To restrict Kaspersky Endpoint Agent operations, which can result in decrease of protection level of the user computer and the data processed on this computer, as well as decrease of the application self-defense level, it is required to protect the application with password.
Password is required to execute the following commands in Kaspersky Endpoint Agent command line interface:
--sandbox=disable--sandbox=show--sandbox=enable --tls=no--sandbox=enable --pinned-certificate=<full path to the TLS certificate file for connecting Kaspersky Endpoint Agent with Kaspersky Sandbox>--quarantine=delete –ouid--quarantine=show--quarantine=restore--quarantine=add--product=stop--password=reset--isolation=disable--prevention=disable--selfdefense--license=delete--message-broker --type=kata <settings>--event --action=enable--event --action=disableTo enter the password, use the --pwd=<current user password> parameter.
The password is also required when performing the following actions on the application:
modify)upgrade)repair)After enabling password protection and applying Kaspersky Security Center policy, a single password is applied to all devices of Kaspersky Endpoint Agent managed group.
After disabling password protection in the policy, password protection settings retain for the local device and can be edited.
The password is stored in the application settings in encrypted form (as a checksum).
To enter the password, use the --pwd=<current user password> parameter.
To configure Kaspersky Endpoint Agent password protection using the command line interface:
cd command, navigate to the folder where the Agent.exe file is located.For example, you can type the following command cd "C:\Program Files (x86)\Kaspersky Lab\Endpoint Agent\" and press ENTER.
agent.exe --password=state to view the current password protection status of the application.agent.exe --password=set --pwd=<current user password> --new=<new user password> to set a new user password.agent.exe --password=reset --pwd=<current user password> to reset the user password.