[Topic kes96495]

Kaspersky Endpoint Security overview

Kaspersky Endpoint Security protects computers running macOS against viruses and other computer security threats.

File Anti-Virus

File Anti-Virus protects the computer's file system in real time by intercepting and analyzing any attempts to access files. Learn more.

Web Anti-Virus

Web Anti-Virus protects information sent and received by the computer over the HTTP and HTTPS protocols in Safari, Google Chrome, and Firefox. Learn more.

Network Attack Blocker

Network Attack Blocker protects the computer against intrusions into the operating system. This component protects against cyberattackers (who use port scanning and brute-force attacks) and the malware they installed (including malware that tries to send personal data to criminals). Learn more.

Virus Scan

Kaspersky Endpoint Security detects and neutralizes viruses and other computer security threats on demand in the specified scan scope. Kaspersky Endpoint Security can run a full scan of the computer, a quick scan of critical areas, and a scan of the specified scope. Learn more.

Update

Kaspersky Endpoint Security updates application databases and modules from Kaspersky Lab update servers, Kaspersky Security Center, or other sources specified by your system administrator and creates backup copies of all updated files to allow a rollback of the last update. Learn more.

Backup

Kaspersky Endpoint Security creates a backup copy of infected files prior to any attempt to disinfect or delete them, making it possible for you to restore them. Learn more.

Reports

Kaspersky Endpoint Security generates reports about events and actions involving application components. Learn more.

Notifications

Kaspersky Endpoint Security uses notifications to inform you about certain events in the operation of Kaspersky Endpoint Security. Notifications can be accompanied by sound. Learn more.

Protection Center

Kaspersky Endpoint Security displays protection status messages in Protection Center. Protection Center shows information on the current status of computer protection and how to eliminate computer security problems and threats. Learn more.

Remote management of the application via Kaspersky Security Center

Kaspersky Security Center lets you remotely manage protection of computers with Kaspersky Endpoint Security installed: receive information on the current computer protection status, remotely fix issues, respond to computer security threats, enable or disable protection components (File Anti-Virus, Web Anti-Virus, Network Attack Blocker), run virus scan tasks, update application databases, run startup disk encryption, and manage Kaspersky Endpoint Security licenses. Learn more.

FileVault disk encryption

Kaspersky Endpoint Security allows managing FileVault encryption remotely. Encryption prevents other users from unauthorized access to sensitive data stored on the startup disk of the user's computer.

Note: The FileVault disk encryption feature will be available in Kaspersky Security Center 10 SP3. For more information, contact Kaspersky Lab Technical Support.

[Topic kes118658]

Install and uninstall Kaspersky Endpoint Security

[Topic kes88954]

Distribution kit

The distribution kit includes the Kaspersky Endpoint Security installation package which contains the following files:

• Files that are required to install the application in any of the available ways.
• The license_<loc>.txt file with the End User License Agreement.

  The End User License Agreement specifies the terms of use of the application.

Unpack the zipped installation package to access its files.

[Topic kes118665]

Hardware and software requirements

Kaspersky Endpoint Security has the following hardware and software requirements:

• Mac with an Intel processor
• 1 GB of memory (RAM)
• 1.2 GB of free disk space
• OS X 10.9, 10.10 or 10.11, macOS 10.12 or 10.13 operating system
• Internet connection

Supported browsers:

• Safari
• Chrome
• Firefox

Kaspersky Endpoint Security is compatible with the following virtualization tools:

• Parallels Desktop 11 for Mac Standard Edition
• Parallels Desktop 11 for Mac Pro Edition
• Parallels Desktop 11 for Mac Business Edition
• Parallels Desktop 12 for Mac Standard Edition
• Parallels Desktop 12 for Mac Pro Edition
• Parallels Desktop 12 for Mac Business Edition
• Parallels Desktop 13 for Mac Standard Edition
• Parallels Desktop 13 for Mac Pro Edition
• Parallels Desktop Business Edition
• VMware Fusion 8
• VMware Fusion 8 Professional
• VMware Fusion 8.5
• VMware Fusion 8.5 Professional
• VMware Fusion 10
• VMware Fusion 10 Professional

You can manage Kaspersky Endpoint Security remotely via Kaspersky Security Center. The plug-in for managing Kaspersky Endpoint Security via Kaspersky Security Center requires Kaspersky Security Center 10.5 and later.

[Topic kes118668]

Prepare for installation

Before installing Kaspersky Endpoint Security on your computer, it is recommended to do the following:

• Make sure that your computer meets the hardware and software requirements.
• Remove Kaspersky Internet Security for Mac or any other anti-virus applications to avoid system conflicts and maximize system performance.

[Topic kes118670]

Install Kaspersky Endpoint Security

Important: Kaspersky Lab experts recommend installing Kaspersky Endpoint Security only as described in this guide.

You can install Kaspersky Endpoint Security in one of the following ways:

• Locally, from the distribution kit downloaded from the Kaspersky Lab website.
• Remotely via Kaspersky Security Center.

Perform a standard installation of Kaspersky Endpoint Security

Perform a custom installation of Kaspersky Endpoint Security

[Topic kes134772]

Prepare the application for use

After Kaspersky Endpoint Security is installed, you can do the following:

• Activate Kaspersky Endpoint Security. When the application is activated, Kaspersky Endpoint Security starts protecting your computer, you can regularly update application databases and modules, perform virus scan tasks, and send requests to Technical Support.
• Assess the current status of computer protection.
• Update Kaspersky Endpoint Security.
• Scan your computer for viruses and other malware.

[Topic kes118671]

Uninstall Kaspersky Endpoint Security

1. Open the DMG file of the application distribution kit.
2. In the window with the contents of the distribution kit, double-click Uninstall Kaspersky Endpoint Security.

   The Kaspersky Endpoint Security uninstaller starts.

3. In the Introduction window, click Uninstall.
4. In the prompt for administrator credentials, enter an administrator name and password and confirm that you want to uninstall Kaspersky Endpoint Security.

   Uninstallation of Kaspersky Endpoint Security starts.

5. In the Completion window, read the information about completion of uninstallation and click Finish to quit the uninstaller.

Kaspersky Endpoint Security is now uninstalled from your computer. You don't have to restart your computer after uninstalling the application.

[Topic kes116216]

Kaspersky Endpoint Security interface

[Topic kes58162]

Main application window

Open the main application window

Purpose of the main application window

In the main window of Kaspersky Endpoint Security, you can view information about the status of computer protection, status of File Anti-Virus, Web Anti-Virus, and Network Attack Blocker, and progress of virus scan and update tasks.

In the main application window, you can also do the following:

• Open the Virus Scan window to manage virus scan tasks
• Open the Update window to manage update task.
• Open the Licensing window to manage application keys.
• Open Protection Center.

Controls of the main application window

The main application window includes the following controls:

• Protection status indicator (in the shape of a computer)
• Buttons at the top of the main application window
• Buttons at the bottom of the main application window

The protection status indicator signals the current computer protection status.

• Green indicates that computer protection is at an optimal level.
• Yellow and red warn of the presence of various problems related to Kaspersky Endpoint Security configuration or operation.

In addition to the protection status indicator, the right pane of the main application window describes the computer protection status and displays information Protection Center about the latest computer security issues and threats. If a virus scan is running, information on its progress (percentage complete) is also displayed in the right pane of the main application window.

You can perform the following actions by clicking the buttons at the top of the main application window:

You can perform the following actions by clicking the buttons at the bottom of the main application window:

Page top

[Topic kes58161]

Kaspersky Endpoint Security icon

As soon as Kaspersky Endpoint Security is installed, the Kaspersky Endpoint Security icon appears in the menu bar. When the application is activated, the application icon shows the status of the application. If the application icon is active ( ), it means that all or some of protection components are enabled. If the application icon is inactive ( ), then all of protection components are disabled.

Open the application icon menu

The application icon is always displayed in the menu bar. You can hide the application icon in the menu bar. When you open the application window, the application icon also appears in the Dock.

From the application icon menu, you can access the main application window and perform the following actions:

• Disable computer protection.
• Resume computer protection.
• Open Protection Center.
• Start Quick Scan.
• Run an update.
• Open the application preferences window.
• Quit Kaspersky Endpoint Security.

Hide the application icon in the menu bar

[Topic kes58163]

Application preferences window

Open the Kaspersky Endpoint Security preferences window

Application preferences can be accessed quickly using the following tabs in the upper part of the preferences window:

• Protection. On this tab, you can enable or disable the computer protection and configure File Anti-Virus, Web Anti-Virus, and Network Attack Blocker preferences.
• Virus Scan. On this tab, you can configure the preferences of virus scan tasks and scheduled startup of virus scan tasks.
• KSN. On this tab, you can join or opt out of participating in Kaspersky Security Network.
• Threats. On this tab, you can select the categories of objects to be detected and create Trusted Zone.
• Update. On this tab, you can configure the preferences of application updates or roll back to the previous version of application databases.
• Reports. On this tab, you can configure preferences of Kaspersky Endpoint Security report and Backup, and enable or disable the logging of debugging information in a trace file.
• Appearance. On this tab, you can configure preferences of Kaspersky Endpoint Security icon and notifications.

By using the button, you can block users without administrator rights from editing the preferences of Kaspersky Endpoint Security. This button is located in the lower part of the application preferences window. To edit the preferences, you must enter the administrator's credentials.

Clicking the button opens the Kaspersky Endpoint Security Help which describes all of the preferences in the current application window. You can also open Help for the currently active application window by selecting Open Help for This Window in the Help menu.

[Topic kes96666]

About notifications

Kaspersky Endpoint Security displays notifications to inform you of application events. Depending on the version of the operating system installed on the computer, notifications appear in the operating system's Notification Center. The appearance of notifications depends on the options set in the operating system's Notification preferences.

Kaspersky Endpoint Security events are divided into three types according to their importance:

• Critical – events that pose a dangerous threat to computer security (detection of malicious objects, vulnerabilities, problems with Kaspersky Endpoint Security). Critical events require your immediate attention. We recommend that you not disable notifications about critical events.
• Important – events that do not require your immediate attention, but may pose a threat to computer security in the future.
• Informational – events reported for your information.

Disable notifications

Select types of event notification that you don't want to receive

Regardless of whether notifications are enabled or disabled, the application reports include information about events that occur while Kaspersky Endpoint Security is running.

Notifications can be accompanied by sound (for example, notifications about a detected virus). You can disable notification sound.

Disable sound alerts that accompany notifications

If an action is required in response to an event, Kaspersky Endpoint Security displays notification windows. For example, when the application detects a malicious object, it prompts you to delete or disinfect the object. A notification window disappears from the screen only after one of actions is selected.

[Topic kes116217]

Kaspersky Endpoint Security licensing

[Topic kes73374]

About the End User License Agreement

The End User License Agreement (License Agreement) is a binding agreement between you and AO Kaspersky Lab that stipulates the terms on which you may use the application.

Important: Carefully read the License Agreement before you start using the application.

You can view the terms of the End User License Agreement using the following methods:

• During installation of Kaspersky Endpoint Security
• By reading the license.rtf document in the application installation folder

By installing Kaspersky Endpoint Security, you confirm that you understand and accept the terms of the End User License Agreement. If you don't accept the terms of the End User License Agreement, cancel installation of Kaspersky Endpoint Security and don't use the application.

[Topic kes69240]

About the license

A license is a time-limited right to use the application, granted under the terms of the End User License Agreement.

A license entitles you to the following kinds of services:

• Use of the application in accordance with the terms of the End User License Agreement
• Getting technical support

The scope of services and validity period depend on the type of license under which the application was activated.

The following license types are provided:

• Trial. A free license intended for trying out the application.

  A trial license usually has a short term. When the trial license expires, all Kaspersky Endpoint Security features become disabled. To continue using the application, you need to purchase a commercial license.

  You can activate the application under a trial license only once.

• Commercial. A paid license granted upon purchase of the application.

