About the Trusted Zone
August 3, 2023
The Trusted Zone is a list of exclusions from the protection or scan scope that you can create and apply in Real-Time File Protection tasks, as well as in On-Demand Scan tasks.
If you selected the Add Microsoft recommended files to exclusions list and Add Kaspersky recommended files to exclusions list check boxes when installing Kaspersky Industrial CyberSecurity for Nodes, Kaspersky Industrial CyberSecurity for Nodes adds files recommended by Microsoft and Kaspersky for Real-Time Computer Protection tasks to the Trusted Zone.
You can create a Trusted Zone in Kaspersky Industrial CyberSecurity for Nodes according to the following rules:
- Exclusions. Objects specified by their location and / or an object detected inside them are placed in the Trusted Zone.
- Trusted processes. Objects sensitive to application processes' interception of file operations are placed in the Trusted Zone.
- Backup operations. Objects accessed in order to backup hard drives to external devices are placed in the Trusted Zone.
The Trusted Zone is applied in Real-Time File Protection and On-Demand Scan tasks by default.
The list of rules for generating the Trusted Zone can be exported to an XML configuration file in order to then import it into Kaspersky Industrial CyberSecurity for Nodes running on another protected device.
Applies to Real-Time File Protection and On-Demand Scan tasks.
You can select tasks for which you want to use every exclusion added to the Trusted Zone. Also, you can exclude objects from scans in the security level settings of every single Kaspersky Industrial CyberSecurity for Nodes task.
You can add exclusions to the Trusted Zone by their location on the protected device, by name or name mask of the object detected, or by using both criteria.
Based on the exclusion, Kaspersky Industrial CyberSecurity for Nodes can skip objects while performing the specified tasks according to the following settings:
- Specified objects detectable by name or name mask in the specified areas of the protected device.
- All detectable objects in the specified areas of the protected device.
- Specified detectable objects by name or name mask within the entire protection or scan scope.
They can be used in the Real-Time File Protection, Applications Launch Control, File Integrity Monitor, and Registry Access Monitor tasks.
Some applications on the protected device may be unstable if the files that they access are intercepted by Kaspersky Industrial CyberSecurity for Nodes. Such applications include, for example, system domain controller applications.
To avoid disrupting the operation of such applications, you can disable protection of files accessed by the running processes of these applications (thereby creating a list of trusted processes within the Trusted Zone).
Microsoft Corporation recommends excluding some Microsoft Windows operating system files and Microsoft application files from Real-Time File Protection as programs that cannot be infected. The names of some of these are listed on the Microsoft website (article code: KB822158).
You can enable or disable the use of trusted processes in the Trusted Zone.
If an executable file is modified, for example, through an update, Kaspersky Industrial CyberSecurity for Nodes will exclude it from the list of trusted processes.
The application does not use the file's path on a protected device to trust the process. The path to the file on the protected computer is used only to search for the file, calculate a checksum, and provide the user with the information about the source of the executable file.
Applies to Real-Time Computer Protection tasks.
When data stored on hard drives is backed up to external devices, you can disable protection of objects that are accessed during the backup operations. Kaspersky Industrial CyberSecurity for Nodes will scan objects which the backup application opens for reading with the FILE_FLAG_BACKUP_SEMANTICS attribute.