Configure policy settings

You can make changes to the policy that you created in Kaspersky Security Center and block any changes to its settings in the policies of subgroups and in task settings.

Kaspersky Endpoint Security policy settings include application settings and task settings.

Start Kaspersky Security Center Administration Console.
Maximize the Administration Server <Server name> node.
In the console tree, click Managed devices.
In the workspace, select the Policies tab.
Right-click the policy you want to configure and choose Properties.
In the Properties: <Policy name> window, configure the policy settings:
- In the Essential Threat Protection section
  Configure the following File Threat Protection settings
  - Enable or disable File Threat Protection.
  - Select one of the preset security levels or configure security settings manually.
  - Select the action to be performed upon detecting a malicious object.
  Configure the following Web Threat Protection settings
  - Enable or disable Web Threat Protection.
  - Select one of the preset security levels or configure security settings manually.
  - Enable or disable checking of web addresses against the database of malicious web addresses.
  - Configure the Anti-Phishing settings.
  - Add trusted addresses whose traffic will not be scanned by Web Threat Protection.
  - Select the action to be performed upon detecting a malicious object in web traffic.
  Configure the following Network Threat Protection settings
  - Enable or disable Network Threat Protection.
  - Configure the Network Threat Protection settings.
  - Specify the IP addresses of computers whose network activity will not be blocked.
- In the Advanced Threat Protection section
  Configure the following KSN settings
  - Read the full text of the Kaspersky Security Network Statement by clicking KSN Statement.
  - Enable or disable the use of Kaspersky Security Network.
  - Enable or disable extended KSN mode.
  - Enable or disable the use of a KSN proxy.
  - Enable or disable the use of Kaspersky servers when the KSN proxy is unavailable.
  Note: Use of Kaspersky Security Network and a KSN proxy on remote computers is available only if Kaspersky Security Center Administration Server is used as the proxy server. For detailed information about Administration Server properties, see the Kaspersky Security Center help.
- In the Security Controls section
  Configure the following Web Control settings
  - Enable or disable Web Control.
  - Add a new rule for Web Control by clicking Add.
  - Edit, delete, or organize created rules in the list.
- In the Data Encryption section
  Configure the following FileVault disk encryption settings
  - Enable or disable FileVault disk encryption management for client computers.
  - Encrypt or decrypt the startup disk on client computers.
    If the Enable FileVault disk encryption management checkbox is unselected, users with administrator rights can encrypt and decrypt their Mac startup disks from System Settings.
    
    If the Enable FileVault disk encryption management checkbox and the Encrypt disk option are selected, users with administrator rights can't decrypt the startup disk of their Mac from System Settings.
    
    If the Enable FileVault disk encryption management checkbox and the Decrypt disk option are selected, users with administrator rights can't encrypt the startup disk of their Mac from System Settings.
- In the Detection and Response section
  Configure the following Managed Detection and Response settings
  - Enable or disable Managed Detection and Response.
  - Import or delete a configuration file which is used to activate the Managed Detection and Response component on managed devices.
- In the Update section
  Configure the following Update settings
  - Enable or disable updating application modules.
  - Specify update sources.
- In the Additional settings section
  Configure the following protection settings
  - Enable or disable real-time protection of the client computer.
  - Enable or disable the start of Kaspersky Endpoint Security when the client computer starts.
  - Configure Trusted zone.
  - Configure Trusted applications.
  - Select types of objects to be detected.
  - Disable or enable the start of scheduled tasks when the computer is running on battery power.
  Configure the following network settings
  - Enable or disable the use of a proxy server.
  - Specify the proxy server address.
  - Enable or disable the use of a proxy server for local addresses.
  - Specify the user name and password for proxy server authentication.
  - Enable or disable scanning of inbound and outbound HTTPS traffic.
  - Configure monitored ports.
  Configure the following Reports and Backup settings
  - Enable or disable saving of non-critical events in the report.
  - Enable or disable saving of recent events only.
  - Enable or disable removal of events after the specified period.
  - Specify the period for storing events.
  - Enable or disable removal of objects from Backup after the specified period.
  - Specify the period for storing objects in Backup.
  Configure the following user interaction settings
  - Enable or disable event notifications.
  - Select how Kaspersky Endpoint Security will notify the user about events.
  - Enable or disable displaying the Kaspersky Endpoint Security icon in the menu bar.
  - Configure whether a user can open the Kaspersky Endpoint Security main window and use the application interface on the client computer.
  - Enable or disable availability of the Quit item in the shortcut menu of the Kaspersky Endpoint Security icon on the client computer.
  - Select the language used to display Kaspersky Security Center events.
  - Configure the Kaspersky Endpoint Security settings available to users of the client computer.
Click OK to save changes and close the policy properties window.

Page top