Configuring exclusions for the File Threat Protection component of Kaspersky Endpoint Security for Linux

3 July 2024

ID 257580

To configure exclusions for the File Protection Component using Kaspersky Security Center:

  1. Open the group policy for editing.
  2. Go to Essential Threat Protection tab → Exclusion scopes.
  3. In the list of exclusions, click Add and specify the settings of the new exclusion scope:
    • Name: postfix-spool
    • File system: Local
    • Path: /var/spool/postfix

    To finish adding the new exclusion scope, click OK.

  4. In the list of exclusions, click Add and specify the settings of the new exclusion scope:
    • Name: ksmg-var
    • File system: Local
    • Path: /var/opt/kaspersky/ksmg

    To finish adding the new exclusion scope, click OK.

  5. In the list of exclusions, click Add and specify the settings of the new exclusion scope:
    • Name: ksmg-tmp
    • File system: Local
    • Path: /tmp/ksmgtmp

    To finish adding the new exclusion scope, click OK.

  6. In the list of exclusions, click Add and specify the settings of the new exclusion scope:
    • Name: ksmg-filter
    • File system: Local
    • Path: /tmp/ksmg_filter

    To finish adding the new exclusion scope, click OK.

  7. If you are using Red Hat Enterprise Linux or Rocky Linux, click Add in the list of exclusions and specify the settings for the new exclusion scope:
    • Name: exim-spool
    • File system: Local
    • Path: /var/spool/exim

    To finish adding the new exclusion scope, click OK.

  8. If you are using Ubuntu, click Add in the list of exclusions and specify the settings for the new exclusion scope:
    • Name: exim-spool
    • File system: Local
    • Path: /var/spool/exim4

    To finish adding the new exclusion scope, click OK.

  9. Save the list of exclusions.
  10. Save your group policy changes.

To configure exclusions for the File Threat Protection component using the command line:

  1. Save the File Threat Protection task settings to a configuration file using the following command:

    kesl-control --get-settings 1 --file <full path to the file>

  2. Open the created configuration file for editing.
  3. Add the following lines to the created file:

    [ExcludedFromScanScope.item_<item number>]

    Path=/var/spool/<exim for Red Hat Enterprise Linux, Rocky Linux or exim4 for Ubuntu>

    [ExcludedFromScanScope.item_<item number>]

    Path=/var/opt/kaspersky/ksmg

    [ExcludedFromScanScope.item_<item number>]

    Path=/tmp/ksmgtmp

    [ExcludedFromScanScope.item_<item number>]

    Path=/tmp/ksmg_filter

    <item number> is the sequential number of the ExcludedFromScanScope section, numbering starts from zero.

  4. Save your changes in the configuration file.
  5. Import settings from the configuration file to the File Threat Protection task:

    kesl-control --set-settings 1 --file <full path to the file>

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.