File Monitoring Modes |
General Information File system monitor SpIDer Guard that controls access to files may use three monitoring modes: •Regular (set by default)—SpIDer Guard monitors file access (creation, opening, closing, and running) and requests the file scanning. If a threat is detected upon the scan, an action is applied to neutralize the threat. Apps are allowed to access the file until the file scanning is finished. •Enhanced control of executable files—SpIDer Guard monitors files considered as non-executable like in the regular mode. Access to files that are considered as executable is blocked at the access attempt until the file scanning is finished.
•“Paranoid” mode—SpIDer Guard blocks access to a file at any access attempt until the file scanning is finished. Scanner stores file scan results in a special cache for a certain time, so when re-accessing the same file, the file is not rescanned if there is information in the cache, and this data is displayed instead of a scan result. Despite this, the use of the Paranoid monitoring mode leads to a significant slowdown in accessing files. Switching Between File Monitoring Modes
•To switch SpIDer Guard into the FANOTIFY mode, use the following command:
•To change the monitoring mode, use the command:
where <mode> defines the blocking mode: ▫Off—access is not blocked, SpIDer Guard operates in regular (not blocking) monitoring mode. ▫Executables—access to executable files is blocked, SpIDer Guard enhances monitoring of executable files. ▫All—access to all files is blocked, SpIDer Guard monitors files in “paranoid” mode. •To change the validity period for the file scan results in the cache, use the command:
where the <period> parameter determines the validity period for scan results, stored in the cache. It can have a value from 0s through 1m. If you set an interval smaller than 1 second, there will be no delay and files will be scanned upon any request. |