On-demand System Integrity Monitoring

The On-demand System Integrity Monitoring task is available only for Kaspersky Security Center Web Console.

While the On-demand System Integrity Monitoring task is running, each object change is determined by comparing the current state of the monitored objects with the original state, which was previously established as a baseline.

You can create several ODFIM tasks.

Baseline

The baseline is established during the first run of the ODFIM task on the computer. For each ODFIM task, a separate baseline is created. The task is performed only if the baseline corresponds to the monitoring scope. If the baseline does not match the monitoring scope, Kaspersky Endpoint Security generates an event about system integrity violation.

You can rebuild a baseline for a task using the corresponding parameter. The baseline is rebuilt after an ODFIM task has finished.

Also, a baseline is rebuilt when the parameters of a task change, for example, if a new monitoring scope is added. The baseline will be rebuilt during the next task run.

The ODFIM task creates storage for baselines on a computer that has the System Integrity Monitoring component installed.

You can delete a baseline only if you delete the corresponding ODFIM task.

System Integrity Monitoring task settings

Setting	Description
Rebuild baseline on each task start	This check box enables or disables the rebuilding a system baseline each time the System Integrity Monitoring task is started. If the check box is selected, Kaspersky Endpoint Security rebuilds a system baseline each time the System Integrity Monitoring task is started. If the check box is cleared, Kaspersky Endpoint Security does not rebuild a system baseline each time the System Integrity Monitoring task is started. This check box is cleared by default.
Use hash for monitoring (SHA-256)	This check box enables or disables use of the SHA-256 hash for the System Integrity Monitoring task. SHA-256 is a cryptographic hash function that produces a 256-bit hash value. The 256-bit hash value is represented as a sequence of 64 hexadecimal digits. If the check box is selected, Kaspersky Endpoint Security uses the SHA-256 hash for the System Integrity Monitoring task. If the check box is cleared, Kaspersky Endpoint Security does not use the SHA-256 hash for the System Integrity Monitoring task. This check box is cleared by default.
Track directories in monitoring scopes	This check box enables or disables monitoring of the specified directories while the System Integrity Monitoring task is running. If the check box is selected, Kaspersky Endpoint Security monitors the specified directories while the System Integrity Monitoring task is running. If the check box is cleared, Kaspersky Endpoint Security does not monitor the specified directories while the System Integrity Monitoring task is running. This check box is cleared by default.
Track task access time	This check box enables or disables tracking of the System Integrity Monitoring task access time. If the check box is selected, Kaspersky Endpoint Security tracks the System Integrity Monitoring task access time. If the check box is cleared, Kaspersky Endpoint Security does not track the System Integrity Monitoring task access time. This check box is cleared by default.
Monitoring scopes	Contains objects that are monitored by the System Integrity Monitoring task. By default, the table contains the Kaspersky internal objects monitoring scope (/opt/kaspersky/kesl/). You can add, configure, delete, move up, or move down scan scopes in the table. Clicking the Move down button moves the selected item down in the table. Kaspersky Endpoint Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table. This button is available if only one item is selected in the table. Clicking the Move up button moves the selected item up in the table. Kaspersky Endpoint Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table. This button is available if only one item is selected in the table. Clicking the Delete button excludes the selected scope from scanning. This button is available if at least one scan scope is selected in the table. Clicking the scan scope name opens the <scan scope> window. In this window, you can modify the settings of the selected scan scope. Clicking the Add button opens the <New scan scope> window. In this window, you can define a new scan scope.

You can also configure monitoring exclusions and exclusions by mask for the On-demand System Integrity Monitoring task in the Exclusion scopes section.

Page top