Kaspersky Embedded Systems Security 3.x

About the Trusted Zone

October 25, 2023

ID 150462

The Trusted Zone is a list of exclusions from the protection or scan scope that you can generate and apply to On-Demand Scan and Real-Time File Protection tasks, newly created custom On-Demand Scan tasks, and all system On-Demand Scan tasks, except for the Quarantine Scan task.

The Trusted Zone is applied in Real-Time File Protection and On-Demand Scan tasks by default.

The list of rules for generating the Trusted Zone can be exported to an XML configuration file in order to then import it into Kaspersky Embedded Systems Security for Windows running on another protected device.

Trusted processes

Applies to the Real-Time File Protection tasks.

Some applications on the protected device may be unstable if the files that they access are intercepted by Kaspersky Embedded Systems Security for Windows. Such applications include, for example, system domain controller applications.

To avoid disrupting the operation of such applications, you can disable protection of files accessed by the running processes of these applications (thereby creating a list of trusted processes within the Trusted Zone).

Microsoft Corporation recommends excluding some Microsoft Windows operating system files and Microsoft application files from Real-Time File Protection as programs that cannot be infected. The names of some of these are listed on the Microsoft website (article code: KB822158).

You can enable or disable the use of trusted processes in the Trusted Zone.

If an executable file is modified, for example, through an update, Kaspersky Embedded Systems Security for Windows will exclude it from the list of trusted processes.

The application does not use the file's path on a protected device to trust the process. The path to the file on the protected device is used only to search for the file, calculate a checksum, and provide the user with the information about the source of the executable file.

Backup operations

Applies to Real-Time Computer Protection tasks.

When data stored on hard drives is backed up to external devices, you can disable protection of objects that are accessed during the backup operations. Kaspersky Embedded Systems Security for Windows will scan objects which the backup application opens for reading with the FILE_FLAG_BACKUP_SEMANTICS attribute.


  • Applies to Real-Time File Protection tasks.
  • All detectable objects in the specified areas of the protected device.
  • Specified detectable objects by name or name mask within the entire protection or scan scope.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.