Configuring protection components on Mac devices

Security applications installed on Mac devices provide protection against various threats, and against network and phishing attacks.

Each threat type is processed by a dedicated component of the security application. You can enable, disable, and configure those components through Kaspersky Endpoint Security Cloud Management Console.

Selecting the types of detectable objects on Mac devices

Objects detected by Kaspersky Endpoint Security are categorized based on various traits. The application always searches for viruses, worms, Trojans, and malicious tools. These programs can cause significant harm to your computer. To improve the security of your computer, you can expand the range of detectable objects by enabling the monitoring of the actions of adware and the monitoring of legitimate applications that intruders can use to compromise your users' devices or personal data.

Objects detected by Kaspersky Endpoint Security are divided into the following categories:

• Viruses, worms, Trojans, and malicious tools. This category includes all types of malware. The minimum necessary security level ensures protection against them. Based on the recommendations of Kaspersky experts, Kaspersky Endpoint Security always monitors objects in this category.
• Adware. This category includes software that can cause inconvenience to the user.
• Auto-dialers. This category includes programs that establish hidden telephone connections through a modem.
• Other software. This category includes legitimate applications that intruders can use to compromise your users' devices or personal data, such as remote administration applications.

To select the types of detected objects:

1. Open Kaspersky Endpoint Security Cloud Management Console.
2. Select the Security management → Security profiles section.

   The Security profiles section contains a list of security profiles configured in Kaspersky Endpoint Security Cloud.

3. In the list, select the security profile for the devices on which you want to configure the types of detected objects.
4. Click the link with the profile name to open the security profile properties window.

   The security profile properties window displays settings available for all devices.

5. In the Mac group, select the Advanced section.
6. Click the Settings link below the Threat detection and exclusions section.

   The Threat detection and exclusions window opens.

7. If you want to enable detection of adware, auto-dialers, and applications in the Other software category, select the relevant check boxes in the Types of objects to be detected window.
8. Click the Save button.

Kaspersky experts recommend that you do not disable protection against adware and auto-dialers. If Kaspersky Endpoint Security categorizes a program as malware but you are confident that it is not a dangerous program, you can add it to the trusted zone.

After the security profile is applied, detection of the specified types of objects will be enabled on users' Mac devices while File Threat Protection and Malware Scan are running.

Configuring the File Threat Protection component on Mac devices

The File Threat Protection component allows you to avoid infecting the file system on your computer and protects the computer's file system in real time by intercepting and analyzing attempts to access files. By default, this component starts when the security application is started on the device. File Threat Protection permanently resides in the computer's RAM and scans all files that are opened, saved, and run on the computer and on all connected drives. If the File Threat Protection component is disabled, it will not run when the application starts and you will have to manually enable it.

To configure the File Threat Protection component on Mac devices:

1. Open Kaspersky Endpoint Security Cloud Management Console.
2. Select the Security management → Security profiles section.

   The Security profiles section contains a list of security profiles configured in Kaspersky Endpoint Security Cloud.

3. In the list, select the security profile for the devices on which you want to configure the File Threat Protection component.
4. Click the link with the profile name to open the security profile properties window.

   The security profile properties window displays settings available for all devices.

5. In the Mac group, select the Security settings section.
6. Set the toggle switch to File Threat Protection is enabled.
7. Click the Settings link below the File Threat Protection is enabled toggle switch.

   The File Threat Protection component settings page opens.

8. In the Security level section, select the security level whose settings meet your requirements for protection of Mac devices.

   The settings of the security level selected will be displayed under the list of levels.

9. Click the Save button to save the changes.

After the security profile is applied, File Threat Protection will be enabled on users' Mac devices. The component will protect the file system of the Mac device according to the specified settings.

Configuring the Web Threat Protection component on Mac devices

The Web Threat Protection component protects information received and sent by your computer via the HTTP and HTTPS protocols. Web Threat Protection also scans website links for signs of phishing and checks to see if they are categorized as malicious web addresses.

Web Threat Protection scans web traffic based on the settings recommended by Kaspersky. When a threat is detected, Web Threat Protection performs the action defined by you.

Scanning web addresses for signs of phishing and checking if they are included in the list of malicious web addresses helps avoid phishing attacks. Phishing attacks normally consist of email messages sent by hackers supposedly on behalf of financial organizations (for example, banks) with links to fake websites. In such email messages, hackers attempt to deceive a user into visiting a phishing website and providing confidential data (for example, a bank card number, or user name and password for an online bank account). For example, a phishing attack can be disguised as an email message supposedly from your bank with a link to the bank's official website. However, when clicking the link, you end up on an exact copy of the bank's official website that was created by hackers. Web Threat Protection scans web traffic to monitor attempts to gain access to a phishing website and blocks access to such websites.

To configure the Web Threat Protection component on Mac devices:

1. Open Kaspersky Endpoint Security Cloud Management Console.
2. Select the Security management → Security profiles section.

   The Security profiles section contains a list of security profiles configured in Kaspersky Endpoint Security Cloud.

3. In the list, select the security profile for the devices on which you want to configure the Web Threat Protection component.
4. Click the link with the profile name to open the security profile properties window.

   The security profile properties window displays settings available for all devices.

5. In the Mac group, select the Security settings section.
6. Set the toggle switch to Web Threat Protection is enabled.
7. Click the Settings link below the Web Threat Protection is enabled toggle switch.

   The Web Threat Protection component settings page opens.

8. In the Security level section, select the security level whose settings meet your requirements for protection of Mac devices.
9. In the Action on threat detection section, select the action that Web Threat Protection must take when it detects a dangerous object in web traffic.
   • If you want the application to display a notification that prompts you to choose one of the available actions, select the Prompt the user for action option.
   • If you want to automatically block access to a dangerous object detected in web traffic, select the Block automatically option.
10. Click the Save button to save the changes.

After the security profile is applied, the Web Threat Protection component will be enabled on users' Mac devices. The component will scan all information received and sent by your computer via the HTTP and HTTPS protocols, and will scan website links for signs of phishing and will check to see if they are categorized as malicious web addresses.

Configuring the Network Threat Protection component on Mac devices

The Network Threat Protection component protects a computer against intrusions into the computer's operating system. The component protects against attacks by hackers (employing port scanning or password cracking) and also protects against the malware installed by hackers (including malware that sends personal data to criminals). The malware involved in network attacks includes certain Trojans, DoS attack tools, malicious scripts, and network worms.

When dangerous network activity is detected, Kaspersky Endpoint Security Cloud automatically blocks the IP address of the attacking computer.

To configure the Network Threat Protection component on Mac devices:

1. Open Kaspersky Endpoint Security Cloud Management Console.
2. Select the Security management → Security profiles section.

   The Security profiles section contains a list of security profiles configured in Kaspersky Endpoint Security Cloud.

3. In the list, select the security profile for the devices on which you want to configure the Network Threat Protection component settings.
4. Click the link with the profile name to open the security profile properties window.

   The security profile properties window displays settings available for all devices.

5. In the Mac group, select the Security settings section.
6. Set the toggle switch to Network Threat Protection is enabled.
7. Click the Settings link below the Network Threat Protection is enabled toggle switch.

   The Network Threat Protection component settings page opens.

8. In the Network Threat Protection settings section, in the Time to block attacking computer (min) field, specify the time period during which the IP address of the attacking computer will be blocked.
9. Click the Save button to save the changes.

After the security profile is applied, the Network Threat Protection component will be enabled on users' Mac devices.