About the Baseline File Integrity Monitor task
3 August 2023
ID 189940
During the Baseline File Integrity Monitor task, Kaspersky Industrial CyberSecurity for Nodes does not check locked files, folders, file shortcuts and cloud files.
The Baseline File Integrity Monitor task monitors the integrity of files in the monitoring scope by comparing the files' hash (MD5 hash or SHA256 hash) to a baseline.
On the first Baseline File Integrity Monitor task run, Kaspersky Industrial CyberSecurity for Nodes creates a baseline by calculating and storing hash for files in the task's monitoring scope. If a Baseline File Integrity Monitor task monitoring scope was changed, Kaspersky Industrial CyberSecurity for Nodes updates the baseline on the next Baseline File Integrity Monitor task run by calculating and storing hash for files in the task's monitoring scope. If a Baseline File Integrity Monitor task was deleted, Kaspersky Industrial CyberSecurity for Nodes deletes the baseline for this Baseline File Integrity Monitor task.
You can delete a baseline without deleting the Baseline File Integrity Monitor task by using the command line.
The Baseline File Integrity Monitor task tracks the following changes of files in the monitoring scope:
- the monitoring scope contains file which is not present in the baseline
- the monitoring scope does not contain a file present in the baseline
- the hash of a file in the monitoring scope differs from the hash of this file in a baseline
The Baseline File Integrity Monitor task does not track changes to file's attributes and alternative streams.
If a file or a folder is inaccessible, Kaspersky Industrial CyberSecurity for Nodes will not add this file or folder to the baseline during the baseline creation and will create an event about a failure to calculate file's checksum during the run of the Baseline File Integrity Monitor task.
A file or a folder may be inaccessible for the following reasons:
- the specified path does not exist
- a type of files specified by mask is not present under the specified path
- the specified file is locked
- the specified file is empty