Configuring Behavior Detection in the Administration Console

You can configure application Behavior Detection in the Administration Console, under the policy: Advanced Threat Protection → Behavior Detection.

Behavior Detection component settings

Setting	Description
Enable Behavior Detection	This check box enables or disables the Behavior Detection component. This check box is cleared by default.
Action on malware activity detection	The action to be performed by Kaspersky Industrial CyberSecurity for Linux Nodes upon detecting malicious activity in the operating system: Block the application performing malicious activity. Kaspersky Industrial CyberSecurity for Linux Nodes terminates the process that is performing malicious activity and records information about the detected malicious activity in the event log. Inform user (default value). Kaspersky Industrial CyberSecurity for Linux Nodes does not terminate the process performing malicious activity. It only records a malicious activity detection event in the event log.
Use exclusions by process	This check box enables or disables exclusions by process in the operation of the Behavior Detection component. This check box is cleared by default. The Configure button opens the Exclusions by process window. In this window, you can exclude the activity of processes.

Setting

Description

Enable Behavior Detection

This check box enables or disables the Behavior Detection component.

This check box is cleared by default.

Action on malware activity detection

The action to be performed by Kaspersky Industrial CyberSecurity for Linux Nodes upon detecting malicious activity in the operating system:

Block the application performing malicious activity. Kaspersky Industrial CyberSecurity for Linux Nodes terminates the process that is performing malicious activity and records information about the detected malicious activity in the event log.
Inform user (default value). Kaspersky Industrial CyberSecurity for Linux Nodes does not terminate the process performing malicious activity. It only records a malicious activity detection event in the event log.

Use exclusions by process

This check box enables or disables exclusions by process in the operation of the Behavior Detection component.

This check box is cleared by default.

The Configure button opens the Exclusions by process window. In this window, you can exclude the activity of processes.