• Critical Areas Scan. This task allows you to run a critical areas scan of the operating system on demand and defines the settings for the scan.
• Custom file scan. This task is designed for configuring and storing settings that are used when scanning the specified files and directories using the kfl-control --scan-file command. As a result of the command execution, the application creates and starts a temporary file scan task.
• Removable Drives Scan. This task allows you to monitor the connection of removable media to the device in real time and defines the settings of the Removable Drives Scan and the scan of its boot sectors for malware.
• Web Threat Protection. This task allows you to enable or disable Web Threat Protection and defines the settings for the Web Threat Protection component.
• Behavior Detection. This task allows you to monitor malicious activity of applications in the operating system. The task starts automatically when the Kaspersky application starts.
• Licensing. This task provides the capability to activate an application installed on the device. The task starts automatically when the application starts, and it resides in the device operating memory. The task has no settings; license keys are managed using special management commands. The task cannot be started, stopped, or deleted.
• Update. You can use this task to perform scheduled and on-demand application database and module updates and edit update settings.
• Rollback. You can use this task to roll back the last update of application databases and modules.

Each application task has a name used on the command line, an ID, and a type (see the table below).

IDs are unique for all tasks, including deleted tasks. The application does not reuse the identifiers of the deleted tasks. The identifier of a new task is the next successive number to the identifier of the latest created task.

Task names are not case-sensitive.

During installation of the application, predefined tasks are created. These tasks cannot be deleted. Each predefined task has a name and ID.

Tasks that you create while working with the application are called user tasks. When you create the task, you specify the name for it. IDs for user tasks are defined and assigned by the application when the task is created. IDs for user tasks are starting from 100.

During operation, the application creates temporary scan tasks. Temporary task names and IDs are assigned by the application. Temporary tasks are automatically deleted when completed.

Application tasks

You can perform the following actions with tasks:

• Start and stop all preset and custom tasks except tasks of the License type.
• Pause and resume ODS tasks.
• Create and delete user tasks. You can create tasks of the following types: ODS, Update, Rollback.
• Change the settings for all user tasks and all predefined tasks, except for Rollback and License tasks.
• Configure the task start schedule.

[Topic 287604]

How to view the list of tasks on the command line

To view the list of application tasks, execute the following command:

kfl-control --get-task-list [--json]

where:

--json – output format for the list of application tasks. If a file format is not specified, the output will be an INI file.

The list of Kaspersky tasks is displayed.

The following information will be displayed for each task:

• Name: the task name
• ID: the task ID
• Type: the task type
• State: the current state of the task

[Topic 290083]

How to view the status of a task on the command line

To view a task state, execute the following command:

kesl-control --get-task-state <task ID/name> [--json]

where:

• <task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.
• --json is specified to output the settings in JSON format.

Application tasks can take the following main states:

• Started—Task is running.
• Starting—Task is being launched.
• Stopped—Task has been stopped.
• Stopping—Task is stopping.

ODS tasks can also have one of the following states:

• Pausing — Task is pausing.
• Suspended — Task is suspended.
• Resuming — Task is resuming.

Page top

[Topic 287579]

How to create a task on the command line

You can create tasks of the following types: ODS, Update, and Rollback.

You can create tasks with default settings or with settings specified in a configuration file.

To create a task with default settings, execute the following command:

kfl-control --create-task <task name> --type <task type>

where:

• <task name> is the name that you specify for the new task.
• <task type> is the identifier for the type of the created task.

To create a task with the settings specified in the configuration file, execute the following command:

kfl-control --create-task <task name> --type <task type> --file <configuration file path> [--json]

where:

• <task name> is the name that you specify for the new task.
• <task type> is the identifier for the type of the created task.
• <path to file> is the full path to the configuration file with the settings that will be used for creating the task.
• --json is specified to import the settings from the configuration file in JSON format. If the --json option is not specified, the application attempts to import from an INI file. If the import fails, an error is displayed.

Page top

[Topic 290084]

How to start, stop, pause, and resume a task on the command line

You can start and stop predefined and user tasks, except for tasks of the License type.

You can pause and resume ODS tasks.

To start a task, execute the following command:

kfl-control --start-task <task ID/name> [-W] [--progress]

where:

• <task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.
• [-W] is a command used in conjunction with the task start command to enable the display of current events associated with this task.
• Specify the [--progress] option if you want to display the progress of the task.

  Example: Start the task with ID 1 and enable the display of current events associated with the task: kfl-control --start-task 1 -W

To stop a task, execute the following command:

kfl-control --stop-task <task ID/name> [-W]

where:

• <task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.
• [-W] is a command used in conjunction with the stop task command to enable the display of current events associated with this task.

To suspend a task, execute the following command:

kfl-control --suspend-task <task ID/name>

To resume a task, execute the following command:

kfl-control --resume-task <task ID/name>

Page top

[Topic 290441]

How to delete a task on the command line

You can delete only user tasks. Predefined tasks cannot be deleted.

To delete a task, execute the following command:

kfl-control --delete-task <task ID/name>

where <task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.

[Topic 290442]

How to output task settings to the console or into a configuration file

You can display the current values of settings for all user tasks and all predefined tasks, except for Rollback and License tasks (these tasks have no settings).

You can output the current values of task settings to the console or to a configuration file that you can use to change task settings.

To output the current values of task settings to the console, execute the following command:

kfl-control --get-settings <task ID/name> [--json]

where:

• <task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.
• --json is specified to output the settings in JSON format. If the --json option is not specified, the settings are output in the INI format.

To output the current values of task settings to a configuration file, execute the following command:

kfl-control --get-settings <task ID/name> --file <configuration file path> [--json]

where:

• <task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.
• --file <configuration file path> is the path to the configuration file into which the task settings will be written. If you specify the name of a file without its path, the file will be created in the current directory. If a file already exists in the specified path, it will be overwritten. If the specified directory does not exist, the configuration file will not be created.
• --json is specified to output the settings in JSON format. If the --json option is not specified, the settings are output in the INI format.

[Topic 287582]

How to manage task settings on the command line

You can edit the settings for all user tasks and all predefined tasks, except for Rollback and License tasks.

On the command line, you can edit the settings of tasks using the kfl-control --set-settings command:

• You can edit all task settings using the configuration file that contains the task settings. You can get the configuration file using the command for displaying task settings.
• You can edit individual task settings on the command line in the <setting name>=<setting value> format. You can get the current values of task settings using the command for displaying task settings.
• You can restore the task settings to their default values.

You can add or remove scan scopes and exclusion scopes using a configuration file that contains task settings or command line options. Configuring scan scopes and exclusion scopes is available for tasks of the OAS and ODS types.

In order to optimize the operation of scan tasks, it is recommended to add the path with snapshots mounted by the system in the read-only mode to the exclusions for the systems with the btrfs file system and enabled active snapshots. For example, for the systems based on SUSE/OpenSUSE, you can add the following exclusion for the path: /.snapshots/*/snapshot/.

For some tasks, separate management commands are also provided that allow you to edit task settings.

[Topic 289982]

How to modify task settings using a configuration file:

To edit values of task settings using a configuration file:

1. Output the task settings to the configuration file: kfl-control --get-settings
2. Open the configuration file and edit the values of the necessary settings.

   For tasks whose type is OAS or ODS, you can add or remove scan scopes and exclusion scopes.

   If you want to add a scan scope, add a [ScanScope.item_#] section with the following settings to the file:

   • AreaDesc is a description of the scan scope, which contains additional information about this scope.
   • UseScanArea enables scanning of the specified scope.
   • Path is a path to the directory with the objects to be scanned. You can specify a path to a local directory or enable scanning of remote directories mounted on a client device.
   • AreaMask.item_# is a limitation of the scan scope. You can specify a mask for the name of the files to be scanned. Scanning is enabled by default for all objects in the scan scope. You can specify multiple AreaMask.item_# items.

   If you want to add an exclusion scope, add an [ExcludedFromScanScope.item_#] section with the following settings to the file:

   • AreaDesc – a description of the exclusion scope, which contains additional information about the exclusion scope.
   • UseScanArea enables exclusion of the specified scope.
   • Path is a path to the directory with the objects to be excluded. You can specify a path to a local directory or exclude remote directories mounted on a client device. Possible values for the setting depend on the type of task.
   • AreaMask.item_# is a limitation of the exclusion scope. You can specify a mask for the name of the files that you want to exclude from the scan scope. By default, all objects in the scope are excluded.

     Example: [ExcludedFromScanScope.item_0000] AreaDesc= UseScanArea=Yes Path=/tmp/notchecked AreaMask.item_0000=*

   You can specify multiple [ScanScope.item_#] and [ExcludedFromScanScope.item_#] sections. The application processes the scopes by index in ascending order.