  When the commercial license expires, key features of the application become disabled. To continue using Kaspersky Endpoint Security, you must renew your commercial license. If you are not planning to renew your license, you must remove the application from your computer.

We recommend renewing the license before it expires, to ensure maximum protection against all security threats.

[Topic kes74860]

About subscription

A subscription for Kaspersky Endpoint Security is a purchase order for the application with specific parameters (expiry date, number of devices protected). You can order a subscription for Kaspersky Endpoint Security from your service provider (such as your ISP). You can manage your subscription in the member area on the service provider's website. For example, you can renew or cancel your subscription, reduce its term, or change the number of devices protected under your subscription.

A subscription can be limited (for one year, for example) or unlimited (without an expiration date). To keep Kaspersky Endpoint Security working after expiration of a limited subscription term, you have to renew it manually. An unlimited subscription is renewed automatically as long as you have paid the service provider in advance.

If you use the application under a limited subscription, when the subscription expires you will be given a grace period to renew your subscription. The application remains functional during the grace period.

After your subscription expires and after the grace period for subscription renewal ends, Kaspersky Endpoint Security remains functional but stops updating application databases.

To use Kaspersky Endpoint Security under subscription, you have to add the activation code received from the service provider. When you use the application under subscription, you cannot use a different activation code for renewing your subscription. You can apply a different activation code only after the subscription expires or if you cancel the subscription. To cancel your subscription, contact the service provider from which you bought Kaspersky Endpoint Security.

Note: A different subscription activation code can be applied only when the active key is deleted. The subscription doesn't have a key file. You can't add the subscription as a reserve key.

If you are already using Kaspersky Endpoint Security under a valid license but want to use the application under subscription instead, remove the current active key so that you can activate the application using a subscription key. The activation code that was previously used to activate the application on this computer can be used on a different computer.

Note: Possible subscription options may vary with each service provider. Some service providers may also choose not to provide a grace period for renewing subscriptions.

Page top

[Topic kes73976]

About the license certificate

A license certificate is a document that you receive along with a key file or an activation code.

A license certificate contains the following information about the license provided:

• Order number
• Information about the user who has been granted the license
• Information about the application that can be activated under the license provided
• Limit of the number of licensing units (e.g., devices on which the application can be used under the license provided)
• License validity start date
• License expiration date or license term
• License type

[Topic kes159745]

About the key

A key is a sequence of bits that you can apply to activate and then use the application in accordance with the terms of the End User License Agreement. Keys are generated by Kaspersky Lab specialists.

You can add a key to the application using one of the following methods: by applying a key file or by entering an activation code. The key is displayed in the application interface as a unique alphanumeric sequence after you add it to the application.

The key may be blocked by Kaspersky Lab in case the terms of the License Agreement have been violated. If the key has been blocked, you need to add another one if you want to use the application.

A key can be active or reserve.

An active key is a key that is currently used by the application. An active key can be added for a trial or commercial license or a subscription. The application cannot have more than one active key.

A reserve key is a key that entitles the user to use the application, but is not currently in use. The reserve key automatically becomes active when the license associated with the current active key expires. A reserve key can be added only if an active key has already been added.

A trial license key can be added as the active key. A key for the trial license cannot be added as the reserve key. A reserve key cannot be added when the trial license key is active.

[Topic kes69430]

About the activation code

An activation code is a unique sequence of 20 letters and numbers. You have to enter an activation code in order to add a key for activating Kaspersky Endpoint Security. You receive the activation code at the email address that you provided when you bought Kaspersky Endpoint Security or requested the trial version of Kaspersky Endpoint Security.

To activate the application with an activation code, you need Internet access in order to connect to Kaspersky Lab activation servers.

If you have lost your activation code after installing the application, it can be recovered. You may need the activation code to register a Kaspersky CompanyAccount, for example. To recover your activation code, contact Kaspersky Lab Technical Support.

[Topic kes69431]

About the key file

A key file is a file with the .key extension provided to you by Kaspersky Lab. Key files are designed to activate the application by adding a key.

You receive a key file at the email address that you provided when you bought Kaspersky Endpoint Security or ordered the trial version of Kaspersky Endpoint Security.

You do not need to connect to Kaspersky Lab activation servers in order to activate the application with a key file.

You can restore a key file if it has been accidentally deleted. You may need a key file to register a Kaspersky CompanyAccount, for example.

To restore your key file, perform any of the following actions:

• Contact the license seller.
• Receive a key file through Kaspersky Lab website by using your available activation code.

[Topic kes70562]

About data provision

End User License Agreement

When activating Kaspersky Endpoint Security by the activation code, in order to collect statistical information on the distribution and use of Kaspersky Lab products, you agree to automatically provide the following information during use of Kaspersky Endpoint Security:

• The version of the installed software: the installed updates, installation ID and information about the current license.
• The operating system version.
• Identifiers of the Kaspersky Endpoint Security components that are active at the time of data provision.

Kaspersky Security Network statement

In order to identify new and challenging data security threats and their sources, as well as threats of intrusion, and to take prompt measures to increase the protection of the data stored and processed by the User with a computer, the User agrees to automatically provide the following information:

• Information about the version of the operating system (OS) and service packs installed on the computer.
• Information about the Right Holder's installed software and the anti-virus protection status, the unique user identifier in the KL services.
• Information about all scanned objects and actions: the name of the scanned object, the date and time of the scan, the URL- and Referrer addresses from which it was downloaded, the size of scanned files and the paths to them, a sign of the archive, the date and time of file creation, the name, size and checksums (MD5, SHA2-256) of the packer (if the file was packed), the file's entropy, the file's type, the file type code, sign of executable file, identifier and format, the object's checksum (MD5, SHA2-256), the type and value of the object's supplementary checksum, data about the object's digital signature (certificate) , number of starts of the object since the last statistics sending the task identifier of the software that performed the scan, and the means of receiving information about the object's reputation, the value of the TARGET filter, technical parameters of the applicable detection technologies.
• For executable files: the entropy of the file sections, reputation verification flag or file signature flag, name, type, ID, type, checksum (MD5) and the size of the application that was loaded by the object being validated, the application path and template paths, a sign of the Autorun list, date of entry, the list of attributes, name of the packer, information about the digital signature of the application: the publisher certificate, the name of the uploaded file in the MIME format, file build date and time.
• Information about the running applications and their modules: checksums (MD5, SHA2-256) of running files, size, attributes, creation date, names of packers (if the file was packed), names of files, information about processes running on the system (process ID (PID), process name, information about the account the process was started from, the application and command that started the process, the full path to the process's files, and the starting command line, a description of the product that the process belongs to (the name of the product and information about the publisher), as well as digital certificates being used and information needed to verify their authenticity or information about the absence of a file's digital signature), and information about the modules loaded into the processes: their names, sizes, types, creation dates, attributes, checksums (MD5, SHA2-256, SHA1), the paths to them, PE-file header information, names of packers (if the file was packed), information about the availability and validity of these statistics, identifier of the mode for generating the statistics being sent.
• If threats or vulnerabilities are detected, in addition to information about the detected object, information is provided about the identifier, version, and type of the record in the anti-virus database, the name of the threat based on the Right Holder's classification, the date and time of the last update of the anti-virus database, executable file name, the checksum (MD5) of the application file that requested the URL where the threat was detected, the IP address (IPv4 or IPv6) of the detected threat, the vulnerability identifier and its threat level, the URL and Referrer of the web page where the vulnerability was detected.
• If a potentially malicious object is detected, information is provided about data in the processes’ memory.
• Information about network attacks: the IP address of the attacking computer and the user's computer's port number at which the network attack is directed, the identifier of the protocol used to carry out the attack, and the name and type of attack.
• Information about network connections: version and checksums (MD5, SHA2-256, SHA1) of the file from which process was started that opened the port, the path to the process’s file and its digital signature, local and remote IP-addresses, numbers of local and remote connection ports, connection state, timestamp of the port’s opening.
• The URL and IP address of the web page where harmful or suspicious content was detected, the name, size, and checksum of the file that requested the URL, the identifier, weight and degree of the rule used to reach a verdict, the objective of the attack.
• Information about updates of the installed product and anti-virus databases: the completion status of the update task, the type of an error that may occur during an update, the number of unsuccessful updates, the identifier of the product component that performs updates.
• Aggregated data from the results of scanning using the local and cloud KSN databases: the version of the local KSN database on the computer at the time the statistics are sent, the software's database settings identifier, information about successful/unsuccessful requests to KSN, the duration of sessions with KSN, the amount of data sent and received, the times at which the collection of information to be sent to KSN was started and stopped.
• Information about events in the systems logs: the event’s timestamp, the name of the log in which the event was found, type and category of the event, name of the event’s source and the event’s description.
• Information to determine the reputation of files and URL-addresses: the URL-address at which the reputation is being requested and the Referrer, the connection’s protocol type, the internal identifier of the Software type, the number of the port being used, the User identifier, checksum of the scanned file (MD5), type of the detected threat, information about the record used to detect a threat (record identifier for the anti-virus databases, the record timestamp and type).

For additional examination the User agrees to provide files, their parts and checksums that could be exploited by intruders to harm the User’s computer.

Additionally, to prevent incidents and investigate those that do occur, the User agrees to provide trusted executable and non-executable files, reports about applications activity, portions of the computer’s RAM, and the operating system’s boot sectors, as well as the following information about files and processes:

• The names and paths of the files that were accessed by the process.
• URL- and IP-addresses that were accessed by the process.
• URL- and IP-addresses from which the running file was downloaded.

To obtain data on the territorial distribution of software, you agree to automatically provide the right holder with the following information:

• Software installation date and activation date.
• Identifier of the partner who provided the license for software activation.
• The software identifier, and the identifier of the software language localization.
• Serial number of the license, installed in the software.
• Sign of participation in KSN.

In order to promptly detect and fix errors associated with installation, uninstallation, and updating of the product, and to record the number of users, the User agrees to provide the following information:

• Information about the Rightholder’s Software installed on the computer: the Software identifier, the identifier of the Software settings version.
• Information about the versions of the operating system and installed updates: the word size, edition and parameters of the OS run mode.
• Information about the license installed: the license type and its term, the number of days till the license expiration, identifier of the partner from whom the license was purchased.
• Type of the Software installation on the computer (initial installation, updating, etc.) and the installation success flag or the installation error number, the type identifier of the computer and its model name.
• Identifiers of 3rd party applications, which offer to install their application together with the Software, as well as identifiers of the 3rd party applications which were installed with the Software.

To improve performance of Kaspersky Lab’s products, the User agrees to submit the following information:

• Information about computer: operating system and service packs installed, version and checksums (MD5, SHA2-256, SHA1) of the OS kernel file, parameters of the OS run mode.
• Information about the software installed on the computer: the name of the software and the name of its publisher, information about software components files: checksums (MD5, SHA2-256, SHA1), name of a file, its path on the computer, size, version and digital signature.
• Information about hardware installed on the computer: type, name, model name, firmware version, parameters of built-in and connected devices.
• Information about the last unsuccessful OS restart: the number of unsuccessful restarts.

When participating in KSN, you agree to provide the following information for all purposes mentioned above:

• The unique software installation identifier.
• The full version of the installed software.
• The type identifier of the installed software.
• The unique identifier of the computer with the installed software.

Read Kaspersky Security Network Statement

You agree to submit the following information for the purpose of Software identification during database and module updates:

• Software ID (AppID)
• Active license ID
• Unique Software installation ID (InstallationID)
• Unique Update task launch ID (SessionID)
• Version of Software (BuildInfo)
• Information about updating the Updater component, including unsuccessful update tasks, the number of failed starts after the upgrade, the version of the component, the error code, the ID of the type of update task, the status code of the software after the update, the date and time the statistics is sent.

To check the legitimacy of the Software use, the Rightholder reserves the right to verify that you have a licensed copy of Kaspersky Endpoint Security.

