Viewing protection status and Kaspersky Industrial CyberSecurity for Nodes information

Support

Support for business applications

Kaspersky Industrial CyberSecurity for Nodes

Application interface

Working with the Kaspersky Industrial CyberSecurity for Nodes Console

Viewing protection status and Kaspersky Industrial CyberSecurity for Nodes information

August 3, 2023

ID 148324

To view information about the device protection status Kaspersky Industrial CyberSecurity for Nodes,

select the Kaspersky Industrial CyberSecurity for Nodes node in the Kaspersky Industrial CyberSecurity for Nodes Console tree.

By default, information in the details pane of Kaspersky Industrial CyberSecurity for Nodes Console is refreshed automatically:

Every 10 seconds in case of a local connection.
Every 15 seconds in case of a remote connection.

You can refresh information manually.

To refresh information in the Kaspersky Industrial CyberSecurity for Nodes node manually,

select the Refresh command in the context menu of the Kaspersky Industrial CyberSecurity for Nodes node.

The following application information is displayed in the details pane of Kaspersky Industrial CyberSecurity for Nodes Console:

Kaspersky Security Network Usage status.
Device protection status.
Information about database and application module updates.
Actual diagnostics data.
Data about protected device control tasks.
License information.
Status of the Industrial network protection.
Status of integration with Kaspersky Security Center: details of the server with Kaspersky Security Center installed, to which the application is connected; information about application tasks controlled by the active policy.

Color coding is used to display the protection status:

Green. The task is being run in accordance with the configured settings. Protection is active.
Yellow. The task was not started, has been paused, or has been stopped. Security threats may occur. You are advised to configure and start the task.
Red. The task completed with an error or a security threat was detected while the task was running. You are advised to start the task or take measures to eliminate the detected security threat.

Some details in this block (for example, task names or the number of threats detected) are links that, when clicked, take you to the node of the relevant task or open the task log.

The Kaspersky Security Network Usage section displays current task status, for example, Running, Stopped or Never performed. The indicator can take the following values:

Green color of the panel – signifies that the KSN Usage task is running and file requests for statuses are being send to KSN.
Yellow color of the panel – one of the Statements is accepted, but the task is not running, or the task is running, but file requests are not sent to KSN.
Red color of the panel – task failed.

Computer protection

The Computer protection section (see the table below) displays information about the current protection status of the device.

Information about device protection status

Protection section	Information
Device protection status indicator	The color of the panel with the name of the section reflects the status of tasks being performed in the section. The indicator can take the following values: Green color of the panel – displayed by default and signifies that Real-Time File Protection component is installed and the task is running. Yellow color of the panel – signifies that Real-Time File Protection component is not installed, and the Critical Areas Scan task has not been performed for a long time. Red color of the panel – Real-Time File Protection tasks are not running.
Real-Time File Protection	Task status – current task status, for example, Running or Stopped. Detected – the number of objects detected by Kaspersky Industrial CyberSecurity for Nodes. For example, if Kaspersky Industrial CyberSecurity for Nodes detects one malware in five files, the value in this field increases by one. If the number of detected malwares exceeds 0, the value is highlighted in red.
Critical Areas Scan	Last scan date – the date and time of the last Critical Areas Scan for viruses and other computer security threats. Never performed – an event that occurs when the Critical Areas Scan task has not been performed in the last 30 days or longer (default value). You can change the threshold for generating this event.
Anti-Cryptor	Task status – current task status, for example, Running or Stopped. Operation mode – one of the two available modes for the Anti-Cryptor task: Active or Notify only. Network sessions blocked – the number of network sessions which displayed potentially dangerous activity and were blocked when attempting to connect to the protected device.
Backed up objects	Backup free space threshold exceeded – this event occurs when the space available in Backup falls below the specified limit. Kaspersky Industrial CyberSecurity for Nodes continues to move objects to Backup. In this case, the value in the Space used field is highlighted in yellow. Maximum Backup size exceeded – this event occurs when the Backup size has reached the specified limit. Kaspersky Industrial CyberSecurity for Nodes continues to move objects to Backup. In this case, the value in the Space used field is highlighted in red. Backed up objects – the number of objects currently in Backup. Space used – amount of Backup space used.

Update

The Update section (see the table below) displays information about how current databases and application modules are.

Information about the status of Kaspersky Industrial CyberSecurity for Nodes databases and modules

Update section	Information
Status indicator of databases and software modules	The color of the panel with the name of the section reflects the status of application databases and modules. The indicator can take the following values: Green color of the panel – displayed by default and signifies that application database is up to date and that the last database update task was completed successfully. Yellow color of the panel – signifies that databases are out of date, or the last database update task failed. Red color of the panel – the event Application database is extremely out of date or Application database is corrupted has occurred.
Database Update and Software Modules Update	Database status – an evaluation of the Database Update status. The option can take the following values: Application database is up to date – application databases were updated no more than 7 days ago (default). Application database is out of date – application databases were updated between 7 and 14 days ago (default). Application database is extremely out of date – application databases were updated no more than 14 days ago (default). You can change the thresholds for generating the Application database is out of date and Application database is extremely out of date events. Database release date – the date and time of release of the latest databases update. The date and time are specified in UTC format. Status of the latest completed Database Update task – the date and time of the latest database update. The date and time are specified according to the local time of the protected device. The value in the field is colored red if the Failed event occurred. Number of module updates available – the number of Kaspersky Industrial CyberSecurity for Nodes module updates available to be downloaded and installed. Number of module updates installed – the number of installed Kaspersky Industrial CyberSecurity for Nodes module updates.

