Optimizing network directory scanning
December 12, 2023
ID 235226
To optimize the File Threat Protection task, you can exclude from scans any files being copied from network directories. Files are scanned only after the process of copying to a local directory is finished. To exclude files located in network directories from scans, configure scan exclusion for the utility used to copy files from network directories (for example, for the cp utility).
To configure exclusion of network directories from scans:
- Save the File Threat Protection task settings to a file using the following command:
kesl-control --get-settings 1 --file <full path to configuration file> - Add the
[ExcludedForProgram.item_#]section to the created file. This section contains the following settings:ProgramPath– path to the process to be excluded or to the directory with the processes to be excluded.ApplyToDescendantsparameter indicates whether the scan should exclude child processes of the excluded process specified by theProgramPathparameter (possible values:YesorNo).AreaDesc– a description of the process exclusion scope, which contains additional information about the exclusion scope.UseExcludedForProgramparameter indicates whether the scan task should exclude the specified scope (possible values:YesorNo).Path– path to the files or directory with files modified by the process.AreaMask.item_#is the file name mask for the files to be excluded from the scan. You can also specify the full path to the file.Example:
[ExcludedForProgram.item_0000]ProgramPath=/usr/bin/cpApplyToDescendants=NoAreaDesc=UseExcludedForProgram=YesPath=AllRemoteMountedAreaMask.item_0000=*
- Import settings from the configuration file to the File Threat Protection task by using the following command:
kesl-control --set-settings 1 --file <full path to configuration file>
The application does not scan the files in network directories, but the cp command itself (for the example given above) and local files are scanned.
