System Integrity Monitoring

This component is available if Kaspersky Endpoint Security is installed on a computer that runs on Windows for servers. This component is unavailable if Kaspersky Endpoint Security is installed on a computer that runs on Windows for workstations.

Starting with version 12.6, Kaspersky Endpoint Security for Windows includes the System Integrity Monitoring component instead of the File Integrity Monitor component. System Integrity Monitoring component includes all functionality of File Integrity Monitor and additionally allows to monitor registry changes and connection of external devices.

The System Integrity Monitoring component monitors changes in the operating system that may indicate computer security breaches. When such changes are detected, Kaspersky Endpoint Security generates corresponding events and alerts the administrator. System Integrity Monitoring can operate in real-time mode and can also perform system integrity checks on demand.

Real-Time System Integrity Monitoring

In real-time mode, System Integrity Monitoring tracks changes in objects that you included in the component's scope (the monitoring scope). System Integrity Monitoring also allows blocking unauthorized access to such objects in real time.

On-Demand System Integrity Check

On-Demand System Integrity Check is a task that you can run manually or on a schedule. To run the System Integrity Check task, you must configure the scope of the component (the monitoring scope) and create a baseline. A baseline is a recorded state of objects in the system, which the application uses as reference when comparing to the current state.

Migrating File Integrity Monitor settings

When you update Kaspersky Endpoint Security to version 12.6, File Integrity Monitor settings are migrated automatically. As part of the migration, the application moves the monitoring rules to System Integrity Monitoring. File Integrity Monitor rules are also migrated to System Integrity Monitoring when migrating from KSWS to KES.

To ensure correct operation of System Integrity Monitoring, Kaspersky Endpoint Security application and management plug-in should be updated to version 12.6. If you have an earlier version of the management plug-in installed, you cannot configure System Integrity Monitoring because the management plug-in lacks the System Integrity Monitoring section.

In this section

About System Integrity Monitoring rules

Real-Time System Integrity Monitoring

On-Demand System Integrity Check

Exporting and importing System Integrity Monitoring rules

Viewing System Integrity Monitoring reports

System integrity status reset

Page top