Update section

Information

Status indicator of databases and software modules

The color of the panel with the name of the section reflects the status of application databases and modules. The indicator can take the following values:

Green color of the panel – displayed by default and signifies that application database is up to date and that the last database update task was completed successfully.
Yellow color of the panel – signifies that databases are out of date, or the last database update task failed.
Red color of the panel – the event Application database is extremely out of date or Application database is corrupted has occurred.

Database Update and Software Modules Update

Database status – an evaluation of the Database Update status.

The option can take the following values:

Application database is up to date – application databases were updated no more than 7 days ago (default).
Application database is out of date – application databases were updated between 7 and 14 days ago (default).
Application database is extremely out of date – application databases were updated no more than 14 days ago (default).
You can change the thresholds for generating the Application database is out of date and Application database is extremely out of date events.

Database release date – the date and time of release of the latest databases update. The date and time are specified in UTC format.

Status of the latest completed Database Update task – the date and time of the latest database update. The date and time are specified according to the local time of the protected device. The value in the field is colored red if the Failed event occurred.

Number of module updates available – the number of Kaspersky Industrial CyberSecurity for Nodes module updates available to be downloaded and installed.

Number of module updates installed – the number of installed Kaspersky Industrial CyberSecurity for Nodes module updates.

Control

The Control section (see table below) displays information about the Applications Launch Control, Device Control, and Firewall Management tasks.

Information about protected device control status

Control section	Information
Status indicator for protected device control	The color of the panel with the name of the section reflects the status of tasks being performed in the section. The indicator can take the following values: Green color of the panel – displayed by default and signifies that all the Applications Launch Control component and is installed and task is running in the Active mode; Exploit Prevention functionality is installed and active. The panel is yellow under one or more of the following conditions: Exploit Prevention is not running; Applications Launch Control is running in Statistics only mode; Exploit Prevention is running in Active mode and Applications Launch Control is not running or failed. Red color of the panel – the Applications Launch Control task is not running or failed and Exploit Prevention is not running or in the Statistics only mode.
Applications Launch Control	Task status – current task status, for example, Running or Stopped. Operation mode – one of the two available modes for the Applications Launch Control task: Active or Statistics only. Applications launches denied – the number of attempts to start applications blocked by Kaspersky Industrial CyberSecurity for Nodes during the Applications Launch Control task. If the number of blocked application launches exceeds 0, the field value is colored in red. Average processing time (ms) – the time it took Kaspersky Industrial CyberSecurity for Nodes to process an attempt to start applications on the protected device.
Exploit prevention	Task status – current status, for example, Running or Stopped. Prevention mode – one of two available modes, selected during configuration of process memory protection: Terminate on exploit or Statistics only. Processes protected – the total number of processes being protected and handled in accordance with the selected mode.
Device control	Task status – current task status, for example, Running or Stopped. Operation mode – one of the two available modes for the Device Control task: Active or Statistics only. Devices blocked – the number of attempts to connect an external device, that were blocked by Kaspersky Industrial CyberSecurity for Nodes during the Device Control task. If the number of blocked external devices exceeds 0, the field value is colored in red.
Firewall Management	Task status – current task status, for example, Running or Stopped. Connection attempts blocked – the number of connections to a protected device, which were blocked by the specified firewall rules.
Wi-Fi Control	Allowed Wi-Fi networks – the number of Wi-Fi networks that are allowed to connect to the protected device. Blocked Wi-Fi networks – the number of Wi-Fi networks that are blocked.

Diagnostics

The Diagnostics section (see the table below) displays information about the File Integrity Monitor and Log Inspection tasks.

Information about System Inspection status

Diagnostics section	Information
Diagnostics status indicator	The color of the panel with the name of the section reflects the status of tasks being performed in the section. The indicator can take the following values: Green – displayed by default and signifies that one or both system inspection components are installed and tasks are running. Yellow – both components are installed, but one of the system inspection tasks is not running; the Not running event occurs. Red – one of the tasks failed.
File Integrity Monitor	Task status – current task status, for example, Running or Stopped. Non-sanctioned file operations – The number of changes to files within the monitoring scope. These changes may indicate that the security of a protected device has been breached.
Log Inspection	Task status – current task status, for example, Running or Stopped. Violations of the configured rules – the number of recorded violations based on data from the Windows Event Log, identified based on the specified task rules or use of the heuristic analyzer.

Industrial network protection tab

The PLC in protection area section displays information about the list of PLCs that are included in the protection scope.

Information about receiving PLCs data

PLC in protection area section

Information

PLC in protection area status indicator

The color of the panel with the name of the section reflects the status of tasks being performed in the section. The indicator can take the following values:

Green – signifies that the task has been completed successfully at least once.
Yellow – signifies that the investigation was never performed.
Red – task failed.

Retrieving data about PLC

Task status – current task status, for example, Running or Stopped.

PLC in the list - the number of PLCs in the protection area.

The PLC integrity section displays information about number of protected PLCs and events of integrity violations.

Information about the PLC Project Integrity Check task

PLC integrity section

Information

PLC Integrity status indicator

The color of the panel with the name of the section reflects the status of tasks being performed in the section. The indicator can take the following values:

Green – signifies that the task has been completed successfully at least once.
Yellow – signifies that the integrity check was never performed.
Red – task failed.

PLC Investigator

Task status – current task status, for example, Running or Stopped.

PLC in active protection area – the number of PLCs in the protection area.

Integrity violations – the number of detected violations.

The Kaspersky Industrial CyberSecurity for Nodes licensing information is displayed in the row in the bottom left corner of the details pane of the Kaspersky Industrial CyberSecurity for Nodes node.

You can configure Kaspersky Industrial CyberSecurity for Nodes properties by following the Application Properties link.

You can connect to a different protected device by following the Connect to another computer link.

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.