Kaspersky Embedded Systems Security
- About Kaspersky Embedded Systems Security
- What's new
- Sources of information about Kaspersky Embedded Systems Security
- Kaspersky Embedded Systems Security
- Installing and removing the application
- Kaspersky Embedded Systems Security software component codes for the Windows Installer service
- System changes after Kaspersky Embedded Systems Security installation
- Kaspersky Embedded Systems Security processes
- Installation and uninstallation settings and command line options for the Windows Installer service
- Kaspersky Embedded Systems Security install and uninstall logs
- Installation planning
- Installing and uninstalling the application using a wizard
- Installing using the Setup Wizard
- Modifying the set of components and repairing Kaspersky Embedded Systems Security
- Uninstalling using the Setup Wizard
- Installing and uninstalling the application from the command line
- About installing and uninstalling Kaspersky Embedded Systems Security from command line
- Example commands for installing Kaspersky Embedded Systems Security
- Actions to perform after Kaspersky Embedded Systems Security installation
- Adding / removing components. Sample commands
- Kaspersky Embedded Systems Security uninstallation. Sample commands
- Return codes
- Installing and uninstalling the application using Kaspersky Security Center
- General information about installing via Kaspersky Security Center
- Rights to install or uninstall Kaspersky Embedded Systems Security
- Installing Kaspersky Embedded Systems Security via Kaspersky Security Center
- Actions to perform after Kaspersky Embedded Systems Security installation
- Installing the Application Console via Kaspersky Security Center
- Uninstalling Kaspersky Embedded Systems Security via Kaspersky Security Center
- Installing and uninstalling via Active Directory group policies
- Checking Kaspersky Embedded Systems Security functions. Using the EICAR test virus
- Other limitations
- Application interface
- Application licensing
- About the End User License Agreement
- About the license
- About license certificate
- About the key
- About the key file
- About activation code
- About data provision
- Activating the application with a key file
- Activating the application with an activation code
- Viewing information about the current license
- Functional limitations when the license expires
- Renewing the license
- Deleting the key
- Working with the Administration Plug-in
- Managing Kaspersky Embedded Systems Security from Kaspersky Security Center
- Managing application settings
- Creating and configuring policies
- Creating and configuring tasks using Kaspersky Security Center
- About task creation in Kaspersky Security Center
- Creating a task using Kaspersky Security Center
- Configuring local tasks in the Application settings window of the Kaspersky Security Center
- Configuring group tasks in Kaspersky Security Center
- Configuring crash diagnostics settings in Kaspersky Security Center
- Managing task schedules
- Reports in Kaspersky Security Center
- Working with the Kaspersky Embedded Systems Security Console
- About the Kaspersky Embedded Systems Security Console
- Kaspersky Embedded Systems Security Console interface
- Managing Kaspersky Embedded Systems Security via the Application Console on another device
- Configuring general application settings via the Application Console
- Managing Kaspersky Embedded Systems Security tasks
- Viewing protection status and Kaspersky Embedded Systems Security information
- Working with the Web Plug-in
- Managing Kaspersky Embedded Systems Security from Kaspersky Security Center Web Console
- Web Plug-in limitations
- Managing application settings
- Creating and configuring policies
- Creating and configuring tasks using Kaspersky Security Center
- Reports in Kaspersky Security Center
- Compact Diagnostic Interface
- Updating Kaspersky Embedded Systems Security databases and software modules
- About Update tasks
- About Software Modules Update
- About Databases Update
- Schemes for updating anti-virus application databases and modules used within an organization
- Configuring Update tasks
- Rolling back Kaspersky Embedded Systems Security database updates
- Rolling back application module updates
- Update task statistics
- Isolating objects and copying backups
- Isolating probably infected objects. Quarantine
- About quarantining probably infected objects
- Viewing quarantine objects
- Quarantine Scan
- Restoring quarantined objects
- Moving objects to Quarantine
- Deleting objects from Quarantine
- Sending probably infected objects to Kaspersky Kaspersky for analysis
- Configuring Quarantine settings
- Quarantine statistics
- Making backup copies of objects. Backup
- Blocking access to network resources. Blocked Hosts
- Isolating probably infected objects. Quarantine
- Event registration. Kaspersky Embedded Systems Security logs
- Notification settings
