Support

Support for business applications

Kaspersky Security 11.x for Windows Server

File Integrity Monitor

About the File Integrity Monitor task

Kaspersky Security 11.x for Windows Server
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Buy Renew Forum Contact support Recovery tools

About the File Integrity Monitor task

June 10, 2022

ID 146696

Save as PDF

The File Integrity Monitor task is designed to track actions performed with the specified files and folders in the monitoring scopes specified in the task settings. You can use the task to detect file changes that may indicate a security breach on the protected device. You can also configure file changes to be tracked during periods in which monitoring is interrupted.

A monitoring interruption occurs when the monitoring scope temporarily falls outside the scope of the task, e.g. if the task is stopped or if an external device is not physically present on a protected device. Kaspersky Security for Windows Server reports detected file operations in the monitoring scope as soon as an external device is reconnected.

If the tasks stops running in the specified monitoring scope due to a reinstallation of the File Integrity Monitor component, this does not constitute a monitoring interruption. In this case, the File Integrity Monitor task is not run.

Requirements on the environment

To start the File Integrity Monitor task, the following conditions must be satisfied:

  • ReFS or NTFS file systems must be used on the protected device.
  • The Windows USN Journal must be enabled. The component queries this journal to receive information about file operations.

    If you enable USN Journal after a rule has been created for a volume and the File Integrity Monitor task has been started, the task must be restarted. If not, the rule will not be applied during monitoring.

Excluded monitoring scopes

You can create excluded monitoring scopes. Exclusions are specified for each separate rule and work only for the indicated monitoring scope. You can specify an unlimited number of exclusions for each rule.

Exclusions have higher priority than the monitoring scope and are not monitored by the task, even if an indicated folder or file is in the monitoring scope. If the settings for one of the rules specify a monitoring scope at a lower level than a folder specified in exclusions, the monitoring scope is not considered when the task is run.

To specify exclusions, you can use the same masks that are used to specify monitoring scopes.

Kaspersky Security for Windows Server: Prompt detection of all kinds of threats
Launch control and exploit prevention for businesses of all sizes. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.