Behavior Detection

Support

Support for business applications

Kaspersky Embedded Systems Security for Linux

Managing the application using the Administration Console

Policy settings

Behavior Detection

February 15, 2024

ID 237053

By default, the Behavior Detection component starts when Kaspersky Embedded Systems Security starts and monitors the malicious activity of the applications in the operating system. When malicious activity is detected, Kaspersky Embedded Systems Security can terminate the process of the application that performs malicious activity.

Behavior Detection component settings

Setting	Description
Enable Behavior Detection	This check box enables or disables the Behavior Detection component. The check box is selected by default.
Behavior Detection component operating mode	The action to be performed by Kaspersky Embedded Systems Security upon detecting malicious activity in the operating system: Block the application that performs malicious activity (default value). Kaspersky Embedded Systems Security terminates the process that performs malicious activity and logs information about the detected malicious activity. Notify user. Kaspersky Embedded Systems Security does not terminate the process that performs malicious activity; it only records the detection of malicious activity in the event log.
Use exclusions by process	This check box enables or disables exclusions by process in the operation of the Behavior Detection component. This check box is cleared by default. The Configure button opens the Exclusions by process window. In this window, you can exclude the activity of processes.

Setting

Description

Enable Behavior Detection

This check box enables or disables the Behavior Detection component.

The check box is selected by default.

Behavior Detection component operating mode

The action to be performed by Kaspersky Embedded Systems Security upon detecting malicious activity in the operating system:

Block the application that performs malicious activity (default value). Kaspersky Embedded Systems Security terminates the process that performs malicious activity and logs information about the detected malicious activity.
Notify user. Kaspersky Embedded Systems Security does not terminate the process that performs malicious activity; it only records the detection of malicious activity in the event log.

Use exclusions by process

This check box enables or disables exclusions by process in the operation of the Behavior Detection component.

This check box is cleared by default.

The Configure button opens the Exclusions by process window. In this window, you can exclude the activity of processes.

Kaspersky Professional Services

Implementation services. Health check and security system configuration. Contact us if you need expert help.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.