Behavior Detection

Support

Support for business applications

Kaspersky Endpoint Security 11 for Linux

Managing the application using the Administration Console

Policy settings

Behavior Detection

December 12, 2023

ID 237053

By default, the Behavior Detection component starts when Kaspersky Endpoint Security starts and monitors the malicious activity of the applications in the operating system. When malicious activity is detected, Kaspersky Endpoint Security can terminate the process of the application that performs malicious activity.

This feature is not supported in the KESL container.

Behavior Detection component settings

Setting	Description
Enable Behavior Detection	This check box enables or disables the Behavior Detection component. The check box is selected by default.
Behavior Detection component operating mode	The action to be performed by Kaspersky Endpoint Security upon detecting malicious activity in the operating system: Block the application that performs malicious activity (default value). Kaspersky Endpoint Security terminates the process that performs malicious activity and logs information about the detected malicious activity. Notify user. Kaspersky Endpoint Security does not terminate the process that performs malicious activity; it only records the detection of malicious activity in the event log.
Use exclusions by process	This check box enables or disables exclusions by process in the operation of the Behavior Detection component. This check box is cleared by default. The Configure button opens the Exclusions by process window. In this window, you can exclude the activity of processes.

Setting

Description

Enable Behavior Detection

This check box enables or disables the Behavior Detection component.

The check box is selected by default.

Behavior Detection component operating mode

The action to be performed by Kaspersky Endpoint Security upon detecting malicious activity in the operating system:

Block the application that performs malicious activity (default value). Kaspersky Endpoint Security terminates the process that performs malicious activity and logs information about the detected malicious activity.
Notify user. Kaspersky Endpoint Security does not terminate the process that performs malicious activity; it only records the detection of malicious activity in the event log.

Use exclusions by process

This check box enables or disables exclusions by process in the operation of the Behavior Detection component.

This check box is cleared by default.

The Configure button opens the Exclusions by process window. In this window, you can exclude the activity of processes.

Kaspersky Endpoint Security for Linux: High protection without performance compromising

Detects and blocks advanced threats. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.