Configuring general application settings via the Application Console
General settings and malfunction diagnostics settings of Kaspersky Industrial CyberSecurity for Nodes establish the general operating conditions for the application. These settings allow you to control the number of working processes used by Kaspersky Industrial CyberSecurity for Nodes, enable recovery of Kaspersky Industrial CyberSecurity for Nodes tasks after an abnormal termination, maintain the log, enable creation of dump files of Kaspersky Industrial CyberSecurity for Nodes processes after abnormal termination, and configure other general settings.
Application settings cannot be configured in the Application Console if the active Kaspersky Security Center policy blocks changes to these settings.
To configure Kaspersky Industrial CyberSecurity for Nodes settings:
In the Application Console tree, select the Kaspersky Industrial CyberSecurity for Nodes node and do one of the following:
Click the Application properties link in the details pane of the node.
Select Properties in the node's context menu.
The Application settings window opens.
In the window that opens, configure Kaspersky Industrial CyberSecurity for Nodes general settings according to your preferences:
The following settings can be configured on the Scalability and interface tab:
This setting belongs to the Scalability settings group in Kaspersky Industrial CyberSecurity for Nodes. It sets the maximum number of active processes that the application can run simultaneously.
Increasing the number of processes running in parallel increases file scanning speed and improves the fail-safety of Kaspersky Industrial CyberSecurity for Nodes. However, if the value of this setting is too high, it may reduce general protected device performance and increase RAM usage.
In Kaspersky Security Center Administration Console, you can change the Maximum number of active processes setting only for Kaspersky Industrial CyberSecurity for Nodes installed on a stand-alone protected device (using the Application settings dialog box). You cannot modify this setting in the policy settings for a group of protected devices.
Possible values
1 – 8
Default value
The application handles scalability automatically, depending on the number of processors on the protected device:
This setting belongs to the Scalability settings group in Kaspersky Industrial CyberSecurity for Nodes.
Using this setting you can specify a fixed number of processes in which Kaspersky Industrial CyberSecurity for Nodes will execute Real-Time Computer Protection tasks.
A higher value will increase the scan speed in Real-Time Computer Protection tasks. However, the more processes Kaspersky Industrial CyberSecurity for Nodes uses, the greater its impact on the general performance of the protected device and RAM usage.
In Kaspersky Security Center Administration Console, you can change the Number of processes for real-time protection setting only for Kaspersky Industrial CyberSecurity for Nodes installed on a stand-alone protected device (using the Application settings window). You cannot modify this setting in the policy settings for a group of protected devices.
Possible values
Possible values: 1-N where N is the value specified using the Maximum number of active processes setting.
You can set the Number of processes for real-time protection setting equal to the maximum number of active processes. This reduces the impact of Kaspersky Industrial CyberSecurity for Nodes on the data exchange rate between the devices and the protected device. This will further improve Real-Time Computer Protection performance. However, update tasks and On-Demand Scan tasks with Medium (Normal) priority will be executed in Kaspersky Industrial CyberSecurity for Nodes processes that are already running. On-Demand Scan tasks will be executed more slowly. If the execution of a task causes an abnormal termination of a process, it will take more time to restart it.
On-Demand Scan tasks with Low priority are always executed in a separate process or processes.
Default value
Kaspersky Industrial CyberSecurity for Nodes handles scalability automatically depending on the number of processors on the protected device:
Number of processes for background On-Demand Scan tasks
Setting
Number of processes for background on-demand scan tasks
Description
This setting belongs to the Scalability settings group in Kaspersky Industrial CyberSecurity for Nodes.
You can use this setting to specify the maximum number of processes which the application will use to run On-Demand Scan tasks in the background mode.
The number of processes specified by this setting is not included in the total number of Kaspersky Industrial CyberSecurity for Nodes processes specified by the Maximum number of active processes setting.
For example, if you specify the following values:
Maximum number of active processes – 3;
Number of processes for Real-Time Computer Protection tasks – 3;
Number of processes for background On-Demand Scan tasks – 1;
and then start Real-Time Computer Protection tasks and one On-Demand Scan task in background mode, the total number of kavfswp.exe processes of Kaspersky Industrial CyberSecurity for Nodes will be 4.
Several On-Demand Scan tasks can be running in one process with low priority.
You can increase the number of processes, for example, if you run several tasks in background mode in order to allocate a separate process for each task. Allocating separate processes for tasks increases the reliability and speed of task execution.
If the Protect application processes from external threats check box is selected, the application protects its processes against code injection or accessing of processes data.
When enabling or disabling the option, no need to restart the application services for changes to apply.
This setting belongs to the Password protection settings group in Kaspersky Industrial CyberSecurity for Nodes. It enables recovery of tasks if they terminate abnormally and defines the number of attempts to recover On-Demand Scan tasks.
When a task crashes, the kavfs.exe process of Kaspersky Industrial CyberSecurity for Nodes attempts to restart the process the task was running at the time of the crash.
If task recovery is disabled, the application does not restore the Real-Time Computer Protection and On-Demand Scan tasks.
If task recovery is enabled, the application attempts to restore the Real-Time Computer Protection tasks until they are started successfully. The application also tries to restore On-Demand Scan tasks using the number of attempts specified in the setting.