Kaspersky Endpoint Security can transmit the following license information needed to verify the legitimacy of the application use to the Kaspersky Lab:

• Identifier of regional activation center.
• Hashsum of activation code.
• Time and date of ticket creation.
• License information identifier.
• License ticket identifier.
• License ticket sequence identifier.
• Unique identifier of user's computer HDD.
• Date of from which the license ticket is valid.
• The current state of license.
• License version.
• Ticket header ID.
• Application ID of the currently used application.
• List of application IDs of applications that are compatible with the currently used application.
• Localization ID.
• Application version.
• Installation ID.
• Application build ID.

Kaspersky Endpoint Security saves the following information in a Trace file:

• Information about the anti-virus protection status of the Computer, as well as all detected objects and actions (including the name of the detected object, date and time of detection, the web address from which it was downloaded, the names and sizes of infected files and paths to them, the IP address of the attacking computer and the number of the Computer port targeted by the network attack, list of malware activity, and unwanted web addresses) and the decisions taken by the Software and the user on them
• Information about applications downloaded by the user (web address, attributes, file size, and information about the process that downloaded the file)
• Information about the applications launched and their modules (size, attributes, creation date, PE header details, region, name, location, and packers)
• Information about interface errors and usage of the interface of the installed Kaspersky Lab Software
• Information about network connections, including the IP address of the remote computer and the user's Computer, the numbers of ports through which the connection was established, and the network protocol of the connection
• Information about network packets received and sent by the Computer over IT and telecom networks
• Information about email and instant messages sent and received
• Information about web addresses visited, including when the connection was established using an open protocol, data on the website access login and password, and the content of cookies
• Server public certificate

Files (or their parts) that may be exploited by intruders to harm the Computer or data may be also sent to Kaspersky Lab to be examined additionally.

Kaspersky Lab protects any information thus received in accordance with law and applicable Kaspersky Lab rules.

Kaspersky Lab uses any received information in anonymized form and as general statistics only. Aggregate statistics are automatically generated from the source information received, and do not contain any personal or other confidential data. The original information received is destroyed as new information is accumulated (once a year). Aggregate statistics are stored indefinitely.

Participation in Kaspersky Security Network is voluntary. The decision to participate is made when you install Kaspersky Endpoint Security. However, you can change your decision later at any time.

[Topic kes58751]

Activate Kaspersky Endpoint Security

Important: Before activating Kaspersky Endpoint Security, make sure that the date and time that set on your computer match the actual date and time.

Activating the application involves adding a key to the application.

Note: An Internet connection is required to activate the application.

Activate the trial version

Activate the application with an activation code

After you have activated the application with the activation code, you can view the following information in the Licensing window:

• Active key
• Key or subscription status
• The number of computers on which you can use the application under the current license or subscription
• License expiration date and time
• Number of days until license expiration

[Topic kes58761]

View license information

View license information

The Licensing window may contain the following information:

• Active key
• Reserve key (if any)
• License or subscription status
• The number of computers on which you can use the application under the current license or subscription
• License expiration date and time
• Number of days until license expiration

[Topic kes159120]

Manage licenses and subscriptions

You have to renew the license if the license associated with the active key has expired and no reserve key has been added. When the license expires, the application continues to operate with limited functionality (updates, Kaspersky Security Network and FileVault disk encryption via Kaspersky Security Center become unavailable). You can still use all application components and run virus scans, but only with the anti-virus databases that were installed before the license expired.

Important: When your anti-virus databases are out of date, your computer is at increased risk of infection.

Renew a license

When you use the application under subscription, Kaspersky Endpoint Security automatically contacts the activation server at specific intervals until your subscription expires.

If you use the application under an unlimited subscription, Kaspersky Endpoint Security renews your subscription without requiring any action from you.

If you use the application under a limited subscription and the grace period for renewing the subscription is over, Kaspersky Endpoint Security notifies you of this and stops trying to automatically renew the subscription and updating the application databases.

You can renew your subscription manually by contacting the vendor that sold you Kaspersky Endpoint Security.

Renew your subscription

Your subscription status may become out of date. In this case, you need to manually update the status of your subscription. If you do not have a current subscription, Kaspersky Endpoint Security stops updating the application databases.

Update subscription status

[Topic kes100327]

Perform common tasks

[Topic kes58262]

Open and quit the application

As soon as you complete installation of Kaspersky Endpoint Security, the application starts automatically and the application icon appears in the menu bar.

Open Kaspersky Endpoint Security

Quit Kaspersky Endpoint Security

Important: After you quit Kaspersky Endpoint Security, the computer is no longer protected and may become infected, which puts your data at risk of being loss.

[Topic kes58282]

View the status of computer protection

The protection status indicator, which is shaped like a computer and located in the main application window, informs you about computer protection problems. Depending on the status of computer protection, the color of the indicator can change. If Kaspersky Endpoint Security detects any security threats, a message about threats appears in the main application window and the indicator changes color.

The indicator color can change in the following ways:

• Green. Your computer is appropriately protected.

  A green indicator signifies that anti-virus databases are up to date and all application components have been configured as recommended by Kaspersky Lab. No malicious objects have been detected, or any detected malicious objects have been neutralized.

• Yellow. The level of computer protection is reduced.

  A yellow indicator signifies that Kaspersky Endpoint Security is aware of a problem. Such problems include, for example, minor deviations from the recommended protection settings or slightly outdated application databases.

• Red. Your computer is at risk of infection.

  A red indicator signifies that there are dangerous problems that may lead to the infection of your computer and loss of data. For example, the anti-virus application databases are extremely out of date, the application is not activated, or malicious objects have been detected.

  It is recommended to fix problems and deal with security threats as soon as possible.

[Topic kes58285]

Disable and resume computer protection

By default, Kaspersky Endpoint Security starts after the operating system starts up, and protects your computer until it is turned off. All protection components (File Anti-Virus, Web Anti-Virus, and Network Attack Blocker) are enabled and running.

You can disable protection completely or disable specific protection components.

Important: Kaspersky Lab strongly advises against disabling protection or protection components, because disabling them may lead to infection of your computer and data loss.

When computer protection is disabled:

• The application icon in the menu bar is inactive.
• The protection status indicator in the main application window is red.

When one or more protection components are disabled, the protection status indicator is red or yellow.

Note: Disabling or pausing protection components does not affect virus scan tasks or the update task.

You can disable/resume computer protection in one of the following ways:

• From the application icon
• From the application preferences window

Disable/resume computer protection from the application icon

Disable/resume computer protection from the application preferences window

Important: If you have disabled computer protection, it will not be re-enabled automatically when Kaspersky Endpoint Security starts again. You have to re-enable computer protection manually.

Disable a protection component

Important: If you disable a protection component, it will not be re-enabled automatically when Kaspersky Endpoint Security starts again. You have to re-enable the protection component manually.

Enable a protection component

To enable computer protection or protection components, you can also use Protection Center. Disabling computer protection or disabling protection components puts your computer at much higher risk of infection. This is why Protection Center informs you when computer protection is disabled.

[Topic kes58772]

Perform scan tasks

The default Full Scan task is included in Kaspersky Endpoint Security. While running this task, the application scans memory, startup objects, and all internal drives of the computer for viruses and other malware.

Perform a full computer scan

The default Quick Scan task is included in Kaspersky Endpoint Security. While running this task, the application scans the critical areas of the computer (memory, startup objects, and system folders) for viruses and other malware.

Perform a quick computer scan

If you want to scan an individual object (such as an internal drive, folder, file, or removable drive) for viruses and other malware, you can run the Custom Scan task.

Scan a selected item

Scan an object from the drop-down list of default custom scan objects

You can view the results of completed scan tasks in the Reports window.

[Topic kes58281]

Use Protection Center

Protection Center is a Kaspersky Endpoint Security feature that helps you analyze and fix problems and computer security threats.

Open Protection Center

In Protection Center, you can view a list of current problems and security threats. For each problem or threat, Kaspersky Endpoint Security suggests actions that you can perform to resolve the problem or threat. For example, if Kaspersky Endpoint Security detects infected files on the computer, you can click Disinfect. If the anti-virus databases are out of date, you can click Update. You can fix a problem or neutralize a threat immediately or later.

Fix a problem or neutralize a threat immediately

If you close Protection Center without neutralizing dangerous threats, the protection status indicator in the main application window remains red to remind you of these threats.

In Protection Center, you can also view Kaspersky Endpoint Security recommendations and update task progress.

[Topic kes24613]

Configure the automatic start of a scheduled virus scan task

You can create a schedule for starting the Quick Scan and Full Scan tasks. Kaspersky Endpoint Security automatically scans the entire computer or critical areas of the computer in accordance with the configured schedule.

Configure the automatic start of a scheduled virus scan task

You can view virus scan task results in the application reports window.

[Topic kes58779]

What to do if file access is blocked

Kaspersky Endpoint Security blocks access to infected files and applications. If a file is infected, it must be disinfected before it can be accessed.

Disinfect detected objects

[Topic kes58769]

Update application databases

Kaspersky Lab updates Kaspersky Endpoint Security application databases by using update servers. Kaspersky Endpoint Security downloads updates from Kaspersky Lab update servers, which are Kaspersky Lab HTTP servers where Kaspersky Endpoint Security updates are regularly published.

Note: An Internet connection is required to download updates from the update servers.

By default, Kaspersky Endpoint Security periodically checks for updates on Kaspersky Lab update servers. If a set of the latest updates is available on a server, Kaspersky Endpoint Security downloads the updates in the background and installs them on your computer.

Start an update of Kaspersky Endpoint Security

You can view the results of completed update tasks in the Reports window.

[Topic kes58770]

Restore a file that has been deleted or disinfected by the application

Important: It is not recommended that you restore backup copies of files unless restoring is absolutely necessary, because doing so could lead to an infection of your computer.

Sometimes it is not possible to save files in their entirety during the disinfection process. If a disinfected file contained important information that is partly or completely inaccessible following disinfection, you can attempt to restore the original file from its backup copy.

Restore a file that has been deleted or modified by the application during disinfection

[Topic kes96813]

View the application operation report

Information about events related to File Anti-Virus, Web Anti-Virus, Network Attack Blocker, virus scan, or update tasks is displayed in the reports window.

Open the reports window

[Topic kes58777]

What to do if notification windows appear

Application notifications, in the form of notification windows, inform you of application events that require your attention.

If a notification appears on the screen, select one of the suggested options. The optimal option is the one that is set as the default option by Kaspersky Lab experts.

[Topic kes123256]

Advanced configuration of the application

[Topic kes96925]

Computer protection scope

Objects detected by Kaspersky Endpoint Security are divided into categories based on various attributes. The application always searches for viruses, worms, Trojans, and malicious utility tools. These programs may cause significant damage to your computer. To ensure more reliable protection for your computer, you can extend the list of detectable objects by enabling the application to check for legitimate software that an intruder could exploit to damage your computer or personal data.

The objects that Kaspersky Endpoint Security protects against are grouped as follows:

• Viruses, worms, Trojans, malicious tools. This category includes all types of malware. Protection against all types of malware ensures the minimum necessary security level. In accordance with the recommendations of Kaspersky Lab experts, Kaspersky Endpoint Security always monitors objects that belong to this category.
• Adware. This category includes software that can inconvenience the user.
• Auto-dialers. This category includes applications that establish phone connections through a modem in hidden mode.
• Other applications. This category includes legitimate programs that may be used by intruders to harm the user's computer or data.

Select the categories of objects to detect

Depending on the selected categories of objects to detect, Kaspersky Endpoint Security uses some or all of its application databases when running File Anti-Virus, Web Anti-Virus, and virus scan tasks.

Note: Kaspersky Lab specialists recommend that you keep protection enabled against adware and auto-dialers. If Kaspersky Endpoint Security classifies an application as malware but you believe it is safe, you can add this application to Trusted Zone.

Trusted Zone is a list of objects that Kaspersky Endpoint Security does not scan or monitor. You may need to add objects to Trusted Zone if, for example, Kaspersky Endpoint Security blocks access to a file, application folder, or website even though you are absolutely sure that this object or web address is harmless.

