Creating a policy

The process of creating a policy involves the following steps:

  1. Creating a policy using the policy wizard. The Real-Time Computer Protection tasks settings can be configured using the wizard dialogs.
  2. Configuring policy settings. In the Properties: <Policy name> window of the created policy, you can define the Real-Time Computer Protection tasks settings, the general settings of Kaspersky Embedded Systems Security, the Quarantine and Backup settings, the level of detail for task logs, as well as user and administrator notifications about Kaspersky Embedded Systems Security events.

To create a policy for a group of protected devices running the installed Kaspersky Embedded Systems Security:

  1. Expand the Managed devices node in the Kaspersky Security Center Administration Console tree, then select the administration group containing the protected devices for which you wish to create a policy.
  2. In the details pane of the selected administration group, select the Policies tab and click the Create a policy link to start the wizard and create a policy.

    The New Policy Wizard window opens.

  3. In the Select the application for which you want to create a group policy window, select Kaspersky Embedded Systems Security and click Next.
  4. Enter a group policy name in the Name field.

    The policy name cannot contain the following symbols: " * < : > ? \ | .

  5. To apply a policy configuration used in a previous version of the application:
    1. Select the Use settings from policy for previous versions of application check box.
    2. Click the Select button.
    3. Select the policy you want to apply.
    4. Click Next.
  6. In the Operation type selection window, select one of the following options:
    • New, to create new a policy with default settings.
    • Import policy created with previous versions of Kaspersky Embedded Systems Security, to use the imported policy as a template.
    • Click Browse and select a configuration file with an existing policy.
  7. In the Real-Time Computer Protection window, configure the Real-Time File Protection, KSN Usage tasks, Exploit Prevention, and Script Monitoring as required. Allow or block the use of configured policy tasks on protected devices on the network:
    • Click the "Lock" icon button to allow changes to task settings on network protected devices and block the application of task settings configured in the policy.
    • Click the "Open lock" icon button to deny changes to task settings on network protected devices and allow the application of task settings configured in the policy.

    The newly created policy uses the default settings of the Real-Time Computer Protection tasks.

    • To edit the default settings of the Real-Time File Protection task, click the Settings button in the Real-Time File Protection subsection. In the window that opens, configure the task according to your needs. Click OK.
    • To edit the default settings of the KSN Usage task, click the Settings button in the KSN Usage subsection. In the window that opens, configure the task according to your needs. Click OK.

      To start the KSN Usage task, you need to accept the KSN Statement in the KSN data handling window.

    • To edit the default settings of the Exploit Prevention component, click the Settings button in the Exploit Prevention subsection. In the window that opens, configure the functionality according to your needs. Click OK.
  8. Select one of the following policy statuses in the Create the group policy for the application window:
    • Active policy if you want to apply the policy immediately after it is created. If an active policy already exists in the group, it is deactivated and a new policy is applied.
    • Inactive policy if you do not want to apply the created policy immediately. In this case the policy may be activated later.
    • Select the Open policy properties immediately after they are created check box to automatically close the New Policy Wizard and configure the newly created policy after clicking the Next button.
  9. Click the Finish button.

The created policy appears in the list of policies on the Policies tab of the selected administration group. In the Properties: <Policy name> window, you can configure other settings, tasks and functions of Kaspersky Embedded Systems Security.

Page top