SambaConfigPath

Directory that stores the Samba configuration file. The Samba configuration file is required to ensure that the AllShared or Shared:SMB values can be used for the Path setting.

The standard directory of the SAMBA configuration file on the computer is specified by default.

Default value: /etc/samba/smb.conf.

The application must be restarted after this setting is changed.

NfsExportPath

The directory where the NFS configuration file is stored. The NFS configuration file is required to ensure that the AllShared or Shared:NFS values can be used for the Path setting.

The standard directory of the NFS configuration file on the computer is specified by default.

Default value: /etc/exports.

The application must be restarted after this setting is changed.

TraceLevel

Enables trace file generation and specifies the level of detail of the trace file.

Detailed – Generate a detailed trace file.

MediumDetailed – Generate a trace file that contains informational messages and error messages.

NotDetailed – Generate a trace file that contains error messages.

None (default value) — Do not generate a trace file.

TraceFolder

The directory that stores the application's trace files. Trace files contain information about the operating system, and may also contain personal data.

Default value: /var/log/kaspersky/kesl.

If you specify a different directory, make sure that the account under which Kaspersky Endpoint Security is running has read/write permissions for this directory. Root privileges are required to access the default trace files directory.

The application must be restarted after this setting is changed.

TraceMaxFileCount

Specifies the maximum number of module update trace files.

1–10000

Default value: 5.

The application must be restarted after this setting is changed.

TraceMaxFileSize

Specifies the maximum size of an application trace file (in megabytes).

1–1000

Default value: 500.

The application must be restarted after this setting is changed.

BlockFilesGreaterMaxFileNamePath

Blocks access to files for which the full path length exceeds the defined settings value specified in bytes. If the length of the full path to the scanned file exceeds the value of this setting, virus scan tasks skip this file during scanning.

This setting is not available for operating systems that use the fanotify technology.

4096–33554432

Default value: 16384.

After changing the value of this setting, the File Threat Protection task needs to be restarted.

DetectOtherObjects

Enables detection of legitimate software that could be used by intruders to harm computers or user data.

Yes— Enable detection of legitimate software that could be used by intruders to harm computers or user data.

No (default value) — Disable detection of legitimate software that could be used by intruders to harm computers or user data.

NamespaceMonitoring

Enable scanning of namespaces and containers.

Yes (default value) — Enable scanning of namespaces and containers.

No — Disable scanning of namespaces and containers.

InterceptorProtectionMode

File interceptor mode when executing tasks that use the file operation interceptor (File Threat Protection, Anti-Cryptor, Device Control, Removable Drives Scan).

This setting affects the execution of File Threat Protection, Device Control and Removable Drive Scan.

Block (default value) – block the files while they are being scanned by the task that uses the file interceptor. A request to any file has to wait for scan results. When detecting infected objects, the application performs the actions specified in the FirstAction and SecondAction settings of the File Threat Protection task.

Notify — do not block the files while they are being scanned by the task that uses the file interceptor. Requests to any file is allowed, scanning is done asynchronously. When detecting infected objects, the application only records the event in the event log. The actions specified in the FirstAction and SecondAction settings of the File Threat Protection task are skipped.

If the Notify value is selected, the protection level of your device is reduced.

UseKSN

Enables participation in Kaspersky Security Network.

Basic — Enable participation in Kaspersky Security Network without sending statistics.

Extended — Enable participation in Kaspersky Security Network and send statistics.

No (default value) — Disable participation in Kaspersky Security Network.

UseMDR

Enables Managed Detection and Response.

Yes – enable Managed Detection and Response.

No (default value) – disable Managed Detection and Response.

UseProxy

Enables use of a proxy server by Kaspersky Endpoint Security components. A proxy server can be used to communicate with Kaspersky Security Network, to activate the application, and when updating application databases and modules.

Yes - enable the use of a proxy server.

No (default) - Disable the use of a proxy server.

ProxyServer

Proxy server settings in the format [user[:password]@]host[:port].

When connecting via an HTTP proxy, we recommend to use a separate account that is not used to sign in to other systems. An HTTP proxy uses an insecure connection, and the account may be compromised.

—

MaxEventsNumber

The maximum number of events stored by the application. When the specified number of events is exceeded, the application deletes the oldest events.

Default value: 500000.

If 0 is specified, events are not saved.

LimitNumberOfScanFileTasks

The maximum number of Scan_File tasks that a non-privileged user can simultaneously start on a device. This setting does not limit the number of tasks that a user with root privileges can start.

0–4294967295

Default value: 0.

If 0 is specified, a non-privileged user cannot start Scan_File tasks.

If you installed the graphical user interface package when installing the application, the LimitNumberOfScanFileTasks settings has the default value 5.

UseSyslog

Enable logging of information about events to syslog

Root privileges are required to access syslog.

Yes — Enable logging of information about events to syslog.

No (default value) — Disable logging of information about events to syslog.

EventsStoragePath

The database directory where the application saves information about events.

Root privileges are required to access the default event database.

Default value: /var/opt/kaspersky/kesl/private/storage/events.db.

ExcludedMountPoint.item_#

The mount point to be excluded from the scan scope for tasks that use a file operation interceptor (File Threat Protection and Anti-Cryptor). You can specify several mount points to be excluded from scans.

Mount points must be specified in the same way as they are displayed in the mount command output.

The ExcludedMountPoint.item_# setting is left unspecified by default.

AllRemoteMounted — Exclude all remote directories mounted on the device using SMB and NFS protocols from file operation interception.

Mounted:NFS — Exclude all remote directories mounted on the device using the NFS protocol from file operation interception.

Mounted:SMB — Exclude all remote directories mounted on the device using the SMB protocol from file operation interception.

Mounted:<file system type> — Exclude all mounted directories with the specified file system type from file operation interception.

/mnt — Exclude objects in the /mnt mount point (including subdirectories) from file operation interception. This directory is used as the temporary mount point for removable drives.

<path that contains the /mnt/user* or /mnt/**/user_share> — Exclude objects in mount points whose names contain the specified mask from file operation interception.

MemScanExcludedProgramPath.item_#

Exclude process memory from scans.

The application does not scan the memory of the indicated process.

<full path to process> – Do not scan the process in the indicated local directory. You can use masks to specify the path.