3. Save the configuration file.
4. Execute the command:

   kfl-control --set-settings <task ID/name> --file <configuration file path> [--json]

   where:

   • <task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.
   • --file <configuration file path> is the full path to the configuration file from which the task settings will be imported.
   • Specify the --json option if you are importing settings from a JSON configuration file. If the --json option is not specified, the application attempts to import from an INI file. If the import fails, an error is displayed.

All values of task settings defined in the file will be imported into the application.

[Topic 289983]

How to modify task settings using command line options:

You can use the kfl-control --set-settings command to modify individual task settings, as well as add or remove scan scopes and exclusion scopes for tasks of the following types: OAS and ODS.

Configuring individual task settings

To modify individual values of task settings using command line options, run the following command:

kfl-control --set-settings <task ID/name> <setting name>=<setting value> [<setting name>=<setting value>]

where:

• <task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.
• <setting name>=<setting value> is the name and value of one of the task settings. You can get the current values of task settings using the command for displaying task settings.

The values of the specified task settings will be changed.

Adding and removing a scan scope

To add a scan scope using command line options, run the following command:

kfl-control --set-settings <task ID/name> --add-path <path>

where:

• <task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.
• --add-path <path> adds the path to the directory with the objects to be scanned.

A new [ScanScope.item_#] section will be added to the task settings. The application scans the objects in the directory specified by the Path setting. The remaining settings of the scan scope take default values.

If the task settings already contain a [ScanScope.item_#] section with the specified value for the Path setting, a duplicate section is not added.

If the UseScanArea setting is set to No its value will change to Yes after this command is executed and the objects located in this directory will be scanned.

To delete a scan scope using command line options, run the following command:

kfl-control --set-settings <task ID/name> --del-path <path>

where:

• <task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.
• --del-path <path> deletes the path to the directory with the objects to be scanned.

The [ScanScope.item_#] section that contains the specified path will be deleted from the task settings. The application will not scan the objects in the specified directory.

Adding and removing an exclusion scope

To add an exclusion scope using command line options, run the following command:

kfl-control --set-settings <task ID/name> --add-exclusion <path>

where:

• <task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.
• --add-exclusion <path> adds the path to the directory with the objects that you want to exclude from the scan.

A new [ExcludedFromScanScope.item_#] section will be added to the task settings. The application will exclude objects in the directory specified by the Path setting from scans. The remaining settings of the exclusion scope take default values.

If the task settings already contain an [ExcludedFromScanScope.item_#] section with the specified value for the Path setting, a duplicate section is not added.

If the UseScanArea setting is set to No its value will change to Yes after this command is executed and the objects located in this directory will be excluded from scans.

To delete an exclusion scope using command line options, run the following command:

kfl-control --set-settings <task ID/name> --del-exclusion <path>

where:

• <task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.
• --del-exclusion <path> deletes the path to the directory with the objects to be excluded.

The [ExcludedFromScanScope.item_#] section that contains the specified path will be deleted from the task settings. The application will not exclude the objects in the specified directory from the scan.

[Topic 290443]

How to restore default task settings on the command line

You can restore the default settings for all user tasks and all predefined tasks, except for tasks of the Rollback and License types (these tasks have no settings).

To reset task settings to their default values, execute the following command:

kfl-control --set-settings <task ID/name> --set-to-default

where <task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.

The application changes the setting values to their defaults.

Page top

[Topic 287583]

How to configure the task schedule on the command line

You can configure a schedule for the following types of tasks: ODS, Update, and Rollback.

You can output the current values of the settings for the task run schedule to the console or to a configuration file.

To output the current settings for the task run schedule to the console, execute the following command:

kfl-control --get-schedule <task ID/name> [--json]

where:

• <task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.
• --json is specified to output the settings in JSON format. If the --json option is not specified, the settings are output in the INI format.

To output the current settings for the task run schedule to a configuration file, execute the following command:

kfl-control --get-schedule <task ID/name> --file <configuration file path> [--json]

where:

• <task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.
• --file <path to configuration file> is the path to the configuration file in which the settings for the task run schedule will be output. If you specify the name of a file without its path, the file will be created in the current directory. If a file already exists in the specified path, it will be overwritten. If the specified directory does not exist, the configuration file will not be created.
• --json is specified to output the settings in JSON format. If the --json option is not specified, the settings are output in the INI format.

  Examples: Save the update task settings to a file named update_schedule.ini and save the created file in the current directory: kfl-control --get-schedule 6 --file update_schedule.ini Display the update task schedule in the console: kfl-control --get-schedule 6

You can edit the settings for the task run schedule in the following ways:

• Import the settings from a configuration file that contains all schedule settings.
• Using the command line, specify the individual settings for the task run schedule in the format <setting name >=<setting value >.

To edit the values of the settings for task run schedule using a configuration file, perform the following actions:

1. Output the task settings to the configuration file: kfl-control --get-schedule
2. Edit the values of the necessary settings in the file and save the changes.
3. Execute the command:

   kfl-control --set-schedule <task ID/name> --file <configuration file path> [--json]

   where:

   <task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.

   --file <configuration file path> is the full path to the configuration file from which the task schedule settings will be imported.

   --json: specify this option if you are importing settings from a configuration file in JSON format. If the --json option is not specified, the application attempts to import from an INI file. If the import fails, an error is displayed.

All values of the settings for the task run schedule defined in the file will be imported into the application.

To edit the individual values of the settings for the task run schedule using the command line, execute the following command:

kfl-control --set-schedule <task ID/name> <setting name>=<setting value> [<setting name>=<setting value>]

where:

• <task ID/name> is the ID assigned to the task at the time of its creation, or the name of the task in the command line.
• <setting name>=<setting value> is the name and value of one of the settings for the task schedule.

The values of the specified settings for the task run schedule are modified.

Page top

[Topic 287602]

How to manage general application settings on the command line

General application settings define the operation of the application as a whole and the operation of individual functions.

You can manage general application settings using special management commands:

• Output the current values of general application settings to the console or to a configuration file.
• Edit general application settings using a configuration file containing all general settings, or using command line options in the <setting name>=<setting value> format.

Using general settings, you can:

• Configure Kaspersky Security Network for the application.
• Configure the use of a proxy server in the application.
• Select the file operation interception mode (block/do not block files during a scan).
• Configure exclusions from the mount points scan (global exclusions).
• Configure exclusions from the process memory scan.
• Enable or disable the detection of legitimate applications that intruders can use to compromise devices or data.
• Configure the use of event logs.
• Configure a limit on CPU resource usage by scan tasks (of the ODS type).
• Limit the number of user scan tasks that a non-privileged user can start simultaneously.
• Configure Backup settings.

[Topic 290468]

How to output general application settings to the console or into a configuration file

You can output the current values of general application settings to the console or to a configuration file that you can use to edit task settings.

To output the current values of general application settings to the console, execute the following command:

kfl-control --get-app-settings [--json]

where --json is specified to output the settings in JSON format. If the --json option is not specified, the settings are output in the INI format.

To output the current values of general application settings to a configuration file, execute the following command:

kfl-control --get-app-settings --file <configuration file path> [--json]

where:

• --file <configuration file path> is the path to the configuration file into which general settings of the application will be written. If you specify the name of a file without its path, the file will be created in the current directory. If a file already exists in the specified path, it will be overwritten. If the specified directory does not exist, the configuration file will not be created.
• --json is specified to output the settings in JSON format. If the --json option is not specified, the settings are output in the INI format.

  Example: Display the general application settings to a file named kfl_config.ini. Save the created file in the current directory: kfl-control --get-app-settings --file kfl_config.ini

Page top

[Topic 290469]

How to modify general application settings on the command line

On the command line, you can edit the general application settings by using the kfl-control --set-app-settings command:

• You can edit all general settings using the configuration file that contains the general application settings. You can get the configuration file using the command for displaying general settings.
• You can edit individual settings using command line options in the <setting name>=<setting value> format. You can get the current values of general application settings using the command for displaying general settings.

To edit values of general application settings using a configuration file:

1. Output the general application settings to a configuration file.
2. Edit the values of the necessary parameters in the file and save the changes.
3. Execute the command:

   kfl-control --set-app-settings --file <configuration file path> [--json]

   where:

   • --file <path to configuration file> is the full path to the configuration file with the general application settings. If you delete any parameter in the configuration file, the default value for that parameter will be displayed after the command is executed.
   • --json: specify this option if you are importing settings from a configuration file in JSON format. If the --json option is not specified, the application attempts to import from an INI file. If the import fails, an error is displayed.

