Creating a scan exclusion

Kaspersky Endpoint Security does not scan an object if the drive or folder containing this object is included in the scan
scope at the start of one of the scan tasks. However, the scan exclusion is not applied when a custom scan task is
started for this particular object.

To create a scan exclusion:

1. Open the application settings window.

2. In the left part of the window, in the General Settings section, select Exclusions.
The exclusions settings are displayed in the right part of the window.

3. In the Scan exclusions and trusted zone section, click the Settings button.
The Trusted zone window opens on the Scan exclusions tab.

4. Click the Add button.

The Scan exclusion window opens. In this window, you can create a scan exclusion using one or more criteria from the
Properties section.

5. To exclude a le or folder from scanning:

a. In the Properties section, select the File or folder check box.

b. Click the select le or folder link in the Scan exclusion description section to open the Name of le or folder window.

c. Enter the le or folder name or the mask of the le or folder name , or select the le or folder in the folder tree by
clicking Browse.

d. In the Name of le or folder window, click OK.

A link to the added le or folder appears in the Scan exclusion description section of the Scan exclusion
window.

6. To exclude objects with a speci c name from scanning:

a. In the Properties section, select the Object name check box.

b. Click the enter object name link in the Scan exclusion description section to open the Object name window.

c. Enter the object name or name mask according to the classi cation of the Kaspersky Virus Encyclopedia: d. Click OK

in the Object name window.

A link to the added object name appears in the Scan exclusion description section of the Scan exclusion
window.

7. To exclude an object with a speci c hash from scanning:

a. In the Properties section, select the Object hash check box.

b. Click the enter object hash link in the Scan exclusion description section to open the Object hash window.

1
 c. Enter the SHA256 hash of the object according to the classi cation in the Kaspersky Virus Encyclopedia, or select the
le by clicking the Browse button.

d. Click OK in the Object hash window.

A link to the added object hash appears in the Scan exclusion description section of the Scan exclusion
window.

8. If necessary, in the Comment eld, enter a brief comment on the scan exclusion that you are creating.

9. Specify the Kaspersky Endpoint Security components that should use the scan exclusion:

a. Click the any link in the Scan exclusion description section to activate the select components link.

b. Click the select components link to open the Protection components window.

c. Select the check boxes opposite the components to which the scan exclusion must be applied.

d. In the Protection components window, click OK.

If the components are speci ed in the settings of the scan exclusion, this exclusion is applied only during scanning by
these components of Kaspersky Endpoint Security.
If the components are not speci ed in the settings of the scan exclusion, this exclusion is applied during scanning by all
components of Kaspersky Endpoint Security.

10.In the Scan exclusion window, click OK.

The scan exclusion you have added appears in the table on the Scan exclusions tab of the Trusted zone window. The con
gured settings of this scan exclusion appear in the Scan exclusion description section.

11.In the Trusted zone window, click OK.

12.To save changes, click the Save button.

Modifying a scan exclusion

To modify a scan exclusion:

1. Open the application settings window.

2. In the left part of the window, in the General Settings section, select Exclusions.
The exclusions settings are displayed in the right part of the window.

3. In the Scan exclusions and trusted zone section, click the Settings button.
The Trusted zone window opens on the Scan exclusions tab.

4. Select the scan exclusion that you want to modify in the list.

5. Change the scan exclusion settings using one of the following methods:

Click the Edit button.

The Scan exclusions window opens.
2
 Open the window for editing the necessary setting by clicking the link in the Scan exclusion description eld.

6. If you clicked the Edit button during the previous step, click OK in the Scan exclusion window.
The modi ed settings of this scan exclusion appear in the Scan exclusion description section.

7. In the Trusted zone window, click OK.

8. To save changes, click the Save button.

Deleting a scan exclusion

To delete a scan exclusion:

1. Open the application settings window.

2. In the left part of the window, in the General Settings section, select Exclusions.
The exclusions settings are displayed in the right part of the window.

3. In the Scan exclusions and trusted zone section, click the Settings button.
The Trusted zone window opens on the Scan exclusions tab.

4. Select the scan exclusion that you need in the list of scan exclusions.

5. Click the Delete button.

The deleted scan exclusion disappears from the list.

6. In the Trusted zone window, click OK.

7. To save changes, click the Save button.

Enabling and disabling a scan exclusion

To enable or disable a scan exclusion:

1. Open the application settings window.

2. In the left part of the window, in the General Settings section, select Exclusions.
The exclusions settings are displayed in the right part of the window.

3. In the Scan exclusions and trusted zone section, click the Settings button.
The Trusted zone window opens on the Scan exclusions tab.

4. Select the exclusion that you need in the list of scan exclusions.

5. Do one of the following:

To enable a scan exclusion, select the check box next to the name of this scan exclusion.
3
 To disable a scan exclusion, clear the check box next to the name of this scan exclusion.

6. Click OK.

7. To save changes, click the Save button.

Editing the list of trusted applications

To edit the list of trusted applications:

1. Open the application settings window.

2. In the left part of the window, in the General Settings section, select Exclusions.
The exclusions settings are displayed in the right part of the window.

3. In the Scan exclusions and trusted zone section, click the Settings button.
The Trusted zone window opens.

4. In the Trusted zone window, select the Trusted applications tab.

5. To add an application to the trusted applications list:

a. Click the Add button.

b. In the context menu that opens, do one of the following:

If you want to nd the application in the list of applications installed on the computer, select the Applications
item in the menu.
The Select application window opens.

If you want to specify the path to the executable le of the relevant application, select Browse.
The standard Open le window in Microsoft Windows opens.

c. Select the application in one of the following ways:

If you selected Applications during the previous step, select the application in the list of applications installed
on the computer and click OK in the Select application window.

If you selected Browse during the previous step, specify the path to the executable le of the relevant
application and click the Open button in the standard Open window of Microsoft Windows.

These actions cause the Scan exclusions for application window to open.

a. Select the check boxes opposite the relevant trusted zone rules for the selected application:

Do not scan opened les.

Do not monitor application activity.

Do not inherit restrictions of the parent process (application).

Do not monitor child application activity.

4
 Do not block interaction with the application interface.

Do not scan network tra ic.

If you add a trusted application using Kaspersky Endpoint Security Administration plug-in, you must specify
the application without using masks for the Do not scan network tra ic setting to work.

b. In the Scan exclusions for application window, click OK.

The trusted application that you have added appears in the trusted applications list.

6. To edit the settings of a trusted application:

a. Select a trusted application in the trusted applications list.

b. Click the Edit button.

c. The Scan exclusions for application window opens.

d. Select or clear the check boxes opposite the relevant trusted zone rules for the selected application:

If no trusted zone rules are selected in the Scan exclusions for application window, the trusted application is
included in the scan. In this case, the trusted application is not removed from the list of trusted applications,
but its check box is cleared.

e. In the Scan exclusions for application window, click OK.

7. To remove a trusted application from the trusted applications list:

a. Select a trusted application in the trusted applications list.

b. Click the Delete button.

8. In the Trusted zone window, click OK.

9. To save changes, click the Save button.

Enabling and disabling trusted zone rules for an application in the list of trusted
applications
To enable or disable the action of trusted zone rules applied to an application from the list of trusted applications:

1. Open the application settings window.

2. In the left part of the window, in the General Settings section, select Exclusions.
The exclusions settings are displayed in the right part of the window.

3. In the Scan exclusions and trusted zone section, click the Settings button.
The Trusted zone window opens.
5
 4. In the Trusted zone window, select the Trusted applications tab.

5. In the list of trusted applications, select the necessary trusted application.

6. Do one of the following:

To exclude a trusted application from Kaspersky Endpoint Security scanning, select the check box next to its
name.

To include a trusted application in Kaspersky Endpoint Security scanning, clear the check box next to its name.

7. Click OK.

8. To save changes, click the Save button.

Using trusted system certi cate storage

Use of system certi cate storage lets you exclude applications signed by a trusted digital signature from virus scans.
Kaspersky Endpoint Security automatically assigns such applications to the Trusted group.
To begin using trusted system certi cate storage:

1. Open the application settings window.

2. In the left part of the window, in the General Settings section, select Exclusions.
The exclusions settings are displayed in the right part of the window.

3. In the Scan exclusions and trusted zone section, click the Settings button.
The Trusted zone window opens.

4. In the Trusted zone window, select the Trusted system certi cate store tab.

5. Select the Use trusted system certi cate store check box.

6. In the Trusted system certi cate store drop-down list, select which system store must be considered as trusted by
Kaspersky Endpoint Security .

7. In the Trusted zone window, click OK.

8. To save changes, click the Save button.

Network Protection
This section contains information about network tra ic monitoring and instructions on how to con gure the settings of
monitored network ports.

6
About Network Protection
During the operation of Kaspersky Endpoint Security, the Mail Threat Protection and Web Threat Protection components
monitor data streams that are transmitted via speci c protocols and that pass through speci c open TCP and UDP ports on
the user's computer. For example, the Mail Threat Protection component analyzes information that is transmitted via SMTP,
while the Web Threat Protection component analyzes information that is transmitted via HTTP and FTP.

Kaspersky Endpoint Security divides TCP and UDP ports of the operating system into several groups, depending on the
likelihood of their being compromised. Some network ports are reserved for services that may be vulnerable. You are
advised to monitor these ports more thoroughly, because the likelihood that they are attacked is greater. If you use non-
standard services that rely on non-standard network ports, these network ports may also be targeted by an attacking
computer. You can specify a list of network ports and a list of applications that request network access. These ports and
applications then receive special attention from the Mail Threat Protection and Web Threat Protection components as they
monitor network tra ic.

Con guring the settings of network tra ic monitoring

You can perform the following actions to con gure the settings of network tra ic monitoring:

Enable monitoring of all network ports.

Create a list of monitored network ports.

Create a list of applications for which all network ports are monitored.

Enabling monitoring of all network ports

To enable monitoring of all network ports:

1. Open the application settings window.

2. In the left part of the window, in the General Settings section, select Exclusions.
The exclusions settings are displayed in the right part of the window.

3. In the Monitored ports section, select the Monitor all network ports option.

4. To save changes, click the Save button.

Creating a list of monitored network ports

To create a list of monitored network ports:

1. Open the application settings window.

2. In the left part of the window, in the General Settings section, select Exclusions.
The exclusions settings are displayed in the right part of the window.

7
 3. In the Monitored ports section, select Monitor only selected ports.

4. Click the Settings button.

The Network ports window opens. The Network ports window displays a list of network ports that are normally used
for transmission of email and network tra ic. This list of network ports is included in the Kaspersky Endpoint
Security package.

5. In the list of network ports, perform the following:

Select the check boxes opposite those network ports that you want to include in the list of monitored network
ports.
By default, the check boxes are selected opposite all network ports that are listed in the Network ports window.

Clear the check boxes opposite those network ports that you want to exclude from the list of monitored network
ports.

6. If a network port is not shown in the list of network ports, add it by doing the following:

a. Under the list of network ports, click the Add link to open the Network port window.

b. Enter the network port number in the Port eld.

c. Enter the name of the network port in the Description eld. d. Click OK.

The Network port window closes. The newly added network port is shown at the end of the list of network ports.

7. In the Network ports window, click OK.

8. To save changes, click the Save button.

When the FTP protocol runs in passive mode, the connection can be established via a random network port that is not
added to the list of monitored network ports. To protect such connections, select the Monitor all network ports check
box in the Monitored ports section or con gure the monitoring of all ports for applications that establish the FTP
connection.

Creating a list of applications for which all network ports are monitored
You can create a list of applications for which Kaspersky Endpoint Security monitors all network ports.

We recommend including applications that receive or transmit data via the FTP protocol in the list of applications for
which Kaspersky Endpoint Security monitors all network ports.

