This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.
To restrict Kaspersky Endpoint Agent's operations that might result in a decrease in the protection level of the user's computer and the data processed on that computer, as well as a decrease in the application's self-defense level, it is necessary to password protect the application.
The password is required to execute the following commands in Kaspersky Endpoint Agent command line interface:
--sandbox=disable
--sandbox=show
--sandbox=enable --tls=no
--sandbox=enable --pinned-certificate=<full path to the TLS certificate file for connecting Kaspersky Endpoint Agent to Kaspersky Sandbox>
--quarantine=delete –ouid
--quarantine=show
--quarantine=restore
--quarantine=add
--product=stop
--password=reset
--isolation=disable
--prevention=disable
--selfdefense
--license=delete
--message-broker --type=kata <settings>
--event --action=enable
--event --action=disable
To enter the password, use the --pwd=<current user password>
parameter.
The password is also required when performing the following actions on the application:
upgrade
)repair
)After enabling password protection and applying the Kaspersky Security Center policy, the same password is applied to all devices in the Kaspersky Endpoint Agent managed group.
After disabling password protection in the policy, the password protection settings are retained for the local device and can be edited.
The password is stored in the application settings in encrypted form (as a checksum).
To enter the password, use the --pwd=<current user password>
parameter.
To configure Kaspersky Endpoint Agent password protection using the command line interface:
cd
command, navigate to the folder where the Agent.exe file is located.For example, enter the command cd "C:\Program Files (x86)\Kaspersky Lab\Endpoint Agent\"
and press ENTER.
agent.exe --password=state
to view the current password protection status of the application.agent.exe --password=set --pwd=<current user password> --new=<new user password>
to set a new user password.agent.exe --password=reset --pwd=<current user password>
to reset the user password.