- Starting and stopping Kaspersky Embedded Systems Security
- Kaspersky Embedded Systems Security self-defense
- About Kaspersky Embedded Systems Security self-defense
- Protection from changes to folders with installed Kaspersky Embedded Systems Security components
- Protection from changes to Kaspersky Embedded Systems Security registry keys
- Registering the Kaspersky Security Service as a protected service
- Managing access permissions for Kaspersky Embedded Systems Security functions
- About permissions to manage Kaspersky Embedded Systems Security
- About permissions to manage registered services
- About access permissions for the Kaspersky Security Management Service
- About permissions to manage the Kaspersky Security Service
- Managing access permissions via the Administration Plug-in
- Managing access permissions via the Application Console
- Managing access permissions via the Web Plug-in
- Real-Time File Protection
- About Real-Time File Protection task
- About the task protection scope and security settings
- About virtual protection scopes
- Predefined protection scopes
- About predefined security levels
- File extensions scanned by default in the Real-Time File Protection task
- Default Real-Time File Protection task settings
- Managing the Real-Time File Protection task via the Administration Plug-in
- Managing Real-Time File Protection task via the Application Console
- Managing Real-Time File Protection task via the Web Plug-in
- KSN Usage
- Network Threat Protection
- About the Network Threat Protection task
- Default Network Threat Protection task settings
- Configuring the Network Threat Protection task via the Application Console
- Configuring the Network Threat Protection task via the Administration Plug-in
- Configuring the Network Threat Protection task via the Web Plug-in
- Applications Launch Control
- About the Applications Launch Control task
- About Applications Launch Control rules
- About Software Distribution Control
- About KSN usage for the Applications Launch Control task
- About Applications Launch Control rules generation
- Default Applications Launch Control task settings
- Managing Applications Launch Control via the Administration Plug-in
- Navigation
- Configuring Applications Launch Control task settings
- Configuring Software Distribution Control
- Configuring the Rule Generator for Applications Launch Control task
- Configuring Applications Launch Control rules via the Kaspersky Security Center
- Adding an Applications Launch Control rule
- Enabling the Default Allow mode
- Creating allowing rules from Kaspersky Security Center events
- Importing rules from a Kaspersky Security Center report on blocked applications
- Importing Applications Launch Control rules from an XML file
- Checking application launches
- Creating a Rule Generator for Applications Launch Control task
- Managing Applications Launch Control via the Application Console
- Managing Applications Launch Control via the Web Plug-in
- Device Control
- About Device Control task
- About Device Control rules
- About Device Control rules generation
- About Rule Generator for Device Control task
- Device Control default task settings
- Managing Device Control via the Administration Plug-in
- Navigation
- Configuring Device Control task
- Configuring the Rule Generator for Device Control task
- Configuring Device Control rules via the Kaspersky Security Center
- Creating allowing rules based on system data in a Kaspersky Security Center policy
- Generating rules for connected devices
- Importing rules from the Kaspersky Security Center report on blocked devices
- Creating rules using the Rule Generator for Device Control task
- Adding generated rules to the Device Control rules list
- Managing Device Control via the Application Console
- Navigation
- Configuring Device Control task settings
- Configuring Device Control rules
- Importing Device Control rules from XML file
- Filling rules list basing on Device Control task events
- Adding an allowing rule for one or several external devices
- Removing Device Control rules
- Exporting Device Control rules
- Activating and deactivating of Device Control rules
- Expanding Device Control rules usage scope
- Configuring Rule Generator for Device Control task
- Managing Device Control via the Application Console Web Plug-in
- Firewall Management
- File Integrity Monitor
- Log Inspection
- On-Demand Scan
- About On-Demand Scan tasks
- About the task scan scope and security settings
- Predefined scan scopes
- Online storage file scanning
- About predefined security levels
- About the Removable Drives Scan
- About the Baseline File Integrity Monitor task
- Enabling start of On-Demand Scan task from context menu
- Default On-Demand Scan tasks settings
- Managing On-Demand Scan tasks via the Administration Plug-in
- Managing On-Demand Scan tasks via the Application Console
- Managing On-Demand Scan tasks via the Web Plug-in
- Trusted Zone
