Checking system integrity by schedule or on demand

You can use the System Integrity Check task to check system integrity on protected virtual machines.

You can create and configure the System Integrity Check task for protected virtual machines that are included in the administration group, using Kaspersky Security Center Administration Console or using the Web Console. You can configure the System Integrity Check task for one virtual machine in the local interface of Light Agent for Windows.

For successful completion of the task, the baseline must fully match the System Integrity Check scope when the System Integrity Check task is started. If the composition of objects whose state was recorded in the baseline differs from the composition of objects that are within the System Integrity Check scope, the System Integrity Check task ends with an error.

To check the system integrity on the virtual machines using the Administration Console:

  1. Open Kaspersky Security Center Administration Console.
  2. Do one of the following:
    • To create a task for the virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree, and in the workspace, select the Tasks tab.
    • To create a task for one or more virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
  3. Click the New task button to start the New Task Wizard.
  4. At the first step of the Wizard, select the type of task. To do so, in the Kaspersky Security for Virtualization 5.2 Light Agent for Windows list, select System Integrity Check.

    Proceed to the next step of the New Task Wizard.

  5. If you started the New Task Wizard from the Tasks folder, specify the method of selecting the virtual machines for which you are creating the task. You can select virtual machines from the list of virtual machines discovered by the Administration Server, manually specify the addresses of virtual machines, import a list of virtual machines from a file, or specify a previously configured selection of devices (for details, please refer to the Kaspersky Security Center help). Depending on the specified method of selection of virtual machines, perform one of the following operations in the window that opens:
    • In the list of detected virtual machines, specify the virtual machines for which you want to create the task. To do so, select check boxes in the list on the left of the name of the relevant virtual machine.
    • Click the Add or Add IP range button and enter the addresses of virtual machines manually.
    • Click the Import button, and in the window that opens select a TXT file with the list of addresses of virtual machines.
    • Click Browse and in the window that opens specify the name of the selection containing the virtual machines for which you want to create the task.

    Proceed to the next step of the New Task Wizard.

  6. In the Scheduled start drop-down list, select Manually.

    Proceed to the next step of the New Task Wizard.

  7. In the Name field, enter the name of the System Integrity Check task.

    Proceed to the next step of the New Task Wizard.

  8. If you want the task to start as soon as the New Task Wizard finishes, select the Run task when the wizard is complete check box.

    When the task is run with the default settings, the application performs a System Integrity Check in Full scan mode (all attributes of files and file contents are analyzed when checking for modifications in files).

    Finish the wizard.

    The created custom scan task appears in the list of tasks.

  9. If you want the application to analyze only the attributes of files and not file contents when checking for modifications in files, change the task settings as follows:
    1. Double-click to open the properties window of the created task.
    2. Go to the Settings section and select the Quick Scan option.
    3. Click OK.
  10. Start the System Integrity Check task.

System Integrity Check runs on each virtual machine that you specified in task settings. You can view its execution results in the Administration Console.

To check the system integrity on the virtual machines using the Web Console:

  1. Create a task of the System Integrity Check type following the instructions of the wizard. The task is created with the default settings.

    As a result of the task execution, the application performs a System Integrity Check in Full scan mode (all file attributes and file contents are analyzed when checking for modifications of files).

  2. If you want the application to analyze only the file attributes and to skip the contents of files when checking for modifications of files, at the last step of the wizard, select the Open task properties window after creation check box and close the wizard.
  3. In the task properties window, on the Application settings tab, select the Quick Scan option and click the Save button to save the changes.
  4. Start the System Integrity Check task.

System Integrity Check runs on each virtual machine that you specified in task settings. You can view its execution results in the Web Console.

To check the system integrity on a virtual machine in the Light Agent for Windows local interface:

  1. If necessary, configure the settings of the System Integrity Check task. To do this, perform the following actions:
    1. On the protected virtual machine, open the application settings window.
    2. In the left part of the window, in the Scheduled tasks section, select the System Integrity Check section.

      The right part of the window displays the System Integrity Check task settings.

      If the System Integrity Check section is absent, this means that the display and management of local tasks is denied by the policy for all protected virtual machines of the administration group. You can enable or disable the display and management of local tasks in the Light Agent for Windows policy (Advanced settings subsection in the Other settings) section.

    3. Select the scan mode:
      • Full scan – all attributes of files and file contents are analyzed when checking for modifications in files. This option is selected by default.
      • Quick Scan – only the attributes of files are analyzed when checking for modifications in files; file contents are not checked.
    4. If necessary, change the task run mode. You are advised to use the Manually run mode. This mode is selected by default.
    5. To save changes, click the Save button.
  2. Start the System Integrity Check task.
Page top