- Kaspersky Endpoint Security 12.2 for Linux Help
- Kaspersky Endpoint Security 12.2 for Linux
- What's new
- Preparing to install Kaspersky Endpoint Security
- Installation and initial configuration of Kaspersky Endpoint Security
- The installation and initial configuration of Kaspersky Security Center Network Agent
- Installing Kaspersky Endpoint Security administration plug-ins
- Installing and initially configuring the application using Kaspersky Security Center
- Creating an installation package in the Web Console
- Creating an installation package in the Administration Console
- Preparing an archive with application databases in order to create an installation package with integrated databases
- Autoinstall.ini configuration file parameters
- Getting started using Kaspersky Security Center
- Installing and initially configuring the application using the command line
- Installing the application using the command line
- Post-installation configuration of the application in interactive mode
- Selecting the application usage mode
- Defining the role of the virtual machine
- Enabling VDI protection mode
- Selecting the locale
- Viewing the End User License Agreement and the Privacy Policy
- Accepting the End User License Agreement
- Accepting the Privacy Policy
- Using Kaspersky Security Network
- Removing users from privileged groups
- Assigning the Administrator role to a user
- Determining the file operation interceptor type
- Enabling automatic configuration of SELinux
- Configuring the update source
- Configuring proxy server settings
- Starting an application database update
- Enabling automatic application database update
- Application activation
- Post-installation configuration of the application in automatic mode
- Settings in the configuration file for post-installation configuration
- Configuring permissive rules in the SELinux system
- Running the application on Astra Linux OS in closed software environment mode
- Configuring the OSnova operating system for the application to work
- Updating the application from a previous version
- Uninstalling the application
- Application licensing
- About the End User License Agreement
- About the license
- About the license certificate
- About the license key
- About the activation code
- About the key file
- About subscription
- Comparison of application features across different licenses
- Application activation and license key management
- Viewing information about used license keys
- Data provision
- Data provided when using an activation code
- Data provided when downloading updates from Kaspersky update servers
- Data transferred when using the application in Light Agent mode
- Data sent to Kaspersky Security Center
- Data provided when following links in the application interface
- Data provided when using Kaspersky Security Network
- Data provided when integrating with Kaspersky Endpoint Detection and Response Optimum
- Data provided when integrating with the Kaspersky Endpoint Detection and Response (KATA) component
- Data provided when integrating with the Kaspersky Network Detection and Response (KATA) component
- Data provided when integrating with Kaspersky Unified Monitoring and Analysis Platform
- Application management concept
- Managing the application using Kaspersky Security Center
- Kaspersky Endpoint Security administration plug-ins
- Kaspersky Security Center policies
- Tasks for Kaspersky Endpoint Security created in Kaspersky Security Center
- Logging in and out of the Web Console and Cloud Console
- Managing policies in the Web Console
- Managing policies in the Administration Console
- Managing tasks in the Web Console
- Managing tasks in the Administration Console
- Managing the application using the command line
- Enabling automatic addition of kesl-control commands (bash completion)
- Task management in the command line
- Displaying task settings in the command line
- Editing task settings in the command line
- Configuring task schedule in the command line
- Managing general application settings in the command line
- Using filters to limit results of queries
- Exporting and importing application settings
- Managing user roles using the command line
- Managing the application using Kaspersky Security Center
- Starting and stopping the application
- Viewing the protection status of a device and information about application performance
- Viewing the protection status of a device in the Web Console
- Viewing the protection status of a device in the Administration Console
- Viewing information about the operation of an application in the Web Console
- Viewing information about the operation of an application in the Administration Console
- Viewing information about the operation of an application in the command line
- Viewing application statistics
- Viewing application statistics in the Web Console
- Viewing application statistics in the Administration Console
- Viewing a list of mount points in the Web Console
- Viewing the list of mount points in the Administration Console
- Viewing application statistics and the list of mount points in the command line
- Collecting system performance metrics
- Updating application databases and modules
- Updating databases and modules
- Updating sources and update scenarios
- Updating application databases and modules in the Web Console
- Updating application databases and modules in the Administration Console
- Updating application databases and modules in the command line
- Updating using Kaspersky Update Utility
- Rolling back application database and module updates
- File Threat Protection
- Malware Scan
- Critical Areas Scan
- Removable Drives Scan
- Container Scan
- Firewall Management
- Web Threat Protection
- Encrypted connections scan
- Network Threat Protection
- Protection against remote malicious encryption
- Managing blocked devices
- Application Сontrol
- Inventory
- Device Control
- Web Control
- System Integrity Monitoring
- Real-time System Integrity Monitoring
- System Integrity Check
- Behavior Detection
- Using Kaspersky Security Network
- Advanced application settings
