During the Baseline File Integrity Monitor task, Kaspersky Embedded Systems Security does not check locked files, folders, file shortcuts and cloud files.
The Baseline File Integrity Monitor task monitors the integrity of files in the monitoring scope by comparing the files' hash (MD5 hash or SHA256 hash) to a baseline.
On the first Baseline File Integrity Monitor task run, Kaspersky Embedded Systems Security creates a baseline by calculating and storing hash for files in the task's monitoring scope. If a Baseline File Integrity Monitor task monitoring scope was changed, Kaspersky Embedded Systems Security updates the baseline on the next Baseline File Integrity Monitor task run by calculating and storing hash for files in the task's monitoring scope. If a Baseline File Integrity Monitor task was deleted, Kaspersky Embedded Systems Security deletes the baseline for this Baseline File Integrity Monitor task.
You can delete a baseline without deleting the Baseline File Integrity Monitor task by using the command line.
The Baseline File Integrity Monitor task tracks the following changes of files in the monitoring scope:
The Baseline File Integrity Monitor task does not track changes to file's attributes and alternative streams.
If a file or a folder is inaccessible, Kaspersky Embedded Systems Security will not add this file or folder to the baseline during the baseline creation and will create an event about a failure to calculate file's checksum during the run of the Baseline File Integrity Monitor task.
A file or a folder may be inaccessible for the following reasons: