Create a policy
This section contains instructions on how to start the New Policy Wizard to create a policy.
Create a policy from the folder of an administration group
- Start Kaspersky Security Center Administration Console.
- Maximize the Administration Server <Server name> node.
- In the console tree, click Managed devices.
- Select the administration group that contains the required client computer.
- In the workspace, select the Policies tab and click New policy.
The New Policy Wizard opens.
- Follow the steps of the New Policy Wizard to create a policy.
Create a policy from the Policies folder
- Start Kaspersky Security Center Administration Console.
- Maximize the Administration Server <Server name> node.
- In the console tree, click Policies.
- In the workspace, click New policy.
The New Policy Wizard opens.
- Follow the steps of the New Policy Wizard to create a policy.
To proceed to the next step of the wizard, click Next. To return to the previous step of the wizard, click . To exit the wizard at any step, click Cancel.
Note: The appearance of the buttons may vary depending on your version of Windows.
Step 1. Select an application
In the Select the application for which you want to create a group policy window, in the list of applications, select Kaspersky Endpoint Security for Mac (11.2.1).
Step 2. Specify the name of the policy
- In the Enter a group policy name window, in the Name field, specify the name of the policy that you are creating. The name can't contain the following symbols:
“ * < : > ? \ |
. - Select the Use policy settings for an earlier version of the application checkbox if you want to import the settings from an existing Kaspersky Endpoint Security policy to a new policy.
Step 3. Specify protection settings
In the Protection window, configure the following settings if necessary:
- Configure protection settings for the operating system on the client computer.
- Configure Trusted zone.
You can create a list of objects that Kaspersky Endpoint Security does not scan or monitor.
- Configure Trusted applications.
You can create a list of applications whose network activity will not be monitored by Kaspersky Endpoint Security.
- Select types of objects to be detected.
- Disable or enable the start of scheduled tasks when the computer is running on battery power.
Step 4. Configure File Threat Protection settings
In the File Threat Protection window, do the following if necessary:
- Enable or disable File Threat Protection.
By default, File Threat Protection is enabled.
- Select a security level.
By default, the security level recommended by Kaspersky is selected.
- Configure File Threat Protection settings.
- Select the action to be performed upon detecting a malicious object.
Step 5. Configure Web Threat Protection settings
In the Web Threat Protection window, do the following if necessary:
- Enable or disable Web Threat Protection.
By default, Web Threat Protection is enabled.
- Select a security level.
By default, the security level recommended by Kaspersky is selected.
- Configure Web Threat Protection settings.
- Select the action to be performed upon detecting a malicious object in web traffic.
Step 6. Configure Network Threat Protection settings
In the Network Threat Protection window, do the following if necessary:
Step 7. Configure update settings
In the Update window, do the following if necessary:
- Enable or disable updating of application modules.
- Specify update sources.
Step 8. Configure KSN settings
In the KSN window, do the following if necessary:
- Read the full text of the Kaspersky Security Network Statement by clicking the KSN Statement button.
- View information about KSN infrastructure provided by Kaspersky Security Center.
- Enable or disable the use of Kaspersky Security Network.
- Enable or disable extended KSN mode.
- Enable or disable the use of a KSN proxy.
- Enable or disable the use of Kaspersky servers when the KSN proxy is unavailable.
Note: Use of Kaspersky Security Network and a KSN proxy on remote computers is available only if Kaspersky Security Center Administration Server is used as the proxy server. For detailed information about Administration Server properties, see the Kaspersky Security Center help.
When Global KSN infrastructure is used by Kaspersky Security Center and you choose to participate in Kaspersky Security Network in policy settings, Kaspersky Endpoint Security statistics from client computers to which the policy is applied are automatically sent to Kaspersky to enhance protection of these computers.
Note: Kaspersky doesn't receive, process, or store any personal data without your explicit consent.
