Configuring the File Integrity Monitor task

Support

Support for business applications

Kaspersky Embedded Systems Security 3.x

File Integrity Monitor

Manage File Integrity Monitor via the Administration Plug-in

Configuring the File Integrity Monitor task

10 March 2023

ID 149503

Get as PDF

To configure general File Integrity Monitor task settings:

Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
Select the administration group for which you want to configure application settings.
Perform one of the following actions in the details pane of the selected administration group:
- To configure application settings for a group of protected devices, select the Policies tab and open the Properties: <Policy name> window.
- To configure the application for a single protected device, select the Devices tab and open the Application settings window.
  If an active Kaspersky Security Center policy is applied to a device and blocks changes to application settings, then these settings cannot be edited in the Application settings window.
In the System inspection section in the File Integrity Monitor subsection, click the Settings button.
The File Integrity Monitor window opens.
In the File operations monitoring settings tab in the window that appears, configure the following settings:
- Clear or select the Log information about file operations that appear during the monitoring interruption period check box.
  The check box enables or disables monitoring of the file operations specified in the File Integrity Monitor task settings when the task is not running for any reason (removal of a hard disk, task stopped by user, software error).
  
  If the check box is selected, Kaspersky Embedded Systems Security will record events in all monitoring scopes when the File Integrity Monitor task is not running.
  
  If the check box is cleared, the application will not log file operations in monitoring scopes when the task is not running.
  
  The check box is selected by default.
- Clear or select the Block attempts to compromise the USN log check box.
  The check box enables or disables protection of the USN log.
  
  If the check box is selected, Kaspersky Embedded Systems Security will block attempts to delete the USN log or to compromise the USN log's content.
  
  If the check box is cleared, the application will not monitor changes to the USN log.
  
  The check box is selected by default.
- Select or clear the Apply Trusted Zone check box as applicable.
  If the Apply Trusted Zone check box is selected, the Exclusions and Trusted processes configured in the Trusted Zone are applied to the monitoring scope in addition to the configured rule.
  
  If the Apply Trusted Zone check box is cleared, the Exclusions and Trusted processes configured in the Trusted Zone are not applied to the monitoring scope.
  
  By default, the check box is cleared.
- Add the monitoring scopes to be monitored by the task.
On the Task management tab, configure the task settings for starting the task on a schedule.
Click OK to save the changes.

Kaspersky Embedded Systems Security immediately applies the new settings to the running task. Information about the date and time of settings modification are saved in the system audit log.

Kaspersky Professional Services

Implementation services. Health check and security system configuration. Contact us if you need expert help.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.