If, after analysis of the File Threat Protection task's operation, you have created a list of directories and files that can be excluded from the scan scope, you need to add them to the exclusions.
Scan exclusions
To exclude the /tmp/logs directory and all subdirectories and files recursively, execute the following command:
kesl-control --set-settings 1 --add-exclusion /tmp/logs
To exclude a specific file or files by mask in the /tmp/logs directory, execute the following command:
kesl-control --set-settings 1 --add-exclusion /tmp/logs/*.log
To exclude all files with the .log extension in the /tmp/ directory and subdirectories using a recursive mask, execute the following command:
kesl-control --set-settings 1 --add-exclusion /tmp/**/*.log
Interception exclusions
If you want to exclude files in a certain directory not only from scan, but also from interception, you can exclude the entire mount point.
To exclude an entire mount point:
mount --bind /tmp/ /tmp
/tmp /tmp none defaults,bind 0 0
kesl-control --set-app-settings ExcludedMountPoint.item_0000=/tmp
It is also recommended to exclude mount points that are mounted remote resources with unstable or slow connection.
Changing scan type
By default, the File Threat Protection task can scan files when they are opened or closed. If analysis of the File Threats Protection task performance shows that too many files are being written, you can make the task operate only when files are opened by running the following command:
kesl-control --set-set 1 ScanByAccessType=Open
In this operation mode, changes made to the file after it is opened are not scanned until the next opening of the file.
Page top