By default, the File Integrity Monitor task has the settings described in the table below. You can change the values of the settings in the following components:
Default File Integrity Monitor task settings
Setting |
Default value |
Description |
|---|---|---|
Monitoring scope |
Not configured |
Use this option to specify the folders and files for which actions will be monitored. Monitoring events will be generated for the folders and files in the specified monitoring scope. |
Trusted users list |
Not configured |
Use this option to specify users and/or groups of users, whose actions in the specified folders will be treated as safe by the component. |
Log information about file operations that appear during the monitor interruption period |
Used |
Use this option to enable or disable logging of file operations performed in the indicated monitoring scopes during periods in which the task in not running. |
Block attempts to compromise the USN log |
Used |
Use this option to enable or disable protection of the USN log. |
Apply Trusted Zone |
Disabled |
Select or clear the Apply Trusted Zone check box to apply the Trusted Zone exclusions in addition to the monitoring scope configured for a rule. |
Detect and block the selected file operations |
Disabled |
Select or clear the Detect and block the selected file operations check box if you want to block all changes for the selected monitoring area. |
Exclude the following folders from control |
Not applied |
Use this option to check the use of exclusions for folders in which file operations do not need to be monitored. When the File Integrity Monitor task runs, Kaspersky Embedded Systems Security skips monitoring scopes specified as exclusions. |
Checksum calculation |
Not applied |
Use this option to configure calculation of the file checksum after changes are made in the file. |
Set file operations markers |
All available file operation markers are considered |
Use this option to specify the set of file operation markers. If a file operation performed in a monitoring scope is characterized by one or more specified markers, Kaspersky Embedded Systems Security generates an audit event. |
Task start schedule |
First run is not scheduled |
You can configure the settings for starting the task on a schedule. |