Configuring System Integrity Monitoring in the command line

You can manage system integrity monitoring in real time in the command line by using the System Integrity Monitoring predefined task (System_Integrity_Monitoring). Task type: OAFIM.

The System Integrity Monitoring task does not run by default. You can start and stop the task manually.

You can configure System Integrity Monitoring on the device by editing the settings of the System Integrity Monitoring predefined task.

On-access File Integrity Monitoring task settings

Setting

Description

Values

UseExcludeMasks

Enables monitoring scope exclusions for objects specified by the ExcludeThreats.item_# setting.

This setting only applies if a value is specified for the ExcludeMasks.item_# setting.

Yes — Exclude objects specified by the ExcludeMasks.item_# setting from the monitoring scope.

No (default value) — Do not exclude objects specified by the ExcludeMasks.item_# setting from the monitoring scope.

ExcludeMasks.item_#

Excludes objects from monitoring by names or masks. You can use this setting to exclude an individual file from the specified scan scope by name or exclude several files at once using masks in the shell format.

Before specifying a value for this setting, make sure that the UseExcludeMasks setting is enabled.

You can specify several masks. Each mask must be specified on a new line with a new index.

The default value is not defined.

The [ScanScope.item_#] section contains the monitoring scopes of the System Integrity Monitoring task. At least one monitoring scope must be specified for the task. You can specify several [ScanScope.item_#] sections in any order. The application processes the scopes by index in ascending order.

The [ScanScope.item_#] section contains the following settings:

AreaDesc

Description of monitoring scope; contains additional information about the monitoring scope.

The default value is not defined.

UseScanArea

Enables monitoring of the specified scope.

Yes (default value) — Monitor the specified scope.

No — Do not monitor the specified scope.

Path

Path to the monitoring directory.

You can use masks to specify the path.

Default value: /opt/kaspersky/kesl/

AreaMask.item_#

Monitoring scope limitation. Within the monitoring scope, the application scans only the objects that are specified using the masks in the shell format.

You can specify several AreaMask.item_# items in any order. The application processes the scopes by index in ascending order.

Default value: * (all objects are monitored)

[ExcludedFromScanScope.item_#] contains objects to be excluded from all [ScanScope.item_#] sections. You can specify multiple [ExcludedFromScanScope.item_#] sections in any order. The application processes the scopes by index in ascending order.

The [ExcludedFromScanScope.item_#] section contains the following settings:

AreaDesc

Description of the monitoring exclusion scope, which contains additional information about the monitoring exclusion scope.

The default value is not defined.

UseScanArea

Excludes the specified scope from monitoring.

Yes (default value) — Exclude the specified scope from monitoring.

No — Do not exclude the specified scope from monitoring.

Path

Path to the directory with objects excluded from monitoring.

You can use masks to specify the path.

The default value is not defined.

AreaMask.item_#

Limitation of monitoring exclusion scope. In the monitoring exclusion scope, the application only excludes the objects that are specified using masks in the shell format.

You can specify several AreaMask.item_# items in any order. The application processes the scopes by index in ascending order.

Default value: * (exclude all objects from monitoring)

Page top