On-demand File Integrity Monitoring settings

This section describes the settings that you can specify for the on-demand File Integrity Monitoring task.

All available values and default values for each setting are described.

RebuildBaseline

Enables or disables rebuilding a baseline after an ODFIM task has finished.

Available values:

Yes—Rebuild a baseline after an ODFIM task has finished

No—Do not rebuild a baseline after an ODFIM task has finished

Default value: No

CheckFileHash

Enables or disables a hash (SHA-256) check.

Available values:

Yes—Enable a hash check

No—Disable a hash check

Default value: No

TrackDirectoryChanges

Enables or disables monitoring of directories.

Available values:

Yes—Monitor directories

No—Do not monitor directories

Default value: No

TrackLastAccessTime

Enables or disables checking of the last time the file was accessed. (In Linux operating systems this is the noatime parameter.)

Available values:

Yes—Check the last time the file was accessed

No—Do not check the last time the file was accessed

Default value: No

UseExcludeMasks

Enables or disables exclusion from the monitoring scope of objects specified by the ExcludeMasks setting.

This setting works only with the ExcludeMasks setting specified.

Available values:

Yes—Exclude objects specified by the ExcludeMasks setting from the monitoring scope

No— Do not exclude objects specified by the ExcludeMasks setting from the monitoring scope

Default value: No

ExcludeMasks

Specifies a list of masks that define objects to be excluded from the monitoring scope.

Before specifying this setting, make sure that the UseExcludeMasks setting value is set to Yes.

Masks are specified in command shell format.

If you want to specify several masks, each mask must be specified on a new line with new index specified (ExcludeMasks.item_0000, ExcludeMasks.item_0001).

Default value: not defined

Section [ScanScope.item_#]

The [ScanScope.item_#] sections specify scopes to be monitored by the File Integrity Monitoring task. At least one monitoring scope must be specified for the task.

You can define several [ScanScope.item_#] sections in a configuration file in any order. Kaspersky Endpoint Security will process scopes by item index, in ascending order.

Each [ScanScope.item_#] section contains the following settings:

AreaDesc

Specifies the name of the monitoring scope.

UseScanArea

Enables or disables monitoring of the specified scope.

Available values:

Yes—Monitor a specified scope

No—Do not monitor a specified scope

Default value: Yes

Path

Specifies the full path to the object or directories to be monitored.

Default value: /opt/kaspersky/kesl/

AreaMask.item_#

Specifies a command line shell mask that defines the objects to be monitored.

You can specify several AreaMask.item_# items in any order. Kaspersky Endpoint Security will process items by indexes, in ascending order.

Default value: * (all objects will be processed)

Section [ExcludedFromScanScope.item_#]

The [ExcludedFromScanScope.item_#] sections specify the objects to be excluded from all [ScanScope.item_#] sections.

All objects that match the rules of any [ExcludedFromScanScope.item_#] section will be excluded from monitoring. An [ExcludedFromScanScope.item_#] section format is similar to the format of a [ScanScope.item_#] section.

You can define several [ExcludedFromScanScope.item_#] sections in a configuration file in any order. Kaspersky Endpoint Security will process scopes by item index, in ascending order.

Each [ScanScope.item_#] section contains the following settings:

AreaDesc

Specifies the name of the scope to be excluded from monitoring.

UseScanArea

Specifies whether the specified scope will be excluded from monitoring.

Available values:

Yes—Exclude a specified scope from monitoring

No—Do not exclude the specified scope from monitoring

Default value: Yes

Path

Specifies the path to the objects or directories to be excluded from monitoring.

AreaMask.item_#

Specifies a command line shell mask that defines the objects to be excluded from monitoring.

You can specify several AreaMask.item_# items in any order. Kaspersky Endpoint Security will process items by indexes, in ascending order.

Default value: * (all objects will be monitored)

Page top