Optimizing network directory scanning

To optimize the File Threat Protection task, you can exclude from scans any files being copied from network directories. Files are scanned only after the process of copying to a local directory is finished. To exclude files located in network directories from scans, configure scan exclusion for the utility used to copy files from network directories (for example, for the cp utility).

To configure exclusion of network directories from scans:

  1. Save the File Threat Protection task settings to a file using the following command:

    kics-control --get-settings 1 --file <full path to the configuration file>

  2. Add the [ExcludedForProgram.item_#] section to the created file. The section contains the following settings:
    • ProgramPath – path to the process to be excluded or to the directory with the processes to be excluded.
    • ApplyToDescendants parameter indicates whether the scan should exclude child processes of the excluded process specified by the ProgramPath parameter (possible values: Yes or No).
    • AreaDesc – a description of the process exclusion scope, which contains additional information about the exclusion scope.
    • UseExcludedForProgram parameter indicates whether the scan task should exclude the specified scope (possible values: Yes or No).
    • Path – path to the files or directory with files modified by the process.
    • AreaMask.item_# – file name mask for files to be excluded from the scan scope. You can also specify the full path to the file.

      Example:

      [ExcludedForProgram.item_0000]

      ProgramPath=/usr/bin/cp

      ApplyToDescendants=No

      AreaDesc=

      UseExcludedForProgram=Yes

      Path=AllRemoteMounted

      AreaMask.item_0000=*

  3. Import settings from the configuration file to the File Threat Protection task by using the following command:

    kics-control --set-settings 1 --file <full path to the configuration file>

The application does not scan the files in network directories, but the cp command itself (for the example given above) and local files are scanned.

Page top