- Exploit Prevention
- Integrating with third-party systems
- Performance counters for System Monitor
- About Kaspersky Embedded Systems Security performance counters
- Total number of requests denied
- Total number of requests skipped
- Number of requests not processed because of lack of system resources
- Number of requests sent to be processed
- Average number of file interception dispatcher streams
- Maximum number of file interception dispatcher streams
- Number of elements in the infected objects queue
- Number of objects processed per second
- Kaspersky Embedded Systems Security SNMP counters and traps
- Integrating with WMI
- Performance counters for System Monitor
- Working with Kaspersky Embedded Systems Security from the command line
- Commands
- Displaying Kaspersky Embedded Systems Security command help: KAVSHELL HELP
- Starting and stopping the Kaspersky Security Service KAVSHELL START: KAVSHELL STOP
- Scanning a selected area: KAVSHELL SCAN
- Starting the Critical Areas Scan task: KAVSHELL SCANCRITICAL
- Managing tasks asynchronously: KAVSHELL TASK
- Removing the PPL attribute: KAVSHELL CONFIG
- Starting and stopping Real-Time Computer Protection tasks: KAVSHELL RTP
- Managing the Applications Launch Control task: KAVSHELL APPCONTROL /CONFIG
- Rule Generator for Applications Launch Control: KAVSHELL APPCONTROL /GENERATE
- Filling the list of Applications Launch Control rules: KAVSHELL APPCONTROL
- Filling the list of Device Control rules: KAVSHELL DEVCONTROL
- Starting the Database Update task: KAVSHELL UPDATE
- Rolling back Kaspersky Embedded Systems Security database updates: KAVSHELL ROLLBACK
- Managing log inspection: KAVSHELL TASK LOG-INSPECTOR
- Enabling, configuring and disabling trace logs: KAVSHELL TRACE
- Defragmenting Kaspersky Embedded Systems Security log files: KAVSHELL VACUUM
- Cleaning iSwift base: KAVSHELL FBRESET
- Enabling and disabling dump file creation: KAVSHELL DUMP
- Importing settings: KAVSHELL IMPORT
- Exporting settings: KAVSHELL EXPORT
- Integration with Microsoft Operations Management Suite: KAVSHELL OMSINFO
- Managing the Baseline File Integrity Monitor task: KAVSHELL FIM /BASELINE
- Command return codes
- Return code for the KAVSHELL START and KAVSHELL STOP commands
- Return code for KAVSHELL SCAN and KAVSHELL SCANCRITICAL commands
- Return codes for the KAVSHELL TASK LOG-INSPECTOR command
- Return codes for the KAVSHELL TASK command
- Return codes for the KAVSHELL RTP command
- Return codes for the KAVSHELL UPDATE command
- Return codes for the KAVSHELL ROLLBACK command
- Return codes for the KAVSHELL LICENSE command
- Return codes for the KAVSHELL TRACE command
- Return codes for the KAVSHELL FBRESET command
- Return codes for the KAVSHELL DUMP command
- Return codes for the KAVSHELL IMPORT command
- Return codes for the KAVSHELL EXPORT command
- Return codes for the KAVSHELL FIM /BASELINE command
- Commands
- Contacting Technical Support
- Glossary
- Active key
- Administration Server
- Anti-virus databases
- Archive
- Backup
- Disinfection
- Event severity
- False positive
- File mask
- Heuristic analyzer
- Infectable file
- Infected object
- Kaspersky Security Network (KSN)
- License term
- Local task
- OLE object
- Policy
- Protection status
- Quarantine
- Security level
- SIEM
- Startup objects
- Task
- Task settings
- Update
- Vulnerability
- Information about third-party code
- Trademark notices
Filling rules list basing on Device Control task events
To create a configuration file that contains device control rules list basing on the Device Control task events:
- Start the Device Control task in the Statistics only mode, to log all events of flash drives and other external devices connections to a protected device.
- Upon the completion of the task in the Statistics only mode, open the task log by clicking the Open task log button in the Management section of the Device Control node details pane.
- In the Logs window click the Generate rules based on events.
Kaspersky Embedded Systems Security will create an XML configuration file that contains a rules list generated basing on events of the Device Control task in the Statistics only mode. You can apply this list in the Device Control task.
Before applying a rules list generated basing on the task events, it is recommended to review and then manually process the rules list to make certain that there are no untrusted devices allowed by the specified rules.
During the conversion of an XML file with the task events to a rules list, the application generates allowing rules for all registered events, including the devices restrictions.
All the task events are registered in the task log regardless of the task mode. You can create a configuration file with a rules list basing on the events of the task in the Active mode. This scenario is not recommended except urgent cases, as far as the task efficiency requires to generate a final rule list version before the task is run in the active mode.