Configuring the system integrity monitoring scope and the System Integrity Check scope

For correct operation of the System Integrity Monitoring component, you must configure the scope of the component, i.e. select the objects whose status must be tracked by the System Integrity Monitoring component. The scope is configured in the Light Agent for Windows policy or in the local interface of Light Agent for Windows.

You can configure the System Integrity Monitoring scope for real-time operation of the component and configure a separate System Integrity Check scope by schedule or on demand. This scope is also used for the baseline update task. If the scope of the System Integrity Check is not defined, the system integrity monitoring scope is applied for the System Integrity Check task and the baseline update task.

This section describes how to configure the Integrity Control component scope using the Administration Console and the Light Agent for Windows local interface. You can also configure the Integrity Control scope settings using the Web Console when creating or modifying the Light Agent for Windows policy settings (Application Settings → Endpoint control → System Integrity Monitoring).

To configure the scope of the System Integrity Monitoring component in the Administration Console:

1. Open Kaspersky Security Center Administration Console.
2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
3. In the workspace, select the Policies tab.
4. Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
5. In the policy properties window, select the System Integrity Monitoring section in the list on the left.
6. In the right part of the window, in the System Integrity Monitoring scope section, configure the System Integrity Monitoring real-time scope:
   1. Select the Monitor devices check box if you want System Integrity Monitoring to track when external devices are connected on the protected virtual machine in real time.
   2. In the drop-down list, select the importance level for events generated by the System Integrity Monitoring component when it detects the connection of an external device. By default, an Informational event is generated.
   3. Select the Monitor files and the registry check box if you want the System Integrity Monitoring component to track changes made to files and the registry on the protected virtual machine in real time.
   4. Click the Settings button.
   5. In the System Integrity Monitoring rules window that appears, create a list of rules that are applied when the Real-Time System Integrity Monitoring component is running.

      You can perform the following actions when configuring System Integrity Monitoring rules:

      • Add or edit rules.
      • Import and export rules.
      • Enable or disable rules.
      • Delete rules.
   6. In the System Integrity Monitoring rules window, click OK.
7. If you want to configure a separate scope for an integrity check by schedule or on demand, perform the following actions in the System Integrity Check scope section:
   1. Select the Define System Integrity Check scope check box.

      The System Integrity Check scope settings group will appear under the check box.

   2. Configure the settings in the System Integrity Check scope section as described in step 6 of these instructions. These settings will be applied when the System Integrity Check task and baseline update task are performed.
8. Click the Apply button.

To configure the scope of the System Integrity Monitoring component in the local interface:

1. On the protected virtual machine, open the application settings window.
2. In the left part of the window, in the Endpoint control section, select the System Integrity Monitoring section.

   In the right part of the window, the System Integrity Monitoring component settings are displayed.

   If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.

3. To configure the System Integrity Monitoring scope in real time, perform the following actions in the System Integrity Monitoring settings section:
   1. Select the Monitor devices check box located under the name of the System Integrity Monitoring settings section if you want System Integrity Monitoring to track when external devices are connected on the protected virtual machine in real time.
   2. In the drop-down list, select the importance level for events generated by the System Integrity Monitoring component when it detects the connection of an external device. By default, an Informational event is generated.
   3. Select the Monitor files and the registry check box located in the upper part of the System Integrity Monitoring settings section if you want the System Integrity Monitoring component to track changes made to files and the registry on the protected virtual machine in real time.
   4. Complete steps 6d-6f of the previous instructions.
4. If you want to configure a separate scope for a system integrity check by schedule or on demand, perform the following actions in the System Integrity Monitoring settings section:
   1. Select the Define System Integrity Check scope check box.

      A settings section appears under the check box.

   2. Configure the settings in the section as described in step 6 of the previous instructions. These settings will be applied when the System Integrity Check task and baseline update task are performed.
5. To save changes, click the Save button.