About the Real-Time File Protection task

When the Real-Time File Protection task is running, Kaspersky Industrial CyberSecurity for Nodes scans the following protected device objects when they are accessed:

• Files.
• NTFS alternate data streams.
• Master boot records and boot sectors on local hard drives and external devices.
• Windows Server 2016 and Windows Server 2019 container files.

When any application writes a file to the protected device or reads a file from it, Kaspersky Industrial CyberSecurity for Nodes intercepts the file, scans it for threats, and, if a threat is detected, performs a default action or an action you have specified: try to disinfect, move to Quarantine, or delete it. Before disinfection or deletion, Kaspersky Industrial CyberSecurity for Nodes saves an encrypted copy of the source file to the Backup folder.

Kaspersky Industrial CyberSecurity for Nodes intercepts file operations, executed in Windows Server 2016 and Windows Server 2019 containers.

A container is an isolated environment, which allows applications to run without direct interaction with the operating system. If container is located in task the task protection scope, Kaspersky Industrial CyberSecurity for Nodes scans container files, which are being accessed by users, for computer threats. When a threat is detected, the application attempts to disinfect the container. If disinfection succeeds, the container continues to work. If disinfection fails, the container is turned off.

Kaspersky Industrial CyberSecurity for Nodes also detects malware for processes running under Windows Subsystem for Linux. For such processes, the Real-Time File Protection task applies action defined by the current configuration.