Description of general container scan settings

Support

Support for business applications

Kaspersky Endpoint Security 11 for Linux

Managing the application using the command line

General application settings

Description of general container scan settings

December 12, 2023

ID 234889

This section describes the values of the general container and namespace scan settings (see the table below). Integration with Docker container management system, CRI-O framework, and Podman and runc utilities is supported.

The application does not scan namespaces and containers unless components for working with containers and namespaces are installed in the operating system. Moreover, when viewing application information in the Container monitoring row, "The task is available and not running" is displayed. Namespace and container scans can be enabled using the NamespaceMonitoring setting described in the general application settings.

General container and namespace scan settings

Setting	Description	Values
`OnAccessContainerScanAction`	Action to be performed on a container when an infected object is detected. This setting is available when using the application under a license that supports this function. For scanning, the settings of the File Threat Protection task are used. The action performed on a container when an infected object is detected also depends on the File Threat Protection task settings (see the table below).	`StopContainerIfFailed` (default value) — Stop the container if an infected object cannot be disinfected or deleted. `StopContainer` — Stop the container when an infected object is detected. `Skip` — Do not perform any action on containers when an infected object is detected.
`UseDocker`	Use the Docker environment.	`Yes` (default value) — Use the Docker environment. `No` — Do not use the Docker environment.
`DockerSocket`	Docker socket path or URI (Universal Resource Identifier).	Default value: /var/run/docker.sock.
`UseCrio`	Use the CRI-O environment.	`Yes` (default value) — Use the CRI-O environment. `No` — Do not use the CRI-O environment.
`CrioConfigFilePath`	Path to the CRI-O configuration file.	Default value: /etc/crio/crio.conf.
`UsePodman`	Use the Podman utility.	`Yes` (default value) — Use the Podman utility. `No` — Do not use the Podman utility.
`PodmanBinaryPath`	Path to the Podman utility executable file.	Default value: /usr/bin/podman.
`PodmanRootFolder`	Path to the root directory of the container storage.	Default value: /var/lib/containers/storage.
`UseRunc`	Use the runc utility.	`Yes` (default value) — Use the runc utility. `No` — Do not use the utility.
`RuncBinaryPath`	Path to the runc utility executable file.	Default value: /usr/bin/runc.
`RuncRootFolder`	Path to the root directory of the container state storage.	Default value: /run/runc-ctrs.

Actions performed on a container when an infected object is detected may vary depending on the specified values of the FirstAction and SecondAction settings of the File Threat Protection task and on the value of the InterceptorProtectionMode setting, one of the general application settings (see the table below).

Dependence of actions performed on containers on the specified actions performed on infected objects

Value of the FirstAction / SecondAction or the InterceptorProtectionMode setting	Action performed on the container when the StopContainerIfFailed action is selected
`Disinfect`	Stop the container if disinfection of an infected object fails.
`Remove`	Stop the container if an infected object removal fails.
`Block` or `Notify`	Do not perform any action on containers when an infected object is detected.

Kaspersky Endpoint Security for Linux: High protection without performance compromising

Detects and blocks advanced threats. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.