Add/remove a file or folder to/from the list of trusted files and folders

Add/remove a trusted web address to/from the list of trusted web addresses

Enable monitoring of a trusted web address

[Topic kes96931]

File Anti-Virus

File Anti-Virus prevents infection of the computer's file system. The component starts during startup of the operating system, remains in the computer RAM, and scans for viruses and other malware all files that are opened, saved, or run on your computer and on all connected drives. If you disable File Anti-Virus, it will not start at operating system startup. You will have to re-enable File Anti-Virus manually.

Enable/disable File Anti-Virus

You can create a protection scope for File Anti-Virus.

Add/remove a file or folder from the protection scope

Add/remove an object of the default protection object list from the protection scope

Disable protection of an object in the protection scope

When you or an application attempt to access a file included in the protection scope, File Anti-Virus checks iSwift databases for information about the file, and uses this information to decide whether to scan the file.

Recognizing malicious objects is possible thanks to signature analysis, a way of searching for threats based on threat descriptions included in the anti-virus databases. In addition to signature analysis, File Anti-Virus uses heuristic analysis and other scanning technologies.

If a threat is detected in a file, Kaspersky Endpoint Security identifies the type of the detected malicious program (for example, virus or Trojan). After that the application displays a notification about the detected object and takes the action on the object based on your File Anti-Virus preferences.

Select the action that File Anti-Virus performs after detecting an infected file

Before attempting to disinfect or delete an infected file, Kaspersky Endpoint Security saves a backup copy for subsequent restoration or disinfection.

Information about File Anti-Virus operation and all detected objects is logged in a report.

Note: If File Anti-Virus stops running with an error, you can view the report and try to start the component again. If the problem is not solved, you can contact Technical Support at Kaspersky Lab.

View the File Anti-Virus report

[Topic kes58556]

Web Anti-Virus

When you use the Internet, the information on your computer is at risk of infection by viruses and other computer security threats. Computer security threats may penetrate your computer when you download free programs or visit websites that have been attacked by hackers. In addition, network worms may attack your computer as soon as your computer establishes an Internet connection, even before you open a web address or download a file.

The Web Anti-Virus component protects information that your computer sends and receives via the HTTP and HTTPS protocols in Safari, Chrome, or Firefox.

Note: Web Anti-Virus monitors web traffic on the ports most frequently used for HTTP and HTTPS data transfer.

Enable/disable Web Anti-Virus

Important: If you have disabled Web Anti-Virus, it will not be re-enabled automatically when Kaspersky Endpoint Security starts again or when the operating system restarts. You have to re-enable Web Anti-Virus manually.

Web Anti-Virus scans web traffic based on the settings recommended by Kaspersky Lab. When Web Anti-Virus detects a threat, it performs the action that you specify. Malicious objects are recognized using signature analysis, heuristic analysis, and data from Kaspersky Security Network.

Select the action that Web Anti-Virus performs after detecting dangerous web traffic objects

Checking links on webpages for phishing threats and malicious web addresses makes it possible to avoid phishing attacks. Phishing attacks usually take the form of email messages from criminals, who pretend to be financial institutions (such as banks) and send links to fraudulent websites. In these emails, the criminals try to trick the user into visiting a phishing website and entering confidential data (such as your bank card number or the name and password for your online bank account). A phishing attack can be disguised, for example, as a message from your bank with a link to its official website, but in reality the link takes you to an exact copy of the bank's official website created by impostors.

Web Anti-Virus monitors your web traffic for attempts to visit a phishing website; it blocks access to such websites. To check links on webpages for phishing threats and malicious web addresses, Kaspersky Endpoint Security uses the application databases, heuristic analysis, and data from Kaspersky Security Network.

Web traffic scan algorithm

Each website or file that you or an application accesses via the HTTP and HTTPS protocols is intercepted and scanned for malicious code by Web Anti-Virus:

• If a website or file contains malicious code, Kaspersky Endpoint Security can block it and display a notification that the requested file or webpage is infected.
• If the file or website does not contain malicious code, you can access it immediately.

Information about Web Anti-Virus operation and all detected dangerous web traffic objects is logged in a report.

Note: If Web Anti-Virus stops running with an error, you can view the Web Anti-Virus report and try to restart the component. If the problem is not solved, you can contact Technical Support at Kaspersky Lab.

View the Web Anti-Virus report

[Topic kes88075]

Network Attack Blocker

Kaspersky Endpoint Security protects your computer against network attacks.

A network attack is an attempt to break into the operating system of a remote computer. Criminals attempt network attacks to establish control over the operating system, cause operating system denial of service, or access sensitive information. To achieve these goals, criminals either carry out direct attacks such as port scanning and brute force attacks, or use malware installed on a computer under attack.

Network attacks can be divided into the following types:

• Port scanning. This type of network attack is usually performed to prepare for a more dangerous network attack. An intruder scans UDP/TCP ports that use network services on the target computer and determines the vulnerability of the target computers to other, more dangerous types of network attacks. Port scanning also enables the intruder to determine the operating system on the target computer and select appropriate network attacks for that operating system.
• DoS attacks or network attacks causing a denial of service. Such network attacks cause the target operating system to become unstable or completely inoperable.

  The following main types of DoS attacks exist:

  • Transmission of specially designed network packets that are not expected by the target computer and therefore cause the target operating system to malfunction or crash.
  • Sending a large number of network packets to a remote computer over a short period. All of the resources of the target computer are used to process the network packets sent by the intruder. As a result, the computer stops performing its functions.
• Network intrusion attacks. Such network attacks are designed to "hijack" the operating system of the target computer. This is the most dangerous type of network attack because, if the attack is successful, the intruder gains total control over the operating system.

  This type of network attack is used when the intruder wants to obtain confidential data from a remote computer (such as bank card numbers or passwords) or secretly use the remote computer for the intruder’s purposes (such as for attacking other computers from this computer).

Enable/disable Network Attack Blocker

Important: If you have disabled Network Attack Blocker, it will not be re-enabled automatically when Kaspersky Endpoint Security starts again or after the operating system restarts. You have to re-enable Network Attack Blocker manually.

When the application detects dangerous network activity, Kaspersky Endpoint Security automatically adds the IP address of the attacking computer to the list of blocked computers, unless the attacking computer is in the list of trusted computers.

Edit the list of blocked computers

You can create and edit the list of trusted computers. Kaspersky Endpoint Security doesn't block the IP addresses of these computers automatically even after dangerous network activity is detected from them.

Edit the list of trusted computers

When a network attack is detected, Kaspersky Endpoint Security logs information about the attack in a report.

Note: If the Network Attack Blocker component stops running with an error, you can view the report and try to restart the component. If the problem is not solved, you can contact Technical Support at Kaspersky Lab

View the Network Attack Blocker report

You can view overall statistics on protection against network attacks (number of blocked computers and number of events since last startup of the Network Attack Blocker component) in Protection Center by clicking the Details button in the right pane of the main application window.

[Topic kes58390]

Virus Scan

In addition to the real-time computer protection provided by File Anti-Virus and Web Anti-Virus, you are advised to regularly scan your computer for viruses and other computer security threats. Computer scanning is necessary to prevent the spread of malware that has not been detected by the protection components.

Kaspersky Endpoint Security contains the following built-in virus scan tasks:

• Full Scan.

  A virus scan of memory, startup objects, and all internal drives of the computer.

• Quick Scan.

  A virus scan of only critical areas of the computer: memory, startup objects, and system folders.

• Custom Scan.

  A virus scan of a specified object (file, folder, drive, or removable drive).

Each scan task is performed within a specified scan scope and is started manually. Malicious objects are recognized through signature analysis. In addition to signature analysis, Kaspersky Endpoint Security uses heuristic analysis and other scanning technologies.

Start Full Scan and Quick Scan tasks

Start a Custom Scan task

Stop a virus scan task

You can also configure the Full Scan and Quick Scan tasks to run automatically according to a specified schedule.

Configure Full Scan and Quick Scan schedule preferences

The Full Scan and Quick Scan tasks already contain scan scopes. While performing the Full Scan task, Kaspersky Endpoint Security scans memory, startup objects, and all internal drives of the computer. While performing the Quick Scan task, Kaspersky Endpoint Security scans computer memory, startup objects, and system folders. You can change the scan scope of the Full Scan and Quick Scan tasks.

Add/remove a file or folder to/from the scan scopes of the Full Scan and Quick Scan tasks

Add an object from the default list of Full Scan and Quick Scan objects to the scan scope

Disable protection of an object in the Full Scan or Quick Scan task scan scope

For each scan task you can choose one of the preset security levels:

• Maximum protection – a security level ensuring a full scan of the entire computer or individual disks, folders, or files. This security level is recommended when you suspect that the computer is infected.
• Recommended – a security level with the preferences recommended by Kaspersky Lab.
• Maximum speed – this security level enables you to use other applications that require significant system resources, since the scope of files scanned at this security level is smaller.

By default, virus scan tasks are performed at the Recommended security level. You can increase or decrease the thoroughness of the scan by selecting Maximum protection or Maximum speed, respectively. You can also edit the preferences of the current security level. This will change the name of the security level to Custom.

Select the security level

Edit the preferences of the current security level

Restore default scan preferences

Upon detecting an infected object, the application displays a notification prompting the user to select the action to be taken on the object. You can modify the action to perform when an object is detected.

If a threat is detected in a file, Kaspersky Endpoint Security identifies the type of the detected malicious program (for example, virus or Trojan).

Select the action to take on objects during scanning

Before disinfecting or deleting an infected file, Kaspersky Endpoint Security saves a copy of it in Backup so you can restore the original file, if necessary.

Information about the results of virus scan tasks and all detected objects is logged in a virus scan task report.

View the virus scan task report

[Topic kes58397]

Update tasks

Timely updates of application databases ensure that your computer remains protected. File Anti-Virus, Web Anti-Virus and virus scan tasks use application databases to detect and neutralize malware on your computer. Application databases are updated regularly with new threats and ways to neutralize them, so it is important that you update the databases.

By default, Kaspersky Endpoint Security downloads application databases and new application modules from Kaspersky Lab update servers and installs them on your computer.

Start an application database update

Dedicated Kaspersky Lab update servers are the main source of updates for Kaspersky Endpoint Security. You can also use Kaspersky Security Center servers, local folders, or other web servers as an update source.

Select an update source

Note: An Internet connection is required to download an update package from update servers. If you connect to the Internet via a proxy server, you may need to configure the network preferences.

Application database updates can be downloaded in one of the following modes:

• Automatically. Kaspersky Endpoint Security periodically checks for updates on Kaspersky Lab update servers. During a virus outbreak the frequency of these checks may increase and then decrease afterwards. If a set of the latest updates is stored on a server, Kaspersky Endpoint Security downloads them in the background and installs them on your computer. This is the default update mode.
• Manually. In this case, you start updates of Kaspersky Endpoint Security manually.
• By schedule. Kaspersky Endpoint Security is automatically updated according to a schedule.

By default, Kaspersky Endpoint Security module updates are downloaded and installed on the computer automatically.

Select the Kaspersky Endpoint Security update mode

Configure a Kaspersky Endpoint Security update schedule

During an update the application databases and modules are compared with those currently available at the update source. If the latest version of the databases is installed on your computer, the Update window or Protection Center display a message to inform you that the application databases are up-to-date. If the application version and application databases differ from those currently available from the update source, then only the missing update components are installed on your computer. Application databases are not copied in their entirety, which increases update speed and reduces Internet traffic.

Disable automatic download and installation of updates of application modules on the computer

If you connect to the Internet via a proxy server, you can configure the proxy server connection preferences. Kaspersky Endpoint Security uses these preferences to update application databases and download application module updates.

Configure a connection to a proxy server

Before updating the application databases Kaspersky Endpoint Security creates backup copies of them so a rollback can be performed, if necessary. The rollback feature is useful if a new version of the application databases contains an incorrect signature that makes Kaspersky Endpoint Security block a safe application.