Data provided to Kaspersky when using Kaspersky Security Network in Global KSN infrastructure
If the I agree to use Kaspersky Security Network checkbox is selected and the Enable extended KSN mode checkbox is unselected, Kaspersky Endpoint Security provides to Kaspersky the following data:
- Information about the license used: the type and validity period of the license, number of days till license expiration, identifier of the partner from whom the license was purchased, Regional Activation Center identifier, checksum of the activation code, ticket body hash calculated using the SHA1 algorithm, license ticket creation date and time, license information identifier, license ticket identifier, license ticket sequence identifier, unique identifier of the user's computer, date from which the license ticket is valid, date to which the license ticket is valid, license ticket current state, ticket header version, license version, ticket header signature certificate identifier, checksum of the key file, ticket header signer serial number, authentication token.
- Full version of installed Software; type of installed Software; Software update ID; ID of reputation service; protocol type ID; ID of a regional activation center; version of list of revoked Software service's decisions; ID of the triggered record in the Software's anti-virus databases; timestamp of the triggered record in the Software's anti-virus databases; type of the triggered record in the Software's anti-virus databases; unique ID of the instance of application installation on the computer; license activation date; license expiration date; license identifier; status of the license used by the Software; checksum type for the object being processed; name of the detected malware or legitimate software that can be used to damage the user's device or data; checksum of the object being processed; checksum of the Software activation code; full version of the Software; unique device ID; Software ID; checksum of the Software key file; ID of the information model used to provide the Software license; identifier of the certificate used to sign the Software license ticket header; the Software license ticket create date and time; the Software license ticket checksum; the Software license ticket version; the Software activation code version; format of the data in the request to Rightholder infrastructure; current license ticket ID; the Software component ID; the result of the Software action; error code; accessed address of the web service (URL, IP); port number; web address of the source of the web service request (referrer).
If the I agree to use Kaspersky Security Network and Enable extended KSN mode checkboxes are selected, Kaspersky Endpoint Security provides to Kaspersky the following data:
- Information about the version of the operating system (OS) and service packs installed on the computer, version and checksums (MD5, SHA2-256, SHA1) of the OS kernel file, parameters of the OS run mode.
- Information about the failed last OS reboot: number of failed reboots.
- Information about the Kaspersky installed application and the anti-virus protection status: unique identifier of the instance of application installation on the computer, application type, ID of application type, the full version of the application installed, the identifier of the application settings version, the identifier of the computer type, the unique identifier of the computer on which the application is installed, the unique User identifier in the Kaspersky services, locale language and operation state, version of the installed Software components and their operation state, version of the protocol used to connect with the Kaspersky services.
- Full version of installed Software; type of installed Software; Software update ID; ID of reputation service; protocol type ID; ID of a regional activation center; version of list of revoked Software service`s decisions; ID of the triggered record in the Software's anti-virus databases; timestamp of the triggered record in the Software's anti-virus databases; type of the triggered record in the Software's anti-virus databases; Unique ID of the instance of application installation on the computer; license activation date; license expiration date; license identifier; status of the license used by the Software; checksum type for the object being processed; name of the detected malware or legitimate software that can be used to damage the user's device or data; checksum of the object being processed; checksum of the Software activation code; full version of the Software; unique device ID; Software ID; checksum of the Software key file; ID of the information model used to provide the Software license; identifier of the certificate used to sign the Software license ticket header; the Software license ticket create date and time; the Software license ticket checksum; the Software license ticket version; the Software activation code version; format of the data in the request to Rightholder infrastructure; current license ticket ID; the Software component ID; the result of the Software action; error code; accessed address of the web service (URL, IP); port number; web address of the source of the web service request (referrer).
- Information about all scanned objects and operations: the name of the scanned object, the date and time of the scan, the URL- and Referrer addresses from which it was downloaded, the size of scanned files and the paths to them, the archive sign, the date and time of the file's creation, the name, size and checksums (MD5, SHA2-256) of the packer (if the file was packed), the file's entropy, the file's type, the file type code, the executable file sign, ID and format, the object's checksum (MD5, SHA2-256), the type and value of the object's supplementary checksum, data about the object's digital signature (certificate): data on the certificate's publisher, number of starts of the object since the last statistics delivery, ID of the application's scanning task, the means of receiving information about the object's reputation, the value of the target filter, technical parameters of the applicable detection technologies.
