Description of general Container Scan settings

This section describes the values of the general container and namespace scan settings (see the table below). Integration with Docker container management system, CRI-O framework, and Podman and runc utilities is supported.

Namespace and container scans can be enabled using the NamespaceMonitoring setting described in the general application settings.

General container and namespace scan settings

Setting

Description

Values

OnAccessContainerScanAction

Action to be performed on a container when an infected object is detected.

This setting is only available if the application is activated under Kaspersky Hybrid Cloud Security Enterprise license.

The action performed on a container when an infected object is detected also depends on the File Threat Protection task settings (see the table below).

Actions on an infected object inside a container are described in the Container Scan task settings.

StopContainerIfFailed (default value) — Stop the container if an infected object cannot be disinfected or deleted.

StopContainer — Stop the container when an infected object is detected.

Skip — Do not perform any action on containers when an infected object is detected.

UseDocker

Use the Docker environment.

Yes (default value) — Use the Docker environment.

No — Do not use the Docker environment.

DockerSocket

Docker socket path or URI (Universal Resource Identifier).

Default value: /var/run/docker.sock.

UseCrio

Use the CRI-O environment.

Yes (default value) — Use the CRI-O environment.

No — Do not use the CRI-O environment.

CrioConfigFilePath

Path to the CRI-O configuration file.

Default value: /etc/crio/crio.conf.

UsePodman

Use the Podman utility.

Yes (default value) — Use the Podman utility.

No — Do not use the Podman utility.

PodmanBinaryPath

Path to the Podman utility executable file.

Default value: /usr/bin/podman.

PodmanRootFolder

 

Path to the root directory of the container storage.

Default value: /var/lib/containers/storage.

UseRunc

Use the runc utility.

Yes (default value) — Use the runc utility.

No — Do not use the utility.

RuncBinaryPath

Path to the runc utility executable file.

Default value: /usr/bin/runc.

RuncRootFolder

 

Path to the root directory of the container state storage.

Default value: /run/runc-ctrs.

Actions performed on a container when an infected object is detected may vary depending on the specified values of the FirstAction / SecondAction settings of the File Threat Protection task and on the value of the InterceptorProtectionMode setting, one of the general application settings (see the table below).

Dependence of actions performed on containers on the specified actions performed on infected objects

Value of the FirstAction / SecondAction or the InterceptorProtectionMode setting

Action that the application performs on the container when the StopContainerIfFailed action is selected

Disinfect

Stop the container if disinfection of an infected object fails.

Remove

Stop the container if an infected object removal fails.

Block

Do not perform any action on containers when an infected object is detected.

Info

Do not perform any action on containers when an infected object is detected.

Page top