Policy settings in the Web Console

The default set of settings and values for the policy settings depend on the license that was used to activate the application. Some policy settings are applied or not applied to the application depending on the application mode.

You can configure policy settings on the Application settings tab of the policy properties window.

The policy settings in the Web Console are described in Appendix 5.

Policy settings

Section	Subsections
Host Threat Protection	File Threat Protection. In this subsection, you can manage File Threat Protection. BadUSB Attack Prevention. In this subsection, you can manage BadUSB Attack Prevention settings. Removable Drives Scan. In this subsection, you can configure the settings for scanning removable drives when they are connected to a protected device. Behavior Detection. In this subsection, you can manage settings for application behavior detection. Anti-Cryptor. In this subsection, you can configure the settings for protection against remote malicious encryption. Exploit Prevention. In this subsection, you can manage Exploit Prevention settings.
Communication & Web Protection	Mail Threat Protection. In this subsection, you can manage Mail Threat Protection settings. Web Threat Protection. In this subsection, you can configure Web Threat Protection settings. Network Threat Protection. In this subsection, you can configure Network Threat Protection settings. Firewall. In this subsection, you can configure firewall management settings.
Security Controls	Device Control. In this subsection, you can configure Device Control settings. Web Control. In this subsection, you can configure Web Control settings. App Control. In this subsection, you can configure Application Control settings. System Integrity Monitoring. In this subsection, you can configure System Integrity Monitoring settings.
Trusted zone	In this section, you can manage the following settings: Exclusions that are applied by the File Threat Protection component. Exclusions that are applied by the Web Threat Protection component. Exclusions that are applied by the Network Threat Protection component. Exclusions from network traffic scanning. Excluding mount points from file operation interception. Trusted devices for the Device Control component.
General Settings	Detection Settings. In this subsection, you can manage the following settings: Detection of legitimate applications that threat intruders can use to compromise devices or data. File operations interception mode. Kaspersky Security Network. In this subsection, you can configure the use of Kaspersky Security Network by Kaspersky Endpoint Security. User Interaction. In this subsection, you can manage the following settings: Application startup settings. Task management permissions for users. Performance. In this subsection, you can manage the following settings: Canceling scheduled tasks on a device running on battery power. Exclude process memory from scans. Limit on the use of memory and processor resources for scan tasks. Limit on the use of resident memory by the application. Application stability monitoring. Network Settings. In this subsection, you can configure the following: Proxy server settings if the users of the client devices use a proxy server to connect to the internet. Network traffic scan settings. Container Scan. In this subsection, you can manage the Container Monitoring component. Technical Support. In this subsection, you can manage the trace and dump settings. Reports and Storage. In this subsection, you can manage the settings of Backup and Quarantine. KSC Integration. In this subsection, you can manage the settings for sending information to Kaspersky Security Center repository. OS interaction settings. In this subsection, you can configure the following: Select the system event interception mechanism that you want the application to use. Manage advanced telemetry parameters settings. Notification settings. In this subsection, you can manage event notification settings.
Built-in Agents Configuration	Managed Detection and Response. In this subsection, you can enable and disable integration with Kaspersky Managed Detection and Response and upload the MDR BLOB file required for integration. Network Detection and Response (KATA). In this subsection, you can enable or disable the integration with Kaspersky Network Detection and Response (KATA). Endpoint Detection and Response. In this subsection, you can enable or disable the integration with Kaspersky Detection and Response Optimum and manage integration settings. Endpoint Detection and Response Expert (on-premise). In this subsection, you can enable or disable the integration with Kaspersky Endpoint Detection and Response Expert (on-premise) or with Kaspersky Endpoint Detection and Response (KATA) and manage integration settings. Sandbox. In this subsection, you can enable or disable the integration with Sandbox and manage integration settings. KUMA Integration. In this subsection, you can enable or disable the integration with Kaspersky Unified Monitoring and Analysis Platform and manage integration settings.
Light Agent Mode The settings described in this section apply only if Kaspersky Endpoint Security is used in Light Agent mode for protecting virtual environments.	SVM discovery settings. In this subsection, you can select the method that Light Agents use to discover SVMs available for connection. Integration Server connection settings. In this subsection, you can configure the connection of Light Agents to the Integration Server, a component of Kaspersky Security for Virtualization Light Agent. SVM connection tag. In this subsection, you can enable the Light Agent to use tags and assign a tag that the Light Agent will use for the connection. SVM selection algorithm. In this subsection, you can specify which SVM selection algorithm you want Light Agents to use. Connection protection. In this window, you can enable encryption of the data link between the Light Agent and the Protection Server.

Page top