RebuildBaseline

Enables or disables rebuilding a baseline after the ODFIM task finishes.

Yes — Rebuild a baseline after the ODFIM task has finished.

No (default value) — Do not rebuild a baseline after the ODFIM task has finished.

CheckFileHash

Enables or disables hash (SHA-256) check.

Yes — Enable hash check.

No (default value) — Disable hash check.

TrackDirectoryChanges

Enables or disables the monitoring of directories.

Yes — Monitor directories.

No (default value) — Do not monitor directories.

TrackLastAccessTime

Enables or disables checking the last time the file was accessed. In the Linux operating systems it is the noatime parameter.

Yes — Check the time the file was last accessed.

No (default value) — Do not check the time the file was last accessed.

UseExcludeMasks

Enables or disables exclusion of objects specified by the ExcludeMasks setting from the monitoring scope.

This setting only applies if the ExcludeMasks setting is specified.

Yes — Exclude objects specified by the ExcludeMasks setting from the monitoring scope.

No (default value) — Do not exclude objects specified by the ExcludeMasks setting from the monitoring scope.

ExcludeMasks

Specifies a list of masks that define objects to be excluded from the monitoring scope.

Before specifying this setting, make sure the UseExcludeMasks setting is set to Yes.

Masks are specified in command shell format.

If you want to specify several masks, each mask must be specified on a new line with a new index (ExcludeMasks.item_0000, ExcludeMasks.item_0001).

The default value is not defined.

The [ScanScope.item_#] section contains the monitoring scopes of the System Integrity Monitoring task. At least one monitoring scope must be specified for the task. You can define several [ScanScope.item_#] sections in any order in the configuration file. The application will process the scopes by index in ascending order.

Each [ScanScope.item_#] section contains the following settings:

AreaDesc

Specifies the name of the monitoring scope.

The default value is not defined.

UseScanArea

Enables or disables monitoring of the specified scope.

Yes (default value) — Monitor the specified scope.

No — Do not monitor the specified scope.

Path

Specifies the full path to the object or directories to be monitored.

Default value: /opt/kaspersky/kics/

AreaMask.item_#

Specifies a command line shell mask that defines the objects to be monitored.

You can specify several AreaMask.item_# items in any order. The application will process the scopes by index in ascending order.

Default value: * (process all objects)

The [ExcludedFromScanScope.item_#] section contains the objects to be excluded from all [ScanScope.item_#] sections. The objects that match the rules of any [ExcludedFromScanScope.item_#] section will be excluded from monitoring. The format of the [ExcludedFromScanScope.item_#] section is similar to the format of the [ScanScope.item_#] section. You can define several [ExcludedFromScanScope.item_#] sections in any order in the configuration file. The application will process the scopes by index in ascending order.

Each [ScanScope.item_#] section contains the following settings:

AreaDesc

Specifies the name of the scope to be excluded from monitoring.

The default value is not defined.

UseScanArea

Specifies whether the specified scope will be excluded from monitoring.

Yes (default value) — Exclude the specified scopes from monitoring.

No — Do not exclude the specified scopes from monitoring.

Path

Specifies the path to the objects or directories to be excluded from monitoring. You can use masks to specify the path.

The default value is not defined.

AreaMask.item_#

Specifies a command line shell mask that defines the objects to be excluded from monitoring.

You can specify several AreaMask.item_# items in any order. The application will process the scopes by index in ascending order.

Default value: * (all objects are monitored)