To create a list of applications for which all network ports are monitored:

1. Open the application settings window.

2. In the left part of the window, in the General Settings section, select Exclusions.
The exclusions settings are displayed in the right part of the window.
8
 3. In the Monitored ports section, select Monitor only selected ports.

4. Click the Settings button.

The Network ports window opens.

5. Select the Monitor all ports for speci ed applications check box.

6. In the list of applications under the Monitor all ports for speci ed applications check box, do the following:

Select the check boxes next to the names of applications for which you want to monitor all network ports.
By default, the check boxes are selected next to all applications that are listed in the Network ports window.

Clear the check boxes next to the names of applications for which you do not want to monitor all network ports.

7. If an application is not included in the list of applications, add it as follows:

a. Click the Add link under the list of applications and open the context menu.

b. In the context menu, select the way in which to add the application to the list of applications:

To select an application from the list of applications that are installed on the computer, select the Applications
command. The Select application window opens, letting you specify the name of the application.

To specify the location of the application's executable le, select the Browse command. The standard Open
window in Microsoft Windows opens, letting you specify the name of the application executable le.

The Application window opens after you select the application.

c. In the Name eld, enter a name for the selected application. d. Click OK.

The Application window closes. The application that you have added appears at the end of the list of applications.

8. In the Network ports window, click OK.

9. To save changes, click the Save button.

Kaspersky Endpoint Security Self-Defense

This section describes the self-defense and remote control defense mechanisms of Kaspersky Endpoint Security and
provides instructions on con guring the settings of these mechanisms.

About Kaspersky Endpoint Security Self-Defense

Kaspersky Endpoint Security protects the computer from malicious programs, including malware that attempts to block the
operation of Kaspersky Endpoint Security or even delete it from the computer.

The stability of the security system on the computer is ensured by the self-defense and remote control defense
mechanisms in Kaspersky Endpoint Security.

9
The Self-Defense mechanism prevents alteration or deletion of application les on the hard drive, memory processes, and
entries in the system registry.

Remote Control Defense blocks all attempts from a remote computer to control application services.

On computers that run on 64-bit operating systems, only Kaspersky Endpoint Security Self-Defense is available for
preventing the alteration and deletion of application les on the hard drive and system registry entries.

Enabling and disabling Self-Defense

The Self-Defense mechanism of Kaspersky Endpoint Security is enabled by default. You can disable Self-Defense, if
necessary.

To enable or disable Self-Defense:

1. Open the application settings window.

2. In the left part of the window, in the General Settings section, select Application Settings.
The advanced settings of Kaspersky Endpoint Security are displayed in the right part of the window.

3. Do one of the following:

To enable the Self-Defense mechanism, select the Enable Self-Defense check box.

To disable the Self-Defense mechanism, clear the Enable Self-Defense check box.

4. To save changes, click the Save button.

Enabling and disabling Remote Control Defense

The remote control defense mechanism is enabled by default. You can disable the remote control defense mechanism, if
necessary.

To enable or disable the remote control defense mechanism:

1. Open the application settings window.

2. In the left part of the window, in the General Settings section, select Application Settings.
The advanced settings of Kaspersky Endpoint Security are displayed in the right part of the window.

3. Do one of the following:

If you want to enable Remote Control Defense, select the Disable external management of the system services
check box.

If you want to disable Remote Control Defense, clear the Disable external management of the system services
check box.
10
 4. To save changes, click the Save button.

Supporting remote administration applications

You may occasionally need to use a remote administration application while external control protection is enabled.

To enable the operation of remote administration applications:

1. Open the application settings window.

2. In the left part of the window, in the General Settings section, select Exclusions.
The exclusions settings are displayed in the right part of the window.

3. In the Scan exclusions and trusted zone section, click the Settings button.
The Trusted zone window opens.

4. In the Trusted zone window, select the Trusted applications tab.

5. Click the Add button.

6. In the context menu that opens, do one of the following:

To nd the remote administration application in the list of applications that are installed on the computer, select
the Applications item.
The Select application window opens.

To specify the path to the executable le of the remote administration application, select Browse.
The standard Open le window in Microsoft Windows opens.

7. Select the application in one of the following ways:

If you selected Applications during the previous step, select the application in the list of applications installed on
the computer and click OK in the Select application window.

If you selected Browse during the previous step, specify the path to the executable le of the relevant application
and click the Open button in the standard Open window of Microsoft Windows.

These actions cause the Scan exclusions for application window to open.

8. Select the Do not monitor application activity check box.

9. In the Scan exclusions for application window, click OK.

The trusted application that you have added appears in the trusted applications list.

10.To save changes, click the Save button.

Kaspersky Endpoint Security performance and compatibility with other

applications

11
This section contains information about the performance of Kaspersky Endpoint Security and compatibility with other
applications, and also guidelines for selecting the types of detectable objects and operating mode of Kaspersky Endpoint
Security.

About Kaspersky Endpoint Security performance and compatibility with other

applications

Performance of Kaspersky Endpoint Security

The performance of Kaspersky Endpoint Security refers to the number of types of objects that can harm the computer that
are detectable, as well as energy consumption and use of computer resources.

Selecting types of detectable objects

Kaspersky Endpoint Security lets you ne-tune the protection of your computer and select the types of objects that the
application detects during operation. Kaspersky Endpoint Security always scans the operating system for viruses, worms,
and Trojans. You cannot disable scanning of these types of objects. Such malware can cause signi cant harm to the
computer. For greater security on your computer, you can expand the range of detectable object types by enabling
monitoring of legal software that can be used by criminals to damage your computer or personal data.

Using energy-saving mode

Energy consumption by applications is a key consideration for portable computers. Kaspersky Endpoint Security scheduled
tasks usually use up considerable resources. When the computer is running on battery power, you can use energy-saving
mode to consume power more sparingly.

In energy-saving mode, the following scheduled tasks are postponed automatically:

Update task

Full Scan task

Critical Areas Scan task

Custom Scan task

Integrity Check task

Whether or not energy saving mode is enabled, Kaspersky Endpoint Security pauses encryption tasks when a portable
computer switches to battery power. The application resumes encryption tasks when the portable computer switches from
battery power to mains power.

Conceding computer resources to other applications

Use of computer resources by Kaspersky Endpoint Security may impact the performance of other applications. To resolve
the problem of simultaneous operation during increased load on the CPU and hard drive subsystems, Kaspersky Endpoint
Security can pause scheduled tasks and concede resources to other applications.

12
However, a number of applications start immediately when CPU resources become available, proceeding to work in
background mode. To prevent scanning from depending on the performance of other applications, it is better to not
concede operating system resources to them.

You can start such tasks manually, if necessary.

Using advanced disinfection technology

Today's malicious programs can penetrate the lowest levels of an operating system, which makes them virtually impossible
to eliminate. After detecting malicious activity in the operating system, Kaspersky Endpoint Security performs an extensive
disinfection procedure that uses special advanced disinfection technology. Advanced
disinfection technology is aimed at purging the operating system of malicious programs that have already started their
processes in RAM and that prevent Kaspersky Endpoint Security from removing them by using other methods. The threat is
neutralized as a result. While Advanced Disinfection is in progress, you are advised to refrain from starting new processes
or editing the operating system registry. The advanced disinfection technology uses considerable operating system
resources, which may slow down other applications.

After the Advanced Disinfection process has been completed on a computer running Microsoft Windows for workstations,
Kaspersky Endpoint Security requests the user's permission to reboot the computer. After system reboot, Kaspersky
Endpoint Security deletes malware les and starts a "lite" full scan of the computer.

A reboot prompt is impossible on a computer running Microsoft Windows for le servers due to the speci cs of Kaspersky
Endpoint Security for le servers. An unplanned reboot of a le server can lead to problems involving temporary unavailability
of le server data or loss of unsaved data. It is recommended to reboot a le server strictly according to schedule. This is why
Advanced Disinfection technology is disabled by default for le servers.

If active infection is detected on a le server, an event is relayed to Kaspersky Security Center with information that Active
Disinfection is required. To disinfect an active infection of a le server, enable Active Disinfection technology for le servers
and start a Virus scan group task at a time convenient for le server users.

Selecting types of detectable objects

To select types of detectable objects:

1. Open the application settings window.

2. In the left part of the window, in the General Settings section, select Exclusions.
The exclusions settings are displayed in the right part of the window.

3. In the Objects for detection section, click the Settings button.

The Objects for detection window opens.

4. Select check boxes opposite the types of objects that you want Kaspersky Endpoint Security to detect: Malicious tools

Adware

Auto-dialers

Other

Packed les that may cause harm

13
 Multi-packed les

5. Click OK.
The Objects for detection window closes. In the Objects for detection section, the selected types of objects are listed
under Detection of the following object types is enabled.

6. To save changes, click the Save button.

Enabling or disabling Advanced Disinfection technology for workstations

To enable or disable Advanced Disinfection technology for workstations:

1. Open the application settings window.

2. In the left part of the window, in the General Settings section, select Application Settings.
The advanced settings of Kaspersky Endpoint Security are displayed in the right part of the window.

3. In the right part of the window, do one of the following:

Select the Enable Advanced Disinfection technology to enable advanced disinfection technology.

Clear the Enable Advanced Disinfection technology to disable advanced disinfection technology.

4. To save changes, click the Save button.

When the Advanced Disinfection task is started through Kaspersky Security Center, the majority of operating system
functions are unavailable to the user. The workstation is restarted after the task has been completed.

Enabling or disabling Advanced Disinfection technology for le servers

To enable Advanced Disinfection technology for le servers, perform one of the following actions:

Enable Advanced Disinfection technology in the properties of the active Kaspersky Security Center policy. To do so:

a. Open the Application Settings section in the policy properties window.

b. Select the Enable Advanced Disinfection technology check box.

c. To save the changes, click OK in the policy properties window.

In the properties of the Virus scan group task of Kaspersky Security Center, select the Run Advanced Disinfection
immediately check box.

To disable Advanced Disinfection technology for le servers, perform one of the following:

Enable Advanced Disinfection technology in the properties of the Kaspersky Security Center policy. To do so:

14
 a. Open the Application Settings section in the policy properties window.

b. Clear the Enable Advanced Disinfection technology check box.

c. To save the changes, click OK in the policy properties window.

In the properties of the Virus scan group task of Kaspersky Security Center, clear the Run Advanced Disinfection
immediately check box.

Enabling or disabling energy-saving mode

To enable or disable energy conservation mode:

1. Open the application settings window.

2. In the left part of the window, in the General Settings section, select Application Settings.
The advanced settings of Kaspersky Endpoint Security are displayed in the right part of the window.

3. In the Performance section:

To enable energy conservation mode, select the Postpone scheduled tasks while running on battery power check
box.
When energy conservation mode is enabled and the computer is running on battery power, the following tasks are
not run even if scheduled:

Update task

Full Scan task

Critical Areas Scan task

Custom Scan task

Integrity Check task

If you want to disable energy conservation mode, clear the Postpone scheduled tasks while running on
battery power check box. In this case, Kaspersky Endpoint Security carries out scheduled tasks regardless of the
computer's source of power.

4. To save changes, click the Save button.

Enabling or disabling conceding of resources to other applications

To enable or disable conceding of resources to other applications:

1. Open the application settings window.

2. In the left part of the window, in the General Settings section, select Application Settings.

15
 The advanced settings of Kaspersky Endpoint Security are displayed in the right part of the window.

3. In the Performance section:

If you want to enable the mode in which resources are conceded to other applications, select the Concede
resources to other applications check box.
When con gured to concede resources to other applications, Kaspersky Endpoint Security postpones scheduled
tasks that slow down other applications:

Update task

Full Scan task

Critical Areas Scan task

Custom Scan task

Integrity Check task

If you want to disable the mode in which resources are conceded to other applications, clear the
Concede resources to other applications check box. In this case Kaspersky Endpoint Security carries out scheduled
tasks regardless of the operation of other applications.

