During the Baseline File Integrity Monitor task, Kaspersky Industrial CyberSecurity for Nodes does not check locked files, folders, file shortcuts and cloud files.
The Baseline File Integrity Monitor task monitors the integrity of files in the monitoring scope by comparing the files' hash (MD5 hash or SHA256 hash) to a baseline.
On the first Baseline File Integrity Monitor task run, Kaspersky Industrial CyberSecurity for Nodes creates a baseline by calculating and storing hash for files in the task's monitoring scope. If a Baseline File Integrity Monitor task monitoring scope was changed, Kaspersky Industrial CyberSecurity for Nodes updates the baseline on the next Baseline File Integrity Monitor task run by calculating and storing hash for files in the task's monitoring scope. If a Baseline File Integrity Monitor task was deleted, Kaspersky Industrial CyberSecurity for Nodes deletes the baseline for this Baseline File Integrity Monitor task.
You can delete a baseline without deleting the Baseline File Integrity Monitor task by using the command line.
The Baseline File Integrity Monitor task tracks the following changes of files in the monitoring scope:
The Baseline File Integrity Monitor task does not track changes to file's attributes and alternative streams.
If a file or a folder is inaccessible, Kaspersky Industrial CyberSecurity for Nodes will not add this file or folder to the baseline during the baseline creation and will create an event about a failure to calculate file's checksum during the run of the Baseline File Integrity Monitor task.
A file or a folder may be inaccessible for the following reasons: