Viewing protection status and Kaspersky Industrial CyberSecurity for Nodes information
3 August 2023
ID 148324
To view information about the device protection status Kaspersky Industrial CyberSecurity for Nodes,
select the Kaspersky Industrial CyberSecurity for Nodes node in the Kaspersky Industrial CyberSecurity for Nodes Console tree.
By default, information in the details pane of Kaspersky Industrial CyberSecurity for Nodes Console is refreshed automatically:
- Every 10 seconds in case of a local connection.
- Every 15 seconds in case of a remote connection.
You can refresh information manually.
To refresh information in the Kaspersky Industrial CyberSecurity for Nodes node manually,
select the Refresh command in the context menu of the Kaspersky Industrial CyberSecurity for Nodes node.
The following application information is displayed in the details pane of Kaspersky Industrial CyberSecurity for Nodes Console:
- Kaspersky Security Network Usage status.
- Device protection status.
- Information about database and application module updates.
- Actual diagnostics data.
- Data about protected device control tasks.
- License information.
- Status of the Industrial network protection.
- Status of integration with Kaspersky Security Center: details of the server with Kaspersky Security Center installed, to which the application is connected; information about application tasks controlled by the active policy.
Color coding is used to display the protection status:
- Green. The task is being run in accordance with the configured settings. Protection is active.
- Yellow. The task was not started, has been paused, or has been stopped. Security threats may occur. You are advised to configure and start the task.
- Red. The task completed with an error or a security threat was detected while the task was running. You are advised to start the task or take measures to eliminate the detected security threat.
Some details in this block (for example, task names or the number of threats detected) are links that, when clicked, take you to the node of the relevant task or open the task log.
The Kaspersky Security Network Usage section displays current task status, for example, Running, Stopped or Never performed. The indicator can take the following values:
- Green color of the panel – signifies that the KSN Usage task is running and file requests for statuses are being send to KSN.
- Yellow color of the panel – one of the Statements is accepted, but the task is not running, or the task is running, but file requests are not sent to KSN.
- Red color of the panel – task failed.
Computer protection
The Computer protection section (see the table below) displays information about the current protection status of the device.
Information about device protection status
Protection section | Information |
---|---|
Device protection status indicator | The color of the panel with the name of the section reflects the status of tasks being performed in the section. The indicator can take the following values:
|
Real-Time File Protection | Task status – current task status, for example, Running or Stopped. Detected – the number of objects detected by Kaspersky Industrial CyberSecurity for Nodes. For example, if Kaspersky Industrial CyberSecurity for Nodes detects one malware in five files, the value in this field increases by one. If the number of detected malwares exceeds 0, the value is highlighted in red. |
Critical Areas Scan | Last scan date – the date and time of the last Critical Areas Scan for viruses and other computer security threats. Never performed – an event that occurs when the Critical Areas Scan task has not been performed in the last 30 days or longer (default value). You can change the threshold for generating this event. |
Anti-Cryptor | Task status – current task status, for example, Running or Stopped. Operation mode – one of the two available modes for the Anti-Cryptor task: Active or Notify only. Network sessions blocked – the number of network sessions which displayed potentially dangerous activity and were blocked when attempting to connect to the protected device. |
Backed up objects | Backup free space threshold exceeded – this event occurs when the space available in Backup falls below the specified limit. Kaspersky Industrial CyberSecurity for Nodes continues to move objects to Backup. In this case, the value in the Space used field is highlighted in yellow. Maximum Backup size exceeded – this event occurs when the Backup size has reached the specified limit. Kaspersky Industrial CyberSecurity for Nodes continues to move objects to Backup. In this case, the value in the Space used field is highlighted in red. Backed up objects – the number of objects currently in Backup. Space used – amount of Backup space used. |
Update
The Update section (see the table below) displays information about how current databases and application modules are.