By default, the application is con gured to concede resources to other applications.

4. To save changes, click the Save button.

Password protection
This section contains information on restricting access to Kaspersky Endpoint Security with a password.

About restricting access to Kaspersky Endpoint Security

Multiple users with di erent levels of computer literacy can share a computer. If users have unrestricted access to
Kaspersky Endpoint Security and its settings, the overall level of computer protection may be reduced.

You can restrict access to Kaspersky Endpoint Security by setting a user name and password and specifying operations for
which the application prompts the user for these credentials:

When a previous version of the application is upgraded to Kaspersky Endpoint Security 11 for Windows, the password
is preserved (if it was set). To edit the password protection settings for the rst time, use the default user name
KLAdmin.

16
Enabling and disabling password protection
We recommend exercising care when you use a password to restrict access to the application. If you forget the
password, contact Kaspersky Technical Support for instructions on disabling password protection.

To enable password protection:

1. Open the application settings window.

2. In the left part of the window, in the General Settings section, select Interface.
The settings of the Kaspersky Endpoint Security interface are displayed in the right part of the window.

3. In the Password protection section, click the Settings button.

The Password protection window opens.

4. Select the Enable password protection check box.

5. In the User name eld, enter the user name that must be speci ed in the Password check window when subsequent
password-protected operations are performed.

6. In the New password eld type a password for accessing the application.

7. Con rm the password in the Con rm password eld.

8. If you want to restrict access for all operations with the application, in the Password scope section, click the Select all
button.

9. If you want to selectively restrict user access, in the Password scope section, select the check boxes next to the names
of the relevant operations:

Con gure application settings.

Exit the application.

Disable protection components.

Disable control components.

Remove key.

Remove / modify / restore the application.

Restore access to data on encrypted drives.

View reports.

10.Click the OK button.

The application veri es the passwords entered. If the passwords match, the application applies the password. If the
passwords do not match, the application prompts you to con rm the password again in the Con rm password eld.

11.To save changes, in the application settings window, click the Save button.

17
 After password protection is enabled, the application will prompt for a password each time an operation included in the
password scope is performed. If you do not want the application to prompt you for the password each time you attempt
to perform a password-protected operation again during the current session, you can select the Save password for
current session check box in the Password check window.

When the Save password for current session check box is cleared, the application prompts you for the password each
time you attempt to perform a password-protected operation.

To disable password protection:

1. Open the application settings window.

2. In the left part of the window, in the General Settings section, select Interface.
The settings of the Kaspersky Endpoint Security interface are displayed in the right part of the window.

3. In the Password protection section, click the Settings button.

The Password protection window opens.

4. Clear the Enable password protection check box.

You can disable Password protection only if you are logged in as KLAdmin. It is not possible to disable password
protection if you are using any other user account or a temporary password.

5. Click the OK button.

6. To save changes, in the application settings window, click the Save button.
The Password check window opens.

7. Enter the user name in the User name eld.

8. Enter the access password for Kaspersky Endpoint Security in the Password eld.

9. Click OK.

Modifying the Kaspersky Endpoint Security access password

To change the access password for Kaspersky Endpoint Security:

1. Open the application settings window.

2. In the left part of the window, in the General Settings section, select Interface.
The settings of the Kaspersky Endpoint Security interface are displayed in the right part of the window.

3. In the Password protection section, click the Settings button.

The Password protection window opens.

4. Enter the user name in the User name eld.

18
5. In the New password eld, enter a new password for accessing the application.

19
 .
6 In the Con rm password eld, enter the new password again.

7. Click OK.
The application veri es the passwords entered. If the passwords match, the application applies the new password and
closes the Password protection window. If the passwords do not match, the application prompts you to con rm the
password again in the Con rm password eld.

8. To save changes, in the application settings window, click the Save button.
The Password check window opens.

9. Enter the user name in the User name eld.

10.Enter the old access password for Kaspersky Endpoint Security in the Password eld.

11.Click OK.

About using a temporary password

When working on client computers managed by a Kaspersky Security Center policy, users may need to perform operations
with Kaspersky Endpoint Security that are password protected at the policy level. When password protection is enabled,
only the Kaspersky Security Center administrator can perform the operations speci ed in the password scope. However, if
the connection with Kaspersky Security Center has been lost (such as when the user is outside of the corporate network),
functions for working with the local interface of Kaspersky Security Center are limited.

To provide a user with the capability to perform necessary operations without giving the user the password that is set in
the policy settings, the Kaspersky Security Center administrator can create a temporary password. A temporary password
has a limited validity period and a limited scope of action. After the user enters the temporary password in the local
interface of the application, the operations allowed by the Kaspersky Security Center administrator become available.

When the temporary password expires, Kaspersky Endpoint Security continues to operate in accordance with the settings
of the Kaspersky Security Center policy. Operations that are password protected at the policy level become unavailable to
the user.

Creating a temporary password using the Kaspersky Security Center

Administration Console
To create a temporary password and send it to a user:

1. Open the Kaspersky Security Center Administration Console.

2. In the Managed devices folder of the Administration Console tree, open the folder with the name of the administration
group that includes the computer of the user requesting the temporary password.

3. In the workspace, select the Devices tab.

4. In the context menu of the computer belonging to the user requesting the temporary password, select Properties.
The Properties: <Computer name> window opens.

5 In the Properties: <Computer name> window, select the Applications section.

20
 .
6. Select Kaspersky Endpoint Security for Windows and open the application properties window by using one of the
following methods:

Click the Properties button at the bottom of the screen.

In the context menu of the application, select Properties.

This opens the Application settings "<Application name>" window.

7. In the Application settings "<Application name>" window, in the General Settings section, select Interface.

8. In the Password protection section, click the Settings button.

The Password protection window opens.

9. In the Password protection window, in the Temporary password section, click the Settings button.

This button is available if password protection is enabled for Kaspersky Security Center in the Kaspersky Security
Center policy that is running on the computer.

The Create temporary password window opens.

10.In the Expiration date eld, specify the date on which the user will no longer be able to use the temporary password.
On this date, the temporary password will become invalid. A new temporary password must be created for providing
access to perform operations in the local interface of Kaspersky Endpoint Security.

11.In the Temporary password scope table, select the check boxes opposite the operations that must be available to the
user while the temporary password is valid.

12.Click the Create button.

This opens the Temporary password window containing an encrypted password.

13.Copy the password and instructions on applying it and send them to the user.

Creating and using a con guration le

A con guration le with Kaspersky Endpoint Security settings lets you accomplish the following tasks:

Perform local installation of Kaspersky Endpoint Security via the command line with prede ned settings.
To do so, you must save the con guration le in the same folder where the distribution kit is located.

Perform remote installation of Kaspersky Endpoint Security via Kaspersky Security Center with prede ned settings.

Migrate Kaspersky Endpoint Security settings from one computer to another.

To create a con guration le:

1. Open the application settings window.

2 In the left part of the window, in the General Settings section, select Manage Settings.

21
 .
The right part of the window displays the settings management functions.

3. In the Manage settings section, click the Save button.

This opens the standard Please select a con guration le window of Microsoft Windows.

4. Specify the path in which you want to save the con guration le, and enter its name.

To use the con guration le for local or remote installation of Kaspersky Endpoint Security, you must name it
install.cfg.

5. Click the Save button.

To import Kaspersky Endpoint Security settings from a con guration le:

1. Open the application settings window.

2. In the left part of the window, in the General Settings section, select Manage Settings.
The right part of the window displays the settings management functions.

3. In the Manage settings section, click the Load button.

This opens the standard Please select a con guration le window of Microsoft Windows.

4. Specify the path to the con guration le.

5. Click the Open button.

All values of Kaspersky Endpoint Security settings will be set according to the selected con guration le.

22
Remote administration of the application through Kaspersky Security Center
This section describes Kaspersky Endpoint Security administration through Kaspersky Security Center.

About managing the application via Kaspersky Security Center

Kaspersky Security Center lets you remotely install and uninstall, start and stop Kaspersky Endpoint Security, con gure
application settings, change the set of available application components, add keys, and start and stop update and scan
tasks.

In the section about Application Control, you can nd information about managing Application Control rules using Kaspersky
Security Center.

For additional information about managing the application via Kaspersky Security Center that is not provided in this
document, please refer to the Kaspersky Security Center help.

The application can be managed via Kaspersky Security Center using the Kaspersky Endpoint Security administration plug-
in.

The version of the administration plug-in may di er from the version of Kaspersky Endpoint Security installed on
the client computer. If the installed version of the administration plug-in has less functionality than the installed
version of Kaspersky Endpoint Security, the settings of the missing functions are not regulated by the administration
plug-in. These settings can be modi ed by the user in the local interface of Kaspersky Endpoint Security.

Special considerations when working with di erent versions of

administration plug-ins
You can use an administration plug-in to change the following items:

Policies

Policy pro les

Group tasks

Local tasks

Local settings of Kaspersky Endpoint Security

You can manage Kaspersky Endpoint Security via Kaspersky Security Center only if you have an administration plug-in
whose version is equal to or later than the version speci ed in the information regarding the compatibility of Kaspersky
Endpoint Security with the administration plug-in. You can view the minimum required version of the administration plug-
in in the installer.ini le included in the distribution kit.

If any component is opened, the administration plug-in checks its compatibility information. If the version of the
administration plug-in is equal to or later than the version speci ed in the compatibility information, you can change the
23
settings of this component. Otherwise, you cannot use the administration plug-in to change the settings of the selected
component. It is recommended to upgrade the administration plug-in.

Changing previously de ned settings using a later version of the administration plug-in

You can use a later version of the administration plug-in to change all previously de ned settings, and con gure new settings
that were not present in your previously used version of the administration plug-in.

For new settings, a later version of the administration plug-in assigns the default values when a policy, policy pro le, or task
are saved for the rst time.

After you change the settings of a policy, policy pro le, or group task using a later version of the administration plug-in,
these components will become unavailable for previous versions of the administration plug-in. The local settings of
Kaspersky Endpoint Security and the settings of local tasks are still available for the administration plug-in of previous
versions.

Starting and stopping Kaspersky Endpoint Security on a client computer

To start or stop the application on a client computer:

1. Open the Kaspersky Security Center Administration Console.

2. In the Managed devices folder of the Administration Console tree, open the folder with the name of the administration
group to which the relevant client computer belongs.

3. In the workspace, select the Devices tab.

4. Select the computer on which you want to start or stop the application.

5. Right-click to display the context menu of the client computer and select Properties.
A client computer properties window opens.

6. In the client computer properties window, select the Applications section.

A list of Kaspersky applications that are installed on the client computer appears in the right part of the client computer
properties window.

7. Select Kaspersky Endpoint Security for Windows.

8. Do the following:

To start the application, click the button on the right of the list of Kaspersky applications or do the following:

a. Select Properties in the context menu of Kaspersky Endpoint Security or click the Properties button located
under the list of Kaspersky applications.
The Kaspersky Endpoint Security for Windows (11.0.0) application settings window opens.

b. In the General section, click the Run button in the right part of the window.

To stop the application, click the button on the right of the list of Kaspersky applications or do the following:

24
 a. Select Properties in the context menu of Kaspersky Endpoint Security or click the Properties button located
under the list of Kaspersky applications.
The Kaspersky Endpoint Security for Windows (11.0.0) application settings window opens.

b. In the General section, click the Stop button in the right part of the window.

Con guring Kaspersky Endpoint Security settings

To con gure Kaspersky Endpoint Security settings:

1. Open the Kaspersky Security Center Administration Console.

2. In the Managed devices folder of the Administration Console tree, open the folder with the name of the administration
group to which the relevant client computer belongs.

3. In the workspace, select the Devices tab.

4. Select the computer for which you want to con gure Kaspersky Endpoint Security settings.

5. In the context menu of the client computer, select Properties.

A client computer properties window opens.

