Configuring the integrity monitoring scope and the integrity check scope

For correct operation of the Integrity Monitoring component, you must configure the scope of the component, i.e. select the objects whose status must be tracked by the Integrity Monitoring component. The scope is configured in the Light Agent for Windows policy or in the local interface of Light Agent for Windows.

You can configure the Integrity Monitoring scope for real-time operation of the component and configure a separate Integrity Check scope by schedule or on demand. This scope is also used for the baseline update task. If the integrity check scope is not defined, the integrity monitoring scope is applied for the integrity check task and the baseline update task.

To configure the scope of the Integrity Monitoring component through Kaspersky Security Center:

1. Open Kaspersky Security Center Administration Console.
2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
3. In the workspace, select the Policies tab.
4. Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
5. In the Light Agent for Windows policy properties window, select the Integrity Monitoring section in the list on the left.
6. To configure the Integrity Monitoring scope in real time, perform the following actions in the Integrity Monitoring scope section:
   1. Select the Monitor devices check box if you want Integrity Monitoring to track when external devices are connected on the protected virtual machine in real time.
   2. In the drop-down list, select the importance level for events generated by the Integrity Monitoring component when it detects the connection of an external device. By default, an Informational event is generated.
   3. Select the Monitor files and the registry check box if you want the Integrity Monitoring component to track changes made to files and the registry on the protected virtual machine in real time.
   4. Click the Settings button.
   5. In the Integrity Monitoring rules window that appears, create a list of rules that are applied when the Real-Time Integrity Monitoring component is running.

      You can perform the following actions when configuring Integrity Monitoring rules:

      • Add or edit rules.
      • Import and export rules.
      • Enable or disable rules.
      • Delete rules.
   6. In the Integrity Monitoring rules window, click OK.
7. If you want to configure a separate scope for an integrity check by schedule or on demand, perform the following actions in the Integrity Check scope section:
   1. Select the Define Integrity Check scope check box.

      The Integrity Check scope settings group will appear under the check box.

   2. Configure the settings in the Integrity Check scope section as described in step 6 of these instructions. These settings will be applied when the integrity check task and baseline update task are performed.
8. Click the Apply button.

To configure the scope of the Integrity Monitoring component in the local interface:

1. On the protected virtual machine, open the application settings window.
2. In the left part of the window, in the Endpoint control section, select the Integrity Monitoring section.

   In the right part of the window, the Integrity Monitoring component settings are displayed.

3. To configure the Integrity Monitoring scope in real time, perform the following actions in the Integrity Monitoring settings section:
   1. Select the Monitor devices check box located under the name of the Integrity Monitoring settings section if you want Integrity Monitoring to track when external devices are connected on the protected virtual machine in real time.
   2. In the drop-down list, select the importance level for events generated by the Integrity Monitoring component when it detects the connection of an external device. By default, an Informational event is generated.
   3. Select the Monitor files and the registry check box located in the upper part of the Integrity Monitoring settings section if you want the Integrity Monitoring component to track changes made to files and the registry on the protected virtual machine in real time.
   4. Complete steps 6d-6f of the previous instructions.

   If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.

4. If you want to configure a separate scope for an integrity check by schedule or on demand, perform the following actions in the Integrity Monitoring settings section:
   1. Select the Define Integrity Check scope check box.

      A settings section appears under the check box.

   2. Configure the settings in the section as described in step 6 of the previous instructions. These settings will be applied when the integrity check task and baseline update task are performed.
5. To save changes, click the Save button.

In this section: Creating and editing an Integrity Monitoring rule Importing and exporting Integrity Monitoring rules Enabling and disabling an Integrity Monitoring rule

Page top