You can get the list of objects that have been scanned the most times by running the following command:
fgrep 'AVP ENTER' /var/log/kaspersky/kesl/kesl.* | awk '{print $8}' | sort | uniq -c | sort -k1 -n -r|less
The result is loaded into less, a text viewer utility, where the objects that have been scanned the most times are displayed first.
If you need to aggregate object scanning statistics in subdirectories down to a certain depth starting from the root directory /, you can add cut -d/ -f 1-X to the command, where X is the nesting depth, for example:
fgrep 'AVP ENTER' /var/log/kaspersky/kesl/kesl.* | awk '{print $8}' | cut -d/ -f 1-4 | sort | uniq -c | sort -k1 -n -r|less
If various services frequently write data to files in the system, such files are scanned again in the pending queue. Get the list of paths that have been scanned the most times in the pending queue by running the following command:
fgrep 'SYSCALL' /var/log/kaspersky/kesl/kesl.* | fgrep 'KLIF_ACTION_CLOSE_MODIFY' | awk '{print $10}' | sort | uniq -c | sort -k1 -n -r
The files that were scanned the most times will appear at the beginning of the list.
If you need to aggregate object scanning statistics in subdirectories down to a certain depth starting from the root directory /, you can add cut -d/ -f 1-X to the command, where X is the nesting depth, for example:
fgrep 'SYSCALL' /var/log/kaspersky/kesl/kesl.* | fgrep 'KLIF_ACTION_CLOSE_MODIFY' | awk '{print $10}' | tr -d ',' | cut -d/ -f 1-3 | sort | uniq -c | sort -k1 -n -r
We recommend determining whether the objects scanned the most number of times are dangerous. You can add objects and files confirmed as safe to exclusions to optimize File Threat Protection and scan tasks. For example, database files, directories, and log files can be considered safe if a write operation is performed by a trusted process. In case of any difficulties, contact Technical Support.
Page top