Other types of monitored events

Kaspersky Security System is called not only during interactions of entities, but also in the following cases:

• Entity startup
• Entity query via the security interface

Entity startup

When one entity (such as Einit) makes a system call to start another entity (App), Kaspersky Security System checks whether the startup of this entity is allowed by security policies:

Query via the security interface

Entities can directly query Kaspersky Security System via the security interface. Security interface methods return a decision of either "allowed" or "denied".

Queries over the security interface are different from other controlled events because Kaspersky Security System returns a decision to the entity instead of the kernel. For this reason, the entity is solely responsible for applying the decision.

Thus, Kaspersky Security System controls four types of events (interactions):

1. Entity startup.
2. Send request.
3. Send response.
4. Query via the security interface.

Page top