Policy settings in the Administration Console

The default set of settings and values for the policy settings depend on the license that was used to activate the application. Some policy settings are applied or not applied to the application depending on the application mode.

You can configure policy settings in the sections and subsections of the policy properties window. For information about configuring general policy settings and event settings, refer to Kaspersky Security Center Help section.

Policy settings

Section	Subsections
Essential Threat Protection	File Threat Protection. In this subsection, you can manage File Threat Protection. File Threat Protection exclusions. In this subsection, you can configure exclusions that apply to the File Threat Protection component. Firewall Management. In this subsection, you can configure firewall management settings. Web Threat Protection. In this subsection, you can configure Web Threat Protection settings. Mail Threat Protection. In this subsection, you can manage Mail Threat Protection settings. Network Threat Protection. In this subsection, you can configure Network Threat Protection settings. BadUSB Attack Prevention. In this subsection, you can manage BadUSB Attack Prevention settings.
Advanced Threat Protection	Kaspersky Security Network. In this subsection, you can configure the use of Kaspersky Security Network by Kaspersky Endpoint Security. Anti-Cryptor. In this subsection, you can configure the settings for protection against remote malicious encryption. Behavior Detection. In this subsection, you can manage settings for application behavior detection.
Detection and Response	Managed Detection and Response. In this subsection, you can enable and disable integration with Kaspersky Managed Detection and Response and upload the MDR BLOB file required for integration. EDR Expert (on-premise). In this subsection, you can enable or disable the integration with Kaspersky Endpoint Detection and Response (KATA) and manage integration settings. Network Detection and Response (KATA). In this subsection, you can enable or disable the integration with Kaspersky Network Detection and Response (KATA).
Security Controls	Application Control. In this subsection, you can configure Application Control settings. System Integrity Monitoring. In this subsection, you can configure System Integrity Monitoring settings. Device Control. In this subsection, you can configure Device Control settings. Web Control. In this subsection, you can configure Web Control settings.
Local Tasks	Task Management. In this subsection, you can configure permissions for users to manage tasks. Removable Drives Scan. In this subsection, you can configure the settings for scanning removable drives when they are connected to a protected device.
General settings	Proxy server settings. In this subsection, you can configure the proxy server settings if users access the internet from client devices through a proxy server. Application settings. In this subsection, you can configure the following settings: Detection of legitimate applications that threat intruders can use to compromise devices or data. Notification settings. Limit on the use of memory and processor resources for scan tasks. Limit on the number of Custom Scan tasks that a non-privileged user can start on a device at the same time. Application startup settings. Trace and dump settings. Application stability monitoring. Limit on the use of resident memory by the application. File operations interception mode. Container Scan settings. In this subsection, you can manage the Container Monitoring component. Network settings In this subsection, you can configure the settings for scanning network traffic. Global exclusions. In this subsection, you can configure: Excluding mount points from file operation interception. Industrial software exclusions to exclude processes, files, and directories associated with a particular type of software. Excluding process memory. In this subsection, you can configure exclusion of process memory from scans. Storage settings. In this subsection, you can configure: Backup and quarantine. Settings for the transfer of data to the Kaspersky Security Center storage. OS interaction settings In this subsection, you can configure the following: Select the system event interception mechanism that you want the application to use. Manage advanced telemetry parameters settings.
KUMA Integration	KUMA Integration. In this subsection, you can enable or disable the integration with Kaspersky Unified Monitoring and Analysis Platform and manage integration settings.
Light Agent mode The settings described in this section apply only if Kaspersky Endpoint Security is used in Light Agent mode for protecting virtual environments.	Connection to the Integration Server. In this subsection, you can configure the connection of Light Agents to the Integration Server, a component of Kaspersky Security for Virtualization Light Agent. SVM discovery settings. In this subsection, you can select the method that Light Agents use to discover SVMs available for connection. SVM connection tag. In this subsection, you can enable the Light Agent to use tags and assign a tag that the Light Agent will use for the connection. SVM selection algorithm. In this subsection, you can specify which SVM selection algorithm you want Light Agents to use. Protecting the connection. In this window, you can enable encryption of the data transmission channel between the Light Agent and the Protection Server

Page top