Kaspersky Secure Mobility Management help

Kaspersky Secure Mobility Management

Print Support Send link Get as PDF

Managing the app by using third-party EMM systems (Android only)

Managing the app by using third-party EMM systems (Android only)

You can use the Kaspersky Endpoint Security for Android app without Kaspersky Administration Systems. Use solutions of other EMM (Enterprise Mobility Management) service providers to deploy and manage the Kaspersky Endpoint Security for Android app. Kaspersky participates in the AppConfig Community to ensure that the app operates with third-party EMM solutions.

You can manage the Kaspersky Endpoint Security for Android app through third-party EMM solutions only on devices running Android.

If you want to use a third-party EMM solution only to deploy the Kaspersky Endpoint Security for Android app, then you can manage devices in the Web Console after deployment.

You cannot use the Web Console and a third-party EMM solution simultaneously to manage devices.

If you deployed the Kaspersky Endpoint Security for Android app using the third-party EMM system, it is impossible to manage the app in Kaspersky Endpoint Security Cloud. You can manage the Kaspersky Endpoint Security for Android app in the EMM Console.

The following EMM solutions support the use of the Kaspersky Endpoint Security for Android app:

VMware AirWatch
MobileIron
IBM Maas360
Microsoft Intune
SOTI MobiControl

You can perform the following actions in the EMM Console:

Deploy the app to an Android work profile on users' devices.
Activate the app.
Configure app settings:
- Enable protection against malicious and phishing websites on the internet.
- Configure settings for connecting the device to Kaspersky Security Center.
- Configure Anti-Malware settings.
- Configure the schedule for running a malware scan on the device.
- Enable detection of adware and apps that could be exploited by criminals to harm the user's device or personal data.
- Configure the schedule for app database updates.

In this section

Getting Started

How to install the app

Protecting devices on the internet

How to activate the app

How to connect a device to Kaspersky Security Center

Silent mode of the app

AppConfig File

Page top

Getting Started

Kaspersky Endpoint Security for Android is currently not available in Google Play.

To deploy the app on users' mobile devices, you must add Kaspersky Endpoint Security for Android to the EMM app store. For more details about working with apps in the EMM Console, visit the technical support website of the EMM service provider.

The Kaspersky Endpoint Security for Android app is deployed in an Android work profile. The app is isolated from the user's personal data and protects only corporate data in the work profile. It is recommended to ensure that Kaspersky Endpoint Security for Android is protected from removal by EMM Console tools.

Page top

How to install the app

If you want to manage devices in a third-party EMM console, you can distribute the app using the APK file from the Kaspersky website.

The following permissions are required for the app to work:

Storage permission for accessing files when Anti-Malware is running (only for Android 6 or later).
Phone permission for identifying the device, for example, when activating the app.
Request to add Kaspersky Endpoint Security for Android to the list of apps that are started at operating system startup (on certain devices, such as HUAWEI, Meizu, and Xiaomi). If the add request is not displayed, manually add Kaspersky Endpoint Security for Android to the list of startup apps. The request may not be displayed if the Security app is not installed in the work profile.

You can grant the required permissions in the EMM Console before deploying the Kaspersky Endpoint Security for Android app. For more details about granting the permissions in the EMM Console, visit the technical support website of the EMM service provider. You can also grant the permissions while completing the Initial Configuration Wizard of Kaspersky Endpoint Security for Android on device.

The Kaspersky Endpoint Security for Android app will be installed in the Android work profile.

For operation of Web Protection, you must also configure a proxy server in Google Chrome settings using the AppConfig file of a third-party EMM system:

Proxy server configuration mode: manual.
Proxy server address and port: 127.0.0.1:3128.
SPDY protocol support: disabled.
Data compression through proxy server: disabled.

Page top

Protecting devices on the internet

To protect the personal data of a mobile device user on the internet, enable Web Protection. Web Protection blocks malicious websites that distribute malicious code, and phishing websites designed to steal your confidential data and gain access to your financial accounts. Web Protection scans websites before you open them using the Kaspersky Security Network cloud service.