All the values of the general settings defined in the file will be imported into the application.

To edit general application settings using command line options, execute the following command:

kfl-control --set-app-settings <setting name>=<setting value> [<setting name>=<setting value>]

where <setting name>=<setting value> is the name and value of one of the general application settings.

The values of the specified general settings will be changed.

Page top

[Topic 290460]

How to filter query results on the command line

You can use a filter to restrict the query results when running application control commands.

Filter conditions are specified using one or more logical expressions, which are combined using the logical operator and. Filter conditions must be enclosed in quotation marks:

"<field> <comparison operator> '<value>'"

"<field> <comparison operator> '<value>' and <field> <comparison operator> '<value>'"

where:

• <field> is the name of the field for the database.
• <comparison operator> is one of the following comparison operators:
  • > is "greater than"
  • < is "less than"
  • like matches the specified value When specifying a value, you can use % masks: for example, the logical expression "FileName like '%etc%'" sets the limitation "contains the text "etc" in the FileName field"
  • == is "equal to"
  • != is "not equal to"
  • >= is "greater than or equal to"
  • <= is "less than or equal to"
• <value> is the value of the field. The value must be enclosed in single quotation marks (').

  You can specify a date value in UNIX time (the number of seconds that have elapsed since 00:00:00 (UTC), January 1, 1970) or in YYYY-MM-DD hh:mm:ss format. The user specifies the date and time in the user's local time zone, and the application displays them in the same time zone.

You can use a filter in the following application management commands:

• Display information about certain current events of the application:

  kfl-control -W --query "<filter conditions>"

• Display information about certain application events in the event log:

  kfl-control -E --query "<filter conditions>"

• Output information about certain objects in Backup:

  kfl-control -B --query "<filter conditions>"

• Delete certain objects from Backup:

  kfl-control -B --mass-remove --query "<filter conditions>"

  Examples: Get information about events that contain the text "etc" in the FileName field: kfl-control -E --query "FileName like '%etc%'" Display information about events with the ThreatDetected type: kfl-control -E --query "EventType == 'ThreatDetected'" Display information about events with the ThreatDetected type, created by tasks of the ODS type: kfl-control -E --query "EventType == 'ThreatDetected' and TaskType == 'ODS'" Get information about the events generated after the date specified in the UNIX time stamp system (the number of seconds that have elapsed since 00:00:00 (UTC), 1 January 1970): kfl-control -E --query "Date > '1583425000'" Get information about the events generated after the date specified in YYYY-MM-DD hh:mm:ss format: kfl-control -E --query "Date > '2022-12-22 18:52:45'" Get information about files in the Backup storage that have the High severity level: kfl-control -B --query "DangerLevel == 'High'"

Page top

[Topic 287584]

How to export and import application settings on the command line

The Kaspersky application allows exporting and importing all application settings for troubleshooting, checking settings, or reusing settings on devices of other users. When exporting settings, all application settings (including encrypted connections scan settings, general application settings, and task settings) are saved in a configuration file. You can use this configuration file to import settings into the application.

The application must be launched when settings are imported or exported. After the settings are imported, the application must be restarted.

To export the application settings, execute the following command:

kfl-control --export-settings --file <configuration file path> [--json]

where:

• --file <configuration file path> is the full path to the configuration file where the application settings will be saved.
• --json is specified to export the settings to the configuration file in JSON format. If the --json options is not specified, the settings will be exported to an INI file.

To import the application settings from the file, execute the following command:

kfl-control --import-settings --file <configuration file path> [--json]

where:

• --file <configuration file path> is the full path to the configuration file from which you want to import settings into the application.
• --json is specified to import the settings from the configuration file in JSON format. If the --json option is not specified, the application attempts to import from an INI file. If the import fails, an error is displayed.

When you import application settings from a file, UseKSN is set to Yes.

After application settings are imported, internal task IDs may change. It is recommended to use task names to manage tasks.

Page top

[Topic 290448]

How to manage user roles

Access to the functionality of the Kaspersky application on the command line depends on the user's role.

A role is a set of rights and privileges for managing the application.

Three user groups are created in the operating system: kfladmin, kfluser, and nokfl. When you assign an application role to a system user, the user is added to the corresponding group (see the Roles table below). When you revoke a role from a user, this user is removed from the corresponding group.

If no application role is assigned to a system user, that user belongs to a separate group of users without rights.

Thus, the roles correspond to the three groups of operating system users:

• kfladmin corresponds to the Administrator role.
• kfluser corresponds to the User role.
• nokfl is assigned to a user if no other roles are assigned. In this case, the user belongs to a separate group of users without privileges

  User roles

  Role name	Role in application	OS user group	Permissions
  Administrator	admin	kfladmin	Managing application settings and task settings in the graphical interface of the application and on the command line without using the sudo command. Manage application licensing. Assigning roles to users. Revoking user roles (the administrator has no right to revoke the admin role from himself). View and manage users' Storages.
  User	user	kfluser	Manage only user file scan tasks. Start and stop Update tasks. View reports for the tasks created by this user. View specific events that are common for all application users.
  —	—	nokfl	No role is assigned in the application, no permissions.

[Topic 290457]

How to view the list of users and roles on the command line

To view a list of users and their roles, run the following command on the command line:

kfl-control [-U] --get-user-list

[Topic 290458]

How to assign a role to a user on the command line

To assign a role to a specific user, execute the following command:

kfl-control [-U] --grant-role <role> <user>

Page top

[Topic 290459]

How to revoke a role from a user on the command line

To revoke a role from a specific user, execute the following command:

kfl-control [-U] --revoke-role <role> <user>

Page top

[Topic 284351]

How to manage the application using the application interface

The Kaspersky application interface lets you:

• View information about device protection status.
• Enable and disable application components:
  • File Threat Protection.
  • Removable Drives Scan.
  • Web Threat Protection.
  • Behavior Detection.
• Start and stop scan tasks:
  • Malware Scan.
  • Critical Areas Scan.
• Start and stop database update and rollback tasks.
• Run a custom scan of files and directories.
• Enable and disable Kaspersky Security Network.
• View application statistics and reports.
• Manage application license keys and view information about the license under which the application is being used as well as the key associated with the license.
• View information about objects placed in Backup.
• Create application trace files.

The Kaspersky application interface does not let you:

• Manage user ODS tasks.
• Edit task and component settings.

If an application component or task is running in

[Topic 289976]

Application interface

Application icon in the notification area

After the Kaspersky application is installed on the device, the application icon appears in the notification area on the right side of the taskbar.

The application icon acts as a shortcut to the context menu and the main application window.

The context menu of the application icon contains the following items:

• Kaspersky for Linux. Opens the main application window, which displays the protection status of a device and contains interface elements that provide access to the application functions.
• Exit. Exits the application interface.

Main application window

To open the main application window, perform one of the following actions:

• Right-click or double-left-click the application icon in the notification area of the taskbar.
• Select the application name in the application menu of the operating system window manager.

The main application window is divided into several parts:

• The central part of the main application window displays the protection status of the device. Clicking this part of the window opens the Protection Center window. This window displays information about the protection status of a device and recommendations on the actions to be performed to fix protection problems (if any).
• The Scan button displays the Malware Scan task status and the number of detected threats. Clicking this button opens the Scan window. In this window, you can start and stop the Malware Scan and Critical Areas Scan tasks. Also, you can view reports for these tasks.
• The Update button displays the status of the Update task. Clicking this button opens the Update window. In this window, you can start the Update and Rollback tasks. Also, you can view reports for these tasks.
• The lower part of the main application window contains the following elements:
  • Reports button. Clicking this button opens the Reports window, where you can view component and task statistics as well as various reports on the operation of components and tasks.
  • Backup button. Clicking this button opens the Backup window, which contains information about objects in Backup.
  • Settings button. Clicking this button opens the Settings window, where you can enable or disable application components and configure the use of the Kaspersky Security Network.
  • Support button. Clicking this button opens the Support window, which displays the current version of the application and the following information:
    • License key – the active license key added to the application, or a message that no key has been added. The link in this field opens the Licenses window, which displays detailed license information.
    • Key status – information about the status of the active license key, or a message that no key has been added.
    • Database release date – status and release date of the application databases.
    • Operating system – information about the operating system of the device.

    The following links are displayed at the bottom of the Support window:

    • The Forum link which takes you to the Kaspersky forum.
    • The License link which opens the Licenses window.

      In the Licenses window, you can view license information, manage subscriptions, and add or remove license keys.

    • The Tracing link which opens the Tracing window.

      In the Tracing window, you can create application trace files and configure the level of detail of the trace files.

