To create a Kaspersky Endpoint Agent policy in Kaspersky Security Center:
Open Kaspersky Security Center Administration Console.
In the console tree, open the Policies folder.
Click Create a policy.
The policy creation wizard starts.
In the Selecting an application for creating a group policy window, select Kaspersky Endpoint Agent.
Click Next.
In the Enter group policy name window, perform the following actions:
Enter the name that will be used for the new policy in the policy list.
If you want to import the settings of an existing Kaspersky Endpoint Agent policy to a new policy:
Select the Use the policy settings for previous application version check box.
Click Select and in the window that opens, select the policy whose settings you want to import.
Click OK.
Click Next.
In the New policy window, select one of the following options:
Create a new policy and configure its settings.
Create a new policy with default settings.
If you enabled the Use the policy settings for previous application version setting during the previous step, the Create a new policy and configure its settings option will be selected by default, and the settings specified in the imported policy will be displayed when the policy is created. In this case, the switch in the upper right corner of each section with the policy settings, which shows if the policy is applied, depends on the position of the switches in the groups of settings of the imported policy.
The switch is set to Under policy if the corresponding switch in the imported policy is also set to Under policy for all groups of settings that are included in the section.
The switch is set to Unaffected by policy if the corresponding switch in the imported policy is also set to Unaffected by policy for at least one group of settings that are included in the section.
Click Next.
In the Select policy type window, select the desired Kaspersky Endpoint Agent deployment method:
Kaspersky Sandbox
Endpoint Detection and Response Expert (KATA EDR), Kaspersky Industrial CyberSecurity for Networks
Click Next.
If you select the Create a new policy and configure its settings option, perform one of the following actions in all the sequentially displayed settings windows:
To configure the application settings in the displayed sections during policy creation:
Click Configure next to the name of the required section.
In the window that opens, configure the required settings and click OK.
Click Next.
To configure the application settings in the displayed section later, click Next.
Configuration of the application settings consists of the following steps:
The composition of the steps depends on the type of policy selected during the previous step and may differ from the one described.
Configuring integration between Kaspersky Endpoint Agent and Kaspersky Sandbox.
Configuring integration of Kaspersky Endpoint Agent with Endpoint Detection and Response Expert (KATA EDR) and Kaspersky Industrial CyberSecurity for Networks (KICKS for Networks) components.
Configuring threat response settings.
Configuring application repositories.
Configuring application security settings.
Configuring general application settings.
In the Target group window, select the Kaspersky Security Center administration group to which the created policy will be applied by performing the following steps:
Click Browse.
The administration group selection window will open.
Select the administration group from the list.
For example, you can select the Managed devices group.
If you want to create a subgroup in the Managed devices group:
Click New group.
In the window that opens, enter the name of the device subgroup.
Click OK.
Click Next.
In the Creating a group policy for the application window, select one of the following policy statuses:
Active policy to activate the policy as soon as it is created.
Inactive policy to activate the policy later.
Out-of-office. The policy becomes active when the computer leaves the corporate network.
Select the Open policy properties after creation check box if you want to perform additional configuration of the policy immediately after creating it.
Click Finish.
The created policy will now appear in the policy list.
If the use of KSN is enabled in the policy and the version of the KSN Statement in the policy differs from the version of the KSN Statement in the Kaspersky Endpoint Agent installed on the host, then after the policy is applied, the use of KSN is disabled on the host and in the policy settings. This situation may occur if Kaspersky Endpoint Agent 3.16 is installed on the host while a lower version of the Kaspersky Endpoint Agent administration plug-in was used to make the last change to the policy.