6. In the client computer properties window, select the Applications section.

A list of Kaspersky applications that are installed on the client computer appears in the right part of the client computer
properties window.

7. Select Kaspersky Endpoint Security for Windows.

8. Do one of the following:

Select Properties from the context menu of Kaspersky Endpoint Security for Windows.

Click the Properties button under the list of Kaspersky applications.

The Kaspersky Endpoint Security for Windows application settings window opens.

9. In the General Settings section, con gure the settings for Kaspersky Endpoint Security as well as the report and storage
settings.
The other sections of the Kaspersky Endpoint Security for Windows application settings window are the same as in the
standard sections of Kaspersky Security Center. A description of these sections is provided in the Kaspersky Security
Center Help Guide.

If an application is subject to a policy that prohibits changes to speci c settings, you will not be able to edit them
while con guring application settings in the General Settings section.

10.To save your changes, in the Kaspersky Endpoint Security for Windows application settings window, click OK.

25
Task management
This section describes how to manage tasks for Kaspersky Endpoint Security. For more details on task management through
Kaspersky Security Center, please refer to the Kaspersky Security Center Help Guide.

About tasks for Kaspersky Endpoint Security

Kaspersky Security Center controls the activity of Kaspersky applications on client computers by means of tasks. Tasks
implement the primary administrative functions, such as key installation, computer scanning, and database and application
software module updates.

You can create the following types of tasks to administer Kaspersky Endpoint Security through Kaspersky Security Center:

Local tasks that are con gured for an individual client computer.

Group tasks that are con gured for client computers within administration groups.

Tasks for a set of computers that do not belong to administration groups.

Tasks for sets of computers outside of administration groups apply only to the client computers that are speci ed in
the task settings. If new client computers are added to a set of computers for which a task is con gured, this task
does not apply to these new computers. To apply the task to these computers, create a new task or edit the
settings of the existing task.

To remotely manage Kaspersky Endpoint Security, you can use the following tasks of any of the listed types:

Add key. Kaspersky Endpoint Security adds a key for application activation, including an additional key.

Change application components. Kaspersky Endpoint Security installs or removes components on client computers
according to the list of components speci ed in the task settings.

Inventory. Kaspersky Endpoint Security collects information about all application executable les that are stored on
computers.
You can enable inventory of DLL modules and script les. In this case, Kaspersky Security Center will receive information
about DLL modules loaded on a computer with Kaspersky Endpoint Security installed, and about les containing scripts.

Enabling inventory of DLL modules and script les signi cantly increases the inventory task duration and the
database size.

If the Application Control component is not installed on a computer with Kaspersky Endpoint Security installed, the
inventory task on this computer will return an error.

Update. Kaspersky Endpoint Security updates databases and application modules according to the con gured update
settings.

Rollback. Kaspersky Endpoint Security rolls back the last update of databases and modules.

26
 Virus scan. Kaspersky Endpoint Security scans the computer areas speci ed in the task settings for viruses and other
threats.

Checking connection with KSN. Kaspersky Endpoint Security sends a query about the availability of KSN servers and
updates the KSN connection status.

Integrity Check. Kaspersky Endpoint Security receives data about the set of application modules installed on the
client computer and scans the digital signature of each module.

Manage Authentication Agent accounts. While performing this task, Kaspersky Endpoint Security generates
commands for removing, adding, or modifying Authentication Agent accounts.

You can perform the following actions with tasks:

Start, stop, suspend, and resume tasks.

Create new tasks.

Edit task settings.

The rights to access the settings of Kaspersky Endpoint Security tasks (read, write, execute) are de ned for each user who
has access to Kaspersky Security Center Administration Server, through the settings of access to functional areas of
Kaspersky Endpoint Security. To con gure access to the functional areas of Kaspersky Endpoint Security, go to the Security
section of the properties window of Kaspersky Security Center Administration Server.

Con guring the task management mode

To con gure the mode for working with tasks in the local interface of Kaspersky Endpoint Security:

1. Open the Kaspersky Security Center Administration Console.

2. In the Managed devices folder of the Administration Console tree, open the folder with the name of the administration
group for which you want to con gure the mode for working with tasks in the local interface of Kaspersky Endpoint
Security.

3. In the workspace, select the Policies tab.

4. Select the necessary policy.

5. Open the Properties: <Policy name> window by using one of the following methods:

In the context menu of the policy, select Properties.

Click the Con gure policy link located in the right part of the Administration Console workspace.

6. In the Local Tasks section, select the Task management subsection.

7. In the Task management section:

If you want to allow users to work with local tasks in the interface and command line of Kaspersky Endpoint
Security, select the Allow use of local tasks check box.

27
 If the check box is cleared, the functions of local tasks are stopped. In this mode, local tasks do not run
according to schedule. Local tasks are also unavailable for starting and editing in the local interface of
Kaspersky Endpoint Security, and when working with the command line.

If you want to allow users to view the list of group tasks, select the Allow group tasks to be displayed check box.

If you want to allow users to modify the settings of group tasks, select the Allow management of group tasks
check box.

8. Click OK to save changes.

9. Apply the policy.

For details on applying a Kaspersky Security Center policy, please refer to the Kaspersky Security Center Help Guide.

Creating a local task

To create a local task:

1. Open the Kaspersky Security Center Administration Console.

2. In the Managed devices folder of the Administration Console tree, open the folder with the name of the administration
group to which the relevant client computer belongs.

3. In the workspace, select the Devices tab.

4. Select the computer for which you want to create a local task.

5. Do one of the following:

In the context menu of the client computer, select the All tasks Create task option.

In the context menu of the client computer, select Properties, and in the Properties: <Computer name>
window that appears, on the Tasks tab, click the Add button.

In the Perform action drop-down list, select Create task.

The Task Wizard starts.

6. Follow the instructions of the Task Wizard.

Creating a group task

To create a group task:

1. Open the Kaspersky Security Center Administration Console.

2. Do one of the following:

28
 Select the Managed devices folder in the Administration Console tree to create a group task for all computers
managed by Kaspersky Security Center.

In the Managed devices folder in the Administration Console tree, select the folder with the name of the
administration group to which the relevant client computers belong.

3. Select the Tasks tab in the workspace.

4. Click the Create task button.

The Task Wizard starts.

5. Follow the instructions of the Task Wizard.

Creating a task for device selection

To create a task for device selection, perform the following:

1. Open the Kaspersky Security Center Administration Console.

2. Select the Tasks folder in the Administration Console tree.

3. Click the Create task button.

The Task Wizard starts.

4. Follow the instructions of the Task Wizard.

Starting, stopping, suspending, and resuming a task

If the Kaspersky Endpoint Security application is running on a client computer, you can
start, stop, suspend, and resume a task on this client computer through Kaspersky Security Center. When Kaspersky
Endpoint Security is suspended, running tasks are suspended and it becomes impossible to start, stop, suspend, or
resume a task through Kaspersky Security Center.

To start, stop, suspend, or resume a local task:

1. Open the Kaspersky Security Center Administration Console.

2. In the Managed devices folder of the Administration Console tree, open the folder with the name of the administration
group to which the relevant client computer belongs.

3. In the workspace, select the Devices tab.

4. Select the computer on which you want to start, stop, pause, or resume a local task.

5. Right-click to display the context menu of the client computer and select Properties.
A client computer properties window opens.

29
 6. Select the Tasks section.

A list of local tasks appears in the right part of the window.

7. Select a local task that you want to start, stop, suspend, or resume.

8. Perform the necessary action on the task by using one of the following methods:

Right-click to open the context menu of the local task and select Run / Stop / Pause / Resume.

To start or stop a local task, click the / button on the right of the local tasks list.

Do the following:

a. Click the Properties button under the local tasks list, or select Properties in the task context menu.
The Properties: <Task name> window opens.

b. On the General tab, click the Run / Stop / Pause / Resume button.

To start, stop, pause, or resume a group task:

1. Open the Kaspersky Security Center Administration Console.

2. In the Managed devices folder of the Administration Console tree, open the folder with the name of the administration
group for which you want to start, stop, pause or resume a group task.

3. Select the Tasks tab in the workspace.

Group tasks are displayed in the right part of the window.

4. Select a group task that you want to start, stop, pause, or resume.

5. Perform the necessary action on the task by using one of the following methods:

In the context menu of the group task, select Run / Stop / Pause / Resume.

Click the / button in the right part of the window to start or stop a group task.

Do the following:

a. Click the Task Settings link in the right part of the Administration Console workspace, or select Properties in the
task context menu.
The Properties: <Task name> window opens.

b. On the General tab, click the Run / Stop / Pause / Resume button.

To start, stop, pause, or resume a task for a selection of computers:

1. Open the Kaspersky Security Center Administration Console.

2. In the Tasks folder of the Administration Console tree, select the task for the selection of computers that you want to
start, stop, pause, or resume.

3. Do one of the following:

30
 In the task context menu, select Run / Stop / Pause / Resume.

Click the / button in the right part of the window to start or stop the task for speci c computers.

Do the following:

a. Click the Task Settings link in the right part of the Administration Console workspace, or select Properties in the
task context menu.
The Properties: <Task name> window opens.

b. On the General tab, click the Run / Stop / Pause / Resume button.

Editing task settings

To edit the settings of a local task:

1. Open the Kaspersky Security Center Administration Console.

2. In the Managed devices folder of the Administration Console tree, open the folder with the name of the administration
group to which the relevant client computer belongs.

3. In the workspace, select the Devices tab.

4. Select a computer for which you want to con gure application settings.

5. Right-click to display the context menu of the client computer and select Properties.
A client computer properties window opens.

6. Select the Tasks section.

A list of local tasks appears in the right part of the window.

7. Select the necessary local task in the local tasks list.

8. Click the Properties button.

The Properties: <Local task name> window opens.

9. In the Properties:<Local task name> window, select the Settings section.

10. Edit the local task settings.

11. To save the changes, in the Properties: <Local task name> window, click OK. 12. To save the changes, in the

Properties: <Computer name> window, click OK.

To edit the settings of a group task:

1. Open the Kaspersky Security Center Administration Console.

2. In the Managed devices folder, open the folder with the name of the relevant administration group.

31
 3. Select the Tasks tab in the workspace.
Group tasks are displayed in the Administration Console workspace.

4. Select the necessary group task.

5. Right-click to display the context menu of the group task and select Properties.

The Properties: <Group task name> window opens.

6. In the Properties: <Group task name> window, select the Settings section.

7. Edit the group task settings.

8. To save the changes, in the Properties: <Group task name> window, click OK.

To edit the settings of a task for a selection of computers:

1. Open the Kaspersky Security Center Administration Console.

2. In the Tasks folder of the Administration Console tree, select the task for the selection of computers whose settings you
want to edit.

3. Right-click to display the context menu of the task for a selection of computers and select Properties.
The Properties: <Name of the task for a selection of computers> window opens.

4. In the Properties: <Name of the task for the selection of computers> window, select the Settings section.

5. Edit the task settings for the selection of computers.

6. To save the changes, in the Properties: <Name of the task for the selection of computers> window, click OK.

Except for the Settings section, all sections in the task properties window are identical to those that are used in
Kaspersky Security Center. For a detailed description of them, please refer to the Kaspersky Security Center Help Guide. The
Settings section contains the speci c settings of Kaspersky Endpoint Security for Windows. Its contents depend on the
selected task or on the task type.

Inventory task settings

You can con gure the following settings for the inventory task:

Inventory scope. In this section, you can specify the le system objects that will be scanned during inventory. These
objects can be local folders, network folders, removable drives, hard drives, or the entire computer.

Inventory task settings. In this section, you can con gure the following settings:

Scan when the computer is idling. This check box enables / disables the function that suspends the inventory task
when computer resources are limited. Kaspersky Endpoint Security pauses the inventory task if the screensaver is o
and the computer is unlocked.