Note: If Kaspersky Endpoint Security databases become corrupted, you are advised to start an update to download and install the latest version of application databases.

Roll back the last update

While updating Kaspersky Endpoint Security you can copy the downloaded updates to a local source. You can use a local copy of downloaded updates to update application databases and modules of Kaspersky Endpoint Security on other computers on the corporate network in order to reduce the amount of Internet traffic.

You can set up update distribution as follows:

1. One of the computers on the network receives the Kaspersky Endpoint Security update package from Kaspersky Lab update servers or a different update source. The updates retrieved are placed in a shared folder.

   Note: The shared folder must be created in advance.

2. Other computers on the network refer to the shared folder as the update source.

   

   Distribution of updates via a local computer

Enable copying of updates to a local folder

Information about the progress of the current update task (percent complete) is shown in the lower part of the Update window and also in the main application window and in Protection Center.

Detailed information about the results of the Update task is logged in the update task report.

View the update task report

[Topic kes59231]

Backup

Sometimes the integrity of infected files cannot be preserved during the disinfection process. If a disinfected file contained important information that is partly or completely inaccessible following disinfection, you can restore the original file from Backup.

A backup copy is a copy of a dangerous file that is created when the file is disinfected or deleted. It is stored in Backup.

Backup is a special storage area that contains backup copies of files that have been deleted or modified during disinfection. The main function of Backup is enabling the user to restore an original file at any time. Files in Backup are saved in a special format and are not dangerous for the computer.

View the contents of Backup

You can restore or remove backup copies of files from Backup.

Restore a backup copy of a file from Backup

Remove a backup copy of a file from Backup

By default, the storage term for files in Backup is 30 days. When this term expires the files are deleted. You can change the maximum Backup storage period for files or remove the limit on the storage period.

Configure the storage period for files in Backup

[Topic kes59232]

Reports

You can view a Kaspersky Endpoint Security report listing all detected objects. Additionally, a separate detailed report is created for each of the following application components: File Anti-Virus, Web Anti-Virus, Network Attack Blocker, virus scan and update tasks.

Open the Reports window

Kaspersky Endpoint Security can save reports in text format. This functionality may be useful if File Anti-Virus, Web Anti-Virus, Network Attack Blocker, a virus scan task, or the update task results in an error that you can't fix on your own and you need assistance from Kaspersky Lab Technical Support. In this case, send a text report to Kaspersky Lab Technical Support so our specialists can study the problem and fix it as quickly as possible.

Export a report on a Kaspersky Endpoint Security component or task to a text file

By default, Kaspersky Endpoint Security doesn't log informational events in reports. You can allow logging of informational events.

Enable logging of informational events in reports

[Topic kes159877]

FileVault disk encryption

Note: The FileVault disk encryption feature will be available in Kaspersky Security Center 10 SP3. For more information, contact Kaspersky Lab Technical Support.

Kaspersky Endpoint Security allows managing FileVault encryption remotely. Encryption prevents other users from unauthorized access to sensitive data stored on the startup disk of the user's computer.

When an administrator starts FileVault encryption of a computer from Kaspersky Security Center, Kaspersky Endpoint Security prompts a user of this computer to enter his or her credentials. Disk encryption only starts after the user provides the credentials and the computer is restarted.

Note: If FileVault encryption management isn't enabled in Kaspersky Security Center, users with administrator rights can encrypt and decrypt their Mac startup disks from System Preferences. For more information on FileVault, refer to Apple's documentation.

If the computer has multiple computer accounts, FileVault encryption makes the disk inaccessible to all users except for the user who entered the credentials.

Allow other users to unlock the disk

Note: Administrator rights are required to allow other users to unlock the disk.

[Topic kes59237]

Participate in Kaspersky Security Network

When you participate in Kaspersky Security Network, Kaspersky Endpoint Security statistics are automatically sent to Kaspersky Lab to enhance protection of your Mac. To increase the reliability of protection on your computer, Kaspersky Endpoint Security uses data provided by users from all over the world. A network named Kaspersky Security Network is designed to analyze such data.

Kaspersky Security Network (KSN) is an infrastructure of cloud services that provides access to the Kaspersky Lab database with constantly updated information about the reputation of files, websites, and software. Use of data from Kaspersky Security Network ensures that Kaspersky Lab applications respond faster to threats, improves the performance of some protection components, and reduces the risk of false positives.

When you participate in Kaspersky Security Network, Kaspersky Endpoint Security statistics are automatically sent to Kaspersky Lab to enhance protection of your Mac.

Note: Kaspersky Lab doesn't collect, process, or store any personal data.

Participation in Kaspersky Security Network is voluntary. The decision to participate is made when you install Kaspersky Endpoint Security. However, you can change your decision later at any time.

Enable Kaspersky Security Network

[Topic kes26818]

Manage the application from the command line

[Topic kes123251]

Manage the application from the command line

You can manage Kaspersky Endpoint Security from the command line.

Note: After updates of Kaspersky Endpoint Security modules are installed, the version of the application client in the command line may differ from the installed version of the application.

Command line syntax:

kav <command> <parameters>

Use this command to view the application command line syntax:

kav -? | help

To get help on the syntax of a specific command, you can use one of the following commands:

kav <command> -?

kav help <command>

Each command has its own range of supported parameters.

[Topic kes26819]

View Help

Use this command to view the application command line syntax:

kav -? | help

To get help on the syntax of a specific command, you can use one of the following commands:

kav <command> -?

kav help <command>

[Topic kes26820]

Run virus scan

The text of the command to start a virus scan of a specific area has the following general format:

kav scan <scan scope> <action> <file types> <exclusions> <report parameters> <advanced parameters>

Note: To run a virus scan, you can also use tasks created in the application by starting one from the command line. The task is started with the parameters that are specified in the Kaspersky Endpoint Security interface.

Parameter descriptions

<scan scope> – This parameter specifies a list of objects that are to be scanned for malicious code. The parameter may include several values (separated by a space) from the following list:

• <files> – List of paths to files and/or folders to be scanned. You can enter an absolute or relative path. Items in the list are separated by a space.

  Note: If the name of an object or the path to it includes a space or special characters (such as $, &, or @), the name should be encased in single quotes (' '), or each of the special characters should be escaped by adding a backslash (\) immediately before it.

  If reference is made to a specific folder, all files and folders in this folder are scanned.

• -all – Full scan of your computer
• -remdrives – All removable drives
• -fixdrives – All internal drives
• -netdrives – All network drives
• -@:<filelist.lst> – Path to the file with a list of objects and folders within the scan scope. The file must be in text format and each scan object must be listed in a separate line. Only an absolute path to the file may be entered.

<action> – This parameter determines the action to take on malicious objects that are detected during the scan. If this parameter is not defined, the default action is the one corresponding to the value -i8. The following values are possible:

• -i0 – Take no actions on the object, only save information about the object in a report.
• -i1 – Disinfect infected objects, skip them if they cannot be disinfected.
• -i2 – Disinfect infected objects, delete them if they cannot be disinfected; do not delete containers, except for those with executable headers (.sfx archives).
• -i3 – Disinfect infected objects, delete them if they cannot be disinfected; delete containers completely if infected files inside them cannot be deleted.
• -i4 – Delete infected objects; delete containers completely if infected files inside them cannot be deleted.
• -i8 – Prompt the user for action if an infected object is detected (used by default).
• -i9 – Prompt the user for action when the scan is completed.

<file types> – This parameter defines the file types that are subject to virus scan. By default, if this parameter is not defined, only infectable files (based on the file contents) are scanned. The following values are possible:

• -fe – Scan only infectable files by extension.
• -fi – Scan only infectable files by content (used by default).
• -fa – Scan all files.

<exclusions> – This parameter defines the objects to exclude from scanning. You can include several parameters from the list below, separating them with a space:

• -e:a – Do not scan archives.
• -e:b – Do not scan email databases.
• -e:m – Do not scan email messages in text format.
• -e:<mask> – Do not scan objects by mask.
• -e:<seconds> – Skip objects that are scanned for longer than the specified length of time (in seconds).
• -es:<size> – Skip objects with size larger than the specified value (in megabytes).

<report parameters> – These parameters define the format of the report containing the scan results. You can use an absolute or relative path to the file for saving the report. If this parameter is not defined, scan results are displayed and all events are shown.

• -r:<report file> – Log only important events to the specified report file.
• -ra:<report file> – Log all events to the specified report file.

<advanced parameters> – Parameters that define the use of virus scan technologies and configuration files:

• -iSwift=<on|off> – Enable/disable the use of iSwift.
• -c:<configuration file> – Define the path to the configuration file that contains the application preferences for virus scan tasks. You can enter an absolute or relative path to the file. If this parameter is not specified, the values set in the application interface are used together with the values that are already specified in the command line.

[Topic kes26821]

Update the application

Command syntax:

kav update <update source> -app=<on|off> <report parameters> <advanced parameters>

Parameter descriptions

<update source> – An HTTP server or a network or local folder from which updates are downloaded. If a path is not selected, the update source will be taken from the application update preferences.

-app=<on|off> – Enable/disable updates of application modules.

<report parameters> – These parameters define the format of the report on the scan results. You can use an absolute or relative path to the file. If this parameter is not defined, update results are displayed and all events are shown. The following values are possible:

• -r:<report file> – Log only important events to the specified report file.
• -ra:<report file> – Log all events to the specified report file.

<advanced parameters> – A parameter that defines use of a configuration file.

-c:<configuration file> – Defines the path to a configuration file that contains the application preferences for updating the application. You can enter an absolute or relative path to the file. If this parameter is not defined, the values set in the application interface are used.

[Topic kes26828]

Roll back the last update

Command syntax:

kav rollback <report parameters>

Important: Administrator rights are required to run this command.

Parameter descriptions

<report parameters> – This parameter defines the format of the report containing the results of the update rollback. You can use an absolute or relative path to the file. If this parameter is not defined, rollback results are displayed and all events are shown.

• -r:<report file> – Log only important events to the specified report file.
• -ra:<report file> – Log all events to the specified report file.

[Topic kes59643]

Start/stop a component or task

The start command syntax:

kav start <task or component name> <report parameters>

The stop command syntax:

kav stop <task or component name>

Important: Administrator rights are required to run the stop command.

Parameter descriptions

<task or component name> – Specify one of the following values:

• fm or file_monitoring – File Anti-Virus
• wm or web_monitoring – Web Anti-Virus
• ids – Network Attack Blocker
• full or scan_my_computer – Full Scan task
• scan_objects – Custom Scan task
• quick or scan_critical_areas – Quick Scan task
• updater – Update task
• rollback – Rollback task

<report parameters> – These parameters define the format of the report on the component or task results. You can use an absolute or relative path to the file. If this parameter is not defined, Kaspersky Endpoint Security displays results in accordance with parameters configured in the graphical user interface.

Note: <report parameters> is only available for scan_objects, updater, and rollback values.

The following values are possible:

• -r:<report file> – Kaspersky Endpoint Security logs only important events to the specified report file.
• -ra:<report file> – Kaspersky Endpoint Security logs all events to the specified report file.

Note: Components and tasks started from the command prompt are run with the parameters configured in the graphical user interface.

[Topic kes26830]

View status and statistics of a component or task

The status command syntax:

kav status <task or component name>

The statistics command syntax:

kav statistics <task or component name>

Parameter descriptions

<task or component name> – Specify one of the following values:

• fm or file_monitoring – File Anti-Virus
• wm or web_monitoring – Web Anti-Virus
• ids – Network Attack Blocker
• full or scan_my_computer – Full Scan task
• scan_objects – Custom Scan task
• quick or scan_critical_areas – Quick Scan task
• updater – Update task
• rollback – Rollback task

Note: If the status command is run without specifying a value for the <task or component name> parameter, the current status of all tasks and components of the application is displayed. For the statistics command, a value must be specified for the <task or component name> parameter.

