About the task protection scope and security settings
August 3, 2023
By default, the Real-Time File Protection task protects all objects of the device file system. If there is no security requirement to protect all objects of the file system or you want to exclude any objects from the task scope, you can limit the protection scope.
In the Application Console, the protection scope is displayed as a tree or list of the device's file resources that Kaspersky Industrial CyberSecurity for Nodes can monitor. By default, the network file resources of the device are displayed as a list.
In the Administration Plug-in only the list view is available.
To display network file resources as a tree in the Application Console,
open the drop-down list in the upper left section of the Protection scope settings window and select Tree-view.
Whether the protected device's file resources are displayed as a list or a tree, the node icons have the following meanings:
The node is included in the protection scope.
The node is excluded from the protection scope.
At least one of this node's child nodes is excluded from the protection scope, or the security settings of the child node(s) differ(s) from those of the parent node (for the tree view only).
The icon is displayed if all child nodes are selected, but the parent node is not selected. In this case, changes in the composition of the parent node's files and folders are disregarded automatically when the protection scope for the selected child node is created.
Using the Application Console, you can also add virtual drives to the protection scope. The names of the virtual nodes are displayed in blue.
The task security settings can be configured as common settings for all nodes or items included in the protection scope, or as different settings for each node or item in the device's file resource tree or list.
Security settings configured for the selected parent node are automatically applied to all its child nodes. The security settings of the parent node are not applied to child nodes that are configured separately.
The settings for a selected protection scope can be configured using one of the following methods:
- Selecting one of three predefined security levels.
- Configuring the security settings manually for the selected nodes or items in the file resource tree or list (the security level changes to Custom).
A set of settings for a node or item can be saved in a template in order to be applied later to other nodes or items.