DLL modules inventory. This check box enables / disables the function that analyzes data on DLL modules and
relays analysis results to the Administration Server.

32
 Script les inventory. This check box enables / disables the function that analyzes data on les containing scripts
and relays the analysis results to the Administration Server.

Advanced. Click this button to open the Advanced Settings window in which you can con gure the following
settings:

Scan only new and changed les. This check box enables / disables the mode for scanning only new les and les
that have been modi ed since the previous inventory.

Skip les that are scanned for longer than. The check box enables / disables a limit on the length of time for
scanning one le. On expiration of the time period set in the eld on the right, Kaspersky Endpoint Security stops
scanning the le.

Scan archives. This check box enables / disables scanning of RAR, ARJ, ZIP, CAB, LHA, JAR, and ICE archives for
the presence of executable les.

Scan distribution packages. This check box enables / disables scanning of distribution packages when running
the inventory task.

Do not unpack large compound les.

If this check box is selected, Kaspersky Endpoint Security does not scan compound les if their size exceeds the
value that is speci ed in the Maximum le size eld.
If this check box is cleared, Kaspersky Endpoint Security scans compound les of all sizes.

Kaspersky Endpoint Security scans large les that are extracted from archives, regardless of whether the Do
not unpack large compound les check box is selected.

Maximum le size. Kaspersky Endpoint Security does not unpack only those les that are larger than the value
speci ed in this eld. The value is speci ed in megabytes.

Managing policies
This section discusses the creation and con guration of policies for Kaspersky Endpoint Security. For more detailed
information about managing Kaspersky Endpoint Security using Kaspersky Security Center policies, please refer to the
Kaspersky Security Center Help Guide.

About policies
You can use policies to apply identical Kaspersky Endpoint Security settings to all client computers within an administration
group.

You can locally change the values of settings speci ed by a policy for individual computers in an administration group using
Kaspersky Endpoint Security. You can locally change only those settings whose modi cation is not prohibited by the policy.

The ability to change application settings on the client computer is determined by the status of the “lock” on these settings
in the policy properties:
33
 A closed “lock” ( ) means the following:

Kaspersky Security Center blocks changes to settings that this lock relates to from the Kaspersky Endpoint Security
interface on client computers. On all client computers, Kaspersky Endpoint Security uses the same values of these
settings, i.e. the values that are de ned in the policy properties.

Kaspersky Security Center blocks changes to settings that this lock relates to in the properties of those policies
for nested administration groups and slave Administration Servers in which the Inherit settings of top level policy
function is enabled. The values of these settings that are de ned in top level policy properties are used.

An open “lock” ( ) means the following:

Kaspersky Security Center allows changes to settings that this lock relates to from the Kaspersky Endpoint Security
interface on client computers. On each client computer, Kaspersky Endpoint Security operates according to the local
values of these settings if the component is enabled.

Kaspersky Security Center allows changes to settings that this lock relates to in the properties of those policies
for nested administration groups and slave Administration Servers in which the Inherit settings of top level policy
function is enabled. The values of these settings do not depend on what is speci ed in the top level policy properties.

After the policy is applied for the rst time, local application settings change in accordance with the policy settings.

The rights to access policy settings (read, write, execute) are speci ed for each user who has access to the
Kaspersky Security Center Administration Server and separately for each functional scope of Kaspersky Endpoint Security.
To con gure the rights to access policy settings, go to the Security section of the properties window of the Kaspersky
Security Center Administration Server.

The following functional scopes of Kaspersky Endpoint Security are singled out:

Essential Threat Protection. The functional scope includes the File Threat Protection, Mail Threat Protection, Web
Threat Protection, Network Threat Protection, Firewall, and Scan Task components.

Application Control. The functional scope includes the Application Control component.

Device Control. The functional scope includes the Device Control component.

Encryption. The functional scope includes the Full Disk Encryption and File Level Encryption components.

Trusted zone. The functional scope includes the Trusted Zone.

Web Control. The functional scope includes the Web Control component.

Advanced Threat Protection. The functional scope includes KSN settings and the Behavior Detection, Exploit
Prevention, Host Intrusion Prevention, and Remediation Engine components.

Basic functionality. This functional scope includes general application settings that are not speci ed for other
functional scopes, including: licensing, inventory tasks, application database and module update tasks, SelfDefense,
advanced application settings, reports and storages, password protection and application interface settings.

You can perform the following operations with a policy:

Create a policy.

Edit policy settings.

34
 If the user account under which you accessed the Administration Server does not have rights to edit settings of
certain functional scopes, the settings of these functional scopes are not available for editing.

Delete a policy.

Change policy status.

For information on using policies that are not related to interaction with Kaspersky Endpoint Security, please refer to the
Kaspersky Security Center Help Guide.

Creating a policy
To create a policy:

1. Open the Kaspersky Security Center Administration Console.

2. Do one of the following:

Select the Managed devices folder in the Administration Console tree if you want to create a policy for all
computers managed by Kaspersky Security Center.

In the Managed devices folder in the Administration Console tree, select the folder with the name of the
administration group to which the relevant client computers belong.

3. In the workspace, select the Policies tab.

4. Do one of the following:

Click the Create policy button.

Right-click to open the context menu and select Create Policy.

The Policy Wizard starts.

5. Follow the instructions of the Policy Wizard.

Editing policy settings

To edit policy settings:

1. Open the Kaspersky Security Center Administration Console.

2. In the Managed devices folder of the Administration Console tree, open the folder with the name of the relevant
administration group for which you want to edit policy settings.

3. In the workspace, select the Policies tab.

4. Select the necessary policy.

35
 5. Open the Properties: <Policy name> window by using one of the following methods:

In the context menu of the policy, select Properties.

Click the Con gure policy link located in the right part of the Administration Console workspace.

Kaspersky Endpoint Security for Windows policy settings include the settings of components and the application
settings. The Advanced Threat Protection, Essential Threat Protection and Security Controls sections of the Properties:
<Policy name> window contain the settings of the protection and control components, the Data Encryption section
contains settings for full disk encryption, le level encryption, and encryption of removable drives, the Endpoint Sensor
section contains the settings of the Endpoint Sensor component, the Local tasks section contains the settings of local
and group tasks, and the General Settings section contains the application settings.
The settings of data encryption and control components in policy settings are displayed if the corresponding check
boxes are selected in the Interface settings window of Kaspersky Security Center. By default, these check boxes are
selected.

6. Edit the policy settings.

7. To save your changes, in the Properties: <Policy name> window, click OK.

Security level indicator in the policy properties window

The security level indicator is displayed in the top part of the Properties: <Policy name> window. The indicator can take one
of the following values:

High protection level. The indicator takes this value and turns green if all components from the following categories
are enabled:

Critical. This category includes the following components:

File Threat Protection.

Behavior Detection.

Exploit Prevention.

Remediation Engine.

Important. This category includes the following components:

Kaspersky Security Network.

Web Threat Protection.

Mail Threat Protection.

Host Intrusion Prevention.

Medium protection level. The indicator takes this value and turns yellow if one of the important components is
disabled.

Low protection level. The indicator takes this value and turns red in one of the following cases:
36
 One or multiple critical components are disabled.

Two ore more important components are disabled.

If the indicator is displayed with Medium protection level or Low protection level, the Learn more link, which opens the
Recommended protection components window, is available to the right of the indicator. In this window, you can enable any
of the recommended protection components.

Con guring the display of the application interface

To con gure the display of the application interface:

1. Open the Kaspersky Security Center Administration Console.

2. In the Managed devices folder of the Administration Console tree, open the folder with the name of the administration
group for which you want to con gure the display of the application interface.

3. In the workspace, select the Policies tab.

4. Select the necessary policy.

5. Open the Properties: <Policy name> window by using one of the following methods:

In the context menu of the policy, select Properties.

Click the Con gure policy link located in the right part of the Administration Console workspace.

6. In the General Settings section, select the Interface subsection.

7. In the Interaction with user section, do one of the following:

Select the Display application interface check box if you want the following interface elements to be displayed on
the client computer:

Folder containing the application name in the Start menu

Kaspersky Endpoint Security icon in the Microsoft Windows taskbar noti cation area

Pop-up noti cations

If this check box is selected, the user can view and, depending on the available rights, change application settings
from the application interface.

Clear the Display application interface check box if you want to hide all signs of Kaspersky Endpoint Security on
the client computer.

8. In the Interaction with user section, select the Simpli ed application interface check box if you want the simpli ed
application interface to be displayed on a client computer that has Kaspersky Endpoint Security installed.
This check box is available if the Display application interface check box is selected.

37
Sending user messages to the Kaspersky Security Center server
A user may need to send a message to the local corporate network administrator in the following cases:

Device Control blocked access to the device.

The message template for a request to access a blocked device is available in the Kaspersky Endpoint Security interface
in the Device Control section.

Application Control blocked the startup of an application.

The message template for a request to allow the startup of a blocked application is available in the Kaspersky Endpoint
Security interface in the Application Control section.

Web Control blocked access to a web resource.

The message template for a request to access a blocked web resource is available in the Kaspersky Endpoint Security
interface in the Web Control section.

The method used to send messages and the utilized template depends on whether or not there is an active Kaspersky
Security Center policy running on the computer that has Kaspersky Endpoint Security installed, and whether or not there is
a connection with the Kaspersky Security Center Administration Server. The following scenarios are possible:

If a Kaspersky Security Center policy is not running on the computer that has Kaspersky Security Center installed, a
user's message is sent to the local area network administrator by email.
The message elds are populated with the values of elds from the template de ned in the local interface of Kaspersky
Endpoint Security.

If a Kaspersky Security Center policy is running on the computer that has Kaspersky Security Center installed, the
standard message is sent to the Kaspersky Security Center Administration Server.
In this case, user messages are available for viewing in the Kaspersky Security Center event storage. The message elds
are populated with the values of elds from the template de ned in the Kaspersky Security Center policy.

If a Kaspersky Security Center out-of-o ice policy is running on the computer with Kaspersky Endpoint Security
installed, the method used to send messages depends on whether or not there is a connection with Kaspersky Security
Center.

If a connection with Kaspersky Security Center is established, Kaspersky Endpoint Security sends the standard
message to the Kaspersky Security Center Administration Server.

If a connection with Kaspersky Security Center is absent, a user's message is sent to the local area network
administrator by email.

In both cases, the message elds are populated with the values of elds from the template de ned in the Kaspersky
Security Center policy.

Viewing user messages in the Kaspersky Security Center event storage

The Application Control, Device Control, and Web Control components enable LAN users with computers that have
Kaspersky Endpoint Security installed to send messages to the administrator.

A user can send messages to the administrator using two methods:

38
 As an event in the Kaspersky Security Center event storage.
The user's event is sent to the Kaspersky Security Center event storage if the Kaspersky Endpoint Security application
that is installed on the user's computer is operating under an active policy.

As an email message.

User information is sent in the form of an email message if a policy or out-of-o ice policy is applied to a computer that
has Kaspersky Endpoint Security installed.

To view a user message in the Kaspersky Security Center event storage:

1. Open the Kaspersky Security Center Administration Console.

2. In the Administration Server node of the Administration Console tree, select the Events tab.
The Kaspersky Security Center workspace displays all events occurring during the operation of Kaspersky Endpoint
Security, including messages to the administrator that are received from LAN users.

3. To con gure the event lter, in the Selection events drop-down list, select User requests.

4. Select the message sent to the administrator.

5. Open the Event settings window in one of the following ways:

Right-click the event. In the context menu that opens, select Properties.

Click the Open event properties window button in the right part of the Administration Console workspace.

39
Managing the application from the command line
You can manage Kaspersky Endpoint Security from the command line. You can view the list of commands for managing the
application by executing the HELP command. To read about the syntax of a speci c command, enter HELP <command>.