[Topic kes26831]

Export protection preferences

Command syntax:

kav export <task or component name> <export file>

Parameter descriptions

<task or component name> – Specify one of the following values:

• fm or file_monitoring – File Anti-Virus
• wm or web_monitoring – Web Anti-Virus
• ids – Network Attack Blocker
• full or scan_my_computer – Full Scan task
• scan_objects – Custom Scan task
• quick or scan_critical_areas – Quick Scan task
• updater – Update task
• rollback – Rollback task

<export file> – Path to the file to which the application preferences are exported. An absolute or relative path may be specified.

[Topic kes26822]

Activate the application

You can activate Kaspersky Endpoint Security by applying a key file.

Command syntax:

kav addkey <key file or key activation code>

Parameter descriptions

<key file> – application key file with .key extension.

<key activation code> - activation code in XXXX-XXXX-XXXX-XXXX format.

[Topic kes26827]

Return codes of the command line

The general codes may be returned by any command from the command line. The return codes include general codes as well as codes specific to a certain task.

Syntax of the command for receiving the return code:

echo $?

General return codes:

• 0 – Operation completed successfully
• 1 – Invalid parameter value
• 2 – Unknown error
• 3 – Task completion error
• 4 – Task canceled

Virus scan task return codes:

• 101 – All malicious objects processed
• 102 – Malicious objects detected

[Topic kes26824]

Quit the application

Command syntax:

kav exit

Important: Administrator rights are required to run this command.

[Topic kes127598]

Manage the application via Kaspersky Security Center

Kaspersky Security Center is designed for centralized management of corporate network security. For detailed information about Kaspersky Security Center, see Kaspersky Security Center Help.

You can also manage Kaspersky Endpoint Security via the graphical user interface of the application and the command line.

[Topic kes127599]

Deploy Kaspersky Endpoint Security on a corporate network

This section describes a typical Kaspersky Endpoint Security deployment within an organization.

Deploy Kaspersky Endpoint Security on a corporate network

1. Deploy Administration Server on the network.

   Administration Server is a component of Kaspersky Security Center that centrally stores information about all Kaspersky Lab applications that are installed within the corporate network and to manage these applications.

2. Install Administration Console on the Kaspersky Security Center administrator's workstation.

   Administration Console is a component of Kaspersky Security Center that provides a user interface for the administrative services of Administration Server and Network Agent.

3. Install the Kaspersky Endpoint Security administration plug-in on the Kaspersky Security Center administrator's workstation.

   An administration plug-in is a dedicated component that provides an interface for managing Kaspersky Lab applications through Administration Console. Each application has its own administration plug-in. The administration plug-in is provided for all Kaspersky Lab applications that can be managed from Kaspersky Security Center.

4. Install Network Agent on remote Mac computers in one of the following ways:
   • Locally
   • Remotely using the SSH protocol
5. Install Kaspersky Endpoint Security on remote Mac computers in one of the following ways:
   • Locally
   • Remotely using the SSH protocol
   • Remotely via Kaspersky Security Center

   Important: If Kaspersky Internet Security for Mac or third-party anti-virus software is installed on remote computers, uninstall them before installing Kaspersky Endpoint Security.

For detailed information on deployment of Administration Server and installation of Administration Console, see the Kaspersky Security Center Implementation Guide.

[Topic kes127602]

Prepare for remote installation of Kaspersky Endpoint Security

This section contains information about installation of the Kaspersky Endpoint Security administration plug-in on the Kaspersky Security Center administrator's workstation and installation of Network Agent on the remote computer.

Installation of the Kaspersky Endpoint Security administration plug-in and Network Agent is a prerequisite for installation of Kaspersky Endpoint Security via Kaspersky Security Center.

[Topic kes127601]

Install the Kaspersky Endpoint Security administration plug-in

The Kaspersky Endpoint Security administration plug-in provides an interface for managing Kaspersky Endpoint Security through Administration Console.

Install the Kaspersky Endpoint Security administration plug-in

Important: Before installing the Kaspersky Endpoint Security administration plug-in, close Administration Console on the Kaspersky Security Center administrator's workstation.

[Topic kes127603]

Install Network Agent locally

Network Agent coordinates the interaction between Administration Server and Kaspersky Endpoint Security installed on computers within the corporate network.

Install Network Agent locally

[Topic kes159648]

Install Network Agent via Kaspersky Security Center

Kaspersky Security Center installs Network Agent on a client computer using an SSH connection.

Before installing Network Agent on a client computer, make sure that the following conditions are met:

• Kaspersky Security Center Administration Server is deployed on the corporate network.
• Administration Console is installed on the Kaspersky Security Center administrator's workstation.
• Remote Login is enabled on remote computers.
• A dedicated administrator account that will be used to run the remote installation task is created on a remote computer. You can use a domain account for the installation.
• The sudo password is disabled for the dedicated account.

Create a Network Agent installation package

Create a task for remote installation of Network Agent on a client computer

To proceed to the next step of the wizard, click the Next button. To return to the previous step of the wizard, click the  button. To exit the wizard at any step, click the Cancel button.

The appearance of buttons may vary depending on your version of Windows.

Step 1. Select the task type

Step 2. Select the installation package

Step 3. Configure the installation settings

Step 4. Select an administration group to add computers to after installation

Step 5. Define how to select the client computers for which the task will be created

Step 6. Select client computers

Step 7. Select the account to run the task

Step 8. Configure the task schedule

Step 9. Specify the task name

Step 10. Finish creating the task

[Topic kes127621]

Install Network Agent using the SSH protocol

One way to install Network Agent on a remote computer is by using the SSH protocol.

Make sure that the following requirements are met:

• Kaspersky Security Center Administration Server is deployed on the corporate network.
• Administration Console is installed on the Kaspersky Security Center administrator's workstation.
• The Network Agent installation package is created and stored in a shared folder of Administration Server.
• Remote Login is enabled on the remote computer.
• The computer account used to install Network Agent is included in sudoers.

For detailed information about installation packages, see Kaspersky Security Center Help.

Install Network Agent using the SSH protocol

[Topic kes127683]

Manage Network Agent from the command line

This section contains information on how to manage Network Agent using the command line on a client computer.

You can stop Network Agent and start it again using the command line on a client computer.

You can also connect a remote computer to Administration Server manually using the klmover utility and check the connection between the remote computer and Administration Server using the klnagchk utility.

[Topic kes127684]

Start/stop Network Agent on a remote computer

You can stop Network Agent and it start again on a client computer by using the command line.

Stop Network Agent

On the remote computer, launch the launchctl utility with the unload command from the command line.

Command syntax

sudo launchctl unload /Library/LaunchDaemons/com.kaspersky.klnagent.plist

Start Network Agent

On the remote computer, launch the launchctl utility with the load command from the command line.

Command syntax

sudo launchctl load /Library/LaunchDaemons/com.kaspersky.klnagent.plist

Important: Administrator rights are required to stop and start Network Agent. 

[Topic kes127690]

Check the connection between a client computer and Administration Server manually. Klnagchk utility

Check the connection between a remote computer and Administration Server

After Network Agent has been installed, the klnagchk utility is located in the /Library/Application Support/Kaspersky Lab/klnagent/Binaries folder. Depending on the parameters that you specify, the klnagchk utility performs the following operations when run from the command line:

• Displays the settings specified for the connection between Network Agent installed on the remote computer and Administration Server, or saves them in a file.
• Saves Network Agent statistics (since the last startup of Network Agent) and utility execution results in a file, or displays this information on the screen.
• Tries to establish a connection between Network Agent and Administration Server.
• If the utility can't establish a connection, it sends an ICMP packet to check the status of the computer on which Administration Server is installed.

Before running the utility, go to /Library/Application Support/Kaspersky Lab/klnagent/Binaries in the command line.

Command syntax:

sudo ./klnagchk [-logfile <file name>] [-sp] [-savecert <path to certificate file>] [-restart]

Important: Administrator rights are required to run the utility.

Parameter descriptions

-logfile <file name> – Save the settings of the connection between Network Agent and Administration Server and utility execution results in a file. If this parameter is not specified, the server connection settings, execution results, and error messages are displayed on the screen.

-sp – Display the password for proxy server authentication on the screen or save it in a file. This parameter is used if Network Agent connects to Administration Server via a proxy server. By default, this parameter is not used.

-savecert <file name> – Save the certificate for authentication on Administration Server in a specified file.

-restart – Restart Network Agent after the utility finishes running.

[Topic kes127686]

Connect a remote computer to Administration Server manually. Klmover utility

Connect a remote computer to Administration Server

After Network Agent has been installed, the klmover utility is located in the /Library/Application Support/Kaspersky Lab/klnagent/Binaries folder. Depending on the parameters that you specify, the klmover utility performs the following operations when run from the command line:

• Connects Network Agent to Administration Server with the specified parameters.
• Saves utility execution results in a file or displays them on the screen.

Before running the utility, go to /Library/Application Support/Kaspersky Lab/klnagent/Binaries in the command line.

Command line syntax:

sudo ./klmover [-logfile <file name>] [-address <server address>] [-pn <port number>] [-ps <SSL port number>] [-nossl] [-cert <path to certificate file>] [-silent] [-dupfix]

Important: The administrator rights are required to run the utility.

Parameter descriptions

-logfile <file name> – Save execution results in a file. If this parameter is not specified, execution results and error messages are displayed on the screen.

-address <server address> – Address that Network Agent uses to connect to Administration Server. You can specify either the IP address or the DNS name of the server.

Note: You can also use the command with this parameter to change the address of the Administration Server to which remote computers are connected.

-pn <port number> – Number of the port that will be used to establish an unencrypted connection to Administration Server. Port 14000 is used by default.

-ps <SSL port number> – Number of the port that will be used to establish an encrypted connection to Administration Server via the SSL protocol. Port 13000 is used by default.

-nossl – Use an unencrypted connection to Administration Server. If this parameter is not specified, Network Agent will establish a secure connection to Administration Server via the encrypted SSL protocol.

-cert <path to certificate file> – Use the specified certificate file for authentication on a new Administration Server. If this parameter is not specified, Network Agent will receive a certificate at the first connection to Administration Server.

-silent – Run the utility in silent mode.

-dupfix – This parameter is used if Network Agent was installed in a way that differs from the methods described in the Administrator's Guide, for example, if it was recovered from a disk image with Network Agent installed. If automatic self-identification of Network Agent results in duplicate icons of the original computer and other computers in the Administration Console, try reconnecting the duplicate computers.

Note: When running the klmover utility, it is recommended to specify values for all parameters.

The remote computer that is connected to Administration Server via Network Agent is called a client computer.

Page top

[Topic kes127691]

Install and uninstall Kaspersky Endpoint Security

This section describes remote installation and uninstallation of Kaspersky Endpoint Security on a client computer.

You can also install or uninstall Kaspersky Endpoint Security locally.

[Topic kes127692]

Install the application using the SSH protocol

Before installing Kaspersky Endpoint Security on a remote computer, make sure that the following conditions are met:

• Kaspersky Security Center Administration Server is deployed on the corporate network.
• Administration Console is installed on the Kaspersky Security Center administrator's workstation.
• An installation package for Kaspersky Endpoint Security has been created and is located in a shared folder of Administration Server.
• A key file for Kaspersky Endpoint Security is located in the shared folder of Administration Server (optional).
• Remote Login is enabled on the remote computer.
• The computer account used to install the application is included in sudoers.

Install Kaspersky Endpoint Security on a client computer using the SSH protocol

[Topic kes127693]

Install the application using Kaspersky Security Center

Before installing Kaspersky Endpoint Security on a client computer, make sure that the following conditions are met:

• Kaspersky Security Center Administration Server is deployed on the corporate network.
• Administration Console is installed on the Kaspersky Security Center administrator's workstation.
• Network Agent is installed on the client computer.
• An installation package for Kaspersky Endpoint Security has been created and is stored in the shared folder of Administration Server.
• A key file for Kaspersky Endpoint Security is stored in the shared folder of Administration Server (optional).
• The client computer is added to the Managed computers administration group on Administration Server (optional).