For executable files: the entropy of the file sections, reputation verification flag or file signature flag, name, type, ID type, checksum (MD5) and the size of the application that was loaded by the object being validated, the application path and template paths, an attribute indicating presence in the Autorun list, date of entry, the list of attributes, name of the packer, information about the digital signature of the application: the publisher certificate, the name of the uploaded file in the MIME format, file build date and time.
- Information about the applications launched and their modules: checksums (MD5, SHA2-256) of running files, size, attributes, creation date, name of the packer (if the file was packed), names of files, information about processes running on the system (process ID (PID), process name, information about the account the process was started from, the application and command that started the process, the full path to the process's files, and the starting command line, a description of the application that the process belongs to (the name of the application and information about the publisher), as well as the digital certificates being used and information needed to verify their authenticity or information about the absence of a file's digital signature), and information about the modules loaded into the processes: their names, sizes, types, creation dates, attributes, checksums (MD5, SHA2-256, SHA1), the paths to them, PE-file header information, names of packers (if the file was packed), information about the availability and validity of these statistics, identifier of the mode for generating the statistics being sent.
- If threats or vulnerabilities are detected, in addition to information about the detected object, information is provided about the identifier, version, and type of the record in the anti-virus database, the name of the threat based on the Kaspersky classification, the date and time of the last update of the anti-virus database, executable file name, the checksum (MD5) of the application file that requested the URL where the threat was detected, the IP address (IPv4 or IPv6) of the detected threat, the vulnerability identifier and its threat level, the URL and Referrer of the web page where the vulnerability was detected.
- If a potentially malicious object is detected, information is provided about data in the processes' memory.
- Network attack information: IP address of the attacking computer and number of the port on the user's computer targeted by the network attack, ID of the attack protocol, name and type of attack.
- Information about network connections: version and checksums (MD5, SHA2-256, SHA1) of the file from which process was started that opened the port, the path to the process's file and its digital signature, local and remote IP addresses, numbers of local and remote connection ports, connection state, timestamp of the port's opening.
- The URL and IP address of the web page where harmful or suspicious content was detected, the name, size, and checksum of the file that requested the URL, the identifier, weight and degree of the rule used to reach a verdict, the objective of the attack.
- Information about updates of the installed application and anti-virus databases: status of completion of the update task, type of error that may have occurred during the update process, the number of unsuccessful updates, the identifier of the application component that performs updates.
- Information about the use of Kaspersky Security Network (KSN): KSN identifier, application identifier, full version of the application, depersonalized IP address of the user's device, indicators of the quality of fulfillment of KSN requests, indicators of the quality of the processing of KSN packets, indicators of the number of KSN requests and information about the types of KSN requests, date and time when statistics began being sent, date and time when statistics finished being sent, information about KSN configuration updates: identifier of the active configuration, identifier of the configuration received, error code of the configuration update.
- Information about system log events: event time, name of the log where the event has been detected, type and category of event, name of the event source and event description.
- Information to determine the reputation of files and URL-addresses: the URL-address at which the reputation is being requested and the Referrer, the connection's protocol type, the internal identifier of the application type, the number of the port being used, the User identifier, checksum of the scanned file (MD5), type of the detected threat, information about the record used to detect a threat (record identifier for the anti-virus databases, the record timestamp and type).
- Data on the application territorial distribution: date of the application installation and activation, ID of the partner providing the license for the application activation, application ID, application language localization ID, license serial number for the application activation, KSN participation sign.
- Information about the license used: the type and validity period of the license, number of days till license expiration, identifier of the partner from whom the license was purchased, Regional Activation Center identifier, checksum of the activation code, ticket body hash calculated using the SHA1 algorithm, license ticket creation date and time, license information identifier, license ticket identifier, license ticket sequence identifier, unique identifier of the user's computer, date from which the license ticket is valid, date to which the license ticket is valid, license ticket current state, ticket header version, license version, ticket header signature certificate identifier, checksum of the key file, ticket header signer serial number, authentication token.
