File Integrity Monitor

This component is available if Kaspersky Endpoint Security is installed on a computer that runs on Windows for servers. This component is unavailable if Kaspersky Endpoint Security is installed on a computer that runs on Windows for workstations.

File Integrity Monitor works only on servers with NTFS or ReFS file system.

Starting with version 11.11.0, Kaspersky Endpoint Security for Windows includes the File Integrity Monitor component. File Integrity Monitor detects changes to objects (files and folders) in a given monitoring area. These changes may indicate a computer security breach. When object changes are detected, the application informs the administrator.

To use File Integrity Monitor you need to configure component's scope, i.e. select objects, the state of which should be monitored by the component.

You can view information about the results of File Integrity Monitor operation in Kaspersky Security Center and in the interface of Kaspersky Endpoint Security for Windows.

File Integrity Monitor component settings

Parameter

Description

Event severity level

Kaspersky Endpoint Security logs file modification events whenever a file in the monitoring scope is modified. The following event severity levels are available: Informational, Warning, Critical.

Monitoring scope

List of files and folders that File Integrity Monitor monitors. Kaspersky Endpoint Security supports environment variables and the * and ? characters when entering a mask. For example, C:\Folder\Application\.

Exclusions

List of exclusions from the monitoring scope. Kaspersky Endpoint Security supports environment variables and the * and ? characters when entering a mask. For example, C:\Folder\Application\*.log. Exclusion entries have a higher priority than monitoring scope entries.

Page top