- Kaspersky Endpoint Security overview
- What's new in this version
- Comparison of Kaspersky Endpoint Security functions depending on the Kaspersky Security Center management tool
- Install and uninstall Kaspersky Endpoint Security
- Start the application for the first time
- Kaspersky Endpoint Security interface
- About notifications
- Kaspersky Endpoint Security licensing
- Perform common tasks
- Open and quit the application
- View the status of computer protection
- Disable and resume computer protection
- Use Protection Center
- Perform scan tasks
- Configure the automatic start of a scheduled scan task
- Update application databases
- What to do if file access is blocked
- Restore a file that has been deleted or disinfected by the application
- View the application operation report
- What to do if notification windows appear
- Advanced configuration of the application
- Participate in Kaspersky Security Network
- Manage the application via Kaspersky Security Center Administration Console
- Deploy Kaspersky Endpoint Security on a corporate network
- Update Kaspersky Endpoint Security version 10 or 11 to version 11.2
- Prepare for remote installation of Kaspersky Endpoint Security
- Manage Network Agent from the command line
- Install and uninstall Kaspersky Endpoint Security
- Start and stop the application via Kaspersky Security Center
- Create and manage tasks
- Create and manage policies
- Create and manage policy profiles
- Generate a report on detected objects
- Get a recovery key for an encrypted disk
- Remote administration of the application via Kaspersky Security Center Web Console and Cloud Console
- Create policies
- Create tasks
- Get a recovery key for an encrypted drive
- Manage the application from the command line
- View command line help
- Run virus scan
- Update the application
- Roll back the last update
- Start/stop a component or task
- View status and statistics of a component or task
- Export protection preferences
- Activate the application
- Install the system extension
- Configure network connections
- Remove license keys
- Return codes of the command line
- Quit the application
- Uninstall the application
- Contact Technical Support
- Sources of information about the application
- Appendices
- Information about third-party code
- Trademark notices
Configure policy settings
You can make changes to the policy that you created in Kaspersky Security Center and block any changes to its settings in the policies of subgroups and in task settings.
Kaspersky Endpoint Security policy settings include application settings and task settings.
Configure policy settings
- Start Kaspersky Security Center Administration Console.
- Maximize the Administration Server <Server name> node.
- In the console tree, click Managed devices.
- In the workspace, select the Policies tab.
- Right-click the policy you want to configure and choose Properties.
- In the Properties: <Policy name> window, configure the policy settings:
- In the Essential Threat Protection section
Configure the following File Threat Protection settings
- Enable or disable File Threat Protection.
- Select one of the preset security levels or configure security settings manually.
- Select the action to be performed upon detecting a malicious object.
Configure the following Web Threat Protection settings
- Enable or disable Web Threat Protection.
- Select one of the preset security levels or configure security settings manually.
- Enable or disable checking of web addresses against the database of malicious web addresses.
- Configure the Anti-Phishing settings.
- Add trusted addresses whose traffic will not be scanned by Web Threat Protection.
- Select the action to be performed upon detecting a malicious object in web traffic.
Configure the following Network Threat Protection settings
- Enable or disable Network Threat Protection.
- Configure the Network Threat Protection settings.
- Specify the IP addresses of computers whose network activity will not be blocked.
- In the Advanced Threat Protection section
Configure the following KSN settings
- Read the full text of the Kaspersky Security Network Statement by clicking KSN Statement.
- Enable or disable the use of Kaspersky Security Network.
- Enable or disable extended KSN mode.
- Enable or disable the use of a KSN proxy.
- Enable or disable the use of Kaspersky servers when the KSN proxy is unavailable.
Note: Use of Kaspersky Security Network and a KSN proxy on remote computers is available only if Kaspersky Security Center Administration Server is used as the proxy server. For detailed information about Administration Server properties, see the Kaspersky Security Center help.
- In the Security Controls section
Configure the following Web Control settings
- Enable or disable Web Control.
- Add a new rule for Web Control by clicking Add.
- Edit, delete, or organize created rules in the list.
- In the Data Encryption section
Configure the following FileVault disk encryption settings
- Enable or disable FileVault disk encryption management for client computers.
- Encrypt or decrypt the startup disk on client computers.
If the Enable FileVault disk encryption management checkbox is unselected, users with administrator rights can encrypt and decrypt their Mac startup disks from System Preferences.
If the Enable FileVault disk encryption management checkbox and the Encrypt disk option are selected, users with administrator rights can't decrypt the startup disk of their Mac from System Preferences.
If the Enable FileVault disk encryption management checkbox and the Decrypt disk option are selected, users with administrator rights can't encrypt the startup disk of their Mac from System Preferences.
- In the Detection and Response section
Configure the following Managed Detection and Response settings
- Enable or disable Managed Detection and Response.
- Import or delete a configuration file which is used to activate the Managed Detection and Response component on managed devices.
- In the Update section
Configure the following Update settings
- Enable or disable updating application modules.
- Specify update sources.
- In the Additional settings section
Configure the following protection settings
- Enable or disable real-time protection of the client computer.
- Enable or disable the start of Kaspersky Endpoint Security when the client computer starts.
- Configure Trusted zone.
- Configure Trusted applications.
- Select types of objects to be detected.
- Disable or enable the start of scheduled tasks when the computer is running on battery power.
Configure the following network settings
- Enable or disable the use of a proxy server.
- Specify the proxy server address.
- Enable or disable the use of a proxy server for local addresses.
- Specify the user name and password for proxy server authentication.
- Enable or disable scanning of inbound and outbound HTTPS traffic.
- Configure monitored ports.
Configure the following Reports and Backup settings
- Enable or disable saving of non-critical events in the report.
- Enable or disable saving of recent events only.
- Enable or disable removal of events after the specified period.
- Specify the period for storing events.
- Enable or disable removal of objects from Backup after the specified period.
- Specify the period for storing objects in Backup.
Configure the following user interaction settings
- Enable or disable event notifications.
- Select how Kaspersky Endpoint Security will notify the user about events.
- Enable or disable displaying the Kaspersky Endpoint Security icon in the menu bar.
- Configure whether a user can open the Kaspersky Endpoint Security main window and use the application interface on the client computer.
- Enable or disable availability of the Quit item in the shortcut menu of the Kaspersky Endpoint Security icon on the client computer.
- Select the language used to display Kaspersky Security Center events.
- Configure the Kaspersky Endpoint Security settings available to users of the client computer.
- In the Essential Threat Protection section
- Click OK to save changes and close the policy properties window.