For the Web Protection component to work, the following conditions must be met:

The proxy server is configured in the browser settings:
ProxyMode = "fixed_servers"

ProxyServer = "127.0.0.1:3128"

DisableSpdy = true

DataCompressionProxyEnabled = false

Proxy server configuration may vary depending on the Google Chrome version. For more details about configuring Google Chrome, visit the Chromium project website.

After the Kaspersky Endpoint Security for Android app is removed from the mobile device, reset the proxy server settings.
Device users accept the Privacy Policy and the Web Protection Statement in the Initial Configuration Wizard or app settings.
Administrator can accept the Web Protection Statement in the Kaspersky Security Center Web Console.
Web Protection is enabled in the app settings:

EnableWebFilter = True, EnableWebFilterLock = True.
Use of KSN is enabled in the app settings: UseKsnMode = Recommended or UseKsnMode = Extended.

To configure Google Chrome proxy server via the VMware Workspace ONE Console:

In the console, select Apps & Books → Application → Native.
App catalog opens.
Select the Public section.
Select the Google Chrome app.
App properties window opens.
Select the Assignment section.
In the window that opens, click the Assign button.
The list of devices that the app is assigned opens.
Click the Edit button.
In the window that opens, click Configure.
The app configuration opens. You can read about each of the app parameters using tool tip.
Specify the necessary settings:
- Proxy Mode – Use fixed proxy server.
- Proxy Server URL – 127.0.0.1:3128.
- SPDY protocol support – disabled.
- Data compression through proxy server – disabled.
Save changes.

To enable Web Protection in Google Chrome via the VMware Workspace ONE Console:

In the console, select Apps & Books → Application → Native.
App catalog opens.
Select the Public section.
Select the Kaspersky Endpoint Security app.
App properties window opens.
Select the Assignment section.
In the window that opens, click the Assign button.
The list of devices that the app is assigned opens.
Click the Edit button.
In the window that opens, click Configure.
The app configuration opens. You can read about each of the app parameters using tool tip.
Specify the necessary settings:
- Web Protection – Enable.
- Forbid configuration of Web Protection settings – Enable. The user cannot access Web Protection settings within the app settings.
- Kaspersky Security Network mode – Recommended or Extended.
  Recommended – The app exchanges data with Kaspersky Security Network (KSN). Kaspersky Endpoint Security for Android uses KSN for real-time protection of the device against threats (Cloud Protection) and the operation of Web Protection on the internet.
  
  Extended – The app exchanges data with Kaspersky Security Network and also sends the Virus Laboratory certain performance statistics from Kaspersky Endpoint Security for Android. This information makes it possible to keep track of threats in real time. No personal data is collected, processed, or stored by KSN services.
Save changes.

If users' devices are connected to the Kaspersky Security Center, enable Web Protection in the group policy. Also, you can accept the Web Protection Statement in the Kaspersky Security Center Web Console.

After enabling Web Protection in the Kaspersky Endpoint Security for Android app and configuring Google Chrome, check protection against web threats. To check protection, you can use EICAR test.

Page top

How to activate the app

Information about the license is transmitted to the mobile device together with the other settings in the configuration file.

If the app is not activated within 30 days after its installation on the mobile device, the trial license expires. When the trial license expires, all features of the Kaspersky Endpoint Security for Android mobile app are disabled.

When the commercial license expires, the mobile app continues running with limited functionality (for example, Kaspersky Endpoint Security for Android database updates are not available). To continue using the app in fully functional mode, you must renew your commercial license.

To activate Kaspersky Endpoint Security for Android:

In the EMM Console, open the settings of the Kaspersky Endpoint Security for Android app.
In the LicenseActivationCode field, enter the app activation code.
To activate the app on a device, you must have access to Kaspersky activation servers.

Page top

How to connect a device to Kaspersky Security Center

After Kaspersky Endpoint Security for Android is installed on a mobile device, you can connect the device to Kaspersky Security Center. The data necessary for connecting the device to Kaspersky Security Center is transmitted to the mobile device together with the other settings listed in the configuration file. After connecting the device to Kaspersky Security Center, you can use group policies to centrally configure the app settings. You can also receive reports and statistics on the performance of Kaspersky Endpoint Security for Android.