• The lower part of the main application window displays information about the license and the key, as well as about licensing problems (if any). Clicking on this area of the window opens the Licenses window, which displays detailed license information.

  Clicking the Buy button in this window opens the Kaspersky online store, where you can purchase a license. After purchasing a license, you will receive an activation code, which you will need to use to activate the application.

[Topic 290130]

How to enable and disable application components in the application interface

You can use the application interface to enable or disable application components. If the component is enabled, the Disable button is available. By default, File Threat Protection and Behavior Detection components are enabled. The Web Threat Protection component may be enabled automatically if one of the supported browsers is detected in the system.

If a component is disabled, the Enable button will be available.

To enable or disable an application component:

1. Open the main application window.
2. In the lower part of the main application window, click the Settings button.

   The Settings window opens.

3. Click Enable or Disable for the component.

[Topic 290422]

How to start and stop tasks in the application interface

To start or stop a scan task:

1. Open the main application window.
2. In the main application window, click Scan.

   The Scan window will open.

3. Do one of the following:
   • To start a scan task, click the Start button under the scan task that you want to start.

     The progress of the running scan task is displayed.

   • To stop a scan task, click the Stop button under the scan task that you want to stop.

     The scan task stops, and information about the scanned objects and detected threats is displayed.

4. To view the report on the scan task, click the Show report button.

When an infected object is detected or the scan task is completed, a pop-up window appears in the notification area near the application icon on the right side of the taskbar.

The Scan window also displays the progress and results of temporary boot sector scan tasks (Scan_Boot_Sectors_{ID}) and temporary custom file scan tasks (Scan_File_{ID}). You can hide information about temporary tasks that are already completed by clicking the cross or by closing the Scan window (when switching to the main window or when exiting the application).

[Topic 284352]

How to start and stop the application

After installing the Kaspersky application on a device, the application is started automatically. By default, the application then starts automatically when the operating system is booted (at the default level of execution for each operating system).

By default, when the Kaspersky application is started, the following functional components of the application are started automatically:

• File Threat Protection.
• Behavior Detection.
• Web Threat Protection - only if one of the supported browsers is installed on the operating system.

When you launch the application on your device, a service task is automatically launched to ensure that the application activation feature works.

By default, the application also starts user tasks configured on the command line, for which the "after application startup" run mode (PS run mode) is configured.

If you stop the application, all tasks running on the device will be interrupted. Interrupted user tasks are not resumed automatically after the application is restarted.

Starting, restarting, and stopping the Kaspersky application

To start the application, run the following command:

systemctl start kfl

To run the application, the root account must be the owner of the following directories and only the owner must have write access to them: /var, /var/opt, /var/opt/kaspersky, /var/log/kaspersky, /opt, /opt/kaspersky, /usr/bin, /usr/lib, /usr/lib64.

To stop the application, run the following command:

systemctl stop kfl

To restart the application, run the following command:

systemctl restart kfl

Monitoring the status of the Kaspersky application

The status of the Kaspersky application status is monitored by the watchdog service. The watchdog service is automatically launched when the application starts.

In the event of an application crash, a dump file is generated and the application is restarted automatically.

To export application settings, run the following command:

systemctl status kfl

[Topic 284353]

How to view device protection status and app performance information in the command line

You can view information about the device protection status and the status of the Kaspersky application and its components on the command line using the kfl-control --app-info command. The command displays information about the operation of the application and the status of functional components and tasks of the application.

To view information about the protection status of the device and the application, run the following command:

kfl-control --app-info [--json]

where --json: output data in JSON format. If the --json option is not specified, the settings are output in the INI format.

As a result of the command execution, the following information will be displayed in the console:

• Name. Application names.
• Version. Current application version.
• Application license information Application license information or application license key status.
• License expiration date. Date and time when the application license expires, in UTC.
• Backup state. Backup state.
• Backup space usage. Backup size.
• Last run date of the Scan_My_Computer task. Time of the last Malware Scan task.
• Last release date of databases. Date and time the application databases were last released.
• Application databases. Information about whether the application databases have been downloaded.
• Using Kaspersky Security Network. Information about Kaspersky Security Network use.
• File Threat Protection. Real-time File Threat Protection status.
• Web Threat Protection. Web Threat Protection component status.
• Removable Drives Scan. Removable Drives Scan component status.
• Behavior Detection. Behavior Detection component status.
• Post-update actions. Application update actions and the actions to be performed by the user.
• Unstable application operation. Information about application failure and dump file creation. This field is displayed if a failure occurred the last time the application was launched.

Page top

[Topic 197255]

How to update application databases and modules

Updating the databases and application modules of the Kaspersky application ensures up-to-date protection on your device. New viruses, malware, and other types of threats appear worldwide on a daily basis. The application databases contain information about the threats and the ways to neutralize them. To detect threats quickly, you are urged to regularly update the application databases and modules.

Current application license is required for regular database updates. If there is no current license, you will only be able to perform one update.

During the update process, the databases and application modules are downloaded and installed on your device.

You can get updates for databases and application modules from Kaspersky update servers, from local or network directories, and from other update sources.

During an update, the application modules and databases on your device are compared with the up-to-date version at the update source. If your current databases and application modules differ from their respective up-to-date versions, the missing portions of the updates will be installed on your device.

If the databases are obsolete, the update package may be large, which may cause additional Internet traffic (up to several dozen MB). Up to 3 GB of disk space may be used.

Updates are downloaded from Kaspersky update servers or from other FTP, HTTP, or HTTPS servers over standard network protocols. By default, Internet connection settings are determined automatically. If you use a proxy server, you need to specify the proxy settings in the general application settings.

Regardless of the update source, the update package is downloaded and the database and application module updates are installed on the device using the Update task.

An Update predefined task is created in the application. Using this task, you can perform scheduled and on-demand updates of databases and application modules and configure update settings.

You can also create update user tasks on the command line.

You can configure the following settings for updating databases and application modules:

• Select the source from which the application will receive updates, depending on the update scenario used.
• Configure the response timeout of a selected update source when attempting to connect to it. If an update source does not respond within the specified time, the application contacts the next update source in the list.
• Select the mode of downloading and installing application modules and application version updates: download and install, download only, or do not download.
• Configure the task run schedule for updates. By default, the application updates the databases once every 120 minutes.

In the application interface, you can update databases and application modules using the Update task. You can start and stop the task.

The application interface also lets you:

• Monitor the progress of the Update task.
• View pop-up notifications about the status of the Update task; in these notifications, you can click the Open Reports link to navigate to application component reports and scan task results.
• View a report with the result of the Update task.

  The result of the Update task is displayed in the report in the Update section.

[Topic 287661]

Updating databases and modules

During an update, the following objects are downloaded and installed on your device:

• Application databases.

  Application databases include databases of malware signatures, a description of network attacks, databases of malicious and phishing web addresses, databases of banners, spam databases, and other data.

  If the database update on the device is interrupted or finishes with an error, the application continues to use the previously installed database version. If application databases were not installed before, the application continues functioning in "without databases" mode. Database and application module updates are still available.

  The databases are up to date if they were downloaded less than three days ago. By default, the application generates the Databases are out of date event (BasesAreOutOfDate) if the last installed database updates were published on the Kaspersky servers more than three but less than seven days ago. If the databases have not been updated for seven days, the application generates the Databases are extremely out of date (BasesAreTotallyOutOfDate) event.

• Application modules.

  Module updates are intended to eliminate vulnerabilities in the application and to improve methods of protecting devices. Module updates may change the behavior of application components and add new capabilities.

  Application modules can be updated regardless of the state of the application (running or stopped) and the update schedule. The Kaspersky application continues protecting your device during the application modules update procedure. During the update, application settings and the application log file are migrated to the new version of the application. After the update, you must restart the Kaspersky application.

  If the transfer of application settings fails for any reason, the application is set to the default values.

  Changes to the application settings made after the update is complete and before the application restarts are not saved.

  After updating version of the application using an autopatch, the mechanism for interacting with the operating system firewall changes: the rules are managed using the iptables and iptables-restore system utilities.

  If the application does not work properly after the update, it automatically rolls back to the previous version. It is recommended to contact Kaspersky Technical Support.

Page top

[Topic 287585]

Updating sources and update scenarios

An update source is a resource that contains updates for Kaspersky databases and application modules. Update sources can be FTP, HTTP, or HTTPS servers (such as Kaspersky update servers), as well as local or network directories mounted by the user.

The main application update sources are Kaspersky update servers. You can specify other update sources in the Update task settings. If an update cannot be performed from an update source, the Kaspersky application moves on to the next update source.