Commands
To manage Kaspersky Endpoint Security from the command line:

1. Run the command line interpreter (cmd.exe) as an administrator.

2. Go to the folder where the Kaspersky Endpoint Security executable le is located.

3. To execute a command, enter:

avp.com <command> [options]

As a result, Kaspersky Endpoint Security will execute the command (see gure below.)

Managing the application from the command line

SCAN. Virus Scan

Run the virus scan task.
Command syntax

SCAN [<scan scope>] [<action on threat detection>] [<file types>] [<scan exclusions>]
[/R[A]:<report file>] [<scan technologies>] [/C:<file with scan settings>]

Scan scope
<files to A space-separated list of les and folders. Long paths must be enclosed in quotation
scan> marks. Short paths (MS-DOS format) do not need to be enclosed in quotation marks. For
example:
"C:\Program Files (x86)\Example Folder" – long path.

C:\PROGRA~2\EXAMPL~1 – short path.

40
/ALL Run the Full Scan task. Kaspersky Endpoint Security scans the following objects:

Kernel memory

Objects that are loaded at startup of the operating system

Boot sectors

Operating system backup

All hard and removable drives

/MEMORY Scan the kernel memory.

/STARTUP Scan the objects that are loaded at startup of the operating system.

/MAIL Scan Outlook mailbox.

/REMDRIVES Scan removable drives.

/FIXDRIVES Scan hard drives.

/NETDRIVES Scan network drives.

/QUARANTINE Scan the les in the Kaspersky Endpoint Security Backup.

/@:<file Scan the les and folders from a list. Each le in the list must be on a new line. Long paths must be
list.lst> enclosed in quotation marks. Short paths (MS-DOS format) do not need to be enclosed in
quotation marks. For example:
"C:\Program Files (x86)\Example Folder" – long path.

C:\PROGRA~2\EXAMPL~1 – short path.

Action on
threat
detection
/i0 Inform. If this option is selected, Kaspersky Endpoint Security adds the information about infected les to
the list of active threats on detection of these les..
/i1 Disinfect; inform if disinfection fails. If this option is selected, Kaspersky Endpoint Security automatically
attempts to disinfect all infected les that are detected. If disinfection is not possible, Kaspersky Endpoint
Security adds the information about the infected les that are detected to the list of active threats.

/i2
Disinfect; delete if disinfection fails. If this option is selected, Kaspersky Endpoint Security automatically
attempts to disinfect all infected les that are detected. If disinfection fails, Kaspersky Endpoint Security
deletes the les.
This action is selected by default.
/i3 Disinfect the infected les that are detected. If disinfection fails, delete the infected les. Also delete
compound les (for example, archives) if the infected le cannot be disinfected or deleted.

/i4 Delete infected les. Also delete compound les (for example, archives) if the infected le cannot be
deleted.
/i8 Prompt the user for action as soon as a threat is detected.

41
/i9 Prompt the user for action after the scan is completed.
File
types
/fe
Files scanned by extension. If this setting is enabled, Kaspersky Endpoint Security scans infectable les only .
The le format is then determined based on the le's extension.

/fi Files scanned by format. If this setting is enabled, Kaspersky Endpoint Security scans infectable les only .
Before scanning a le for malicious code, the internal header of the le is analyzed to
determine the format of the le (for example, .txt, .doc, or .exe). During scanning, the extension of the le is also
taken into account.
/fa All les. If this setting is enabled, Kaspersky Endpoint Security checks all les without exception (all formats and
extensions).
This is the default setting.

Scan exclusions
-e:a RAR, ARJ, ZIP, CAB, LHA, JAR, and ICE archives are excluded from the scan scope.

-e:b Mail databases, incoming and outgoing e-mails are excluded from the scan scope.

-E:<file file Files that match the le mask are excluded from the scan scope. For example:
mask>
The mask *.exe will include all paths to les that have the exe extension.

The mask example will include all paths to les named EXAMPLE.

-e:<seconds> Files that take longer to scan than the speci ed time limit (in seconds) are excluded from the scan
scope.
-es:<megabytes> Files that are larger than the speci ed size limit (in megabytes) are excluded from the scan scope.

Saving events to a report le mode

/R:<report file> Save only critical events to the report le.

/RA:<report file> Save all events to a report le.

Scan technologies
/iChecker=on|off This technology increases scanning speed by excluding certain les from scanning. Files are
excluded from scanning by using a special algorithm that takes into account the release date of
Kaspersky Endpoint Security databases, the date that the le was last scanned on, and any modi
cations to the scanning settings.
/iSwift=on|off This technology increases scanning speed by excluding certain les from scanning. Files are
excluded from scanning by using a special algorithm that takes into account the release date of
Kaspersky Endpoint Security databases, the date that the le was last scanned on, and any modi
cations to the scanning settings. The iSwift technology is an advancement of the iChecker
technology for the NTFS le system.
Advanced
settings

42
/C:<file File with Virus scan task settings. The le must be created manually and saved in TXT format. The le can
with have the following contents: [<scan scope>] [<action on threat
virus detection>] [<file types>] [<scan exclusions>] [/R[A]:<report file>]
scan [<scan technologies>] .
settings>

Example:
avp.com SCAN /R:log.txt /MEMORY /STARTUP /MAIL "C:\Documents and Settings\All
Users\My Documents" "C:\Program Files" C:\Downloads\test.exe
avp.com SCAN /C:scan_settings.txt

UPDATE. Updating databases and application software modules

Run the Update task.
Command syntax

UPDATE [local] ["<update source>"] [/R[A]:<report file>] [/C:<file with update settings
>]

Update
task
settings
local Start of the Update task that was created automatically after the application had been installed. You can
change the settings of the Update task in the local application interface or in the console of Kaspersky
Security Center. If this setting is not con gured, Kaspersky Endpoint Security starts the Update task with
default settings or with the settings speci ed in the command. You can con gure Update task settings as
follows:
UPDATE starts the Update task with the default settings: the update source is Kaspersky update
servers, the account is System, and other default settings.

UPDATE local starts the Update task that was created automatically after installation (prede ned
task).

UPDATE <update settings> starts the Update task with manually de ned settings (see below).

Update
source
"<update Address of a HTTP or FTP server, or of a shared folder with the update package. You can specify only one
source>” update source. If the update source is not speci ed, Kaspersky Endpoint Security uses the default source
– Kaspersky update servers.
Saving events to a report le mode

/R:<report file> Save only critical events to the report le.

/RA:<report file> Save all events to a report le.

43
Advanced settings

/C:<file with
update File with the Update task settings. The le must be created manually and saved in TXT format. The
settings> le may have the following contents: ["<update source>"] [/R[A]: <report file>].

Example: avp.com UPDATE local avp.com UPDATE "ftp://my_server/kav

updates" /RA:avbases_upd.txt

ROLLBACK. Rolling back the last update

Roll back the last anti-virus database update. This lets you roll back the databases and application modules to their
previous version when necessary, for example, when the new database version contains an invalid signature that causes
Kaspersky Endpoint Security to block a safe application.
Command syntax

ROLLBACK [/R[A]:<report file>]

Saving events to a report le mode

/R:<report file> Save only critical events to the report le.

/RA:<report file> Save all events to a report le.

Example:
avp.com ROLLBACK /RA:rollback.txt

TRACES. Traces
Enable / disable tracing. By default, tracing is disabled.
Command syntax

TRACES on|off [<tracing level>] [<advanced settings>]

Tracing level

<tracing Level of detail of traces. Available values:

level>
100 (critical). Only messages about fatal errors.

200 (high). Messages about all errors, including fatal errors.

300 (diagnostic). Messages about all errors, as well as warnings.

44
 400 (important). All error messages, warnings, and additional information.

500 (normal). Messages about all errors and warnings, as well as detailed information about
the operation of the application in normal mode (default).

600 (low). All messages.

Advanced
settings
all Run a command with the dbg, file and mem parameters.

dbg Use the OutputDebugString function and save the trace le. The OutputDebugString function sends a
character string to the application debugger to display on screen. For details, visit the
MSDN website .
file Save one trace le (no size limit).

rot Save traces to a limited number of les of limited size and overwrite the older les when the maximum size
is reached.
mem Save traces to dump les.

Examples: avp.com TRACES on 500

avp.com TRACES on 500 dbg
avp.com TRACES off avp.com
TRACES on 500 dbg mem
avp.com TRACES off file

START. Start the pro le

Start the pro le (for example, to update databases or to enable a protection component).
Command syntax

START <profile> [/R[A]:<report file>]

Pro le

<profile> Pro le name. A Prole is a Kaspersky Endpoint Security component, task or feature. You can view the
list of available pro les by executing the HELP START command.
Saving events to a report le mode

/R:<report file> Save only critical events to the report le.

/RA:<report file> Save all events to a report le.

45
 Example: avp.com START
Scan_Objects

STOP. Stopping a pro le

Stop the running pro le (for example, stop scanning, stop removable drives scan, or disable a protection component).

To execute this command, Password protection must be enabled. The user must have the following permissions: Con
gure application settings, Disable protection components, and Disable control components.

Command syntax

STOP <profile> /login=<user name> /password=<password>

Pro le
<profile> Pro le name. A Prole is a Kaspersky Endpoint Security component, task or feature. You can view the list
of available pro les by executing the HELP STOP command.
Authentication
/login=<user name> Information about the user account that is granted the required Password
/password=<password> protection permissions.

STATUS. Pro le status

Show status information for application pro les (for example, running or completed). You can view the list of available
pro les by entering the HELP STATUS command.

Kaspersky Endpoint Security also displays information about the status of service pro les. Information about the status
of service pro les may be required when you are contacting Kaspersky Technical Support.

Command syntax

STATUS [<profile>]

STATISTICS. Pro le operation statistics

View statistical information about an application pro le (for example, scan duration or the number of threats detected.) You
can view the list of available pro les by executing the HELP STATISTICS command.
Command syntax

STATISTICS <profile>

RESTORE. Restoring les

You can restore a le from Backup to its original folder. If a le with the same name already exists at the speci ed path, the su
ix "-copy"is appended to the le name. The le that is being restored is copied keeping its original name.

To execute this command, Password protection must be enabled. The user must have the Restore from Backup
permission.

46
Backup stores reserve copies of les that were deleted or modi ed during disinfection. A backup copy is a le copy created
before the le was disinfected or deleted. Backup copies of les are stored in a special format and do not pose a threat.

Backup copies of les are stored in the folder C:\ProgramData\Kaspersky Lab\KES\QB.

Users in the Administrators group are granted full permission to access this folder. Limited access rights to this folder are
granted to the user whose account was used to install Kaspersky Endpoint Security.

Kaspersky Endpoint Security does not provide the capability to con gure user access permissions to backup copies of
les.

Command syntax

RESTORE [/REPLACE] <file name> /login=<user name> /password=<password>

Advanced settings

/REPLACE Overwrite an existing le.

<file name> The name of the le to be restored.

Authentication
/login=<user name> Information about the user account that is granted the required Password
/password=<password> protection permissions.
Example:
avp.com RESTORE /REPLACE true_file.txt /login=KLAdmin /password=!Password1
EXPORT. Exporting application settings
Export Kaspersky Endpoint Security settings to a le. The le will be located in the C:\Windows\SysWOW64 folder.
Command syntax

EXPORT <profile> <file name>

Pro le

<profile> Pro le name. A Prole is a Kaspersky Endpoint Security component, task or feature. You can view the list
of available pro les by executing the HELP EXPORT command.
File to
export
<file The name of the le to which the application settings will be exported. You can export Kaspersky Endpoint
name> Security settings to a DAT or CFG con guration le, to a TXT text le, or to an XML document.

Examples:
avp.com EXPORT ids ids_config.dat
avp.com EXPORT fm fm_config.txt

47
IMPORT. Importing application settings
Imports settings for Kaspersky Endpoint Security from a le that was created with the EXPORT command.