For detailed information about administration groups on Administration Server, see Kaspersky Security Center Help.

To install Kaspersky Endpoint Security on a client computer via Kaspersky Security Center, you must create and start an Install application remotely task.

Create a task for remote installation of Kaspersky Endpoint Security on a client computer

To proceed to the next step of the wizard, click the Next button. To return to the previous step of the wizard, click the  button. To exit the wizard at any step, click the Cancel button.

The appearance of buttons may vary depending on your version of Windows.

Step 1. Select the task type

Step 2. Select the installation package

Step 3. Install additional applications

Step 4. Configure the installation settings

Step 5. Select an administration group to add computers to after installation

Step 6. Define how to select client computers for which the task will be created

Step 7. Select client computers

Step 8. Select an account to run the task

Step 9. Configure the task schedule

Step 10. Specify the task name

Step 11. Finish creating the task

[Topic kes135503]

Create an installation package

When you create the Install application remotely task, you can either use an existing installation package or create a new one. Installation packages are located in the Advanced > Remote installation > Installation packages node.

Create an installation package in Kaspersky Security Center

[Topic kes127736]

Uninstall the application using Kaspersky Security Center

Before removing Kaspersky Endpoint Security from a client computer via Kaspersky Security Center, make sure the following conditions are met:

• Kaspersky Security Center Administration Server is deployed on the corporate network.
• Administration Console is installed on the Kaspersky Security Center administrator's workstation.
• Network Agent is installed on the client computer.

To uninstall Kaspersky Endpoint Security from the client computer via Kaspersky Security Center, you have to create and start the Uninstall application remotely task.

Important: Removing Kaspersky Endpoint Security from a client computer may lead to a risk of infection.

Create a task for remote uninstallation of Kaspersky Endpoint Security from a client computer

To proceed to the next step of the wizard, click the Next button. To return to the previous step of the wizard, click the  button. To exit the wizard at any step, click the Cancel button.

The appearance of buttons may vary depending on your version of Windows.

Step 1. Select the task type

Step 2. Select the application to uninstall

Step 3. Configure uninstallation settings

Step 4. Select the operating system restart option

Step 5. Define how to select client computers for which the task will be created

Step 6. Select client computers

Step 7. Select a user account to run the task

Step 8. Configure the task schedule

Step 9. Specify the task name

Step 10. Finish creating the task

[Topic kes127747]

Start and stop the application via Kaspersky Security Center

You can start or stop Kaspersky Endpoint Security on a selected computer in the list of devices managed via Kaspersky Security Center.

Start or stop Kaspersky Endpoint Security via Kaspersky Security Center

Important: After Kaspersky Endpoint Security is stopped, the client computer keeps running in unprotected mode, which may lead to a risk of infection.

Page top

[Topic kes127786]

Create and manage tasks

This section describes how to use Kaspersky Security Center to create and configure tasks that Kaspersky Endpoint Security performs on a client computer or a group of computers.

A task is a set of configurable actions which Kaspersky Endpoint Security performs on a client computer.

In Kaspersky Security Center, you can create the following tasks:

• Virus Scan
• Update
• Rollback
• Add key

You can take the following actions on tasks:

• Start and stop tasks.
• Configure task settings.
• Track the progress of a task.
• Copy and move tasks from one group to another.
• Delete tasks.
• Import and export tasks.

For detailed information about tasks, see Kaspersky Security Center Help.

[Topic kes132173]

Create tasks

When managing Kaspersky Endpoint Security via Kaspersky Security Center, you can create the following types of tasks:

• Local tasks. A local task is a task that is created to be run on a single client computer.
• Group tasks. A group task is a task that is run on computers in an administration group.
• Tasks for an arbitrary set of computers. You can create a task to be run on any computers regardless of whether they belong to an administration group or a computer selection.

Create a local task for a separate client computer

Create a task for client computers in an administration group

Create a task for an arbitrary set of computers

To proceed to the next step of the wizard, click the Next button. To return to the previous step of the wizard, click the  button. To exit the wizard at any step, click the Cancel button.

The appearance of buttons may vary depending on your version of Windows.

Step 1. Specify the task name

Step 2. Select an application and define the task type

Step 3. Configure settings for the selected task type

Step 4. Define how to select client computers for which the task will be created

Step 5. Select client computers

Step 6. Configure the task schedule

Step 7. Finish creating the task

[Topic kes132179]

Start and stop tasks manually

Scheduled tasks are started and stopped automatically according to a schedule. However, you can start a task manually at any time.

Note: Tasks are started on a client computer only if Network Agent is running. If Network Agent stops running, all active tasks are interrupted.

Start and stop tasks manually

[Topic kes135665]

Import and export tasks

You can export group tasks and tasks for an arbitrary set of computers into a file.

Export a task

Import a task

[Topic kes132175]

View tasks

You can view the list of tasks created for a specific computer, for computers in a specific administration group, or the list of all non-local tasks.

View tasks for a specific administration group

View local tasks

View non-local tasks

[Topic kes132177]

Manage task-specific settings

View settings of a local task

View settings of a group task

View settings of a non-local task

For local tasks, group tasks, or tasks for an arbitrary set of computers

Manage Add key task settings

Manage Virus Scan task settings

Manage Update task settings

For local tasks only

Manage File Anti-Virus task settings

Manage Web Anti-Virus task settings

Manage Quick Scan task settings

Manage Full Scan task settings

Manage Network Attack Blocker task settings

[Topic kes127751]

Create and manage policies

This section contains information on how to create and configure policies for Kaspersky Endpoint Security.

A policy determines the settings of an application and manages the access to configuration of an application installed on computers within an administration group. An individual policy must be created for each application. You can create an unlimited number of various policies for applications installed on computers in each administration group, but only one policy can be applied to each application at a time within an administration group.

When creating and configuring a policy, you can allow or prohibit changes to any group of settings in policies using the and buttons.

You can perform the following actions on custom policies:

• Create policies.
• Configure policies.
• Copy or move policies from one group to another.
• Delete policies
• Change the status of policies.
• Export policies to a file.
• Import policies from a file.

For detailed information about the Kaspersky Security Center policies, see Kaspersky Security Center Help.

[Topic kes127752]

Create a policy

This section contains instructions on how to start the New Policy Wizard to create a policy.

Create a policy from the folder of an administration group

Create a policy from the Policies folder

To proceed to the next step of the wizard, click the Next button. To return to the previous step of the wizard, click the  button. To exit the wizard at any step, click the Cancel button.

The appearance of buttons may vary depending on your version of Windows.

Step 1. Select an application

Step 2. Specify the name of the policy

Step 3. Specify protection settings

Step 4. Configure File Anti-Virus settings

Step 5. Configure Web Anti-Virus settings

Step 6. Configure Network Attack Blocker

Step 7. Configure FileVault disk encryption

Step 8. Configure update settings

Step 9. Configure KSN settings

Step 10. Configure user interaction settings

Step 11. Configure network connection settings

Step 12. Configure reports and Backup settings

Step 13. Select the policy status and complete the creation of a policy

You can edit the settings of the policy you have created. You can also prohibit or allow changes to each group of settings from a client computer using the and buttons for each group of settings. The button next to a group of settings signifies that the user of a client computer is not allowed to edit these settings on the user's computer. The button next to a group of settings signifies that the user of a client computer is allowed to edit these settings on the user's computer.

[Topic kes127782]

View the list of policies

You can create an unlimited number of various policies for applications installed on computers in each administration group, but only one policy can be applied to each application at a time within an administration group.

View the list of policies of an administration group

[Topic kes127777]

Configure policy settings

You can make changes to the policy that you created in Kaspersky Security Center and block any changes to its settings in the policies of subgroups and in task settings.

Kaspersky Endpoint Security policy settings include application settings and task settings.

Configure policy settings

1. Start Administration Console of Kaspersky Security Center.
2. Expand the Administration Server <Server name> node.
3. Open the Managed devices folder.
4. In the workspace, select the Policies tab.
5. Right-click the policy you want to configure and choose Properties.
6. In the Properties: <Policy name> window, configure policy settings as necessary:

   Configure the following protection settings in the Protection section

   • Enable or disable real-time protection of the client computer.
   • Enable or disable the start of Kaspersky Endpoint Security when the client computer starts.
   • Configure Trusted Zone.
   • Select types of objects to be detected.
   • Disable or enable the start of scheduled tasks when the computer is running on battery power.

   Configure the following settings in the File Anti-Virus section

   • Enable or disable Web Anti-Virus.
   • Select one of the preset security levels or configure security settings manually.
   • Enable or disable checking of web addresses against the database of malicious web addresses.
   • Configure Anti-Phishing settings.
   • Add trusted addresses whose traffic will not be scanned by Web Anti-Virus.
   • Select the action to be performed upon detecting a malicious object in web traffic.
   • Enable or disable scanning of inbound and outbound HTTPS traffic.

   Configure the following settings in the Network Attack Blocker section

   • Enable or disable Network Attack Blocker.
   • Configure Network Attack Blocker settings.
   • Specify the IP addresses of computers whose network activity will not be blocked.

   Configure the following settings in the FileVault Disk Encryption section

   • Enable or disable FileVault disk encryption management for client computers.
   • Encrypt or decrypt startup disk on client computers.

     If the Enable FileVault disk encryption management checkbox is unselected, users with administrator rights can encrypt and decrypt their Mac startup disks from System Preferences.

     If the Enable FileVault disk encryption management checkbox and the Encrypt disk option are selected, users with administrator can't decrypt the startup disk of their Mac from System Preferences.

     If the Enable FileVault disk encryption management checkbox and the Decrypt disk option are selected, users with administrator rights can't encrypt the startup disk of their Mac from System Preferences.

   Configure the following settings in the Update section

   • Enable or disable updating application modules.
   • Enable or disable copying of update files to a specific folder.
   • Specify the folder to which the application will copy update files.
   • Specify update sources.

   Configure the following settings in the KSN section

   • Read the KSN statement.
   • Enable or disable the use of Kaspersky Security Network
   • Enable or disable the use of KSN proxy.

   Configure the following settings in the User Interaction section

   • Enable or disable event notifications.
   • Select how Kaspersky Endpoint Security will notify the user about events.
   • Enable or disable displaying the Kaspersky Endpoint Security icon in the menu bar.
   • Enable or disable displaying the Quit item in the shortcut menu of the Kaspersky Endpoint Security icon on the client computer.
   • Select the language used to display Kaspersky Security Center events.
   • Configure Kaspersky Endpoint Security settings available to users of the client computer.

   Configure the following settings in the Network section

   • Enable or disable the use of a proxy server.
   • Specify the proxy server address.
   • Enable or disable the use of a proxy server for local addresses.
   • Specify the user name and password for proxy server authentication.

   Configure the following settings in the Reports section

   • Enable or disable saving of non-critical events in the report.
   • Enable or disable saving of recent events only.
   • Enable or disable removal of events after the specified period.
   • Specify the period for storing events.
   • Enable or disable removal of objects from Backup after the specified period.
   • Specify the period for storing objects in Backup.
7. Click OK to save changes and close the policy properties window.

[Topic kes127780]

Change the policy status

A policy status defines the operation of a policy. The policy can have active, out-of-office, or inactive statuses. You can change the policy status in policy settings.

Change the policy status

[Topic kes127783]

Export a policy to a KLP file

You can export a customized policy to a file to use this policy on another Administration Server.

Export a policy to a KLP file

[Topic kes127781]

Import a policy from a KLP file

You can import an existing policy with predefined settings from a file.

Import a policy from a KLP file

[Topic kes133326]

Create and manage policy profiles

A policy profile is a named set of variable settings for a policy, which is activated on a client computer when specific conditions are met. Activation of a profile modifies the policy settings that are active on the device right before the policy profile is activated.

Create a policy profile

Modify a policy profile

Change the priority of a policy profile

Delete a policy profile

For detailed information about policy profiles, see Kaspersky Security Center Help.

