The Behavior Detection component allows you to monitor for any malicious activity from applications in the operating system. When malicious activity is detected, Kaspersky Industrial CyberSecurity for Linux Nodes can terminate the application process that is performing malicious activity.
By default, Behavior Analysis is disabled.
You can enable, disable, and configure Behavior Detection:
If integration between Kaspersky Industrial CyberSecurity for Linux Nodes and Kaspersky Managed Detection and Response is enabled, exclusions by process are skipped when Behavior Detection is performed in the operating system.
By default, on the SintezM-Client operating system, the auditd service configuration is protected from modification, that is, it is in enabled 2 mode. For correct operation of the Behavior Detection component when Kaspersky Industrial CyberSecurity for Linux Nodes is integrated with the Kaspersky Managed Detection and Response solution, change the auditd mode in the configuration files to enabled 1 (no configuration blocking) and restart the operating system.