The Kaspersky application supports the following scenarios for updating databases and application modules:

• Update from Kaspersky update servers. Kaspersky update servers are located in different countries around the world, which ensures a high reliability of updates. If an update cannot be performed from one server, the application switches over to the next server. Updates are downloaded via HTTPS protocol.
• Updating from a local or network directory (SMB/NFS) mounted by a user, or from an FTP, HTTP, or HTTPS server. You can specify a custom update source in Update task settings.

Page top

[Topic 287586]

How to update databases and application modules using the command line

On the command line, you can update databases and application modules in the following ways:

• Using the Update predefined task.

  You can manually start, stop, pause, or resume this task and configure the task run schedule. You can configure scan settings by editing the settings of this task.

• Using user tasks for updating (tasks of the Update type).

  You can manually start user tasks and configure the task schedule.

The task starts with default settings listed in Appendix 3. You can stop or start the task at any time. You can also modify the settings of the task before starting it.

You must modify the settings of a task before starting the task.

ID of the Update predefined task: 6. Name of the Update predefined task: Update. If you have an update user task, you must specify its ID or name.

To configure the task schedule using a configuration file:

1. Output the task settings to the configuration file: kfl-control --get-schedule
2. Edit the values of the necessary settings in the configuration file and save the changes.
3. Execute the command:

   kfl-control --set-schedule <task ID/name> --file <configuration file path> [--json]

All values of the settings for the task run schedule defined in the file will be imported into the application.

To modify individual task schedule settings on the command line:

kfl-control --set-schedule <task ID/name> <setting name>=<setting value> [<setting name>=<setting value>]

The values of the specified settings for the task run schedule are modified.

To stop the Update task on the command line and enable the output of current events related to this task:

kfl-control --stop-task <task ID/name> -W

To start the Update predefined task, enable the output of current events related to this task, and display the progress of the task:

kfl-control --start-task 7 [-W] [--progress]

To create and start the Update user task, enable the output of current events related to this task, and display the progress of the task, run the following commands in sequence:

1. kfl-control --create-task <task ID/name> --type <Rollback>
2. kfl-control --start-task <task ID/name> [-W] [--progress]

The Update task starts with default settings listed in Appendix 3.

You can display the current values of the task settings in one of the following ways:

• To the console using the task settings output command: kfl-control --get-settings <task ID/name> [--json]
• To a configuration file using the task settings output command: kfl-control --get-settings <task ID/name> --file <configuration file path> [--json]

If you need to configure the Update task, you can:

• Modify all task settings using the configuration file. To do so:
  1. Output the task settings to the configuration file: kfl-control --get-settings <task ID/name> [--json]

     A configuration file with the current task settings is generated.

  2. Edit task settings in the generated configuration file by choosing values from the following table.
  3. Save the configuration file.
  4. Run the following command: kfl-control --set-settings <task ID/name> --file <configuration file path> [--json]
• Modify individual task settings: kfl-control --set-settings <task ID/name> <setting name>=<setting value> [<setting name>=<setting value>]
• Restore default task settings: kfl-control --set-settings <task ID/name> --set-to-default

For detailed instructions on how to modify the settings of application tasks, see the How to manage task settings on the command line section.

The following table describes all the settings of the Update task and their values.

Update task settings

Page top

[Topic 197281]

How to update application databases and modules using the application interface

In the application interface, you can see the date of the last database update in the Support window.

To start or stop an update task in the application interface:

1. Open the main application window.
2. In the main application window, click Update.

   The Update window opens.

3. Do one of the following:
   • To start a task, click the Start button under the task that you want to start.

     The progress of the running update task is displayed.

     If the Update task finishes successfully (after the second application database update), the Roll back update link becomes available, and you can roll back the last successful database update.

   • To stop a task, click the Stop button under the scan task that you want to stop.

     The Update task stops.

To view the report for the task, click Show report.

[Topic 197615]

How to roll back updates of application databases and modules

After the application databases are updated for the second time, the rollback of the application databases to their previous versions becomes available.

Every time a user starts the update process, the Kaspersky application creates a backup copy of the current application databases. This allows you to roll back the application databases to a previous version if needed.

Rolling back the last database update may be useful, for example, if the new application database version contains invalid signatures, which causes the Kaspersky application to block safe applications.

You cannot roll back a rollback.

You can roll back an update from the command line or using the application interface.

On the command line, to roll back updates, you can run the Rollback predefined task or create and run user tasks for rolling back updates (tasks of the Rollback type). You can also configure the task schedule.

The Rollback task does not have any settings.

ID of the Rollback predefined task: 7. Name of the Rollback predefined task: Rollback. If you have a rollback user task, you must specify its ID or name.

In the application interface, you can only run the predefined Rollback task.

To configure the task schedule using a configuration file:

1. Output the task settings to the configuration file: kfl-control --get-schedule
2. Edit the values of the necessary settings in the configuration file and save the changes.
3. Execute the command:

   kfl-control --set-schedule <task ID/name> --file <configuration file path> [--json]

All values of the settings for the task run schedule defined in the file will be imported into the application.

To modify individual task schedule settings on the command line:

kfl-control --set-schedule <task ID/name> <setting name>=<setting value> [<setting name>=<setting value>]

The values of the specified settings for the task run schedule are modified.

To start the Rollback predefined task, enable the output of current events related to this task, and display the progress of the task:

kfl-control --start-task 7 [-W] [--progress]

To create and start the Rollback user task, enable the output of current events related to this task, and display the progress of the task, run the following commands in sequence:

1. kfl-control --create-task <task ID/name> --type <Rollback>
2. kfl-control --start-task <task ID/name> [-W] [--progress]

To roll back an update using the application interface:

1. Open the main application window.
2. In the main application window, select the Update section.

   The Update window opens.

3. Run the Rollback task by clicking the Roll back update link.

You cannot manage the schedule of the Database update rollback task in the application interface.

[Topic 285961]

How to configure File Threat Protection

File Threat Protection component prevents infection of the device file system. The component is enabled automatically with the default settings when the Kaspersky application starts. It resides in the device operating memory and scans all files that are opened, saved, and executed in real time.

Upon detecting malware, the Kaspersky application can remove the infected file and terminate the malware process started from this file.

The operation of the component is affected by the file operation interception mode, which you can select in the general settings of the application. By default, access to the file is blocked for the duration of the scan.

On the command line, you can manage File Threat Protection using the File Threat Protection predefined task (File_Threat_Protection).

The File Threat Protection task is started by default. You can start and stop this task, as well as modify its settings manually.

To start and stop the File Threat Protection task on the command line, you need the privileges of the Administrator role.

By modifying the settings of the File Threat Protection predefined task, you can:

• Select the file scan mode (when opened, or when opened and modified).
• Enable or disable scanning of archives, mail databases, email messages in text format.
• Temporarily exclude files in text format from rescans.
• Limit the size of an object to be scanned and the duration of the object scan.
• Select the actions to be performed by the application on the infected objects.
• Configure the scan scopes. The application will scan objects in the specified area of the file system.
• Configure exclusions of objects from scans. A scan exclusion is a set of conditions. When these conditions are met, the application does not scan the objects for viruses and other malware. You can exclude the following from scans:
  • Objects by name or mask
  • Objects by the name of the threats detected in them
  • Files and directories in specified areas of the file system
  • Processes and files being modified by the specified process
• Configure the use of the heuristic analyzer and iChecker technology during a scan.
• Enable or disable the logging of information about scanned non-infected objects, about scanning objects in archives, and about unprocessed objects.

On the command line, you can view information about detected threats and check the current status of the task.

To optimize the File Threat Protection component, you can exclude from scans any files being copied from network directories. Files are scanned only after the process of copying to a local directory is finished. To exclude files located in network directories from scans, configure exclusion based on processes for the utility used for copying from network directories (for example, for the cp utility). You can configure an exclusion by process by adding an [ExcludedForProgram.item_#] section to the settings of the OAS task.

In the application interface, you can manage File Threat Protection using the File Threat Protection component.

The application interface allows you to:

• Enable or disable the File Threat Protection component.
• Observe the operation of the component.
• View pop-up notifications about detected threats; in these notifications, you can click the Open Reports link to navigate to application component reports and scan task results.
• View reports of the File Threat Protection component.

  The statistics of the File Threat Protection component are displayed in the report in the Statistics section.

[Topic 290129]

File Threat Protection task settings

The File Threat Protection task is running by default with the settings listed in Appendix 3. You can stop or start the task at any time. You can also modify task settings.

You must modify the settings of a task before starting the task.

