Configuring the File Integrity Monitor task

Support

Support for business applications

Kaspersky Security 11.x for Windows Server

File Integrity Monitor

Managing File Integrity Monitor via the Administration Plug-in

Configuring the File Integrity Monitor task

June 10, 2022

ID 149503

Save as PDF

To configure general File Integrity Monitor task settings, perform the following steps:

Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
Select the administration group for which you want to configure application settings.
Perform one of the following actions in the details pane of the selected administration group:
- To configure application settings for a group of protected devices, select the Policies tab and open the Properties: <Policy name> window.
- To configure the application for a single protected device, select the Devices tab and open the Application settings window.
  If an active Kaspersky Security Center policy is applied to a device and blocks changes to application settings, then these settings cannot be edited in the Application settings window.
In the System inspection section in the File Integrity Monitor subsection, click the Settings button.
The File Integrity Monitor window opens.
In the File operations monitoring settings tab in the window that opens, configure the following settings:
1. Clear or select the Log information about file operations that appear during the monitoring interruption period check box.
  The check box enables or disables monitoring of the file operations specified in the File Integrity Monitor task settings when the task is not running for any reason (removal of a hard disk, task stopped by user, software error).
  
  If the check box is selected, Kaspersky Security for Windows Server will record events in all monitoring scopes when the File Integrity Monitor task is not running.
  
  If the check box is cleared, the application will not log file operations in monitoring scopes when the task is not running.
  
  The check box is selected by default.
2. Clear or select the Block attempts to compromise the USN log check box.
  The check box enables or disables protection of the USN log.
  
  If the check box is selected, Kaspersky Security for Windows Server will block attempts to delete the USN log or to compromise the USN log's content.
  
  If the check box is cleared, the application will not monitor changes to the USN log.
  
  The check box is selected by default.
3. Add the monitoring scopes to be monitored by the task.
On the Task management tab, configure the task settings for starting the task on a schedule.
Click OK to save the changes.

Kaspersky Security for Windows Server: Prompt detection of all kinds of threats

Launch control and exploit prevention for businesses of all sizes. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.