You can specify the account under which you want to run a selected task for the following functional components of Kaspersky Embedded Systems Security:
Rule Generator for Applications Launch Control and Rule Generator for Device Control tasks
On-Demand Scan task
Update tasks
By default, these tasks are run using system account permissions.
A different account with proper access permissions is recommended in the following cases:
In the Update task, if you specified a public folder on a different device on the network as the update source.
In the Update task, if a proxy server with built-in Windows NTLM authentication is used to access the update source.
In On-Demand Scan tasks, if the system account does not possess permissions to access any of the scanned objects (for example, access to files in shared folders on the protected device).
In the Rule Generator for Applications Launch Control task, if after completion of the task the generated rules are exported to a configuration file located at a path that the system account cannot access (for example, in one of the shared folders on the protected device).
You can run Update, On-Demand Scan, and Rule Generator tasks with system account permissions. During execution of these tasks, Kaspersky Embedded Systems Security accesses shared folders on another device in the network if this device is registered in the same domain as the protected device. In this case, the system account must possess access permissions for these folders. Kaspersky Embedded Systems Security will access the device using permissions of the account <domain name \ device_name>.