Contents
Manual setup of Kaspersky Endpoint Security policy
This section provides recommendations on how to configure the Kaspersky Endpoint Security policy, which is created by the Quick Start Wizard. You can perform the setup in the policy properties window.
When editing a setting, please keep in mind that you must click the lock icon above the relevant setting in order to allow using its value on a workstation.
Configuring the policy in the Advanced Threat Protection section
For a full description of the settings in this section, please refer to the Kaspersky Endpoint Security for Windows documentation.
In the Advanced Threat Protection section, you can configure the use of Kaspersky Security Network for Kaspersky Endpoint Security for Windows. You can also configure Kaspersky Endpoint Security for Windows modules, such as Behavior Detection, Exploit Prevention, Host Intrusion Prevention, and Remediation Engine.
In the Kaspersky Security Network subsection, we recommend that you enable the Use KSN Proxy option. Using this option helps to redistribute and optimize traffic on the network. If the Use KSN Proxy option is disabled, you can enable direct use of KSN servers.
Configuring the policy in the Essential Threat Protection section
For a full description of the settings in this section, please refer to the Kaspersky Endpoint Security for Windows documentation.
In the Essential Threat Protection section of the policy properties window, we recommend that you specify additional settings in the Firewall and File Threat Protection subsections.
The Firewall subsection contains settings that allow you to control the network activity of applications on the client devices. A client device uses a network to which one of the following statuses is assigned: public, local, or trusted. Depending on the network status, Kaspersky Endpoint Security can allow or deny network activity on a device. When you add a new network to your organization, you must assign an appropriate network status to it. For example, if the client device is a laptop, we recommend that this device use the public or trusted network, because the laptop is not always connected to the local network. In the Firewall subsection, you can check whether you correctly assigned statuses to the networks used in your organization.
To check the list of networks:
- In the policy properties, go to Essential Threat Protection → Firewall.
- In the Available networks section, click the Settings button.
- In the Firewall window that opens, go to the Networks tab to view the list of networks.
In the File Threat Protection subsection, you can disable the scanning of network drives. Scanning network drives can place a significant load on network drives. It is more convenient to perform indirect scanning, on file servers.
To disable scanning of network drives:
- In the policy properties, go to Essential Threat Protection → File Threat Protection.
- In the Security level section, click the Settings button.
- In the File Threat Protection window that opens, on the General tab clear the All network drives check box.
Configuring the policy in the General Settings section
For a full description of the settings in this section, please refer to the Kaspersky Endpoint Security for Windows documentation.
In the General Settings section of the policy properties window, we recommend that you specify additional settings in the Reports and Storage and Interface subsections.
In the Reports and Storage subsection, go to the Data transfer to Administration Server section. The About started application check box specifies whether the Administration Server database saves information about all versions of all software modules on the networked devices. If this check box is selected, the saved information may require a significant amount of disk space in the Kaspersky Security Center database (dozens of gigabytes). Clear the About started applications check box if it is selected in the top-level policy.
If Administration Console manages the Anti-Virus protection on the organization's network in centralized mode, disable the display of the Kaspersky Endpoint Security for Windows user interface on workstations. To do this, in the Interface subsection, go to the Interaction with user section, and then select Do not display option.
To enable password protection on workstations, in the Interface subsection, go to the Password protection section, click the Settings button, and then select the Enable password protection check box.
Configuring the policy in the Event configuration section
In the Event configuration section, you should disable the saving of any events on Administration Server, except for the following ones:
- On the Critical event tab:
- Application autorun is disabled
- Access denied
- Application startup prohibited
- Disinfection not possible
- License Agreement violated
- Could not load encryption module
- Cannot start two tasks at the same time
- Active threat detected. Start Advanced Disinfection
- Network attack detected
- Not all components were updated
- Activation error
- Error enabling portable mode
- Error in interaction with Kaspersky Security Center
- Error disabling portable mode
- Error changing application components
- Error applying file encryption / decryption rules
- Policy cannot be applied
- Process terminated
- Network activity blocked
- On the Functional failure tab: Invalid task settings. Settings not applied
- On the Warning tab:
- Self-Defense is disabled
- Incorrect reserve key
- User has opted out of the encryption policy
- On the Info tab: Application startup prohibited in test mode