Behavior Detection

By default, the Behavior Detection component starts when Kaspersky Industrial CyberSecurity for Linux Nodes starts and monitors malicious activity in the operating system. When malicious activity is detected, Kaspersky Industrial CyberSecurity for Linux Nodes can terminate the application process that is performing malicious activity.

Behavior Detection setting

Setting

Description

Behavior Detection enabled / disabled

This toggle switch enables or disables the Behavior Detection component.

The check toggle button is switched on by default.

Behavior Detection component operating mode

Action performed when malicious activity is detected in the operating system.

  • Block the application performing malicious activity. Kaspersky Industrial CyberSecurity for Linux Nodes terminates the application process and logs information about the detected malicious activity.
  • Inform user (default value). Kaspersky Industrial CyberSecurity for Linux Nodes does not terminate the process performing malicious activity. It only records detection of malicious activity in the event log.

Exclusions by process

Clicking the Configure exclusions by process link opens the Exclusions by process window. In this window, you can exclude the activity of processes.

Page top