To configure the task schedule using a configuration file:

1. Output the task settings to the configuration file: kfl-control --get-schedule
2. Edit the values of the necessary settings in the configuration file and save the changes.
3. Execute the command:

   kfl-control --set-schedule 1 --file <configuration file path> [--json]

All values of the settings for the task run schedule defined in the file will be imported into the application.

To modify individual task schedule settings on the command line:

kfl-control --set-schedule 1 <setting name>=<setting value> [<setting name>=<setting value>]

The values of the specified settings for the task run schedule are modified.

To stop the File Threat Protection task and enable the output of current events related to this task, run the following command:

kfl-control --stop-task 1 -W

To start the File Threat Protection task, enable the output of current events related to this task, and display the progress of the task, run the following command:

kfl-control --start-task 1 [-W] [--progress]

The File Threat Protection task is started with default settings.

You can display the current values of the task settings in one of the following ways:

• To the console using the task settings output command: kfl-control --get-settings 1 [--json]
• To a configuration file using the task settings output command: kfl-control --get-settings 1 --file <path to configuration file> [--json]

If you need to modify the settings of the File Threat Protection task, you can:

• Modify all task settings using the configuration file. To do so:
  1. Output the task settings to the configuration file: kfl-control --get-settings 1 [--json]

     A configuration file with the current task settings is generated.

  2. Edit task settings in the generated configuration file by choosing values from the following table.
  3. If necessary, add a scan scope to the configuration file or remove scan scopes that you want to skip from the configuration file.

     To add a scan scope, add a [ScanScope.item_#] section to the configuration file and specify the values of its settings by choosing them from the table below.

     To delete a scan scope, delete the [ScanScope.item_#] section corresponding to the unwanted scan scope along with its settings from the configuration file.

  4. If necessary, add an exclusion scope to the configuration file.

     To add an exclusion scope, add an [ExcludedFromScanScope.item_#] section to exclude files and directories or an [ExcludedForProgram.item_#] section to exclude processes and specify its settings by choosing them from the table below.

  5. Save the configuration file.
  6. Run the following command: kfl-control --set-settings 1 --file <configuration file path> [--json]
• Modify individual task settings using command line options. To do so:
  1. Modify settings: kfl-control --set-settings 1 <setting name>=<setting value> [<setting name>=<setting value>]
  2. If necessary, add a scan scope using the kfl-control --set-settings 1 --add-path <path to directory with objects to scan> command or delete a scan scope using the kfl-control --set-settings 1 --del-path <path to directory with objects to scan> command.
  3. If necessary, add an exclusion scope using the kfl-control --set-settings 1 --add-exclusion <path to directory with objects to exclude> command or delete an exclusion scope using the kfl-control --set-settings 1 --del-exclusion <path to directory with objects to exclude> command.
• Restore default task settings: kfl-control --set-settings 1 --set-to-default

For detailed instructions on how to modify the settings of application tasks, see the How to manage task settings on the command line section.

The following table describes all the settings of the File Threat Protection task and their values.

File Threat Protection task settings

Page top

[Topic 290527]

How to optimize the scanning of network directories

To optimize the File Threat Protection task, you can exclude from scans any files being copied from network directories to the local directory. To do so, configure exclusion based on processes for the utility used for copying from network directories (for example, for the cp utility).

To configure exclusion of network directories from scans:

1. Output the File Threat Protection task settings (File_Threat_Protection, ID:1) to a configuration file using the command:

   kfl-control --get-settings 1 --file <full path to configuration file> [--json]

2. Open the configuration file and add the [ExcludedForProgram.item_#] section with the following settings:
   • ProgramPath – path to the process to be excluded or to the directory with the processes to be excluded.
   • ApplyToDescendants is a parameter that indicates whether the scan should exclude child processes of the excluded process (possible values: Yes or No).
   • AreaDesc – a description of the process exclusion scope, which contains additional information about the exclusion scope.
   • UseExcludedForProgram enables exclusion of the specified scope during task operation (possible values: Yes or No).
   • Path – path to the files or directory with files modified by the process.
   • AreaMask.item_# is the file name mask for the files to be excluded from the scan. You can also specify the full path to the file.

     Example: [ExcludedForProgram.item_0000] ProgramPath=/usr/bin/cp ApplyToDescendants=No AreaDesc= UseExcludedForProgram=Yes Path=AllRemoteMounted AreaMask.item_0000=*

3. Execute the command:

   kfl-control --set-settings 1 --file <full path to configuration file> [--json]

   Specify the --json option if you are importing settings from a configuration file in JSON format. If the option is not specified, the application will attempt to import settings from an INI file. If the import fails, an error is displayed.

The application does not scan the files in network directories, but the cp command itself (for the example given above) and local files are scanned.

Page top

[Topic 283337]

How to configure the Malware Scan

Malware Scan is a one-time full or custom file scan on the device performed on demand. The Kaspersky application can run multiple Malware Scan tasks at the same time.

A Malware Scan (Scan_My_Computer) predefined task is created in the application. You can use this task to perform a full scan of the device. During a full scan, the application scans all objects located on the device's local drives, as well as all mounted and shared objects that are accessed via Samba or NFS protocols with the recommended security settings.

During a full disk scan, the processor is busy. It is recommended to run the full scan task when the business is idle.

You can configure the settings of automatically created tasks on the command line, and also create Malware Scan user tasks.

Upon detecting malware, the Kaspersky application can remove the infected file and terminate the malware process started from this file.

If during execution of the malware scan task the application was restarted by a control service or manually by the user, the task will be stopped. The application logs the OnDemandTaskInterrupted event.

By modifying the settings of malware scan tasks, you can:

• Select operating system objects to scan: files, directories, archives, boot sectors, process memory and kernel memory, startup objects.
• Limit the size of an object to be scanned and the duration of the object scan.
• Select the actions to be performed by the application on the infected objects.
• Configure exclusions of objects from scans:
  • by name or mask
  • by the name of the threats detected in the objects
• Enable or disable global exclusions and File Threat Protection exclusions when scanning.
• Enable or disable the logging of information about scanned non-infected objects, about scanning objects in archives, and about unprocessed objects.
• Configure the use of the heuristic analyzer and iChecker technology during a scan.
• Limit the set of devices whose boot sectors need to be scanned.
• Configure scan scopes and scan exclusion scopes.
• Configure a schedule for running Malware Scan tasks.

On the command line, you can scan for malware in the following ways:

• Using the Malware Scan predefined task (Scan_My_Computer).

  You can manually start, stop, pause, or resume this task and configure the task run schedule.

  The task starts with default settings listed in Appendix 3. You can modify the settings of the task before starting it.

• Using Malware Scan user tasks (tasks of the ODS type).

  You can manually start, stop, pause, or resume user tasks and configure the task schedule.

  You can create a task with default settings or with settings specified in a configuration file. The default settings of a user task are the same as for a predefined task.

• Using the kfl-control --scan-file command, you can perform a custom scan of the specified files and directories.

  The custom scan task starts with default settings listed in Appendix 3. You can modify the settings of the task before starting it.

On the command line, you can view information about detected threats and check the current status of the task.

In the application interface, you can scan for malware in the following ways:

• Using the Malware Scan task. You can start and stop the task.
• Using custom scan tasks for files and directories. A custom scan task can be started by clicking a file or directory that you want to scan.

The application interface also allows you to:

• Monitor the progress of the Malware Scan task.
• View pop-up notifications about the status of the Malware Scan task; in these notifications, you can click the Open Reports link to navigate to application component reports and scan task results.
• View a report with the result of the Malware Scan task.

  The result of the Malware Scan task is displayed in the report in the Scan tasks section.

[Topic 291134]

Settings of the Malware Scan predefined task

The Malware Scan task is not running by default. You can start and stop the task at any time. You can also modify task settings.

You must modify the settings of a task before starting the task.

ID of the Malware Scan predefined task: 2. Name of the Malware Scan predefined task: Scan_My_Computer. If you have a Malware Scan user task, you must specify its ID or name.

To configure the task schedule using a configuration file:

1. Output the task settings to the configuration file: kfl-control --get-schedule
2. Edit the values of the necessary settings in the configuration file and save the changes.
3. Execute the command:

   kfl-control --set-schedule <task ID/name> --file <configuration file path> [--json]

All values of the settings for the task run schedule defined in the file will be imported into the application.

To modify individual task schedule settings on the command line:

kfl-control --set-schedule <task ID/name> <setting name>=<setting value> [<setting name>=<setting value>]

The values of the specified settings for the task run schedule are modified.

