The container scan general settings are used when scanning namespaces and containers in real time.
General container and namespace scan settings
Setting |
Description |
Values |
---|---|---|
|
Action to be performed on a container when an infected object is detected. This setting is available when using the application under a license that supports this function. File Threat Protection task settings are used when scanning objects inside a container. The action taken on a container when an infected object is detected also depends on the specified settings of the File Threat Protection task. |
|
|
Use the Docker environment. |
|
|
Docker socket path or URI (Universal Resource Identifier). |
Default value: /var/run/docker.sock. |
|
Use the CRI-O environment. |
|
|
Path to the CRI-O configuration file. |
Default value: /etc/crio/crio.conf. |
|
Use the Podman utility. |
|
|
Path to the Podman utility executable file. |
Default value: /usr/bin/podman. |
|
Path to the root directory of the container storage. |
Default value: /var/lib/containers/storage. |
|
Use the runc utility. |
|
|
Path to the runc utility executable file. |
Default value: /usr/bin/runc. |
|
Path to the root directory of the container state storage. |
Default value: /run/runc. |
The StopContainerIfFailed
action taken on a container when an infected object is detected may vary depending on the specified values of the FirstAction
and SecondAction
settings of the File Threat Protection task. If the File Threat Protection task fails to disinfect or delete an infected object, the container will be stopped. In all other cases, no action is applied to the container.