The Real-Time File Protection component of Kaspersky Industrial CyberSecurity for Nodes scans the following protected device objects when they are accessed:
When any application writes or reads a file on the protected device, Kaspersky Industrial CyberSecurity for Nodes intercepts the file, scans it for threats, and, if a threat is detected, performs a default action or an action you have specified: try to disinfect, move to Quarantine, or delete it. Before disinfection or deletion, Kaspersky Industrial CyberSecurity for Nodes saves an encrypted copy of the source file to the Backup folder.
Kaspersky Industrial CyberSecurity for Nodes intercepts file operations, executed in Windows Server 2016 and Windows Server 2019 containers.
A container is an isolated environment, which allows applications to run without direct interaction with the operating system. If container is located in the component protection scope, Kaspersky Industrial CyberSecurity for Nodes scans container files, which are being accessed by users, for computer threats. When a threat is detected, the application attempts to disinfect the container. If disinfection succeeds, the container continues to work. If disinfection fails, the container is turned off.
Kaspersky Industrial CyberSecurity for Nodes also detects malware for processes running under Windows Subsystem for Linux®. For such processes, the Real-Time File Protection component applies action defined by the current configuration.