Possible values
Enabled / disabled.
The number of attempts to recover On-Demand Scan tasks: 1–10.
Default value
Task recovery is enabled. The number of attempts to recover On-Demand Scan tasks: 2.
This setting determines the actions that Kaspersky Industrial CyberSecurity for Nodes performs when the protected device switches to an uninterruptible power supply.
Possible values
Run or do not run On-Demand Scan tasks to be started according to a schedule.
Perform or stop all active On-Demand Scan tasks.
Default value
By default, if an uninterruptible power supply is used to power the protected device, Kaspersky Industrial CyberSecurity for Nodes:
Does not run On-Demand Scan tasks that run according to a schedule.
Automatically stops all active On-Demand Scan tasks.
When Kaspersky Industrial CyberSecurity for Nodes performs on-demand scan tasks, the time when each scanned file was last accessed is updated. After the scan, Kaspersky Industrial CyberSecurity for Nodes resets the time when the file was last accessed to the initial value.
This behavior can affect the work of backup systems by causing creation of backup copies for files that haven’t been changed. This can also cause false detections in file change tracking applications.
Kaspersky Industrial CyberSecurity for Nodes limits its use of the protected device CPU during on-demand scan tasks to the value specified in the Upper limit (per cent) field.
Enabling of this option can negatively affect the performance of Kaspersky Industrial CyberSecurity for Nodes.
This drop-down list lets you select the level of detail of debug information that Kaspersky Industrial CyberSecurity for Nodes saves to the trace file.
You can select one of the following detail levels:
Critical events – Kaspersky Industrial CyberSecurity for Nodes saves information only about critical events to the trace file.
Errors – Kaspersky Industrial CyberSecurity for Nodes saves information about critical events and errors to the trace file.
Important events – Kaspersky Industrial CyberSecurity for Nodes saves information about critical events, errors, and important events to the trace file.
Informational events – Kaspersky Industrial CyberSecurity for Nodes saves information about critical events, errors, important events, and informational events to the trace file.
All debug information – Kaspersky Industrial CyberSecurity for Nodes saves all debug information to the trace file.
A Technical Support representative determines the detail level required to resolve any issues that arise.
The default level of detail is set to All debug information.
The drop-down list is available if the Write debug information to trace file check box is selected.
Specify the maximum size of trace files.
Specify the maximum number of files for one trace log. Kaspersky Industrial CyberSecurity for Nodes will create up to the maximum number of trace files for each component to be debugged.
A list of codes indicating Kaspersky Industrial CyberSecurity for Nodes components for which the application saves debug information in the trace file. Component codes must be separated by a semicolon. The codes are case sensitive (see table below).
Kaspersky Industrial CyberSecurity for Nodes subsystem codes
Component Code
Name of component
*
All components.
gui
User interface subsystem, Kaspersky Industrial CyberSecurity for Nodes snap-in in Microsoft Management Console.
ak_conn
Subsystem for integrating Network Agent and Kaspersky Security Center.
bl
Control process, implements Kaspersky Industrial CyberSecurity for Nodes control tasks.
wp
Work process, handles anti-virus protection tasks.
blgate
Kaspersky Industrial CyberSecurity for Nodes remote management process.
ods
On-Demand Scan subsystem.
oas
Real-Time File Protection subsystem.
qb
Quarantine and Backup subsystem.
scandll
Auxiliary module for virus scans.
core
Subsystem for basic anti-virus functionality.
avscan
Anti-virus processing subsystem.
avserv
Subsystem for controlling the anti-virus kernel.
prague
Subsystem for basic functionality.
updater
Subsystem for updating databases and software modules.
snmp
SNMP protocol support subsystem.
perfcount
Performance counter subsystem.
The trace settings of the Kaspersky Industrial CyberSecurity for Nodes snap-in (gui) and the Kaspersky Industrial CyberSecurity for Nodes Administration Plug-in for Kaspersky Security Center (ak_conn) are applied after these components are restarted. The trace settings of the SNMP protocol support subsystem (snmp) are applied after the SNMP service is restarted. The trace settings of the performance counters subsystem (perfcount) are applied after all processes that use performance counters are restarted. Trace settings for other Kaspersky Industrial CyberSecurity for Nodes subsystems are applied as soon as the crash diagnostics settings are saved.
By default, Kaspersky Industrial CyberSecurity for Nodes logs debug information for all Kaspersky Industrial CyberSecurity for Nodes components.
The entry field is available if the Write debug information to trace file check box is selected.
If you want the application to create a dump file, select the Create crash dump file check box.
Kaspersky Industrial CyberSecurity for Nodes does not send any trace or dump files automatically. Diagnostics data can only be sent by a user with the corresponding permissions.
In the field below, specify the folder in which Kaspersky Industrial CyberSecurity for Nodes will save the dump file.
Kaspersky Industrial CyberSecurity for Nodes writes information to trace files and the dump files in unencrypted form. The folder where files are saved is selected by the user and is managed by the operating system configuration and Kaspersky Industrial CyberSecurity for Nodes settings. You can configure access permissions and allow only required users to access logs, trace files, and dump files.
Click OK.
Kaspersky Industrial CyberSecurity for Nodes settings are saved.