Support

Support for business applications

Kaspersky Endpoint Security 11 for Linux

Managing the application using the Administration Console

Task settings

System Integrity Monitoring

Kaspersky Endpoint Security 11 for Linux
Нет результатов
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Buy Renew Forum Contact support Recovery tools

System Integrity Monitoring

December 12, 2023

ID 239415

While the System Integrity Monitoring (ODFIM) task is running, each object change is determined by comparing the current state of the monitored objects with its original state, which was previously established as a baseline.

To use the task, a license that includes the corresponding function is required.

This feature is not supported in the KESL container.

The system baseline is created during the first run of the ODFIM task on the device. You can create several ODFIM tasks. For each ODFIM task, a separate baseline is created. The task is performed only if the baseline corresponds to the monitoring scope. If the baseline does not match the monitoring scope, Kaspersky Endpoint Security generates a system integrity violation event.

The baseline is rebuilt after an ODFIM task has finished. You can rebuild a baseline for a task using the corresponding setting. Also, a baseline is rebuilt when the settings of a task change, for example, if a new monitoring scope is added. The baseline will be rebuilt during the next task run. You can delete a baseline by deleting the corresponding ODFIM task.

System Integrity Monitoring task settings

Setting

Description

Rebuild baseline on each task start

This check box enables or disables the reestablishment of a system baseline upon every start of the System Integrity Monitoring task.

This check box is cleared by default.

Use hash for monitoring (SHA-256)

This check box enables or disables use of the SHA-256 hash for the System Integrity Monitoring task.

SHA-256 is a cryptographic hash function that produces a 256-bit hash value. The 256-bit hash value is represented as a sequence of 64 hexadecimal digits.

This check box is cleared by default.

Track directories in monitoring scopes

This check box enables or disables the monitoring of the specified directories while the System Integrity Monitoring task is running.

This check box is cleared by default.

Track last file access time

This check box enables or disables tracking the file access time while the System Integrity Monitoring task runs.

This check box is cleared by default.

Monitoring scopes

The group of settings contains the Configure button. Clicking this button opens the Scan scopes window.

In the Exclusion scopes section, you can also configure monitoring exclusion scopes and exclusions by mask for the System Integrity Monitoring task.

Kaspersky Endpoint Security for Linux: High protection without performance compromising
Detects and blocks advanced threats. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.