Prior to connecting devices to Kaspersky Security Center, make sure that the following conditions are fulfilled:

The Kaspersky Endpoint Security for Android Administration Plug-in is installed on the administrator's workstation.
The port for connecting mobile devices is opened in the Administration Server properties.
The display of the Mobile Device Management folder is enabled in the Administration Console.
A mobile certificate for identifying the mobile device user has been created in the Kaspersky Security Center certificate storage.

Prior to connecting devices to Kaspersky Security Center, it is recommended to do the following:

If you want to create tasks and policies for mobile devices, create a separate administration group for mobile devices.
If you want to automatically move mobile devices to a separate administration group, create a rule for automatically moving devices from the Unassigned devices folder.
If you want to centrally configure Kaspersky Endpoint Security for Android, create a group policy.

To connect a device to Kaspersky Security Center:

In the EMM Console, open the settings of the Kaspersky Endpoint Security for Android app.
In the KscServer field, enter the DNS name or IP address of the Kaspersky Security Center Administration Server. The default port is 13292.
If you do not want the user to be distracted by Kaspersky Endpoint Security for Android notifications, disable app notifications. To do so, set the DisableNotification = True setting.
After connecting, the app shows all notifications. You can disable certain app notifications in the policy settings.

Do not disable app notifications if you do not use Kaspersky Security Center. This could cause a user to not receive notifications about the license expiring. As a result, the app will stop performing its functions.

After the connection settings are configured, Kaspersky Endpoint Security for Android displays a notification prompting you to grant the following additional rights and permissions:

Permission to use the Camera for Anti-Theft operation (Mugshot command).
Permission to use Location for Anti-Theft operation (Locate device command).
Device administrator rights (Android work profile owner) for operation of the following app functions:
- Install security certificate.
- Configure Wi-Fi.
- Configure Exchange ActiveSync.
- Restrict use of the camera, Bluetooth, and Wi-Fi.
Due to the specific characteristics of an Android work profile (absence of the Accessibility service), the App Control and Anti-Theft features are unavailable in the app.

When the user grants the necessary rights and permissions, the device will be connected to Kaspersky Security Center. If a rule for automatically moving devices to an administration group has not been created, the device will be automatically added to the Unassigned devices folder. If a rule for automatically moving devices to an administration group has been created, the device will be automatically added to the defined group.

Kaspersky Endpoint Security provides the following devices name format:

Device model [email, device ID]
Device model [email (if any) or device ID]

A device ID is a unique ID that Kaspersky Endpoint Security for Android generates from the data received from a device as follows:

On personal devices running Android 9 and earlier, the app uses the IMEI. For later versions of Android, the app uses SSAID (Android ID) or checksum of other data received from the device.
In device owner mode, the app uses IMEI on all Android versions.
When a work profile is created on devices running Android 11 or earlier, the app uses IMEI. On other Android versions, the app uses the SSAID (Android ID) or checksum of other data received from the device.

You can configure device name format in the group policy.

In SOTI MobiControl, you can use the %DEVICENAME% macro in the KscDeviceName field. This macro allows you automatically get the device name from the SOTI MobiControl console to Kaspersky Security Center.

You can also add a tag to the device name. This makes it easier to find and sort devices in Kaspersky Security Center. The tag is available only for VMware AirWatch.

To add the tag to the device name:

In the EMM Console, open the settings of the Kaspersky Endpoint Security for Android app.
In the KscDeviceNameTag field, select the values:
- {DeviceSerialNumber} – Serial number of the device.
- {DeviceUid} – Unique device identifier (UDID).
- {DeviceAssetNumber} – Device asset number. This number is created internally from within your organization.
We recommend using only these values. VMware AirWatch supports other values, but Kaspersky Endpoint Security cannot guarantee work these values.

You can add some values (for example, {DeviceSerialNumber} {DeviceUid}). The tag will be added to the device name in Kaspersky Security Center. A space separates the tag and the device name. For example, if the device name is Google Pixel 2 a10c6b75f7b31de9 22:7D:78:9E:C5:1E, then 22:7D:78:9E:C5:1E is UDID tag. If you use Kaspersky Security Center and VMwareAirWatch, the tag allows you to identify devices in both consoles. To match the device, select the same values for the device name (for example, the serial number of the device).