Information about the status of Kaspersky Industrial CyberSecurity for Nodes databases and modules
Update section | Information |
---|---|
Status indicator of databases and software modules | The color of the panel with the name of the section reflects the status of application databases and modules. The indicator can take the following values:
|
Database Update and Software Modules Update | Database status – an evaluation of the Database Update status. The option can take the following values:
Number of module updates installed – the number of installed Kaspersky Industrial CyberSecurity for Nodes module updates. |
Control
The Control section (see table below) displays information about the Applications Launch Control, Device Control, and Firewall Management tasks.
Information about protected device control status
Control section | Information |
---|---|
Status indicator for protected device control | The color of the panel with the name of the section reflects the status of tasks being performed in the section. The indicator can take the following values:
|
Applications Launch Control | Task status – current task status, for example, Running or Stopped. Operation mode – one of the two available modes for the Applications Launch Control task: Active or Statistics only. Applications launches denied – the number of attempts to start applications blocked by Kaspersky Industrial CyberSecurity for Nodes during the Applications Launch Control task. If the number of blocked application launches exceeds 0, the field value is colored in red. Average processing time (ms) – the time it took Kaspersky Industrial CyberSecurity for Nodes to process an attempt to start applications on the protected device. |
Exploit prevention | Task status – current status, for example, Running or Stopped. Prevention mode – one of two available modes, selected during configuration of process memory protection: Terminate on exploit or Statistics only. Processes protected – the total number of processes being protected and handled in accordance with the selected mode. |
Device control | Task status – current task status, for example, Running or Stopped. Operation mode – one of the two available modes for the Device Control task: Active or Statistics only. Devices blocked – the number of attempts to connect an external device, that were blocked by Kaspersky Industrial CyberSecurity for Nodes during the Device Control task. If the number of blocked external devices exceeds 0, the field value is colored in red. |
Firewall Management | Task status – current task status, for example, Running or Stopped. Connection attempts blocked – the number of connections to a protected device, which were blocked by the specified firewall rules. |
Wi-Fi Control | Allowed Wi-Fi networks – the number of Wi-Fi networks that are allowed to connect to the protected device. Blocked Wi-Fi networks – the number of Wi-Fi networks that are blocked. |
Diagnostics
The Diagnostics section (see the table below) displays information about the File Integrity Monitor and Log Inspection tasks.
Information about System Inspection status
Diagnostics section | Information |
Diagnostics status indicator | The color of the panel with the name of the section reflects the status of tasks being performed in the section. The indicator can take the following values:
|
File Integrity Monitor | Task status – current task status, for example, Running or Stopped. Non-sanctioned file operations – The number of changes to files within the monitoring scope. These changes may indicate that the security of a protected device has been breached. |
Log Inspection | Task status – current task status, for example, Running or Stopped. Violations of the configured rules – the number of recorded violations based on data from the Windows Event Log, identified based on the specified task rules or use of the heuristic analyzer. |
Industrial network protection tab
The PLC in protection area section displays information about the list of PLCs that are included in the protection scope.
Information about receiving PLCs data
PLC in protection area section | Information |
PLC in protection area status indicator | The color of the panel with the name of the section reflects the status of tasks being performed in the section. The indicator can take the following values:
|
Retrieving data about PLC | Task status – current task status, for example, Running or Stopped. PLC in the list - the number of PLCs in the protection area. |
The PLC integrity section displays information about number of protected PLCs and events of integrity violations.
Information about the PLC Project Integrity Check task
PLC integrity section | Information |
PLC Integrity status indicator | The color of the panel with the name of the section reflects the status of tasks being performed in the section. The indicator can take the following values:
|
PLC Investigator | Task status – current task status, for example, Running or Stopped. PLC in active protection area – the number of PLCs in the protection area. Integrity violations – the number of detected violations. |
The Kaspersky Industrial CyberSecurity for Nodes licensing information is displayed in the row in the bottom left corner of the details pane of the Kaspersky Industrial CyberSecurity for Nodes node.
You can configure Kaspersky Industrial CyberSecurity for Nodes properties by following the Application Properties link.
You can connect to a different protected device by following the Connect to another computer link.