- Configuring a proxy server
- Configuring global exclusions
- Exclude process memory from scans
- Selecting the interception mode for file operations
- Configuring detection of applications that hackers can use to harm
- Enabling application stability monitoring
- Configuring application startup settings
- Limiting the use of resident memory by the application
- Limiting the use of memory and processor resources
- Limiting the number of Custom Scan tasks
- Configuring the transfer of data to Kaspersky Security Center storage
- Configuring permissions for task management
- Backup
- Integration with Detection and Response solutions
- About response actions for commands of Detection and Response solutions
- Integration with Kaspersky Anti Targeted Attack Platform
- Integration with Kaspersky Unified Monitoring and Analysis Platform
- Kaspersky Endpoint Detection and Response Optimum Integration
- Enabling or disabling Kaspersky Endpoint Detection and Response Optimum integration
- Viewing the Kaspersky Endpoint Detection and Response Optimum integration status
- Viewing information about a detected threat and response actions
- Searching for indicators of compromise
- Start process
- Terminate process
- Receiving a file from a device
- Deleting a file from a device
- Quarantine file
- Managing the Quarantine
- Network isolation
- Execution prevention for objects
- Cloud Sandbox
- Integration with Kaspersky Managed Detection and Response
- Configuring KPSN to enable Kaspersky Managed Detection and Response integration
- Configuring the Kaspersky Managed Detection and Response integration in the Web Console
- Configuring the Kaspersky Managed Detection and Response integration in the Administration Console
- Configuring the Kaspersky Managed Detection and Response integration on the command line
- Configuring settings for using the application in Light Agent mode
- Viewing events and reports
- Application management via the graphical user interface
- Graphical user interface
- Enabling and disabling application components
- Starting and stopping scan tasks
- Starting a custom scan and a KATA Sandbox scan
- Starting and stopping the Update task
- Configuring Kaspersky Security Network
- Viewing reports
- Viewing Backup objects
- Managing license keys
- Creating a trace file
- Application components integrity check
- Contact Technical Support
- Appendices
- Appendix 1. Resource consumption optimization
- Appendix 2. Commands for managing Kaspersky Endpoint Security
- Commands for managing application tasks and settings
- Statistics commands
- Commands for displaying events
- Commands for managing application events
- Commands for managing license keys
- Commands for Firewall Management
- Commands used to manage blocked devices
- Commands for managing Device Control
- Commands for managing Application Control
- Web Control management commands
- Commands for managing Backup
- Commands for managing the Quarantine
- Commands for managing users and roles
- Commands for managing EDR (KATA) / NDR (KATA) component settings
- Commands for managing settings for Kaspersky Endpoint Detection and Response Optimum Integration
- Commands for managing Kaspersky Unified Monitoring and Analysis Platform Integration settings
- Commands for managing the KATA Sandbox integration settings
- Commands for managing IOC scans
- Application commands in Light Agent mode for protecting virtual environments
- Commands for managing system performance metrics
- Appendix 3. Configuration files and default application settings
- Rules for editing application task configuration files
- Preset configuration files
- Default settings for command line tasks
- Default settings for the File_Threat_Protection task (ID:1)
- Default settings for the Scan_My_Computer task (ID:2)
- Default settings for the Scan_File task (ID:3)
- Default settings for the Critical_Areas_Scan task (ID:4)
- Default settings for the Update task (ID:6)
- Default settings for the System_Integrity_Monitoring task (ID:11)
- Default settings for the Firewall_Management task (ID:12)
- Default settings for the Anti_Cryptor task (ID:13)
- Default settings for the Web_Threat_Protection task (ID:14)
- Default settings for the Device_Control task (ID:15)
- Default settings for the Removable_Drives_Scan task (ID:16)
- Default settings for the Network_Threat_Protection task (ID:17)
- Default settings for Container_Scan (ID:18) and Custom_Container_Scan (ID:19) tasks
- Default settings for the Behavior_Detection task (ID:20)
- Default settings for the Application_Control task (ID:21)
- Default settings for the Inventory_Scan task (ID:22)
- Default settings for KATAEDR task (ID:24)
- Default settings for the Web_Control task (ID:26)
- Default settings for the Standalone_Sandbox task (ID:29)
- Default settings for KATANDR task (ID:31)
- Default settings for the KUMA task (ID:33)
- General application settings
- General Container Scan settings
- Encrypted connections scan settings
- Tasks schedule settings
- Appendix 4. Command line return codes
- Appendix 5. Configuring interaction with Kaspersky Anti-Virus for Linux Mail Server
- Sources of information about Kaspersky Endpoint Security
- Glossary
- Active key
- Active policy
- Administration group
- Administration Server
- Application activation
- Application databases
- Application settings
- Database of malicious web addresses
- Database of phishing web addresses
- Exclusion
- False positive
- File mask
- Group policy
- Group task
- Infected object
- Integration Server
- Kaspersky update servers
- License
- License certificate
- Light Agent
- Object disinfection
- Policy
- Proxy server
- Reserve key
- SIEM system
- Startup objects
- Subscription
- SVM
- Trusted device
- Information about third-party code
- Trademark notices
Managing the Quarantine
Quarantine is a special local storage on the device. You can quarantine files that you consider dangerous to your device. Quarantined files are stored in an encrypted form and do not threaten the security of the device. Quarantined files may contain personal data.