After the device is connected to Kaspersky Security Center, the app settings will be changed according to the group policy. Kaspersky Endpoint Security for Android ignores the app settings from the configuration file that was configured in the EMM Console. You can configure all sections of the policy except the following sections:

Anti-Theft (Device lock)
Device management (Screen lock)
App Control (Block forbidden apps)
Android work profile
Manage Samsung Knox

Due to the method used to deploy a work profile, you cannot apply group policy settings from the Android work profile section. These settings can be applied only if the work profile was created using Kaspersky Security Center.

Page top

Silent mode of the app

An Android device user can disable all notifications from Kaspersky Endpoint Security for Android in the settings on the notification bar. If notifications are disabled, the user does not monitor the operation of the app and can ignore important information (for example, information about threats in real time). In this case, to find out the app operating status, the user must open Kaspersky Endpoint Security for Android.

If you do not want the mobile device user to be distracted by Kaspersky Endpoint Security for Android notifications, you can disable certain notifications.

The Kaspersky Endpoint Security uses the following tools to display the device protection status:

Protection status notification. This notification is pinned to the notification bar. Protection status notification cannot be removed. The notification displays the device protection status (for example, ) and number of issues, if any. You can tap the device protection status and see the list issues in the app.
App notifications. These notifications inform the device user about the application (for example, threat detection).
Pop-up messages. Pop-up messages require action from the device user (for example, action to take when a threat is detected).

The silent mode settings are transmitted to the mobile device together with the other settings in the configuration file. Set True value for the DisableNotification parameter.

To enable silent mode of the app via the VMware Workspace ONE Console:

In the console, select Apps & Books → Application → Native.
App catalog opens.
Select the Public section.
Select the Kaspersky Endpoint Security app.
App properties window opens.
Select the Assignment section.
In the window that opens, click the Assign button.
The list of devices that the app is assigned opens.
Click the Edit button.
In the window that opens, click Configure.
The app configuration opens. You can read about each of the app parameters using tool tip.
In the Disable app notifications before connecting to Kaspersky Security Center.
If you use Kaspersky Security Center, enable silent mode in the group policy too.
Save changes.

As a result, the app will only show the Protection status notification. Other notifications and pop-ups will be disabled.

Page top

AppConfig File

A configuration file is generated to configure the app in an EMM Console. The app settings in the configuration file are presented in the table below.

