Kaspersky Endpoint Security for Mac
10.2.1
English

Contents

Create and manage policies

This section contains information on how to create and configure policies for Kaspersky Endpoint Security.

A policy determines the settings of an application and manages the access to configuration of an application installed on computers within an administration group. An individual policy must be created for each application. You can create an unlimited number of various policies for applications installed on computers in each administration group, but only one policy can be applied to each application at a time within an administration group.

When creating and configuring a policy, you can allow or prohibit changes to any group of settings in policies using the and buttons.

You can perform the following actions on custom policies:

  • Create policies.
  • Configure policies.
  • Copy or move policies from one group to another.
  • Delete policies
  • Change the status of policies.
  • Export policies to a file.
  • Import policies from a file.

For detailed information about the Kaspersky Security Center policies, see Kaspersky Security Center Help.

Page top
[Topic kes127751]

Create a policy

This section contains instructions on how to start the New Policy Wizard to create a policy.

Create a policy from the folder of an administration group

  1. Start Administration Console of Kaspersky Security Center.
  2. Expand the Administration Server <Server name> node.
  3. In the console tree, select the Managed devices node.
  4. Select the administration group that contains the required client computer.
  5. In the workspace, select the Policies tab and click the Create a policy button.

    The New Policy Wizard opens.

  6. Follow the steps of the New Policy Wizard to create a policy.

Create a policy from the Policies folder

  1. Start Administration Console of Kaspersky Security Center.
  2. Expand the Administration Server <Server name> node.
  3. In the console tree, select the Policies folder and click the Create a policy button.

    The New Policy Wizard opens.

  4. Follow the steps of the New Policy Wizard to create a policy.

To proceed to the next step of the wizard, click the Next button. To return to the previous step of the wizard, click the  button. To exit the wizard at any step, click the Cancel button.

The appearance of buttons may vary depending on your version of Windows.

Step 1. Select an application

In the Select the application for which you want to create a group policy window, in the list of applications, select Kaspersky Endpoint Security 10 Service Pack 2 Maintenance Release 1 for Mac.

Step 2. Specify the name of the policy

  1. In the Enter a group policy name window, in the Name field, specify the name of the policy that you are creating. The name can't contain the following symbols: “ * < : > ? \ |.
  2. Select the Use settings from policy for previous version of application checkbox if you want to import the settings from an existing Kaspersky Endpoint Security policy to a new policy.

Step 3. Specify protection settings

In the Protection window, configure the following settings if necessary:

  • Configure protection settings for the operating system on the client computer.
  • Configure Trusted Zone.
  • Select types of objects to be detected.
  • Disable or enable the start of scheduled tasks when the computer is running on battery power.

Step 4. Configure File Anti-Virus settings

In the File Anti-Virus window, do the following if necessary:

  • Enable or disable File Anti-Virus.

    By default, File Anti-Virus is enabled.

  • Select a security level.

    By default, the security level recommended by Kaspersky Lab is selected.

  • Select actions to be performed upon detecting a malicious object.

Step 5. Configure Web Anti-Virus settings

In the Web Anti-Virus window, do the following if necessary:

  • Enable or disable Web Anti-Virus.

    By default, Web Anti-Virus is enabled.

  • Select a security level.

    By default, the security level recommended by Kaspersky Lab is selected.

  • Select the action to be performed upon detecting a malicious object in web traffic.
  • Enable or disable scanning of inbound and outbound HTTPS traffic.

Step 6. Configure Network Attack Blocker

In the Network Attack Blocker window, do the following if necessary:

  • Enable or disable Network Attack Blocker.

    By default, Network Attack Blocker is enabled.

  • Configure Network Attack Blocker settings.

Step 7. Configure FileVault disk encryption

  1. In the FileVault Disk Encryption window, enable or disable FileVault encryption management for a user's startup disk.
  2. Choose the Encrypt disk option, if you want to encrypt user's startup disk when the policy is applied to a client computer.

By default, the FileVault encryption is disabled.

If the Enable FileVault disk encryption management checkbox is unselected, users with administrator rights can encrypt and decrypt their Mac startup disks from System Preferences.

If the Enable FileVault disk encryption management checkbox and the Encrypt disk option are selected, users with administrator rights can't decrypt the startup disk of their Mac from System Preferences.

If the Enable FileVault disk encryption management checkbox and the Decrypt disk option are selected, users with administrator rights can't encrypt the startup disk of their Mac from System Preferences.

