Configuring interaction of Kaspersky Endpoint Security for Windows with end users

You can configure the behavior of Kaspersky Endpoint Security for Windows on your users' devices and actions that end users can perform.

To configure interaction of Kaspersky Endpoint Security for Windows with end users:

Open Kaspersky Endpoint Security Cloud Management Console.
Select the Security management → Security profiles section.
The Security profiles section contains a list of security profiles configured in Kaspersky Endpoint Security Cloud.
In the list, select the security profile for the devices on which you want to configure interaction with end users.
Click the link with the profile name to open the security profile properties window.
The security profile properties window displays settings available for all devices.
In the Windows group, select the Advanced section.
Click the Settings link below Interaction with end users.
The Interaction with end users page opens.
Define the required settings:
- Whether Kaspersky Endpoint Security for Windows must start at the operating system startup of your users' devices.
  If this option is enabled, a device is protected for the entire session.
  
  If this option is disabled, a device is protected only after the user starts the application manually.
  
  Enabled by default.
- Whether the Kaspersky Endpoint Security for Windows interface must be displayed to end users.
  If this option is enabled, the main window of Kaspersky Endpoint Security for Windows and the icon in the Windows notification area are available. In the context menu of the icon, the user can perform operations with Kaspersky Endpoint Security for Windows. The application also displays notifications above its icon.
  
  If this option is disabled, no signs of the Kaspersky Endpoint Security for Windows operation are displayed. The icon in the Windows notification area and notifications are not available.
  
  Enabled by default.
- Whether end users are allowed to run a malware scan and anti-malware database update on their devices.
  If this option is enabled, end users can run these tasks manually. However, they cannot change the settings that you define.
  
  If this option is disabled, malware scan and anti-malware database update tasks are only run according to the settings and schedule that you define.
  
  Enabled by default.
- Whether end users are allowed to run additional tasks on their devices.
  We recommend that you enable this option only if you use Kaspersky Security Integrations for MSP.
  
  If this option is enabled, Kaspersky Security Integrations for MSP and end users can run malware scan and anti-malware database update tasks, as well as other tasks, with custom parameters, regardless of the settings that you define.
- Whether Kaspersky Endpoint Security for Windows is protected by a password.
- Whether compatibility with remote administration software is enabled.
  If you encounter problems with remote administration tools, enable the compatibility mode. This mode turns off the Secure Desktop functionality of Kaspersky Endpoint Security for Windows that confirms actions that can potentially lower the security level of the device. We do not recommend enabling the compatibility mode unless necessary.
Click the Save button.

After the security profile is applied on the Windows device, the settings are changed as defined.

Page top