Information about the results of File Integrity Monitor operation is displayed in the following ways:
Events in the Kaspersky Security Center Console and in the Kaspersky Endpoint Security interface
Kaspersky Endpoint Security sends an event to Kaspersky Security Center if a change in files is detected. You can configure the event selection to view events from File Integrity Monitor component. For more details on event selection settings, refer to the Kaspersky Security Center Help.
Kaspersky Endpoint Security interface provides a separate report for the File Integrity Monitor component.
Kaspersky Endpoint Security has event aggregation tools to reduce the number of File Integrity Monitor events. Kaspersky Endpoint Security enables event aggregation in the following cases:
As a result, Kaspersky Endpoint Security creates separate events on object modifications until the aggregation tools are triggered. At this point, Kaspersky Endpoint Security enables event aggregation and creates a corresponding event. Kaspersky Endpoint Security performs event aggregation for 24 hours (the aggregation period) or until Kaspersky Endpoint Security is stopped. After restarting Kaspersky Endpoint Security or after the aggregation period is over, the application generates special events: Report on an atypical event for the aggregation period and Report on object change for the aggregation period. These reports contain information about the start and the end of the aggregation period and the number of aggregated events.
Status of the computer in the Kaspersky Security Center Console
When events with severity level Critical or Warning are received from File Integrity Monitor component, Kaspersky Security Center changes the status of the computer to Critical or Warning .
Receiving computer status from a managed application (Device status defined by application condition) should be enabled in Kaspersky Security Center in the lists of conditions that must be met to assign the Critical or Warning status to a device. Conditions for assigning a status to a device are configured in the properties window of the administration group.
Computer status and all reasons for status changes are displayed in the list of devices of the administration group. For more details on computer statuses, refer to the Kaspersky Security Center Help.
Reports in the Kaspersky Security Center Console
Kaspersky Security Center provides two types of reports: