When the Real-Time File Protection task is running, Kaspersky Industrial CyberSecurity for Nodes scans the following protected device objects when they are accessed:
When any application writes a file to the protected device or reads a file from it, Kaspersky Industrial CyberSecurity for Nodes intercepts the file, scans it for threats, and, if a threat is detected, performs a default action or an action you have specified: try to disinfect, move to Quarantine, or delete it. Before disinfection or deletion, Kaspersky Industrial CyberSecurity for Nodes saves an encrypted copy of the source file to the Backup folder.
Kaspersky Industrial CyberSecurity for Nodes intercepts file operations, executed in Windows Server 2016 and Windows Server 2019 containers.
A container is an isolated environment, which allows applications to run without direct interaction with the operating system. If container is located in task the task protection scope, Kaspersky Industrial CyberSecurity for Nodes scans container files, which are being accessed by users, for computer threats. When a threat is detected, the application attempts to disinfect the container. If the attempt is successful, the container continues to work; if disinfection fails, the container is shut down.
Kaspersky Industrial CyberSecurity for Nodes also detects malware for processes running under Windows Subsystem for Linux®. For such processes, the Real-Time File Protection task applies action defined by the current configuration.
Page top