To execute this command, Password protection must be enabled. The user must have the following permissions: Con
gure application settings, Disable protection components, and Disable control components.

Command syntax

IMPORT <file name> /login=<username> /password=<password>

File to
import
<file The name of the le from which the application settings will be imported. You can import Kaspersky
name> Endpoint Security settings from a DAT or CFG con guration le, a TXT text le, or an XML document.

Authentication

/login=<user name> Information about the user account that is granted the required Password
/password=<password> protection permissions.
Example: avp.com IMPORT config.dat /login=KLAdmin /password=!
Password1

ADDKEY. Applying a key le.

Apply the key le to activate Kaspersky Endpoint Security. If the application is already activated, the key will be added as an
additional one.
Command syntax

ADDKEY <file name> /login=<user name> /password=<password>

Key le

<file name> Key le name.

Authentication
/login=<user name> User account credentials. These credentials need to be entered only if
/password=<password> Password protection is enabled.
Example:
avp.com ADDKEY file.key

48
LICENSE. Licensing
Perform actions with Kaspersky Endpoint Security license keys.

To execute this command and remove a license key, Password protection must be enabled. The user must have the
Remove key permission.

Command syntax

LICENSE <operation> [/login=<user name> /password=<password>]

Operation
/ADD <file name> Apply the key le to activate Kaspersky Endpoint Security. If the application is already
activated, the key will be added as an additional one.
/ADD <activation Activate Kaspersky Endpoint Security using an activation code. If the application is already
code> activated, the key will be added as an additional one.

/REFRESH <file Renew your license with a key le. An additional key is added as a result. It
name> becomes active upon license expiration. It is not possible to add an active key by executing
this command.
/REFRESH Renew your license with an activation code. An additional key is added as a result. It
<activation code> becomes active upon license expiration. It is not possible to add an active key by
executing this command.
/DEL /login=<user Remove a license key. Additional key will also be removed.
name> /password=
<password>

Authentication
/login=<user name> Information about the user account that is granted the required Password
/password=<password> protection permissions.
Example: avp.com LICENSE /ADD file.key avp.com LICENSE /ADD
AAAAA-BBBBB-CCCCC-DDDDD avp.com LICENSE /DEL
/login=KLAdmin /password=!Password1

RENEW. Purchasing a license

Open the Kaspersky website to purchase or renew your license.

PBATESTRESET. Reset the pre-encryption check results

Resets the results of the check for compatibility with BitLocker encryption technology. These results also include a check for
the computer compatibility with the authentication Agent.

Before running Full Disk Encryption, the application performs a number of checks to verify that the computer can be
encrypted using the BitLocker technology. If the computer cannot be encrypted, Kaspersky Endpoint Security logs
information about the incompatibility. The next time you try to encrypt, the application does not perform this check and
49
warns you that encryption is not possible. If the hardware con guration of the computer has changed, the compatibility
check results previously logged by the application must be reset to re-check the system hard drive for compatibility with
Authentication Agent and for BitLocker encryption technology support.

EXIT. Exit the application

Exits Kaspersky Endpoint Security. The application will be unloaded from the computer's RAM.

To execute this command, Password protection must be enabled. The user must have the Exit the application
permission.

Command syntax

EXIT /login=<user name> /password=<password>

EXITPOLICY. Disabling policy

Disables a Kaspersky Security Center policy on the computer. All Kaspersky Endpoint Security settings are available for con
guration, including settings that have a closed lock in the policy ( ).

To execute this command, Password protection must be enabled. The user must have the Disable Kaspersky Security
Center policy permission.

Command syntax

EXITPOLICY /login=<user name> /password=<password>

STARTPOLICY. Enabling policy

Enables a Kaspersky Security Center policy on the computer. The application settings will be con gured according to the
policy.

DISABLE. Disabling protection

Disables File Threat Protection on a computer with an expired Kaspersky Endpoint Security license. It is not possible to run
this command on a computer that has the application that is not activated,.or has a valid license.

SPYWARE. Spyware detection

Enable / disable spyware detection. By default, spyware detection is enabled.
Command syntax

SPYWARE on|off

50
Appendix. Application pro les
A Prole is a Kaspersky Endpoint Security component, task or feature. Pro les are used to manage the application from the
command line. You can use pro les to execute START, STOP, STATUS, STATISTICS, EXPORT, and IMPORT commands.
Using pro les, you can con gure application settings (for example, STOP DeviceControl) or run tasks (for example,
START Scan_My_Computer).

The following pro les are available:

BehaviorDetection – Behavior Detection.

DeviceControl – Device control.

EntAppControl – Application Control.

File_Monitoring or FM – File Threat Protection.

Firewall or FW – Firewall.

HIPS – Host Intrusion prevention.

IDS – Network Threat Protection.

IntegrityCheck – Integrity check.

Mail_Monitoring or EM – Mail Threat Protection.

Rollback – update rollback.

Scan_ContextScan – Scan from context menu.

Scan_IdleScan – Background scan.

Scan_Memory – Kernel memory scan.

Scan_My_Computer – Full scan.

Scan_Objects – Custom scan.

Scan_Qscan – Scan objects that are loaded at operation system startup.

Scan_Removable_Drive – Removable drives scan.

Scan_Startup or STARTUP – Critical Areas Scan.

Updater – Update.

Web_Monitoring or WM – Web Threat Protection.

WebControl – Web Control.

Kaspersky Endpoint Security also supports service pro les. Service pro les may be required when you are contacting
Kaspersky Technical Support.
51
Sources of information about the application

Kaspersky Endpoint Security page on the Kaspersky website

On the Kaspersky Endpoint Security page , you can view general information about the application and its functions and
features.

The Kaspersky Endpoint Security page contains a link to the online store. There you can purchase or renew the application.

Kaspersky Endpoint Security page in the Knowledge Base

Knowledge Base is a section on the Technical Support website.

On the Kaspersky Endpoint Security page in the Knowledge Base , you can read articles that provide useful information,
recommendations, and answers to frequently asked questions on how to purchase, install, and use the application.

Knowledge Base articles can answer questions relating to not only Kaspersky Endpoint Security but also to other Kaspersky
applications. Articles in the Knowledge Base may also contain news from Technical Support.

Discussion of Kaspersky applications in user community

If your question does not require an urgent answer, you can discuss it with Kaspersky experts and other users in our
Community .

In this community you can view existing topics, leave your comments, and create new discussion topics.

Contacting Technical Support

This section describes the ways to get technical support and the terms on which it is available.

How to obtain technical support

If you cannot nd a solution to your problem in the application documentation or in one of the sources of information about
the application, we recommend that you contact Technical Support. Technical Support specialists will answer your
questions about installing and using the application.

Before contacting Technical Support, please read the support rules .

You can contact Technical Support in one of the following ways:

By calling Technical Support by phone

By sending a request to Kaspersky Technical Support through the Kaspersky CompanyAccount portal

52
Technical support by phone
You can call Technical Support representatives from most regions throughout the world. You can nd information on ways to
receive technical support in your region and contacts for Technical Support on the website of Kaspersky Technical Support
.

Before contacting Technical Support, please read the support rules .

Technical Support via Kaspersky CompanyAccount

Kaspersky CompanyAccount is a portal for companies that use Kaspersky applications. The Kaspersky CompanyAccount
portal is designed to facilitate interaction between users and Kaspersky experts via electronic requests. You can use
Kaspersky CompanyAccount portal to track the status of your electronic requests and store a history of those requests.

You can register all of your organization's employees under a single account on Kaspersky CompanyAccount. A single
account lets you centrally manage electronic requests from registered employees to Kaspersky and also manage the
privileges of these employees via Kaspersky CompanyAccount.

Kaspersky CompanyAccount portal is available in the following languages:

English

Spanish

Italian

German

Polish

Portuguese

Russian

French

Japanese

To learn more about Kaspersky CompanyAccount, visit the Technical Support website .

Collecting information for Technical Support

After you inform Kaspersky Technical Support specialists about your issue, they may ask you to create a trace le. The trace
le allows you to trace the process of performing application commands step by step and determine the stage of application
operation at which an error occurs.

Technical Support specialists may also require additional information about the operating system, processes that are
running on the computer, detailed reports on the operation of application components.

While running diagnostics, Technical Support experts may ask you to change application settings by:

Activating the functionality that gathers extended diagnostic information.

53
 Fine-tuning the settings of individual application components, which are not available via standard user interface
elements.

Changing the settings for storage of diagnostic information that is gathered.

Con guring the interception and logging of network tra ic.

Technical Support experts will provide all the information needed to perform these operations (description of the sequence
of steps, settings to be modi ed, con guration les, scripts, additional command line functionality, debugging modules,
special-purpose utilities, etc.) and inform you about the scope of data gathered for purposes of debugging. The extended
diagnostic information gathered is saved on the user's computer. Data that has been gathered is not automatically
transmitted to Kaspersky.

The operations listed above should be performed only under the supervision of Technical Support specialists by
following their instructions. Unsupervised changes to application settings performed in ways other than those
described in the Administrator's Guide or instructions of Technical Support specialists can slow down or crash the
operating system, a ect computer security, or compromise the availability and integrity of data being processed.

Creating an application trace le

Application traces – detailed records of actions that are performed by the application, and messages about events
occurring during operation of the application.

To create an application trace le:

1. In the main application window, click the Support button.

The Support window opens.

2. In the Support window, click the System tracing button.

The Information for Technical Support window opens.

3. To start the tracing process, select one of the following items in the Application traces drop-down list:

is enabled
Select this item to enable tracing.

with rotation.
Select this item to enable tracing and limit the maximum number of trace les and the maximum size of each trace le.
If the maximum number of trace les of the maximum size is written, the oldest trace le is deleted so that a new
trace le can be written.
If this item is selected, you can specify a value for the following elds:

Maximum number of les for rotation

In this eld, you can specify the maximum number of trace les written.

Maximum size for each le

In this eld, you can specify the maximum size of each trace le written.

54
 4. In the Level drop-down list, select the trace level.
You are advised to clarify the required trace level with a Technical Support specialist. In the absence of guidance from
Technical Support, set the trace level to Normal (500).

5. Restart Kaspersky Endpoint Security.

6. To stop the tracing process, return to the Information for Technical Support window and select is disabled in the
Application traces drop-down list.

You can also create trace les when installing the application from the command line, including by using the setup.ini le.

Enabling and disabling dump writing

To enable or disable dump writing:

1. Open the application settings window.

2. In the left part, select Application Settings in the General Settings section.
The application settings are displayed in the right part of the window.

3. In the Debug information section, click the Settings button.

The Debug information window opens.

4. Do one of the following:

Select the Enable dump writing check box if you want the application to write dumps of the application.

Clear the Enable dump writing check box if you do not want the application to write dumps of the application.

5. Click OK in the Debug information window.

6. To save the changes, click the Save button in the main application window.

Enabling and disabling protection of dump les and trace les

Dump les and trace les contain information about the operating system, and may also contain user data. To prevent
unauthorized access to such data, you can enable protection of dump les and trace les.

If protection of dump les and trace les is enabled, the les can be accessed by the following users:

Dump les can be accessed by the system administrator and local administrator, and by the user that enabled the
writing of dump les and trace les.

Trace les can be accessed only by the system administrator and local administrator.

To enable or disable protection of dump les and trace les:

55
 1. Open the application settings window.

2. In the left part, select Application Settings in the General Settings section.
The application settings are displayed in the right part of the window.

3. In the Debug information section, click the Settings button.

The Debug information window opens.

4. Do one of the following:

Select the Enable dump and trace les protection check box if you want to enable protection.

Clear the Enable dump and trace les protection check box if you want to disable protection.

5. Click OK in the Debug information window.

6. To save the changes, click the Save button in the main application window.

Dump les and trace les that were written while protection was active remain protected even after this function is
disabled.

