The table describes all available values and default values of all the settings that you can specify for the On-demand File Integrity Monitoring task.
On-demand File Integrity Monitoring settings
Setting |
Description |
Values |
---|---|---|
|
Enables rebuilding a baseline after the ODFIM task has finished. |
|
|
Enables hash check (SHA-256). |
|
|
Enables directory monitoring. |
|
|
Enables tracking last file access time. In the Linux operating systems it is the |
|
|
Enables monitoring scope exclusions for objects specified by the This setting only applies if a value is specified for the |
|
|
Excludes objects from monitoring by names or masks. You can use this setting to exclude an individual file from the specified scan scope by name or exclude several files at once using masks in the shell format. Before specifying a value for this setting, make sure that the You can specify several masks. Each mask must be specified on a new line with a new index. |
The default value is not defined. |
The [ScanScope.item_#] section contains the monitoring scopes of the System Integrity Monitoring task. At least one monitoring scope must be specified for the task. You can specify several [ScanScope.item_#] sections in any order. The application processes the scopes by index in ascending order. The [ScanScope.item_#] section contains the following settings: |
||
|
Description of monitoring scope; contains additional information about the monitoring scope. |
The default value is not defined. |
|
Enables monitoring of the specified scope. |
|
|
Path to the monitoring directory. |
You can use masks to specify the path. Default value: /opt/kaspersky/kesl/ |
|
Monitoring scope limitation. Within the monitoring scope, the application scans only the objects that are specified using the masks in the shell format. You can specify several |
Default value: |
The [ExcludedFromScanScope.item_#] section contains the objects to be excluded from all [ScanScope.item_#] sections. The objects that match the rules of any [ExcludedFromScanScope.item_#] section will be excluded from monitoring. The format of the [ExcludedFromScanScope.item_#] section is similar to the format of the [ScanScope.item_#] section. You can specify several [ExcludedFromScanScope.item_#] sections in any order. The application processes the scopes by index in ascending order. The [ExcludedFromScanScope.item_#] section contains the following settings: |
||
|
Description of the monitoring exclusion scope, which contains additional information about the monitoring exclusion scope. |
The default value is not defined. |
|
Excludes the specified scope from monitoring. |
|
|
Path to the directory with objects excluded from monitoring. |
You can use masks to specify the path. The default value is not defined. |
|
Limitation of monitoring exclusion scope. In the monitoring exclusion scope, the application only excludes the objects that are specified using masks in the shell format. You can specify several |
Default value: |