On-access File Integrity Monitoring task settings

The table describes all available values and default values of all the settings that you can specify for the On-access File Integrity Monitoring task.

Setting	Description	Values

`UseExcludeMasks`	Enables or disables exclusion of objects specified by the `ExcludeMasks` setting from the monitoring scope. The `UseExcludeMasks` setting only works if the `ExcludeMasks` setting is specified.	`Yes` — Exclude objects specified by the `ExcludeMasks` setting from the monitoring scope. `No` (default value) — Do not exclude objects specified by the `ExcludeMasks` setting from the monitoring scope.
`ExcludeMasks`	Specifies a list of masks that define objects to be excluded from the monitoring scope. Before specifying this setting, make sure the `UseExcludeMasks` setting is set to `Yes`. Masks are specified in command shell format. If you want to specify several masks, each mask must be specified on a new line with a new index (`ExcludeMasks.item_0000`, `ExcludeMasks.item_0001`).	The default value is not defined.
The [ScanScope.item_#] section contains the monitoring scopes of the System Integrity Monitoring task. At least one monitoring scope must be specified for the task. You can define several [ScanScope.item_#] sections in any order in the configuration file. The application will process the scopes by index in ascending order. Each [ScanScope.item_#] section contains the following settings:
`AreaDesc`	Specifies the name of the monitoring scope.	The default value is not defined.
`UseScanArea`	Enables or disables monitoring of the specified scope.	`Yes` (default value) — Monitor the specified scope. `No` — Do not monitor the specified scope.
`Path`	Specifies the full path to the object or directories to be monitored.	Default value: /opt/kaspersky/kics/
`AreaMask.item_#`	Specifies a command line shell mask that defines the objects to be monitored. You can specify several `AreaMask.item_#` items in any order. The application will process the scopes by index in ascending order.	Default value: `*` (process all objects)
The [ExcludedFromScanScope.item_#] section contains the objects to be excluded from all [ScanScope.item_#] sections. The objects that match the rules of any [ExcludedFromScanScope.item_#] section will be excluded from monitoring. The format of the [ExcludedFromScanScope.item_#] section is similar to the format of the [ScanScope.item_#] section. You can define several [ExcludedFromScanScope.item_#] sections in any order in the configuration file. The application will process the scopes by index in ascending order. Each [ExcludedFromScanScope.item_#] section contains the following settings:
`AreaDesc`	Specifies the name of the scope to be excluded from monitoring.	The default value is not defined.
`UseScanArea`	Specifies whether the specified scope will be excluded from monitoring.	`Yes` (default value) — Exclude the specified scopes from monitoring. `No` — Do not exclude the specified scopes from monitoring.
`Path`	Specifies the path to the objects or directories to be excluded from monitoring. You can use masks to specify the path. You can use the `` (asterisk) character to create a file or directory name mask. One `` character represents any set of characters (including the empty set) preceding the `/` character in the file or directory name. For example, `/dir//file or /dir///file`. Two consecutive `` characters represent any set of characters (including the empty set), including the `/` character, in the file or directory name. For example, `/dir/*/file/ or /dir/file/`. The `` mask can be used only once in a directory name. For example, `/dir///file` is an incorrect mask.	The default value is not defined.
`AreaMask.item_#`	Specifies a command line shell mask that defines the objects to be excluded from monitoring. You can specify several `AreaMask.item_#` items in any order. Kaspersky Industrial CyberSecurity for Linux Nodes will process scopes by index in ascending order	Default value: `*` (all objects are monitored)

Page top