To start the Malware Scan predefined task, enable the output of current events related to this task, and display the progress of the task:

kfl-control --start-task 2 [-W] [--progress]

To create and start the Malware Scan user task, enable the output of current events related to this task, and display the progress of the task, run the following commands in sequence:

1. kfl-control --create-task <task ID/name> --type <Rollback>
2. kfl-control --start-task <task ID/name> [-W] [--progress]

To stop the Malware Scan task and enable the output of current events related to this task, run the following command:

kfl-control --stop-task <task ID/name> -W

The Malware Scan task is started by default with settings listed in Appendix 3.

You can display the current values of the task settings in one of the following ways:

• To the console using the task settings output command: kfl-control --get-settings <task ID/name> [--json]
• To a configuration file using the task settings output command: kfl-control --get-settings <task ID/name> --file <configuration file path> [--json]

If you need to modify the settings of the Malware Scan task, you can:

• Modify all task settings using the configuration file. To do so:
  1. Output the task settings to the configuration file: kfl-control --get-settings <task ID/name> [--json]

     A configuration file with the current task settings is generated.

  2. Edit task settings in the generated configuration file by choosing values from the following table.
  3. If necessary, add a scan scope to the configuration file or remove scan scopes that you want to skip from the configuration file.

     To add a scan scope, add a [ScanScope.item_#] section to the configuration file and specify the values of its settings by choosing them from the table below.

     To delete a scan scope, delete the [ScanScope.item_#] section corresponding to the unwanted scan scope along with its settings from the configuration file.

  4. If necessary, add an exclusion scope to the configuration file.

     To add an exclusion scope, add an [ExcludedFromScanScope.item_#] section to exclude files and directories and specify its settings by choosing them from the table below.

  5. Save the configuration file.
  6. Run the following command: kfl-control --set-settings <task ID/name> --file <configuration file path> [--json]
• Modify individual task settings using command line options. To do so:
  1. Modify the settings by choosing values from the table below using the following command: kfl-control --set-settings <task ID/name> <setting name>=<setting value> [<setting name>=<setting value>]
  2. If necessary, add a scan scope using the kfl-control --set-settings <task ID/name> --add-path <path to directory with objects to scan> command or delete a scan scope using the kfl-control --set-settings <task ID/name> --del-path <path to directory with objects to scan> command.
  3. If necessary, add an exclusion scope using the kfl-control --set-settings <task ID/name> --add-exclusion <path to directory with objects to exclude> command or delete an exclusion scope using the kfl-control --set-settings <task ID/name> --del-exclusion <path to directory with objects to exclusion> command.
• Restore default task settings: kfl-control --set-settings <task ID/name> --set-to-default

For detailed instructions on how to modify the settings of application tasks, see the How to manage task settings on the command line section.

The following table describes all the settings of the Malware Scan task and their values.

Malware Scan task settings

Page top

[Topic 290528]

How to perform a custom scan of files and directories on the command line

You can perform a custom scan of the specified files and directories using the following command: kfl-control --scan-file.

A custom scan is performed with the settings stored in the predefined task Scan_File (ID: 3). You can configure settings for a custom scan of files by editing the settings of this task (see the table below).

You must modify the settings of a task before starting the task.

To start a custom scan of the specified files and directories, execute the following command:

kfl-control --scan-file <path> [--action <action>]

where:

• <path> is the path to the file or directory that you want to scan. You can specify multiple paths by separating them with a space.
• --action <action> is the action to be performed by the application on the infected objects. If you do not specify the --action key, the application performs the Recommended action.

As a result of executing the command, a temporary file scan task is created, which is automatically deleted after completion. In this case, the scan results are output to the console.

The following table describes all available values and the default values of all the settings that you can specify for the Scan_File task.

The [ScanScope.item_#] and [ExcludedFromScanScope.item_#] sections defined in the Scan_File task are not taken into account when performing the custom scan.

Scan_File task settings

Page top

[Topic 290633]

How to perform a custom scan of files and directories in the application interface

To start a custom scan of the specified files and directories in the application interface with default task settings:

1. Right-click the file or directory that you want to scan to open its context menu.
2. In the context menu, select Open With Other Application.

   This opens the Open with window.

3. In this window, select the Kaspersky application.

   The custom scan task and its progress are displayed in the application interface.

To start a custom scan of the specified files and directories in the application interface with previously modified task settings:

1. Output the task settings to the configuration file: kfl-control --get-settings 3 [--json]

   A configuration file with the current task settings is generated.

2. Edit task settings in the generated configuration file by choosing values from the table.
3. Save the configuration file.
4. Run the following command: kfl-control --set-settings 3 --file <configuration file path> [--json]
5. Right-click the file or directory that you want to scan to open its context menu.
6. In the context menu, select Open With Other Application.

   This opens the Open with window.

7. In this window, select the Kaspersky application.

   The custom scan task and its progress are displayed in the application interface.

Page top

[Topic 287129]

How to configure the Critical Areas Scan

When performing a critical areas scan, the Kaspersky application can scan boot sectors, startup objects, process memory, and kernel memory.

Upon detecting malware, the application can remove the infected file and terminate the malware process started from this file.

In the application interface, you can perform a Critical Areas Scan using the Critical Areas Scan task.

The application interface lets you:

• Start or stop the Critical Areas Scan task.
• Monitor the progress of the Critical Areas Scan task.
• View pop-up notifications about the status of the Critical Areas Scan task; in these notifications, you can click the Open Reports link to navigate to application component reports and scan task results.
• View the report of the Critical Areas Scan task.

  The result of the Critical Areas Scan task is displayed in the report in the Scan tasks section.

On the command line, you can perform a critical areas scan of the operating system of a protected device using the Critical Areas Scan predefined task (Critical_Areas_Scan).

You can manually start, stop, pause, or resume this task and configure the task run schedule.

On the command line, you can view information about detected threats and check the current status of the task.

The Critical Areas Scan task is not running by default. The task starts with default settings listed in Appendix 3. You can modify task settings.

You must modify the settings of a task before starting the task.

By modifying the settings of the Critical Areas Scan task, you can:

• Select the operating system objects to be scanned. Scanning of boot sectors, process memory and kernel memory, startup objects and archives is enabled by default. By default, files are not scanned during the critical areas scan.
• Limit the size of an object to be scanned and the duration of the object scan.
• Select the actions to be performed by the application on the infected objects.
• Configure exclusions of objects from scans:
  • by name or mask
  • by the name of the threats detected in the objects
• Enable or disable global exclusions and File Threat Protection exclusions when scanning.
• Enable the logging of information about scanned non-infected objects, about scanning objects in archives, and about unprocessed objects.
• Configure the use of the heuristic analyzer and iChecker technology during a scan.
• Limit the set of devices whose boot sectors need to be scanned.
• Configure scan scopes and scan exclusion scopes.

To configure the task schedule using a configuration file:

1. Output the task settings to the configuration file: kfl-control --get-schedule
2. Edit the values of the necessary settings in the configuration file and save the changes.
3. Execute the command:

   kfl-control --set-schedule <task ID/name> --file <configuration file path> [--json]

All values of the settings for the task run schedule defined in the file will be imported into the application.

To modify individual task schedule settings on the command line:

kfl-control --set-schedule 4 <setting name>=<setting value> [<setting name>=<setting value>]

The values of the specified settings for the task run schedule are modified.

To stop the Critical Areas Scan task and enable the output of current events related to this task, run the following command:

kfl-control --stop-task 4 -W

To start the Critical Areas Scan task, enable the output of current events related to this task, and display the progress of the task, run the following command:

kfl-control --start-task 4 [-W] [--progress]

The Critical Areas Scan task starts with default settings listed in Appendix 3.

You can display the current values of the task settings in one of the following ways:

• To the console using the task settings output command: kfl-control --get-settings 4 [--json]
• To a configuration file using the task settings output command: kfl-control --get-settings 4 --file <path to configuration file> [--json]

If you need to modify the settings of the Critical Areas Scan task, you can:

• Modify all task settings using the configuration file. To do so:
  1. Output the task settings to the configuration file: kfl-control --get-settings 4 [--json]

     A configuration file with the current task settings is generated.

  2. Edit task settings in the generated configuration file by choosing values from the following table.
  3. If necessary, add a scan scope to the configuration file or remove scan scopes that you want to skip from the configuration file.

     To add a scan scope, add a [ScanScope.item_#] section to the configuration file and specify the values of its settings by choosing them from the table below.

     To delete a scan scope, delete the [ScanScope.item_#] section corresponding to the unwanted scan scope along with its settings from the configuration file.

  4. If necessary, add an exclusion scope.

     To add an exclusion scope, add an [ExcludedFromScanScope.item_#] section to exclude files and directories and specify its settings by choosing them from the table below.