Configuration file settings

Configuration key	Description	Type	Value	Default value
`LicenseActivationCode`	App activation code	String	App activation code consisting of 20 Latin letters and numerals. To activate the app by using the activation code, you need internet access to connect to Kaspersky activation servers. If you leave the field blank, the app will be activated with a trial license. The trial license is valid for 30 days. When the trial license expires, all features of the Kaspersky Endpoint Security for Android mobile app are disabled. To continue using the app, you must purchase a commercial license.
`EulaAcceptanceConfirmationV1`	<License Agreement link>	Choice	This setting is available only for VMware AirWatch. `Accepted` – I confirm that I have fully read, understand, and accept the terms and conditions of this End User License Agreement. `Declined` – I do not accept the terms and conditions of this End User License Agreement (EULA). To accept the terms and conditions of the EULA for all mobile devices, you need internet access to connect to Kaspersky servers. If you chose `Declined`, the app will ask the user to accept the terms and conditions of the EULA. Mobile device users can accept the conditions in the Initial Configuration Wizard.
`EulaAcceptanceCodeV1`	License Agreement code	String	These settings are available only for VMware AirWatch. Use `EulaAcceptanceCodeV1` if you want to accept a single End User License Agreement (EULA). Use `EulaAcceptanceCodesV2` if you want to accept several EULAs at the same time. The `EulaAcceptanceCodesV2` field must contain a semicolon-separated list of EULA codes: `"<EULAid1>;<EULAid2>;<EULAid3>;..."`. License Agreement code is contained in the End User License Agreement. To learn License Agreement code: Copy the License Agreement link (`EulaAcceptanceConfirmationV1`) from the EMM Console. Paste the link into the browser. The End User License Agreement (EULA) opens. Read the terms and conditions of this EULA and find the License Agreement code. To accept the terms and conditions of the EULAs for all mobile devices, you need internet access to connect to Kaspersky servers. If you leave the fields blank, the app will ask the user to accept the terms and conditions of the EULAs. Mobile device user can accept the conditions in the Initial Configuration Wizard. If you specify the values of both fields, the terms and conditions of all EULAs specified in them will be accepted.
`EulaAcceptanceCodesV2`	License Agreement codes	String
`KscServer`	Kaspersky Security Center Administration Server address and port	String	DNS name or IP address of the Kaspersky Security Center Administration Server and port number. Enter the address as follows: `<server address>:<port>`. If you enter the server address without specifying the port, the app will use the default port 13292.	`<server address>:13292`
`DisableNotification`	Disable app notifications before connecting to Kaspersky Security Center	Boolean	`True` – Kaspersky Endpoint Security for Android hides all app notifications until the device connects to Kaspersky Security Center. After connecting, the app shows all notifications. You can disable certain app notifications in the policy settings. Do not disable app notifications if you do not use Kaspersky Security Center. This could cause a user to miss receiving notifications about a license expiration. In this case, the app would stop performing its functions. `False` – Kaspersky Endpoint Security for Android shows all app notifications.	`False`
`ScanScheduleType`	Scan run mode	Choice	`AfterUpdate` – Start a malware scan after a database update. The app updates anti-malware databases according to the defined schedule (`UpdateScheduleType`). `Daily` – Start a malware scan once a day. Configure the scan start time (`ScanScheduleTime`). `Weekly` – Start a malware scan once a week. Select the day of the week to start a malware scan (`ScanScheduleDay`) and configure the time (`ScanScheduleTime`). `Off` – Autostart of a malware scan is disabled. Irrespective of which value is set, the device user can manually start a malware scan.	`AfterUpdate`
`ScanScheduleDay`	Day of scan	Choice	`Monday / Tuesday / Wednesday / Thursday / Friday / Saturday / Sunday` You can select only one value for this setting.	`Monday`
`ScanScheduleTime`	Time of scan	String	The time can be indicated in 24-hour format (for example, 13:00) or 12-hour format (for example, 10:30 PM).	`8:00`
`ScanScheduleLock`	Block configuration of the scan run mode	Boolean	`True` – The user cannot access the malware scan run mode settings within the app settings. `False` – The user can configure the malware scan run mode and, for example, disable autostart of a malware scan.	`True`
`ScanOnlyExecutableFiles`	Types of files to scan (malware scan)	Choice	`AllFiles` – Scan all files. `OnlyExecutables` – Scan only executable files. Executable files are files with the .apk (.zip), .dex, or .so extension. In Kaspersky Endpoint Security for Android Service Pack 4 Maintenance Release 1, you cannot enable scanning of executable files only.	`AllFiles`
`ScanArchives`	Scan archives with unpacking	Boolean	`True` – The app unpacks archives and scans their contents. `False` – The app scans only the archive files. The app scans only archives with the .zip (.apk) extension.	`True`
