File Threat Protection component prevents infection of the device file system. If the component is enabled, it stays in the RAM of the device and scans all files that are opened, saved, and launched in real time.
When malware is detected, Kaspersky Industrial CyberSecurity for Linux Nodes can delete the infected file and terminate the malicious process started from this file.
If the default application operating mode was selected during installation, File Threat Protection is disabled by default.
To make sure your devices are protected, we recommend applying a policy to the devices using the Web Console or Administration Console, or configuring the protection on the command line.
The operation of the component is affected by the file operation interception mode, which you can select in the general settings of the application. By default, blocking access to files that are being scanned by the File Threat Protection component is disabled.
If File Threat Protection is enabled and Container monitoring is enabled, the application also scans all namespaces and containers on all supported operating systems.
You can enable or disable File Threat Protection, and also configure the protection settings:
To optimize the File Threat Protection component, you can exclude from scans any files being copied from network directories. Files are scanned only after the process of copying to a local directory is finished. To exclude files located in network directories from scans, configure exclusion based on processes for the utility used for copying from network directories (for example, for the cp utility). If you manage the application using Kaspersky Security Center, you can configure exclusion based on processes in the Web Console or the Administration Console. If you are administering the application using the command line, you can configure an exclusion by process by adding an [ExcludedForProgram.item_ #] section to the settings of the OAS task.