Support

Support for business applications

Kaspersky Endpoint Security 11 for Windows

Computer control

File Integrity Monitor

Viewing system integrity information

Kaspersky Endpoint Security 11 for Windows
Нет результатов
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Buy Renew Forum Contact support Recovery tools Product videos

Viewing system integrity information

April 25, 2024

ID 237451

Get as PDF

Information about the results of File Integrity Monitor operation is displayed in the following ways:

Events in the Kaspersky Security Center Console and in the Kaspersky Endpoint Security interface

Kaspersky Endpoint Security sends an event to Kaspersky Security Center if a change in files is detected. You can configure the event selection to view events from File Integrity Monitor component. For more details on event selection settings, refer to the Kaspersky Security Center Help.

Kaspersky Endpoint Security interface provides a separate report for the File Integrity Monitor component.

Kaspersky Endpoint Security has event aggregation tools to reduce the number of File Integrity Monitor events. Kaspersky Endpoint Security enables event aggregation in the following cases:

  • too frequent changes to a single object (more than five times per minute)
  • too frequent triggering of a single monitoring rule (more than 10 times per minute)

As a result, Kaspersky Endpoint Security creates separate events on object modifications until the aggregation tools are triggered. At this point, Kaspersky Endpoint Security enables event aggregation and creates a corresponding event. Kaspersky Endpoint Security performs event aggregation for 24 hours (the aggregation period) or until Kaspersky Endpoint Security is stopped. After restarting Kaspersky Endpoint Security or after the aggregation period is over, the application generates special events: Report on an atypical event for the aggregation period and Report on object change for the aggregation period. These reports contain information about the start and the end of the aggregation period and the number of aggregated events.

Status of the computer in the Kaspersky Security Center Console

When events with severity level Critical or Warning are received from File Integrity Monitor component, Kaspersky Security Center changes the status of the computer to Critical or Warning .

Receiving computer status from a managed application (Device status defined by application condition) should be enabled in Kaspersky Security Center in the lists of conditions that must be met to assign the Critical or Warning status to a device. Conditions for assigning a status to a device are configured in the properties window of the administration group.

Computer status and all reasons for status changes are displayed in the list of devices of the administration group. For more details on computer statuses, refer to the Kaspersky Security Center Help.

Reports in the Kaspersky Security Center Console

Kaspersky Security Center provides two types of reports:

  • Top 10 devices with File Integrity Monitor / System Integrity Monitoring rules most frequently triggered.
  • Top 10 rules of File Integrity Monitor / System Integrity Monitoring that were triggered on devices most frequently.

Kaspersky Endpoint Security for Windows: Detection of advanced threats
Control systems which prevent damage from the sensitive data theft. Management from a single console. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.