[Topic kes127867]

Generate a report on detected objects

Generate a report on detected objects

You can find information about other ways to generate a report on objects detected by the application on the client computer in Kaspersky Security Center Help.

[Topic kes70331]

Contact Technical Support

[Topic kes68247]

How to get technical support

If you can't find a solution to your issue in the application documentation or in any of the sources of information about the application, contact Technical Support. Technical Support specialists will answer all your questions about installing and using the application.

Before contacting Technical Support, please read the support rules.

You can contact Technical Support in one of the following ways:

• By visiting the Technical Support website
• By sending a request to Technical Support from the Kaspersky CompanyAccount portal

Technical support is available only to users who purchased a commercial license. Users who have received a trial license are not entitled to technical support.

[Topic kes68417]

Technical Support via Kaspersky CompanyAccount

Kaspersky CompanyAccount is a portal for companies that use Kaspersky Lab applications. The Kaspersky CompanyAccount portal is designed to facilitate interaction between users and Kaspersky Lab specialists through online requests. You can use Kaspersky CompanyAccount to track the status of your online requests and store a history of them as well.

You can register all of your organization's employees under a single account on Kaspersky CompanyAccount. A single account lets you centrally manage electronic requests from registered employees to Kaspersky Lab and also manage the privileges of these employees via Kaspersky CompanyAccount.

The Kaspersky CompanyAccount portal is available in the following languages:

• English
• Spanish
• Italian
• German
• Polish
• Portuguese
• Russian
• French
• Japanese

To learn more about Kaspersky CompanyAccount, visit the Technical Support website.

[Topic kes73375]

Use a trace file

After you report a problem to Kaspersky Lab Technical Support specialists, they may ask you to generate a report with information about the operation of Kaspersky Endpoint Security and send it to Kaspersky Lab Technical Support. Technical Support specialists may also ask you to create a trace file. The trace file makes it possible to perform a step-by-step examination of the execution of application commands and determine when errors occur.

[Topic kes59664]

Create a trace file

Tracing is an effective way of recording detailed information about application activity. Technical Support specialists use trace files to troubleshoot issues.

Create a trace file

Important: It is recommended to enable tracing only if asked by a Kaspersky Lab Technical Support specialist.

Trace files may require a lot of disk space. When you no longer need trace files, disable tracing.

Disable tracing

Kaspersky Endpoint Security saves the following information in a trace file:

• Information about the anti-virus protection status of the Computer, as well as all detected objects and actions (including the name of the detected object, date and time of detection, the web address from which it was downloaded, the names and sizes of infected files and paths to them, the IP address of the attacking computer and the number of the Computer port targeted by the network attack, list of malware activity, and unwanted web addresses) and the decisions taken by the Software and the user on them.
• Information about applications downloaded by the user (web address, attributes, file size, and information about the process that downloaded the file).
• Information about the applications launched and their modules (size, attributes, creation date, PE header details, region, name, location, and packers).
• Information about interface errors and usage of the interface of the installed Kaspersky Lab Software.
• Information about network connections, including the IP address of the remote computer and the user's Computer, the numbers of ports through which the connection was established, and the network protocol of the connection.
• Information about network packets received and sent by the Computer over IT and telecom networks.
• Information about email and instant messages sent and received.
• Information about web addresses visited, including when the connection was established using an open protocol, data on the website access login and password, and the content of cookies.
• Server public certificate.

[Topic kes98365]

Collect information for Technical Support

For more effective support and troubleshooting of application problems, Technical Support specialists may ask you to change application preferences temporarily for purposes of debugging during diagnostics. This may require doing the following:

• Activating the functionality that gathers extended diagnostic information.
• Fine-tuning the preferences of individual application components, which are not available via standard user interface elements.
• Changing the preferences of transmission of diagnostic information that is gathered.

Technical Support representatives will provide you will all the information needed to perform the listed operations and inform you about the scope of data to be gathered for debugging purposes. After the extended diagnostic information is collected, it is saved on the user's computer. The collected data is not sent to Kaspersky Lab automatically.

[Topic kes80831]

Sources of information about the application

[Topic kes59238]

Sources of information to research on your own

You can use the following sources of information about Kaspersky Endpoint Security to research on your own:

• Kaspersky Endpoint Security page on the Kaspersky Lab website
• Kaspersky Endpoint Security page on the Technical Support website (Knowledge Base)
• Help materials included with the application

If you cannot find the solution to an issue on your own, we recommend that you contact Technical Support.

Note: An Internet connection is required for access to website resources.

Kaspersky Endpoint Security page on the Kaspersky Lab website

On the Kaspersky Endpoint Security page you can view general information about the application and its functions and features.

The Kaspersky Endpoint Security page contains a link to the online store, where you can buy or renew your license for the application.

Kaspersky Endpoint Security page in the Knowledge Base

The Knowledge Base is a section on the Kaspersky Lab Technical Support website.

On the Kaspersky Endpoint Security page in the Knowledge Base you can read articles that provide useful information, recommendations, and answers to frequently asked questions on how to purchase, install, and use the application.

Articles in the Knowledge Base may provide answers to questions that relate both to Kaspersky Endpoint Security as well as to other Kaspersky Lab applications. Articles in the Knowledge Base may also contain news from Technical Support.

Help materials included with the application

The application includes full help and context help.

Full help provides information on how to configure and use Kaspersky Endpoint Security.

Context help provides information about Kaspersky Endpoint Security windows, describes Kaspersky Endpoint Security settings and contains links to task descriptions where those settings are used.

Help can be included in the distribution kit or located on the Kaspersky Lab website. An Internet connection is required for viewing online help.

Online help

In the Administrator's Guide, you can find information on how to:

• Prepare for the installation of the application, install and activate the application.
• Configure and use the application.
• Remotely manage the application via Kaspersky Security Center.

[Topic kes35700]

Discuss Kaspersky Lab applications on the Forum

If your question does not require an immediate answer, you can discuss it with Kaspersky Lab experts and other users on our forum.

On the forum you can view discussion topics, post your comments, and create new discussion topics.

Go to the Forum from the Help pull-down menu

[Topic kes24414]

Appendices

This section provides information that complements the document text.

[Topic kes140466]

Warnings and restrictions

If an application that collects information and sends it to be processed is installed on your computer, Kaspersky Endpoint Security may classify this application as malware. To avoid this, you can exclude the application from scanning by configuring Kaspersky Endpoint Security as described in this document.

Application functional settings can be modified by editing configuration files.

[Topic kes24413]

List of objects scanned by extension

If in the virus scan task preferences you selected the Scan applications and documents by extension option, Kaspersky Endpoint Security performs virus scans on objects without extensions and objects with the following extensions:

General formats:

• txt
• csv
• htm
• html

Multimedia (audio/video) files:

• flv
• f4v
• avi
• 3gp
• 3g2
• 3gp2
• 3p2
• divx
• mp4
• mkv
• mov
• qt
• asf
• wmv
• rm
• rmvb
• vob
• dat
• mpg
• mpeg
• bik
• fcs
• mp3
• mpeg3
• flac
• ape
• ogg
• aac
• m4a
• wma
• ac3
• wav
• mka
• rm
• ra
• ravb
• mid
• midi
• cda

Image files:

• jpg
• jpe
• jpeg
• jff
• gif
• png
• bmp
• tif
• tiff
• emf
• wmf
• eps
• psd
• cdr
• swf

Executable and system files:

• exe
• dll
• scr
• ocx
• com
• sys
• class
• o
• so
• elf
• prx
• vb
• vbs
• js
• bat
• cmd
• msi
• deb
• rpm
• sh
• pl
• dylib

Documents and templates:

• doc
• dot
• docx
• dotx
• docm
• dotm
• xsl
• xls
• xlsx
• xltx
• xlsm
• xltm
• xlam
• xlsb
• ppt
• pot
• pps
• pptx
• potx
• pptm
• potm
• ppsx
• ppsm
• rtf
• pdf
• msg
• eml
• vsd
• vss
• vst
• vdx
• vsx
• vtx
• xps
• oxps
• one
• onepkg
• xsn
• odt
• ods
• odp
• sxw
• pub
• mdb
• accdb
• accde
• accdr
• accdc
• chm
• mht

Archives:

• zip
• 7z*
• 7-z
• rar
• iso
• cab
• jar
• bz
• bz2
• tbz
• tbz2
• gz
• tgz
• arj
• dmg
• smi
• img
• xar

Note: The actual format of a file may not match its file name extension.

[Topic kes24412]

Masks in paths to files and folders

You can use the tilde symbol (~) when you specify the protection scope, scan scope, and Trusted Zone.

The ~ symbol in the path to a file or folder replaces /Users/<user name>. For example, the path ~/Desktop means that the protection scope includes Desktop folders of all users on computers that you want to protect.

[Topic kes34744]

AO Kaspersky Lab

Kaspersky Lab is a world-renowned vendor of systems protecting computers against digital threats, including viruses and other malware, unsolicited email (spam), and network and hacking attacks.

In 2008, Kaspersky Lab was rated among the world’s top four leading vendors of information security software solutions for end users (IDC Worldwide Endpoint Security Revenue by Vendor). Kaspersky Lab is the preferred vendor of computer protection systems for home users in Russia (IDC Endpoint Tracker 2014).

Kaspersky Lab was founded in Russia in 1997. It has since grown into an international group of companies with 38 offices in 33 countries. The company employs more than 3,000 skilled professionals.

Products. Kaspersky Lab products provide protection for all systems, from home computers to large corporate networks.

The personal product range includes security applications for desktop, laptop, and tablet computers, smartphones and other mobile devices.

The company offers protection and control solutions and technologies for workstations and mobile devices, virtual machines, file and web servers, mail gateways, and firewalls. The company's portfolio also features specialized products providing protection against DDoS attacks, protection for industrial control systems, and prevention of financial fraud. Used in conjunction with centralized management tools, these solutions ensure effective automated protection for companies and organizations of any size against computer threats. Kaspersky Lab products are certified by major test laboratories, compatible with software from diverse vendors, and optimized to run on many hardware platforms.

Kaspersky Lab virus analysts work around the clock. Every day they uncover hundreds of thousands of new computer threats, create tools to detect and disinfect them, and include their signatures in databases used by Kaspersky Lab applications.

Technologies. Many technologies that are now part and parcel of modern anti-virus tools were originally developed by Kaspersky Lab. It is no coincidence that many other developers use the Kaspersky Anti-Virus engine in their products, including: Alcatel-Lucent, Alt-N, Asus, BAE Systems, Blue Coat, Check Point, Cisco Meraki, Clearswift, D-Link, Facebook, General Dynamics, H3C, Juniper Networks, Lenovo, Microsoft, NETGEAR, Openwave Messaging, Parallels, Qualcomm, Samsung, Stormshield, Toshiba, Trustwave, Vertu, and ZyXEL. Many of the company’s innovative technologies are patented.

Achievements. Over the years, Kaspersky Lab has won hundreds of awards for its services in combating computer threats. Following tests and research conducted by the reputed Austrian test laboratory AV-Comparatives in 2014, Kaspersky Lab ranked among the top two vendors by the number of Advanced+ certificates earned and was ultimately awarded the Top Rated certificate. But Kaspersky Lab's main achievement is the loyalty of its users worldwide. The company’s products and technologies protect more than 400 million users, and its corporate clients number more than 270,000.

[Topic kes56776]

Information about third-party code

Information about third-party code is contained in the file legal_notices.txt, in the application installation folder.

[Topic kes92067]

Trademark notices

Registered trademarks and service marks are the property of their respective owners.

Apple, FileVault, Finder, Mac, Mac Pro, macOS, OS X, and Safari are trademarks of Apple Inc., registered in the U.S. and other countries.

Chrome is a trademark of Google, Inc.

Intel is a trademark of Intel Corporation in the U.S. and/or other countries.

Excel is a registered trademark of Microsoft Corporation in the United States and other countries.

Firefox is a trademark of the Mozilla Foundation.