Some files can be critically important for the operation of the operating system and the application. Quarantining such files can disrupt the operation of the system.
The Kaspersky Endpoint Security application uses Quarantine only when integrated with the Detection and Response solutions: Kaspersky Anti Targeted Attack Platform and Kaspersky Endpoint Detection and Response Optimum. In other cases, Kaspersky Endpoint Security places the file in Backup.
When integrating with the Kaspersky Endpoint Detection and Response Optimum solution, you can configure the Quarantine file task in the Web Console. When integrating with the Kaspersky Endpoint Detection and Response (KATA) component, this task is configured in the Kaspersky Endpoint Detection and Response (KATA) component. For more information about managing Quarantine as part of solutions, see the Kaspersky Anti Targeted Attack Platform Help and Kaspersky Endpoint Detection and Response Optimum Help.
A file can be quarantined only if one of the following conditions is met: integration with the Kaspersky Endpoint Detection and Response Optimum solution is enabled and the Endpoint Detection and Response Optimum component is activated, or integration with the Kaspersky Endpoint Detection and Response (KATA) component is enabled and the Endpoint Detection and Response (KATA) component is activated. Restoring, deleting, and retrieving a file from quarantine in Kaspersky Security Center and in the command line is available regardless of whether integration with the Kaspersky Endpoint Detection and Response (KATA) component or the Kaspersky Endpoint Detection and Response Optimum solution is enabled, and regardless of whether the device is covered by a policy. Activating Endpoint Detection and Response Optimum and Endpoint Detection and Response (KATA) components also does not affect the ability to perform these actions.
The general list of files quarantined by Kaspersky applications on client devices is kept in Kaspersky Security Center and is available in the Administration Console (Advanced → Repositories → Quarantine) and the Web Console (Operations → Repositories → Quarantine). Kaspersky Security Center does not copy files from Quarantine storages to the Administration Server; all files are stored in Quarantine storages on client devices. In Kaspersky Security Center, you can view information about quarantined files located on client devices, delete and restore files from quarantine (for more details, see the Kaspersky Security Center Help).
To manage quarantined files in Kaspersky Security Center, you need to enable the transfer of data about quarantined files to the Administration Server.
You can also work with quarantined files locally on the device using the command line. You can view information about quarantined files, and delete and restore files from quarantine.
The directory for storing quarantined files must be writable.
The quarantined file is restored to its original location according to the specified settings. Once the restoration process is complete, the application deletes the quarantined copy of the restored file.
Restoring a file from quarantine fails in the following cases:
- The file to be restored was not found in the quarantine storage.
- The name of the file being restored is specified incorrectly or with the wrong case.
- The file ID was specified incorrectly.
- The destination folder has been deleted, moved, renamed, or you do not have access rights to it.
In this case, the application moves the file to the folder /var/opt/kaspersky/kesl/common/restored/. You can manually move the file from this folder to the desired folder.
- A file with the same name already exists at the specified path.
- The device does not have enough space.
Deleting a file from quarantine fails in the following cases:
- The file to be deleted was not found in the quarantine storage.
- The name of the file being deleted is specified incorrectly or with the wrong case.
- The file ID was specified incorrectly.
You can configure quarantine settings on a device using a policy in the Web Console or in the Administration Console or using the command line. You can configure the following Quarantine settings:
- The percentage of Quarantine that must be full to generate an event about Quarantine being full. By default, an event is generated when the Quarantine is 90% full.
- Maximum size of the Quarantine in megabytes. When the maximum Quarantine size is reached, the application automatically deletes the oldest quarantined files. By default, the maximum Quarantine size is 200 MB if the application is being used in Standard mode, and 100 MB if the application is being used in Light Agent mode.