Importing and exporting System Integrity Monitoring rules

You can save the configured list of System Integrity Monitoring rules to a file and import a previously saved list of rules from a file. To import or export a list of rules, you can use a file in XML format.

When configuring the System Integrity Monitoring component settings through Kaspersky Security Center, you can import a list of System Integrity Monitoring rules from templates that are included in the Kaspersky Security application distribution kit. A template contains paths to files and folders, as well as registry keys and values that are used for the operation of a specific application. Rules imported from a template let you track changes associated with the operation of this application.

To import or export a list of System Integrity Monitoring rules in Kaspersky Security Center:

1. Open Kaspersky Security Center Administration Console.
2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
3. In the workspace, select the Policies tab.
4. Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
5. In the policy properties window, select the System Integrity Monitoring section in the list on the left.
6. In the right part of the window, click the Settings button located on the right of the Monitor files and the registry check box in one of the following sections:
   • In the System Integrity Monitoring scope section if you want to configure a Real-Time System Integrity Monitoring rule.
   • In the System Integrity Check scope section if you want to configure a rule for the System Integrity Check task and baseline update task.
7. If you want to import a list of System Integrity Monitoring rules, in the System Integrity Monitoring rules window that opens, click the Import button and do one of the following:
   • To import a rule from a template, select From template in the drop-down list. Then in the window that opens, select the template name and click OK.

     The rule from the selected template will be added to the list of rules in the System Integrity Monitoring rules window.

   • To import rules from a file, in the drop-down list select From file and specify the path to the XML file in the opened window.

     Rules from the selected file will be added to the list of rules in the System Integrity Monitoring rules window.

8. If you want to export the list of System Integrity Monitoring rules, click the Export button and specify the path to the file in which you want to save the list of rules.
9. In the System Integrity Monitoring rules window, click OK.
10. Click the Apply button.

To import or export a list of System Integrity Monitoring rules in the local interface:

1. On the protected virtual machine, open the application settings window.
2. In the left part of the window, in the Endpoint control section, select the System Integrity Monitoring section.

   In the right part of the window, the System Integrity Monitoring component settings are displayed.

   If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.

3. Do one of the following:
   • Click the Settings button located on the right of the Monitor files and the registry check box in the upper part of the System Integrity Monitoring settings section if you want to configure a Real-Time System Integrity Monitoring rule.
   • Click the Settings button located on the right of the Monitor files and the registry check box in the lower part of the System Integrity Monitoring settings section if you want to configure a rule for the System Integrity Check task and baseline update task.

   The System Integrity Monitoring rules window opens.

4. Complete steps 7–9 of the previous instructions.
5. To save changes, click the Save button.