Step 8. Configure update settings

In the Update window, do the following if necessary:

  • Enable or disable updating application modules.
  • Enable or disable copying of update files to a specific folder.
  • Specify the folder to which the application will copy update files.
  • Specify update sources.

Step 9. Configure KSN settings

In the KSN window, do the following if necessary:

  • Read the full text of the Kaspersky Security Network Statement by clicking the KSN Statement button.
  • Enable or disable the use of Kaspersky Security Network.
  • Enable or disable extended KSN mode.
  • Enable or disable the use of KSN proxy.

When you choose to participate in Kaspersky Security Network in a policy settings, Kaspersky Endpoint Security statistics from client computers to which the policy is applied are automatically sent to Kaspersky Lab to enhance protection of these computers.

Note: Kaspersky Lab doesn't collect, process, or store any personal data without your explicit consent.

After the policy is deleted or made inactive, KSN settings on a client computer return to the original state.

Step 10. Configure user interaction settings

In the User Interaction window, configure the settings of Kaspersky Endpoint Security interaction with the user of the client computer if necessary.

Step 11. Configure network connection settings

In the Network window, configure the connection to a proxy server if necessary.

Step 12. Configure reports and Backup settings

In the Reports window, do the following if necessary:

  • Configure settings for generating and storing reports.
  • Configure settings for storing objects in Backup.

Step 13. Select the policy status and complete the creation of a policy

In the Create the group policy for the application window, do the following:

  1. Select the status that will be assigned to the policy:
    • Active policy: the policy is applied to the selected administration group.
    • Inactive policy: the policy is not applied.
    • Out-of-office policy: the policy is applied to the selected administration group when the computers are disconnected from the corporate network.

    Note: You can create multiple policies for an application in an administration group, but only one of them can be active.

    For detailed information about policy statuses, see Kaspersky Security Center Help.

  2. Select the Open policy properties immediately after they are created checkbox if you want to review the policy settings after the policy is created.
  3. Click Finish to close the New Policy Wizard.

    The policy that you have created appears on the Policies tab in the workspace of the relevant administration group. The policy is applied to client computers after their first synchronization with Administration Server.

You can edit the settings of the policy you have created. You can also prohibit or allow changes to each group of settings from a client computer using the and buttons for each group of settings. The button next to a group of settings signifies that the user of a client computer is not allowed to edit these settings on the user's computer. The button next to a group of settings signifies that the user of a client computer is allowed to edit these settings on the user's computer.

Page top
[Topic kes127752]

View the list of policies

You can create an unlimited number of various policies for applications installed on computers in each administration group, but only one policy can be applied to each application at a time within an administration group.

View the list of policies of an administration group

  1. Start Administration Console of Kaspersky Security Center.
  2. Expand the Administration Server <Server name> node.
  3. In the console tree, select the Managed devices node.
  4. Select the administration group that contains the required client computer.
  5. In the workspace, select the Policies tab.

    The list of policies is displayed.

Page top
[Topic kes127782]

Configure policy settings

You can make changes to the policy that you created in Kaspersky Security Center and block any changes to its settings in the policies of subgroups and in task settings.

Kaspersky Endpoint Security policy settings include application settings and task settings.

Configure policy settings

  1. Start Administration Console of Kaspersky Security Center.
  2. Expand the Administration Server <Server name> node.
  3. Open the Managed devices folder.
  4. In the workspace, select the Policies tab.
  5. Right-click the policy you want to configure and choose Properties.
  6. In the Properties: <Policy name> window, configure policy settings as necessary:

    Configure the following protection settings in the Protection section

    • Enable or disable real-time protection of the client computer.
    • Enable or disable the start of Kaspersky Endpoint Security when the client computer starts.
    • Configure Trusted Zone.
    • Select types of objects to be detected.
    • Disable or enable the start of scheduled tasks when the computer is running on battery power.

    Configure the following settings in the File Anti-Virus section

    • Enable or disable Web Anti-Virus.
    • Select one of the preset security levels or configure security settings manually.
    • Enable or disable checking of web addresses against the database of malicious web addresses.
    • Configure Anti-Phishing settings.
    • Add trusted addresses whose traffic will not be scanned by Web Anti-Virus.
    • Select the action to be performed upon detecting a malicious object in web traffic.
    • Enable or disable scanning of inbound and outbound HTTPS traffic.

    Configure the following settings in the Network Attack Blocker section

    • Enable or disable Network Attack Blocker.
    • Configure Network Attack Blocker settings.
    • Specify the IP addresses of computers whose network activity will not be blocked.

