System Integrity Monitoring

This component is available if Kaspersky Endpoint Security is installed on a computer that runs on Windows for servers. This component is unavailable if Kaspersky Endpoint Security is installed on a computer that runs on Windows for workstations.

Starting with version 12.6, Kaspersky Endpoint Security for Windows includes the System Integrity Monitoring component instead of the File Integrity Monitor component. System Integrity Monitoring component includes all functionality of File Integrity Monitor and additionally allows to monitor registry changes and connection of external devices.

The System Integrity Monitoring component monitors changes in the operating system that may indicate computer security breaches. When such changes are detected, Kaspersky Endpoint Security generates corresponding events and alerts the administrator. System Integrity Monitoring can operate in real-time mode and can also perform system integrity checks on demand.

Real-Time System Integrity Monitoring

In real-time mode, System Integrity Monitoring tracks changes in objects that you included in the component's scope (the monitoring scope). System Integrity Monitoring also allows blocking unauthorized access to such objects in real time.

On-Demand System Integrity Check

On-Demand System Integrity Check is a task that you can run manually or on a schedule. To run the System Integrity Check task, you must configure the scope of the component (the monitoring scope) and create a baseline. A baseline is a recorded state of objects in the system, which the application uses as reference when comparing to the current state.

System Integrity Monitoring settings

Parameter

Description

Operating mode

  • Protect the system against changes by rules. In this mode, System Integrity Monitoring blocks actions with files and registry keys from the monitoring scope, and generates a corresponding event.
  • Test mode: do not block, log only. In this mode, System Integrity Monitoring allows actions with files and registry keys from the monitoring scope, and generates a corresponding event.

Real-Time System Integrity Monitoring

In real-time mode, System Integrity Monitoring tracks changes in objects that you included in the component's scope (the monitoring scope). System Integrity Monitoring also allows blocking unauthorized access to such objects in real time.

Monitor devices

System Integrity Monitoring monitors connection and disconnection of external devices.

Monitor files and the registry

System Integrity Monitoring monitors changes to files, folders, and registry.

System Integrity Check

On-Demand System Integrity Check is a task that you can run manually or on a schedule. To run the System Integrity Check task, you must configure the scope of the component (the monitoring scope) and create a baseline. A baseline is a recorded state of objects in the system, which the application uses as reference when comparing to the current state.

Page top