Manual setup of Kaspersky Endpoint Security policy

This section provides recommendations on how to configure the Kaspersky Endpoint Security policy, which is created by the Quick Start Wizard of Kaspersky Security Center 13.1 Web Console. Setup is performed in the policy properties window.

When editing a setting, please keep in mind that you must click the lock icon above the relevant setting in order to allow using its value on a workstation.

Configuring Kaspersky Security Network

Kaspersky Security Network (KSN) is the infrastructure of cloud services that contains information about the reputation of files, web resources, and software. Kaspersky Security Network enables Kaspersky Endpoint Security for Windows to respond faster to different kinds of threats, enhances the performance of the protection components, and decreases the likelihood of false positives.

To specify recommended KSN settings:

1. In the main menu, go to DEVICES → POLICIES & PROFILES.
2. Click the policy of Kaspersky Endpoint Security for Windows.

   The properties window of the selected policy opens.

3. In the policy properties, go to Application settings → Advanced Threat Protection → Kaspersky Security Network.
4. Make sure that the Use KSN Proxy option is enabled. Using this option helps to redistribute and optimize traffic on the network.
5. [optional] Enable use of KSN servers if the KSN proxy service is not available. KSN servers may be located either on the side of Kaspersky (when Global KSN is used) or on the side of third parties (when Private KSN is used).
6. Click OK.

The recommended KSN settings are specified.

Checking the list of the networks protected by Firewall

Make sure that Kaspersky Endpoint Security for Windows Firewall protects all your networks. By default, Firewall protects networks with the following types of connection:

• Public network. Anti-virus applications, firewalls, or filters do not protect devices in such a network.
• Local network. Access to files and printers is restricted for devices in this network.
• Trusted network. Devices in such a network are protected from attacks and unauthorized access to files and data.

If you configured a custom network, make sure that Firewall protects it. For this purpose, check the list of the networks in the Kaspersky Endpoint Security for Windows policy properties. The list may not contain all the networks.

For more information about Firewall, see the Kaspersky Endpoint Security for Windows Help.

To check the list of networks:

1. In the main menu, go to DEVICES → POLICIES & PROFILES.
2. Click the policy of Kaspersky Endpoint Security for Windows.

   The properties window of the selected policy opens.

3. In the policy properties, go to Application settings → Essential Threat Protection → Firewall.
4. Under Available networks, click the Network settings link.

   The Network connections window opens. This window displays the list of networks.

5. If the list has a missing network, add it.

Excluding software details from the Administration Server memory

We recommend that Administration Server does not save information about software modules that are started on the network devices. As a result, the Administration Server memory does not overrun.

You can disable saving this information in the Kaspersky Endpoint Security for Windows policy properties. For a description of these properties, see the Kaspersky Endpoint Security for Windows Help.

To disable saving information about installed software modules:

1. In the main menu, go to DEVICES → POLICIES & PROFILES.
2. Click the policy of Kaspersky Endpoint Security for Windows.

   The properties window of the selected policy opens.

3. In the policy properties, go to Application settings → General Settings → Reports and Storage.
4. Under Data transfer to Administration Server, disable the About started applications check box if it is still enabled in the top-level policy.

   When this check box is enabled, the Administration Server database saves information about all versions of all software modules on the networked devices. This information may require a significant amount of disk space in the Kaspersky Security Center database (dozens of gigabytes).

The information about installed software modules is no longer saved to the Administration Server database.

Saving important policy events in the Administration Server database

To avoid the Administration Server database overflow, we recommend that you save only important events to the database.

To configure registration of important events in the Administration Server database:

1. In the main menu, go to DEVICES → POLICIES & PROFILES.
2. Click the policy of Kaspersky Endpoint Security for Windows.

   The properties window of the selected policy opens.

3. In the policy properties, open the Event configuration tab.
4. In the Critical section, click Add event and select check boxes next to the following events only:
   • End User License Agreement violated
   • Application autorun is disabled
   • Activation error
   • Active threat detected. Advanced Disinfection should be started
   • Disinfection impossible
   • Previously opened dangerous link detected
   • Process terminated
   • Network activity blocked
   • Network attack detected
   • Application startup prohibited
   • Access denied (local bases)
   • Access denied (KSN)
   • Local update error
   • Cannot start two tasks at the same time
   • Error in interaction with Kaspersky Security Center
   • Not all components were updated
   • Error applying file encryption / decryption rules
   • Error enabling portable mode
   • Error disabling portable mode
   • Could not load encryption module
   • Policy cannot be applied
   • Error changing application components
5. Click OK.
6. In the Functional failure section, click Add event and select check box next to the event Invalid task settings. Settings not applied.
7. Click OK.
8. In the Warning section, click Add event and select check boxes next to the following events only:
   • Self-Defense is disabled
   • Protection components are disabled
   • Incorrect reserve key
   • Legitimate software that can be used to harm your computer or personal data was detected (local bases)
   • Legitimate software that can be used to harm your computer or personal data was detected (KSN)
   • Object deleted
   • Object disinfected
   • User has opted out of the encryption policy
   • File restored from KATA Quarantine
   • File moved to KATA Quarantine
   • Application startup blockage message to administrator
   • Device access blockage message to administrator
   • Web page access blockage message to administrator
9. Click OK.
10. In the Info section, click Add event and select check boxes next to the following events only:
    • A backup copy of the object was created
    • Application startup prohibited in test mode
11. Click OK.

Registration of important events in the Administration Server database is configured.