On-access System Integrity Monitoring task settings

This section describes the settings you can specify for the on-access System Integrity Monitoring task.

All available values and default values for each setting are described below.

UseExcludeMasks

Enables or disables exclusion, from the monitoring scope, of objects that are specified by the ExcludeMasks setting.

The UseExcludeMasks setting works only if the ExcludeMasks setting is specified.

Available values:

Yes—Exclude objects specified by the ExcludeMasks setting from the monitoring scope.

No—Do not exclude objects specified by the ExcludeMasks setting from the monitoring scope.

Default value: No

ExcludeMasks

Specifies a list of masks that define objects to be excluded from the monitoring scope.

Before specifying this setting, make sure that the UseExcludeMasks setting value is set to Yes.

Masks are specified in command shell format.

If you want to specify several masks, each mask must be specified on a new line with the new index specified (ExcludeMasks.item_0000, ExcludeMasks.item_0001).

Default value: not defined

Section [ScanScope.item_#]

The [ScanScope.item_#] sections specify scopes to be monitored by the System Integrity Monitoring task. At least one monitoring scope must be specified for the task.

You can define several [ScanScope.item_#] sections in a configuration file in any order. Kaspersky Endpoint Security will process scopes by item index, in ascending order.

Each [ScanScope.item_#] section contains the following settings:

AreaDesc

Specifies the name of the monitoring scope.

UseScanArea

Enables or disables monitoring of the specified scope.

Available values:

Yes—Monitor a specified scope.

No—Do not monitor a specified scope.

Default value: Yes

Path

Specifies the full path to the object or directories to be monitored.

Default value: /opt/kaspersky/kesl/

AreaMask.item_#

Specifies a command line shell mask that defines the objects to be monitored.

You can specify several AreaMask.item_# items in any order. Kaspersky Endpoint Security will process items by indexes, in ascending order.

Default value: * (all objects will be processed)

Section [ExcludedFromScanScope.item_#]

The [ExcludedFromScanScope.item_#] sections specify the objects to be excluded from all [ScanScope.item_#] sections.

All objects that match the rules of any [ExcludedFromScanScope.item_#] section will be excluded from monitoring. An [ExcludedFromScanScope.item_#] section format is similar to the format of a [ScanScope.item_#] section.

You can define several [ExcludedFromScanScope.item_#] sections in a configuration file in any order. Kaspersky Endpoint Security will process scopes by item index, in ascending order.

Each [ScanScope.item_#] section contains the following settings:

AreaDesc

Specifies the name of the scope to be excluded from monitoring.

UseScanArea

Specifies whether the specified scope will be excluded from monitoring.

Available values:

Yes—Exclude a specified scope from the monitoring.

No—Do not exclude the specified scope from the monitoring.

Default value: Yes

Path

Specifies the path to the objects or directories to be excluded from monitoring. You can use masks to specify the path.

AreaMask.item_#

Specifies a command line shell mask that defines the objects to be excluded from monitoring.

You can specify several AreaMask.item_# items in any order. Kaspersky Endpoint Security will process items by indexes, in ascending order.

Default value: * (all objects will be monitored)

Page top