Contents and storage of dump les

The user is personally responsible for ensuring the safety of data collected, particularly for controlling and restricting
access to collected data stored on the computer.

Dump les are stored on the computer as long as the application is in use, and are deleted permanently when the
application is removed. Dump les are stored in the folder ProgramData\Kaspersky Lab.

A dump le contains all information about the working memory of Kaspersky Endpoint Security processes at the moment
when the dump le was created. A dump le may also contain personal data.

Contents and storage of trace les

The user is personally responsible for ensuring the safety of data collected, particularly for monitoring and restricting
access to collected data stored on the computer until it is submitted to Kaspersky.

Trace les are stored on the computer as long as the application is in use, and are deleted permanently when the application
is removed.

Trace les are stored in the ProgramData\Kaspersky Lab folder.

The trace le has the following name format: KES<version number_dateXX.XX_timeXX.XX_pidXXX.><trace

file type>.log.

The Authentication Agent trace le is stored in the System Volume Information folder and has the following name:
KLFDE.{EB2A5993-DFC8-41a1-B050-F0824113A33A}.PBELOG.bin.

56
You can view data saved in trace les.

All trace les contain the following common data:

Event time.

Number of the thread of execution.

The Authentication Agent trace le does not contain this information.

Application component that caused the event.

Degree of event severity (informational event, warning, critical event, error).

A description of the event involving command execution by a component of the application and the result of
execution of this command.

Contents of SRV.log, GUI.log, and ALL.log trace les

SRV.log, GUI.log, and ALL.log trace les may store the following information in addition to general data:

Personal data, including the last name, rst name, and middle name, if such data is included in the path to les on the
local computer.

The user name and password if they were transmitted openly. This data can be recorded in trace les during Internet
tra ic scanning. Tra ic is recorded in trace les only from trafmon2.ppl.

The user name and password if they are contained in HTTP headers.

The name of the Microsoft Windows account if the account name is included in a le name.

Your email address or a web address containing the name of your account and password if they are contained in the
name of the object detected.

Websites that you visit and redirects from these websites. This data is written to trace les when the application scans
websites.

Proxy server address, computer name, port, IP address, and user name used to sign in to the proxy server. This data
is written to trace les if the application uses a proxy server.

Remote IP addresses to which your computer established connections.

Message subject, ID, sender's name and address of the message sender's web page on a social network. This data is
written to trace les if the Web Control component is enabled.

Contents of HST.log, BL.log, Dumpwriter.log, WD.log, AVPCon.dll.log trace les

In addition to general data, the HST.log trace le contains information about the execution of a database and application
module update task.

57
In addition to general data, the BL.log trace le contains information about events occurring during operation of the
application, as well as data required to troubleshoot application errors. This le is created if the application is started with
the avp.exe –bl parameter.

In addition to general data, the Dumpwriter.log trace le contains service information required for troubleshooting errors
that occur when the application dump le is written.

In addition to general data, the WD.log trace le contains information about events occurring during operation of the avpsus
service, including application module update events.

In addition to general data, the AVPCon.dll.log trace le contains information about events occurring during the operation of
the Kaspersky Security Center connectivity module.

Contents of trace les of application plug-ins

Trace les of application plug-ins contain the following information in addition to general data:

The shellex.dll.log trace le of the plug-in that starts the scan task from the context menu contains information about
the execution of the scan task and data required to debug the plug-in.

The mcou.OUTLOOK.EXE trace le of the Mail Threat Protection plug-in may contain parts of email messages,
including email addresses.

Contents of the Authentication Agent trace le

In addition to general data, the Authentication Agent trace le contains information about the operation of Authentication
Agent and the actions performed by the user with Authentication Agent.

Glossary

Active key
A key that is currently used by the application.

Additional key
A key that certi es the right to use the application but is not currently being used.

Administration group
A set of devices that share common functions and a set of Kaspersky applications installed on them. Devices are grouped so
that they can be managed conveniently as a single unit. A group may include other groups. It is possible to create group
policies and group tasks for each installed application in the group.

58
Administration Server
A component of Kaspersky Security Center that centrally stores information about all Kaspersky applications that are
installed within the corporate network. It can also be used to manage these applications.

Anti-virus databases
Databases that contain information about computer security threats known to Kaspersky as of the anti-virus database
release date. Anti-virus database signatures help to detect malicious code in scanned objects. Anti-virus databases are
created by Kaspersky specialists and updated hourly.

Application modules
Files that are included in the application setup le, which implement the core functionality of the application. A separate
executable module corresponds to each type of task performed by the application (Real-time Protection, On-demand Scan,
and Update). When starting a full scan of the computer from the main application window, you initiate the module of this
task.

Application settings
Application settings that are common to all types of tasks and govern the overall operation of the application, such as
application performance settings, report settings, and backup settings.

Archive
One or several les packed into a single compressed le. A specialized application called an archiver is required for packing
and unpacking data.

Authentication Agent
Interface that lets you complete authentication to access encrypted hard drives and load the operating system after the
bootable hard drive has been encrypted.

Backup
A special storage for backup copies of les that are created before disinfection or deletion is attempted.

Black list of addresses

A list of email addresses from which all incoming messages are blocked by the Kaspersky application, regardless of the
message content.

59
Certi cate
Electronic document that contains the private key and information about the key owner and the key scope, and that con
rms that the public key belongs to the owner. The certi cate must be signed by the certi cation center that issued it.

Certi cate issuer

Certi cation center that issued the certi cate.

Certi cate subject

Holder of a private key linked to a certi cate. This can be a user, application, any virtual object, computer, or service.

Certi cate thumbprint

Information used to identify a certi cate key. A thumbprint is created by applying a cryptographic hash function to the value
of the key.

Database of malicious web addresses

A list of web addresses whose content may be considered to be dangerous. The list is created by Kaspersky specialists. It is
regularly updated and is included in the Kaspersky application distribution kit.

Database of phishing web addresses

A list of web addresses which Kaspersky specialists have determined to be phishing-related. The database is regularly
updated and is part of the Kaspersky application distribution kit.

Disinfection
A method of processing infected objects that results in complete or partial recovery of data. Not all infected objects can be
disinfected.

Exploits
Program code that uses some kind of vulnerability in the system or software. Exploits are often used to install malware on
the computer without the user’s knowledge.

60
False alarm
A false alarm occurs when the Kaspersky application reports an uninfected le as infected because the signature of the le is
similar to that of a virus.

File mask
Representation of a le name and extension by using wildcards.

File masks can contain any characters that are allowed in le names, including wildcards:

* – Replaces any zero or more characters.

? – Replaces any one character.

Note that the le name and extension are always separated by a period.

Heuristic Analysis
The technology was developed for detecting threats that cannot be detected by using the current version of Kaspersky
application databases. It detects les that may be infected with an unknown virus or a new variety of a known virus.

Infectable le
A le which, due to its structure or format, can be used by intruders as a "container" to store and spread malicious code. As
a rule, these are executable les, with such le extensions as .com, .exe, and .dll. There is a fairly high risk of intrusion of
malicious code in such les.

Infected le
A le which contains malicious code (code of known malware has been detected when scanning the le). Kaspersky does not
recommend using such les, because they may infect your computer.

License certi cate

A document that Kaspersky transfers to the user together with the key le or activation code. It contains information about
the license granted to the user.

Network Agent
A Kaspersky Security Center component that enables interaction between the Administration Server and Kaspersky
applications that are installed on a speci c network node (workstation or server). This component is common for all
Kaspersky applications running under Windows. Dedicated versions of Network Agent are intended for applications running
under other operating systems.

61
Network Agent Connector
Application functionality that connects the application with the Network Agent. The Network Agent enables remote
administration of the application through Kaspersky Security Center.

Network service
Set of parameters that de ne network activity. For this network activity, you can create a network rule that regulates the
operation of Firewall.

Normalized form of the address of a web resource

The normalized form of the address of a web resource is a textual representation of a web resource address that is
obtained through normalization. Normalization is a process whereby the textual representation of a web resource address
changes according to speci c rules (for example, exclusion of the user login, password, and connection port from the text
representation of the web resource address; additionally, the web resource address is changed from uppercase to
lowercase characters).

Regarding the operation of protection components, the purpose of normalization of web resource addresses is to avoid
scanning website addresses, which may di er in syntax while being physically equivalent, more than once.

Example:
Non-normalized form of an address: www.Example.com\.
Normalized form of an address: www.example.com.

OLE object
An attached le or a le that is embedded in another le. Kaspersky applications allow scanning OLE objects for viruses. For
example, if you insert a Microsoft O ice Excel® table into a Microsoft O ice Word document, the table is
scanned as an OLE object.

Patch
A small addition to the application that xes bugs discovered during operation of the application, or installs updates.

Phishing
A type of Internet fraud in which email messages are sent with the purpose of stealing con dential data, which is most
often nancial data.

62
Portable File Manager
This is an application that provides an interface for working with encrypted les on removable drives when no encryption
functionality is available on the computer.

Protection scope
Objects that are constantly being scanned by the Essential Threat Protection component when it is running. The protection
scopes of di erent components have di erent properties.

Scan scope
Objects that Kaspersky Endpoint Security scans while performing a scan task.

Signature Analysis
A threat detection technology that uses the Kaspersky Endpoint Security databases, which contain descriptions of known
threats and methods for eradicating them. Protection that uses signature analysis provides a minimally acceptable level of
security. Following the recommendations of Kaspersky's experts, this method is always enabled.

Task
Functions performed by the Kaspersky application as tasks, for example: Real-time File Protection, Full Device Scan,
Database Update.

Task settings
Application settings speci c to each type of tasks.

Trusted Platform Module

A microchip developed to provide basic functions related to security (for example, for storing encryption keys). A Trusted
Platform Module is usually installed on the computer motherboard and interacts with all other system components via the
hardware bus.

Update
The procedure of replacing or adding new les (databases or application modules) that are retrieved from Kaspersky update
servers.

63
Information about third-party code
Information about third-party code is contained in the le legal_notices.txt, in the application installation folder.

64
Trademark notices
Registered trademarks and service marks are the property of their respective owners.

Adobe, Acrobat, Flash and Shockwave are the trademarks or registered trademarks of Adobe Systems Incorporated in the
USA and / or elsewhere.

FireWire is a trademark of Apple, Inc., registered in the United States and elsewhere.

AutoCAD is a trademark or registered trademark of Autodesk, Inc. and/or its subsidiaries/a iliates in the United States and
elsewhere.

The wordmark Bluetooth and its logo are the property of Bluetooth SIG, Inc.

Borland is trademark or registered trademark of Borland Software Corporation in the United States and elsewhere.

Citrix and Citrix Provisioning Services are trademarks of Citrix Systems, Inc. and/or its subsidiaries registered in the patent o
ice of the United States and other countries.

dBase is a trademark of dataBased Intelligence, Inc.

EMC and SecurID are trademarks or registered trademarks of EMC Corporation in the United States and/or elsewhere.

IBM is a trademark of International Business Machines Corporation registered in many jurisdictions throughout the world.

ICQ is a trademark and / or service mark of ICQ LLC.

Intel and Pentium are the trademarks of Intel Corporation registered in the United States and elsewhere. Logitech is a

registered trademark or trademark of the Logitech Company in the US and elsewhere.

Microsoft, Access, BitLocker, Excel, Internet Explorer, LifeCam Cinema, MultiPoint, Outlook, PowerPoint,
PowerShell, Visual C++, Visual Basic, Visual FoxPro, Windows, Windows Store and Windows Server are trademarks of
Microsoft Corporation registered in the United States and elsewhere.

Mozilla and Thunderbird are the trademarks of the Mozilla Foundation.

Java and JavaScript are registered trademarks of the Oracle Corporation and/or its a iliates.

65