Check the integrity of application components
September 12, 2023
ID 246457
Kaspersky Endpoint Security contains various binary modules in the form of dynamic linked libraries, executable files, configuration files, and interface files. Intruders might replace one or more application executable modules or files with other files containing malicious code. To prevent this, Kaspersky Endpoint Security can check the integrity of the application components. The application checks modules and files for unauthorized changes or corruption. If an application module or file has an incorrect checksum, it is considered to be corrupted.
The integrity of the application components is checked using the integrity_checker utility located in the /Library/Application Support/Kaspersky Lab/KAV/Binaries directory. This tool checks the integrity of the manifest file containing a list of application files whose integrity is critical for correct operation of the application component.
The integrity_check.xml manifest file, which is protected by Kaspersky cryptographic signature, is .located in same directory as the integrity_check_tool (/Library/Application Support/Kaspersky Lab/KAV/Binaries).
Note: Root user account privileges are required to run the integrity check tool.
The integrity check can be performed using the tool that is installed together with the application or using the tool on a certified CD.
To check the integrity of application components, run the following command:
integrity_check_tool -v[|--verify] -m[|--manifest] <file path>
where <file path>
is the path to the manifest file. By default, the tool uses the integrity_check.xml file located in the /Library/Application Support/Kaspersky Lab/KAV/Binaries directory.
You can run the integrity check tool with the following options:
--help
—display Help for tool settings.--version
—display the tool version.--verbose
—expanded output of performed actions and results. If you do not specify this option, the tool displays only errors, objects that did not pass the check, and a summary of scan statistics.-- trace <file path>
—trace debug information to the specified file.
The result of checking each manifest file is displayed next to the name of the manifest file in the following format:
SUCCEEDED
—integrity of the files is confirmed (return code0
)FAILED
—integrity of the files is not confirmed (return code is not0
)