Behavior Detection

Support

Support for business applications

Kaspersky Endpoint Security 11 for Linux

Remote application administration using Kaspersky Security Center Web Console and Kaspersky Security Center Cloud Console

Policy settings

Behavior Detection

December 12, 2023

ID 237048

By default, the Behavior Detection component starts when Kaspersky Endpoint Security starts and monitors the malicious activity of the applications in the operating system. When malicious activity is detected, Kaspersky Endpoint Security can terminate the process of the application that performs malicious activity.

This feature is not supported in the KESL container.

Behavior Detection component settings

Setting	Description
Behavior Detection enabled / disabled	This toggle button enables or disables the Behavior Detection component. The check toggle button is switched on by default.
Behavior Detection component operating mode	The action to be performed by Kaspersky Endpoint Security upon detecting malicious activity in the operating system: Notify user. Kaspersky Endpoint Security does not terminate the process that performs malicious activity; it only records the detection of malicious activity in the event log. Block the application that performs malicious activity (default value). Kaspersky Endpoint Security terminates the process that performs malicious activity and logs information about the detected malicious activity.
Exclusions by process	Clicking the Configure exclusions by process link opens the Exclusions by process window. In this window, you can exclude the activity of processes.

Setting

Description

Behavior Detection enabled / disabled

This toggle button enables or disables the Behavior Detection component.

The check toggle button is switched on by default.

Behavior Detection component operating mode

The action to be performed by Kaspersky Endpoint Security upon detecting malicious activity in the operating system:

Notify user. Kaspersky Endpoint Security does not terminate the process that performs malicious activity; it only records the detection of malicious activity in the event log.
Block the application that performs malicious activity (default value). Kaspersky Endpoint Security terminates the process that performs malicious activity and logs information about the detected malicious activity.

Exclusions by process

Clicking the Configure exclusions by process link opens the Exclusions by process window. In this window, you can exclude the activity of processes.

Kaspersky Endpoint Security for Linux: High protection without performance compromising

Detects and blocks advanced threats. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.