About the Baseline File Integrity Monitor task
During the Baseline File Integrity Monitor task, Kaspersky Embedded Systems Security for Windows does not check locked files, folders, file shortcuts and cloud files.
The Baseline File Integrity Monitor task monitors the integrity of files in the monitoring scope by comparing the files' hash (MD5 hash or SHA256 hash) to a baseline.
On the first Baseline File Integrity Monitor task run, Kaspersky Embedded Systems Security for Windows creates a baseline by calculating and storing hash for files in the task's monitoring scope. If a Baseline File Integrity Monitor task monitoring scope was changed, Kaspersky Embedded Systems Security for Windows updates the baseline on the next Baseline File Integrity Monitor task run by calculating and storing hash for files in the task's monitoring scope. If a Baseline File Integrity Monitor task was deleted, Kaspersky Embedded Systems Security for Windows deletes the baseline for this Baseline File Integrity Monitor task.
You can delete a baseline without deleting the Baseline File Integrity Monitor task by using the command line.
The Baseline File Integrity Monitor task tracks the following changes of files in the monitoring scope:
- the monitoring scope contains file which is not present in the baseline
- the monitoring scope does not contain a file present in the baseline
- the hash of a file in the monitoring scope differs from the hash of this file in a baseline
The Baseline File Integrity Monitor task does not track changes to file's attributes and alternative streams.
If a file or a folder is inaccessible, Kaspersky Embedded Systems Security for Windows will not add this file or folder to the baseline during the baseline creation and will create an event about a failure to calculate file's checksum during the run of the Baseline File Integrity Monitor task.
A file or a folder may be inaccessible for the following reasons:
- the specified path does not exist
- a type of files specified by mask is not present under the specified path
- the specified file is locked
- the specified file is empty