For System Integrity Monitoring to work, you must add at least one rule. A System Integrity Monitoring rule is a set of criteria that define the access of users to files and the registry. System Integrity Monitoring detects changes in the files and the registry within the specified monitoring scope. The monitoring scope is one of the criteria of a System Integrity Monitoring rule.
System Integrity Monitoring allows monitoring the following objects:
Special considerations involved in file monitoring
System Integrity Monitoring monitors changes in files and folders as well as files being added to the monitoring scope or removed from it. These changes may indicate a computer security breach. We recommend adding rarely modified objects or objects that only the administrator has access to. This helps reduce the number of System Integrity Monitoring events.
Kaspersky Endpoint Security monitors the changes of files and folders only on those disks that were connected when Real-Time System Integrity Monitoring began operating. If a disk was not connected when Real-Time System Integrity Monitoring began operating, the application does not monitor the changes of files and folders on that disk even if the files and folders are added to the monitoring scope.
Special considerations involved in registry monitoring
System Integrity Monitoring monitors the registry. These changes may indicate a computer security breach.
System Integrity Monitoring monitors the following root keys of the registry:
HKCR
HKLM
HKU
HKCC
HKEY_CLASSES_ROOT
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_CURRENT_CONFIG
System Integrity Monitoring does not support the HKEY_CURRENT_USER
key. You can specify a key under HKEY_USERS
as HKEY_USERS\<user profile ID>\<key>
.
Special considerations involved in external device monitoring
System Integrity Monitoring monitors connection and disconnection of external devices. This is necessary to protect the computer from security threats that can result from file exchange with such devices. System Integrity Monitoring does not monitor access to external devices and does not block file exchange. You can configure access to devices using a different application component, Device Control.
System Integrity Monitoring monitors the connection of the following types of external devices: