A protection scope is a list of paths to shared folders in which Kaspersky Embedded Systems Security monitors file activity. Kaspersky Embedded Systems Security supports environment variables and the * and ? characters when entering a mask: By default, the application automatically identifies shared folders and tracks file activity in all folders.
Excluding a folder from the protection scope can reduce the amount of false positives if your organization uses data encryption when exchanging files using shared folders. For example, the Behavior Detection component can raise false positives when the user works with files with the ENC extension in a shared folder. Such activity matches a behavioral pattern that is typical for external encryption. If you have encrypted files in a shared folder to protect data, add that folder to exclusions.
You can also exclude computers if you want attempts of external encryption coming from them to be ignored.
In the Kaspersky Security Center Administration Console tree, select the Policies folder.
Select the necessary policy and double-click to open the policy properties.
In the policy properties window, select Real-Time Computer Protection.
In the Behavior Detection section, click Settings.
Select or clear the Behavior Detection check box to enable or disable the component.
Go to the Protection of shared folders tab.
In the Protection scope block, click the Configure button.
In the window that opens, select the Only specified shared folders mode.
Click Add.
This opens a window; in that window, enter the path to the shared folder that you want to include in the protection scope (for example, C:\Share).
To add a shared folder to the protection scope, use a local path.
Click OK.
If necessary, configure exclusions from the protection scope:
In the Exclusions block, click the Configure button.
Click the Add button in the window that opens.
In the displayed window, enter the path to the folder or file.
Use masks:
The * (asterisk) character, which takes the place of any set of characters, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\*\*.txt will include all paths to files with the TXT extension located in folders on the C: drive, but not in subfolders.
Two consecutive * characters take the place of any set of characters (including an empty set) in the file or folder name, including the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\**\*.txt will include all paths to files with the TXT extension located in folders nested within the Folder, except the Folder itself. The mask must include at least one nesting level. The mask C:\**\*.txt is not a valid mask.
The ? (question mark) character, which takes the place of any single character, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\???.txt will include paths to all files residing in the folder named Folder that have the TXT extension and a name consisting of three characters.
You can exclude an object from scanning without removing it from the list of objects in the protection scope. To do so, clear the check box next to the object.
Save your changes. To apply the policy on computers, close the locks .
In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
Click the name of the Kaspersky Embedded Systems Security policy.
The policy properties window opens.
Select the Application settings tab.
Go to Real-Time Computer Protection → Behavior Detection and click the Configure button.
The Behavior Detection window opens.
Use the Enable Behavior Detection check box to enable or disable the component.
Go to the Protection of shared folders tab.
Under Protection scope, select the Only specified shared folders mode.
Click Add.
This opens a window; in that window, enter the path to the shared folder that you want to include in the protection scope (for example, C:\Share).
To add a shared folder to the protection scope, use a local path.
Click OK.
If necessary, configure exclusions from the protection scope:
In the Object to exclude block, click the Add button.
In the displayed window, enter the path to the folder or file.
Use masks:
The * (asterisk) character, which takes the place of any set of characters, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\*\*.txt will include all paths to files with the TXT extension located in folders on the C: drive, but not in subfolders.
Two consecutive * characters take the place of any set of characters (including an empty set) in the file or folder name, including the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\**\*.txt will include all paths to files with the TXT extension located in folders nested within the Folder, except the Folder itself. The mask must include at least one nesting level. The mask C:\**\*.txt is not a valid mask.
The ? (question mark) character, which takes the place of any single character, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\???.txt will include paths to all files residing in the folder named Folder that have the TXT extension and a name consisting of three characters.
You can exclude an object from scanning without removing it from the list of objects in the protection scope. To do so, clear the check box next to the object.
Save your changes. To apply the policy on computers, close the locks .
In the policy properties window, select Real-Time Computer Protection.
In the Behavior Detection section, click Settings.
In the Kaspersky Embedded Systems Security Console tree, select Real-Time Computer Protection → Behavior Detection.
In the results pane of the Behavior Detection node, click Properties.
This opens the Properties:Behavior Detection window.
Select or clear the Behavior Detection check box to enable or disable the component.
Go to the Protection of shared folders tab.
In the Protection scope block, click the Configure button.
In the window that opens, select the Only specified shared folders mode.
In the Protection scope block, click the Add button.
This opens a window; in that window, enter the path to the shared folder that you want to include in the protection scope (for example, C:\Share).
To add a shared folder to the protection scope, use a local path.
Click OK.
If necessary, configure exclusions from the protection scope:
In the Exclusions block, click the Settings button.
In the displayed Exclusions by mask window, click the Add button.
In the displayed window, enter the path to the folder or file.
Use masks:
The * (asterisk) character, which takes the place of any set of characters, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\*\*.txt will include all paths to files with the TXT extension located in folders on the C: drive, but not in subfolders.
Two consecutive * characters take the place of any set of characters (including an empty set) in the file or folder name, including the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\**\*.txt will include all paths to files with the TXT extension located in folders nested within the Folder, except the Folder itself. The mask must include at least one nesting level. The mask C:\**\*.txt is not a valid mask.
The ? (question mark) character, which takes the place of any single character, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\???.txt will include paths to all files residing in the folder named Folder that have the TXT extension and a name consisting of three characters.
You can exclude an object from scanning without removing it from the list of objects in the protection scope. To do so, clear the check box next to the object.
.
.