    Configure the following settings in the FileVault Disk Encryption section

    • Enable or disable FileVault disk encryption management for client computers.
    • Encrypt or decrypt startup disk on client computers.

      If the Enable FileVault disk encryption management checkbox is unselected, users with administrator rights can encrypt and decrypt their Mac startup disks from System Preferences.

      If the Enable FileVault disk encryption management checkbox and the Encrypt disk option are selected, users with administrator rights can't decrypt the startup disk of their Mac from System Preferences.

      If the Enable FileVault disk encryption management checkbox and the Decrypt disk option are selected, users with administrator rights can't encrypt the startup disk of their Mac from System Preferences.

    Configure the following settings in the Update section

    • Enable or disable updating application modules.
    • Enable or disable copying of update files to a specific folder.
    • Specify the folder to which the application will copy update files.
    • Specify update sources.

    Configure the following settings in the KSN section

    • Read the full text of the Kaspersky Security Network Statement by clicking the KSN Statement button.
    • Enable or disable the use of Kaspersky Security Network.
    • Enable or disable extended KSN mode.
    • Enable or disable the use of KSN proxy.

    Configure the following settings in the User Interaction section

    • Enable or disable event notifications.
    • Select how Kaspersky Endpoint Security will notify the user about events.
    • Enable or disable displaying the Kaspersky Endpoint Security icon in the menu bar.
    • Enable or disable displaying the Quit item in the shortcut menu of the Kaspersky Endpoint Security icon on the client computer.
    • Select the language used to display Kaspersky Security Center events.
    • Configure Kaspersky Endpoint Security settings available to users of the client computer.

    Configure the following settings in the Network section

    • Enable or disable the use of a proxy server.
    • Specify the proxy server address.
    • Enable or disable the use of a proxy server for local addresses.
    • Specify the user name and password for proxy server authentication.

    Configure the following settings in the Reports section

    • Enable or disable saving of non-critical events in the report.
    • Enable or disable saving of recent events only.
    • Enable or disable removal of events after the specified period.
    • Specify the period for storing events.
    • Enable or disable removal of objects from Backup after the specified period.
    • Specify the period for storing objects in Backup.
  7. Click OK to save changes and close the policy properties window.
Page top
[Topic kes127777]

Change the policy status

A policy status defines the operation of a policy. The policy can have active, out-of-office, or inactive statuses. You can change the policy status in policy settings.

Change the policy status

  1. Start Administration Console of Kaspersky Security Center.
  2. Expand the Administration Server <Server name> node.
  3. In the console tree, select the Managed devices node.
  4. Select the administration group that contains the required client computer.
  5. In the workspace, select the Policies tab.
  6. Right-click the policy whose state you want to change and choose Properties from the context menu.
  7. In the Properties: <Policy name> window, select the General section.
  8. In the Policy status section, select one of the following policy statuses:
    • Active policy. The policy is always applied to the selected administration group.
    • Out-of-office policy. The policy is applied to the selected administration group when client computers are disconnected from the corporate network.
    • Inactive policy. The policy is not applied to the selected administration group.
  9. Click OK to save changes and close the Properties: <Policy name> window.
Page top
[Topic kes127780]

Export a policy to a KLP file

You can export a customized policy to a file to use this policy on another Administration Server.

Export a policy to a KLP file

  1. Start Administration Console of Kaspersky Security Center.
  2. Expand the Administration Server <Server name> node.
  3. In the console tree, select the Managed devices node.
  4. Select the administration group that contains the required client computer.
  5. In the workspace, select the Policies tab.
  6. Right-click the policy to display its context menu and choose Export.

    The Save As window opens.

  7. Select the folder in which you want to save the KLP file of the policy.
  8. Specify the file name.
  9. Click Save to save the file in the selected folder.
Page top
[Topic kes127783]

Import a policy from a KLP file

You can import an existing policy with predefined settings from a file.

Import a policy from a KLP file

  1. Start Administration Console of Kaspersky Security Center.
  2. Expand the Administration Server <Server name> node.
  3. In the console tree, select the Managed devices node.
  4. Select the administration group that contains the required client computer.
  5. In the workspace, select the Policies tab.
  6. Open the file selection window in one of the following ways:
    • By clicking the Import policy from file button.
    • By right-clicking an empty area in the workspace to open the context menu and selecting the Import item.
  7. Select a KLP file with a policy and click the Open button.

The imported policy is added to the list of policies in the workspace.

Page top
[Topic kes127781]