`ScanActionOnThreatFound`	Action on threat detection (malware scan)	Choice	`Quarantine` – The app puts detected objects in Quarantine. Quarantine stores files as archives, so they cannot harm the device. The Quarantine lets you delete or restore the files that were moved to isolated storage. `Delete` – The app deletes the detected objects. `Skip` – The app leaves the detected objects unchanged. If the detected objects have been skipped, Kaspersky Endpoint Security for Android warns the user about problems in device protection. When there is an attempt to access an object on the device (such as an attempt to copy or open it), the app blocks access to the object. `AskUser` – The app prompts the user to select an action for each detected object: skip, quarantine, or delete. When multiple objects are detected, the user can apply a selected action to all objects. Information about detected threats and the actions taken on them is logged in app reports.	`Quarantine`
`ScanLock`	Block configuration of scan settings	Boolean	`True` – The following scan settings cannot be accessed by the user in the app settings: the type of files to scan, scanning of archives, and the action to take when a threat is detected. `False` – The user can configure scan settings and, for example, select the `Skip` action for detected threats.	`True`
`ScanAndProtectionAdwareRiskware`	Block adware, autodialers, and apps that can be used by criminals to cause harm to the user's device and data	Boolean	`True` – The app detects adware and other apps that can be used by criminals to cause harm to the user's device and data. `False` – The app skips adware and other apps that can be used by criminals to cause harm to the user's device and data.	`True`
`ProtectionMode`	Real-time protection mode	Choice	`Recommended` – The app only scans new apps once, immediately after they have been installed, as well as files from the Downloads folder. `Extended` – The app scans all files that the user opens, modifies, copies, runs and saves on the device. The app also scans new apps and files from the Downloads folder. `Disabled` – Real-time protection is disabled.	`Recommended`
`UseKsnMode`	Kaspersky Security Network mode	Choice	`Recommended` – The app exchanges data with Kaspersky Security Network (KSN). Kaspersky Endpoint Security for Android uses KSN for real-time protection of the device against threats (Cloud Protection) and the operation of Web Protection on the internet. `Extended` – The app exchanges data with Kaspersky Security Network and also sends the Virus Laboratory certain performance statistics from Kaspersky Endpoint Security for Android. This information makes it possible to keep track of threats in real time. No personal data is collected, processed, or stored by KSN services. `Disabled` – The app does not use data from Kaspersky Security Network. You cannot enable Web Protection (`EnableWebFilter`). The Cloud Protection component is not available for Anti-Malware.	`Recommended`
`ProtectScanOnlyExecutableFiles`	Types of files to scan (Real-time Protection)	Boolean	`AllFiles` – Scan all files. `OnlyExecutables` – Scan only executable files. Executable files are files with the .apk (.zip), .dex, or .so extension. In Kaspersky Endpoint Security for Android Service Pack 4 Maintenance Release 1, you cannot enable scanning of executable files only.	`AllFiles`
`ProtectionActionOnThreatFound`	Action on threat detection (Real-time Protection)	Choice	`Quarantine` – The app puts detected objects in Quarantine. Quarantine stores files as archives, so they cannot harm the device. Quarantine lets you delete or restore the files that were moved to isolated storage. `Delete` – The app deletes detected objects. `Skip` – The app leaves the detected objects unchanged. If the detected objects have been skipped, Kaspersky Endpoint Security for Android warns the user about problems in device protection. When an attempt is made to access an object on the device (such as an attempt to copy or open it), the app blocks access to the object. Information about detected threats and the actions taken on them is logged in app reports.	`Quarantine`
`ProtectionLock`	Block configuration of real-time protection settings	Boolean	`True` – The following real-time protection settings cannot be accessed by the user in the app settings: real-time protection mode, types of files to scan, and the action to take when a threat is detected. `False` – The user can configure real-time protection settings and, for example, can select the `Skip` action for detected threats.	`True`
`UpdateScheduleType`	Databases update run mode	Choice	`Daily` – Check for new anti-malware databases and download them to devices once a day. Configure the database update start time (`UpdateScheduleTime`). `Weekly` – Check for new anti-malware databases and download them to devices once a week. Select the day of the week to start a database update (`UpdateScheduleDay`) and configure the time (`UpdateScheduleTime`). `Off` – Automatic update of anti-malware databases is disabled. Irrespective of which value is set, the device user can manually start an update of anti-malware databases.	`Daily`
`UpdateScheduleDay`	Day to start a database update	Choice	`Monday / Tuesday / Wednesday / Thursday / Friday / Saturday / Sunday` You can select only one value for this setting.	`Monday`
`UpdateScheduleTime`	Database update start time	String	The time can be indicated in 24-hour format (for example, 13:00) or 12-hour format (for example, 10:30 PM).	`8:00`
`UpdateScheduleLock`	Block configuration of the database update run mode	Boolean	`True` – The user cannot access the database update run mode settings within the app settings. `False` – The user can configure the database update run mode and, for example, disable autostart of anti-malware database updates.	`True`