- Information about hardware installed on the computer: type, name, model name, firmware version, parameters of built-in and connected devices.
- Information about the operation of the Web Control component: component version, categorization reason, additional information about categorization reason, categorized URL, host IP address of blocked/categorized object.
When Private KSN infrastructure is used by Kaspersky Security Center and you choose to participate in Kaspersky Security Network in policy settings, Kaspersky Endpoint Security doesn't send statistics from client computers to which the policy is applied to Kaspersky.
After a policy is deleted or made inactive, KSN settings on a client computer return to the initial state.
Step 9. Configure user interaction settings
In the User Interaction window, configure the Kaspersky Endpoint Security settings for interaction with the user of the client computer if necessary.
Step 10. Configure network connection settings
In the Network window, do the following if necessary:
Step 11. Configure Reports and Backup settings
In the Reports and Backup window, do the following if necessary:
- Configure settings for generating and storing reports.
- Configure settings for storing objects in Backup.
Step 12. Configure FileVault Disk Encryption
In the FileVault Disk Encryption window, do the following if necessary:
If the Enable FileVault disk encryption management checkbox is unselected, users with administrator rights can encrypt and decrypt their Mac startup disks from System Settings.
If the Enable FileVault disk encryption management checkbox and the Encrypt disk option are selected, users with administrator rights can't decrypt the startup disk of their Mac from System Settings.
If the Enable FileVault disk encryption management checkbox and the Decrypt disk option are selected, users with administrator rights can't encrypt the startup disk of their Mac from System Settings.
Step 13. Configure Web Control
In the Web Control window, do the following if necessary:
- Enable or disable Web Control.
Note: If you enable Web Control to block access to dangerous web resources, Kaspersky Endpoint Security displays the Web Control is enabled notification in Protection Center on the remote computer.
Kaspersky Endpoint Security displays notifications when the user accesses web resources blocked by Web Control on the remote computer if the Check secure connections (HTTPS) checkbox is selected in the Network window of the New policy Wizard.
- Add a new rule for Web Control by clicking Add.
You can enter a rule name, choose whether the rule is active, specify a rule area by creating a list of specific web addresses or selecting website categories, and select an action that Kaspersky Endpoint Security performs when a user accesses a website included in this rule.
- Edit, delete, or organize created rules in the list.
The order in which the rules are sorted determines the priority of their application by Kaspersky Endpoint Security.
Step 14. Configure Managed Detection and Response
In the Managed Detection and Response window, do the following if necessary:
- Enable or disable Managed Detection and Response. By default, Managed Detection and Response is disabled.
- Import or delete a configuration file for activating the Managed Detection and Response component on managed devices.
If the Managed Detection and Response checkbox is selected and the MDR configuration file is imported, the Managed Detection and Response component is active and interacts with the Kaspersky Managed Detection and Response service. This service constantly detects and eliminates security threats aimed at your organization.
Step 15. Define the administration group to which the policy will be applied
In the Target group window, click Browse to select an administration group to which you want to apply the policy.
Step 16. Select the policy status and complete the creation of a policy
In the Create the group policy for the application window, do the following:
- Select the status that will be assigned to the policy:
- Active policy: the policy is applied to the selected administration group.
- Inactive policy: the policy is not applied.
- Out-of-office policy: the policy is applied to the selected administration group when the computers are disconnected from the corporate network.
Note: You can create multiple policies for an application in an administration group, but only one of them can be active.
For detailed information about policy statuses, see the Kaspersky Security Center help.
- Select the Open policy properties immediately after it is created checkbox if you want to review the policy settings after the policy is created.
- Click Finish to close the New Policy Wizard.
The policy that you have created appears on the Policies tab in the workspace of the relevant administration group. The policy is applied to client computers after their first synchronization with Administration Server.
You can edit the settings of the policy you have created. You can also prohibit or allow changes to each group of settings from a client computer using the and buttons for each group of settings. The button next to a group of settings signifies that the user of a client computer is not allowed to edit these settings on the user's computer. The button next to a group of settings signifies that the user of a client computer is allowed to edit these settings on the user's computer.
Page top