for Windows and Linux
This component is available if Kaspersky Endpoint Security is installed on a computer that runs on Windows for servers. This component is unavailable if Kaspersky Endpoint Security is installed on a computer that runs on Windows for workstations.
The System Integrity Monitoring component monitors changes in the operating system that may indicate computer security breaches. When such changes are detected, Kaspersky Endpoint Security generates corresponding events and alerts the administrator. System Integrity Monitoring can operate in real-time mode and can also perform system integrity checks on demand.
Kaspersky Endpoint Security scans objects in the specified areas in the order in which these areas appear in the list. If necessary, you can put a subdirectory higher than its parent directory in the list if you need the subdirectory to have security settings independent from the parent directory.
Linux Technical limitations of the Linux operating system do not allow an application to know which user or process made a change to a file.
System Integrity Monitoring settings
|
Settings |
OS |
Description |
|---|---|---|
|
Real-Time System Integrity Monitoring |
|
In real-time mode, System Integrity Monitoring tracks changes in objects that you included in the component's scope (the monitoring scope). System Integrity Monitoring also allows blocking unauthorized access to such objects in real time. |
|
Action on system changes detection |
|
Apply rules. In this mode, System Integrity Monitoring blocks actions with files and registry keys from the monitoring scope, and generates a corresponding event. Test rules (Inform). In this mode, System Integrity Monitoring allows actions with files and registry keys from the monitoring scope, and generates a corresponding event.
|
|
Monitor files and the registry |
|
System Integrity Monitoring monitors changes to files, folders, and registry. |
|
Monitor devices |
|
System Integrity Monitoring monitors connection and disconnection of external devices. |
|
System Integrity Check |
|
On-Demand System Integrity Check is a task that you can run manually or on a schedule. To run the System Integrity Check task, you must configure the scope of the component (the monitoring scope) and create a baseline. A baseline is a recorded state of objects in the system, which the application uses as reference when comparing to the current state. |
|
Monitoring scopes
|
|
The table contains monitoring scopes of the System Integrity Monitoring component. The application monitors files and directories at the paths listed in the table. By default, the table contains the Kaspersky internal objects monitoring scope. |
|
Exclusions scopes |
|
This table contains scan exclusions areas. The application does not monitor files and directories at the paths listed in the table. By default, this table is empty. |
|
Exclusions by mask |
|
You can configure scan exclusions for objects by name mask. The application does not scan files with names containing the specified mask. By default, the mask list is empty. |