`AllowUpdateInRoaming`	Update databases in roaming	Boolean	`True` – The app downloads anti-malware databases if the device is in the roaming zone. The app downloads anti-malware databases according to the defined schedule (`UpdateScheduleType`). `False` – The app downloads anti-malware databases only if the device is in the home network.	`False`
`EnableWebFilter`	Web Protection	Boolean	`True` – The app uses the Web Protection component to block malicious and phishing websites on the internet. Web Protection on Android devices is supported only by Google Chrome, HUAWEI Browser, Samsung Internet, and Yandex Browser. Malicious and phishing websites using the HTTPS protocol are allowed to remain unblocked if the domain is trusted. If the domain is untrusted, Web Protection blocks malicious and phishing websites. `False` – Protection against malicious and phishing websites is disabled. For the Web Protection component to work, the following conditions must be met: Device users accept the Privacy Policy and the Web Protection Statement in the Initial Configuration Wizard or app settings. A proxy server is configured in the browser settings: `ProxyMode = "fixed_servers"` `ProxyServer = "127.0.0.1:3128"` `DisableSpdy = true` `DataCompressionProxyEnabled = false` Proxy server configuration may vary depending on the browser version. After the Kaspersky Endpoint Security for Android app is removed from the mobile device, reset the proxy server settings. Use of KSN is enabled in the app settings: `UseKsnMode = Recommended` or `UseKsnMode = Extended`. It is recommended to select Google Chrome, HUAWEI Browser, Samsung Internet Browser, or Yandex Browser as the default browser in the operating system settings.	`False`
`EnableWebFilterLock`	Block configuration of Web Protection	Boolean	`True` – The user cannot access Web Protection settings within the app settings. `False` – The user can configure Web Protection settings and, for example, disable protection against malicious and phishing websites on the internet.	`True`
`UpdateServer`	Database update source server address	String	Address of the server hosting the database updates, for example, `http://update.server.com`. If you leave the field blank, Kaspersky Endpoint Security for Android uses the Kaspersky database update servers.
`AllowGoogleAnalytics`	Submit data to the Google Analytics for Firebase, Firebase Performance Monitoring, and Crashlytics services	Boolean	`True` – The app automatically submits Kaspersky Endpoint Security for Android operating data to the Google Analytics for Firebase, Firebase Performance Monitoring, and Crashlytics services. This data is necessary in order to improve the performance of the app and to analyze user satisfaction. Data is transferred to the Google Analytics for Firebase, Firebase Performance Monitoring, and Crashlytics services over a secure connection. Access to and protection of data is regulated by the relevant terms of use of the Google Analytics for Firebase, Firebase Performance Monitoring, and Crashlytics services. `False` – Submission of data to the Google Analytics for Firebase, Firebase Performance Monitoring, and Crashlytics services is disabled.	`True`
`KscDeviceNameTag`	Device Name Tag for Kaspersky Security Center	String	This setting is available only for VMware AirWatch. The tag will be added to the device name in Kaspersky Security Center. A space separates the tag and the device name. This makes it easier to find and sort devices in Kaspersky Security Center. `{DeviceSerialNumber}` – Serial number of the device. `{DeviceUid}` – Unique device identifier (UDID). `{DeviceAssetNumber}` – Device asset number. This number is created internally within your organization. You can add some values (for example, `{DeviceSerialNumber} {DeviceUid}`). We recommend using only these values. VMware AirWatch supports other values, but Kaspersky Endpoint Security cannot guarantee that these values work.
`KscGroup`	Device group name	String	You can specify device groups in an EMM console. When a device is connected to Kaspersky Security Center, it will be automatically added to a subfolder of the of Unassigned devices folder. The name of the subfolder will match the group name specified in this parameter. You can then create rules for automatically moving devices from subfolders of the Unassigned devices folder to administration groups in the Managed devices folder. If you leave the field blank, the device will be automatically added to the root of the Unassigned devices folder.	`KES10`
`KscCorporateEmail`	User's corporate email	String	You can specify users' corporate email addresses in an EMM console. These emails will be displayed in Kaspersky Security Center. The string must be a valid email address. Other values are ignored.
`KscDeviceName`	Device name in Kaspersky Security Center	String	This setting is available only for SOTI MobiControl. You can specify the device name displayed in Kaspersky Security Center. You can type any name or use the %DEVICENAME% macro to automatically get the device name from the SOTI MobiControl console. If you leave the field blank, the device name will be generated according to the format specified in the Kaspersky Security Center group policy.

Page top

Contents

Managing the app by using third-party EMM systems (Android only)

Getting Started

How to install the app

Protecting devices on the internet

How to activate the app

How to connect a device to Kaspersky Security Center

Silent mode of the app

AppConfig File