The Behavior Detection task monitors malicious activity by applications in the operating system. When malicious activity is detected, Kaspersky Endpoint Security can terminate the process of the application that performs malicious activity.
The [TrustedPrograms.item_#] section contains processes that are excluded from scans. Kaspersky Endpoint Security does not monitor the activity of the specified processes.
ProgramPath
Path to excluded process.
<full path to process> – Do not scan the process in the indicated local directory. You can use masks to specify the path.
You can use the * (asterisk) character to create a file or directory name mask.
You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.
You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.
The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.
You can use a single ? character to represent any one character in the file or directory name.
ApplyToDescendants
Exclude child processes of the excluded process specified by the ProgramPath setting from scans.
Yes – exclude the specified process and all its child processes from scans.
No (default value) – exclude only the specified process from scans, do not exclude its child processes from scans.
ProgramDesc
Description of the excluded process.
UseTrustedProgram
Enables the exclusion of the specified process from scanning.
Yes (default value) - enable exclusion of the specified process from scanning.
No - do not exclude the specified process from scanning.