Support

Support for business applications

Kaspersky Endpoint Security 11 for Linux

Appendices

Appendix 1. Resource consumption optimization

Configuring the File Threat Protection task

Kaspersky Endpoint Security 11 for Linux
Нет результатов
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Buy Renew Forum Contact support Recovery tools

Configuring the File Threat Protection task

December 12, 2023

ID 248490

If, after analysis of the File Threat Protection task's operation, you have created a list of directories and files that can be excluded from the scan scope, you need to add them to the exclusions.

Scan exclusions

To exclude the /tmp/logs directory and all subdirectories and files recursively, execute the following command:

kesl-control --set-settings 1 --add-exclusion /tmp/logs

To exclude a specific file or files by mask in the /tmp/logs directory, execute the following command:

kesl-control --set-settings 1 --add-exclusion /tmp/logs/*.log

To exclude all files with the .log extension in the /tmp/ directory and subdirectories using a recursive mask, execute the following command:

kesl-control --set-settings 1 --add-exclusion /tmp/**/*.log

Interception exclusions

If you want to exclude files in a certain directory not only from scan, but also from interception, you can exclude the entire mount point.

To exclude an entire mount point:

  1. If the directory is not a mount point, create a mount point from it. For example, to create a mount point from the /tmp directory, execute the following command:

    mount --bind /tmp/ /tmp

  2. To keep the mount point after the server reboot, add the following line to the /etc/fstab file:

    /tmp /tmp none defaults,bind 0 0

  3. Add the /tmp directory to the global exceptions by executing the following command:

    kesl-control --set-app-settings ExcludedMountPoint.item_0000=/tmp

  4. If you want to add several directories, increase the item_0000 counter by one (item_0001, item_0002, and so on).

It is also recommended to exclude mount points that are mounted remote resources with unstable or slow connection.

Changing scan type

By default, the File Threat Protection task can scan files when they are opened or closed. If analysis of the File Threats Protection task's operation shows that too many files are being written, you can change the file interceptor mode so that it works only when the files are opened by executing the following command:

kesl-control --set-set 1 ScanByAccessType=Open

In this operation mode, changes made to the file after it is opened are not scanned until the next opening of the file.

Kaspersky Endpoint Security for Linux: High protection without performance compromising
Detects and blocks advanced threats. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.