  5. Save the configuration file.
  6. Run the following command: kfl-control --set-settings 4 --file <configuration file path> [--json]
• Modify individual task settings using command line options. To do so:
  1. Modify settings: kfl-control --set-settings 4 <setting name>=<setting value> [<setting name>=<setting value>]
  2. If necessary, add a scan scope using the kfl-control --set-settings 4 --add-path <path to directory with objects to scan> command or delete a scan scope using the kfl-control --set-settings 4 --del-path <path to directory with objects to scan> command.
  3. If necessary, add an exclusion scope using the kfl-control --set-settings 4 --add-exclusion <path to directory with objects to exclude> command or delete an exclusion scope using the kfl-control --set-settings 4 --del-exclusion <path to directory with objects to exclude> command.
• Restore default task settings: kfl-control --set-settings 4 --set-to-default

For detailed instructions on how to modify the settings of application tasks, see the How to manage task settings on the command line section.

The following table describes all the settings of the Critical Areas Scan task and their values.

Critical Areas Scan task settings

Page top

[Topic 287134]

How to configure the Removable Drives Scan

The Kaspersky application can scan the following removable media when they are connected to the protected device: CDs, DVDs, Blu-ray discs, flash drives (including USB modems), external hard drives, and floppy disks.

If the Removable Drives Scan is enabled, the Kaspersky application monitors the connection of removable media to the protected device and, if connected removable media is detected, the application scans the disk and its boot sectors for viruses and other malware.

By default, the application does not monitor for the connection of removable media or scan removable media.

In the application interface, you can manage removable media scanning using the Removable Drives Scan component.

The application interface allows you to:

• Enable or disable the Removable Drives Scan component.
• Observe the operation of the component
• View pop-up notifications about detected threats; in these notifications, you can click the Open Reports link to navigate to application component reports and scan task results.
• View the report of the Removable Drives Scan component.

  Results of the Removable Drives Scan component are displayed in the report in the Removable Drives Scan section.

On the command line, you can manage removable media scanning using the Removable Drives Scan predefined task (Removable_Drives_Scan).

Removable Drives Scan is not running by default. You can start and stop this task manually.

If the task is running, the application monitors the connection of removable media to the device and, when a removable media is connected, the task creates and starts a temporary boot sector scan task (task of the ODS type). A temporary task cannot be stopped. After the temporary task execution completes, the application automatically deletes the task.

If you enabled file scanning in the Removable Drives Scan task settings, the application also starts one or more temporary custom file scan tasks (tasks of the ODS type). If necessary, a user with administrator privileges can stop these tasks.

On the command line, you can view information about detected threats and check the current status of the task.

The task starts with default settings listed in Appendix 3. You can stop or start the task at any time. You can also modify task settings.

You must modify the settings of a task before starting the task.

To stop the Removable Drives Scan task and enable the output of current events related to this task, run the following command:

kfl-control --stop-task 16 -W

To start the Removable Drives Scan task, enable the output of current events related to this task, and display the progress of the task, run the following command:

kfl-control --start-task 16 [-W] [--progress]

The Removable Drives Scan task starts with default settings listed in Appendix 3.

You can display the current values of the task settings in one of the following ways:

• To the console using the task settings output command: kfl-control --get-settings 16 [--json]
• To a configuration file using the task settings output command: kfl-control --get-settings 16 --file <path to configuration file> [--json]

If you need to modify the settings of the Removable Drives Scan task, you can:

• Modify all task settings using the configuration file. To do so:
  1. Output the task settings to the configuration file: kfl-control --get-settings 16 [--json]

     A configuration file with the current task settings is generated.

  2. Edit task settings in the generated configuration file by choosing values from the following table.
  3. Save the configuration file.
  4. Run the following command: kfl-control --set-settings 16 --file <configuration file path> [--json]
• Modify individual task settings: kfl-control --set-settings 16 <setting name>=<setting value> [<setting name>=<setting value>]
• Restore default task settings: kfl-control --set-settings 16 --set-to-default

For detailed instructions on how to modify the settings of application tasks, see the How to manage task settings on the command line section.

The following table describes all the settings of the Removable Drives Scan task and their values.

If you modify the Removable Drives Scan task settings, the new values are not applied to temporary tasks that are already running. Stopping the Removable Drives Scan task does not stop temporary tasks that are already running.

Removable Drives Scan task settings

Page top

[Topic 287140]

How to configure Web Threat Protection

The Web Threat Protection component allows you to scan inbound traffic via HTTP, HTTPS, and FTP, websites, and IP addresses, prevent malicious files from being downloaded from the Internet, and block access to phishing, adware, and other malicious websites.

Current connections for intercepted TCP ports are reset when Web Threat Protection is enabled.

By default, Web Threat Protection is disabled. However, the task starts automatically if one of the following browser executable files is found in the system, including in SNAP format:

• chrome
• chromium
• chromium-browser
• firefox
• firefox-esr
• google-chrome
• opera
• yandex-browser

You can enable or disable the Web Threat Protection component at any time.

By modifying the settings of the Web Threat Protection predefined task, you can:

• Select the action that the application must perform on a web resource where a dangerous object is detected.
• Configure a list of trusted web addresses.

  The application will not scan the contents of websites whose web addresses are included in this list.

• Select objects that the application will detect when scanning inbound traffic.
• Configure the encrypted connections scan to scan HTTPS traffic.

  To scan FTP traffic, control of all network ports must be configured in the settings for the encrypted connections scan.

When a website is opened, the application performs the following actions:

1. Checks the website security using the downloaded application databases.
2. Checks the website security using heuristic analysis, if enabled.

   During heuristic analysis, the Kaspersky application analyzes the activity of applications in the operating system. Heuristic analysis can detect dangerous objects that do not have a record in databases of the Kaspersky application.

3. Looks up the reputation of the website using Kaspersky reputation databases.
4. Blocks or allows opening the website.

The Web Threat Protection component does not scan mail traffic.

On attempt to open a dangerous website, the application performs the following:

• For HTTP or FTP traffic, the application blocks access and shows a warning message.
• For HTTPS traffic, a browser displays an error page.

Removing application certificates may cause the Web Threat Protection component to work incorrectly.

The Kaspersky application adds a special chain of allowing rules (kfl_bypass) to the list of the mangle table of the iptables and ip6tables utilities. This chain of allowing rules makes it possible to exclude traffic from scanning by the application. If traffic exclusion rules are configured in the chain, they affect the operation of the Web Threat Protection component.

In the application interface, you can manage Web Threat Protection using the Web Threat Protection component.

The application interface allows you to:

• Enable or disable the Web Threat Protection component.
• Observe the operation of the component.
• View pop-up notifications about detected threats; in these notifications, you can click the Open Reports link to navigate to application component reports and scan task results.
• View reports of the Web Threat Protection component.

  Results of the Web Threat Protection component are displayed in the report in the Web Threat Protection section.

On the command line, you can manage Web Threat Protection using the Web Threat Protection predefined task (Web_Threat_Protection). You can start and stop the task manually.

The task starts automatically if one of the supported browsers is detected on the system.

On the command line, you can view information about detected threats and check the current status of the task.

The task starts with default settings listed in Appendix 3. You can modify task settings.

You must modify the settings of a task before starting the task.

To stop the Web Threat Protection task and enable the output of current events related to this task, run the following command:

kfl-control --stop-task 14 -W

To start the Web Threat Protection task, enable the output of current events related to this task, and display the progress of the task, run the following command:

kfl-control --start-task 14 [-W] [--progress]

The Web Threat Protection task starts with default settings listed in Appendix 3.

You can display the current values of the task settings in one of the following ways:

• To the console using the task settings output command: kfl-control --get-settings 14 [--json]
• To a configuration file using the task settings output command: kfl-control --get-settings 14 --file <path to configuration file> [--json]

If you need to modify the settings of the Web Threat Protection task, you can:

• Modify all task settings using the configuration file. To do so:
  1. Output the task settings to the configuration file: kfl-control --get-settings 14 [--json]

     A configuration file with the current task settings is generated.

  2. Edit task settings in the generated configuration file by choosing values from the following table.
  3. Save the configuration file.
  4. Run the following command: kfl-control --set-settings 14 --file <configuration file path> [--json]
• Modify individual task settings: kfl-control --set-settings 14 <setting name>=<setting value> [<setting name>=<setting value>]
• Restore default task settings: kfl-control --set-settings 14 --set-to-default

For detailed instructions on how to modify the settings of application tasks, see the How to manage task settings on the command line section.

The following table describes all the settings of the Web Threat Protection task and their values.

Web Threat Protection task settings