Configuring group tasks in Kaspersky Security Center

When managing Kaspersky Embedded Systems Security for Windows from Kaspersky Security Center Cloud Console, you cannot add custom HTTP and FTP servers or network folders manually.

To configure a group task for multiple protected devices:

In the Kaspersky Security Center Administration Console tree, expand the Managed devices node and select the administration group for which you want to configure the application tasks.
In the details pane of a selected administration group, open the Tasks tab.
In the list of previously created group tasks, select a task you want to configure.
Open the Properties: <Task name> window in one of the following ways:
- Double-click the name of the task in the list of created tasks.
- Select the name of the task in the list of created tasks and click the Configure task link.
- Open the context menu of the task name in the list of created tasks and select the Properties item.
In the Notification section, configure the task event notification settings. For detailed information on configuring settings in this section, see Kaspersky Security Center Help.
Depending on the type of configured task, do one of the following:
- To configure an On-Demand Scan task:
  - In the Scan scope section, configure a scan scope.
  - In the Options section, configure the task priority level and integration with other software components.
- To configure an update task, adjust the task settings based on your requirements:
  - In the Settings section, configure update source settings and disk subsystem optimization.
  - Click the Connection settings button to configure update source connection settings.
- To configure the Software Modules Update task:
  - Go to the Settings section.
  - Choose an action to perform: copy and install critical updates of software modules or only check for them.
- To configure the Copying Updates task, specify the set of updates and the destination folder in the Copying updates settings section.
- To configure an Activation of the Application task:
  - In the Activation Settings section, specify the key file that you want to use to activate the application.
  - Select the Use as additional key check box if you want to add an activation code or key file for renewing the license.
- To configure the automatic generation of allowing rules for Device Control, in the Settings section, specify the settings that will be used to create the list of allowing rules.
Configure the task schedule in the Schedule section. You can configure a schedule for all task types except the Rollback of Database Update task.
In the Account section, specify the account whose rights will be used to run the task. For detailed information on configuring settings in this section, see Kaspersky Security Center Help.
If required, specify the objects to exclude from the task scope in the Exclusions from task scope section. For detailed information on configuring settings in this section, see Kaspersky Security Center Help.
Click the OK button in the Properties: <Task name> window.

The newly configured group task settings are saved.

Configurable group task settings are summarized in the table below.

Kaspersky Embedded Systems Security for Windows group tasks settings

Kaspersky Embedded Systems Security for Windows task types	Section in the Properties: <Task name> window	Task settings
Rule Generator for Applications Launch Control	Settings	While configuring the Rule Generator for Applications Launch Control task settings you can select how to create allowing rules: Create allowing rules based on running applications This check either box enables or disables generation of Applications Launch Control rules for applications that are already running. This option is recommended if the protected device has a reference set of applications based on which you want to create allowing rules. If this check box is selected, allowing rules for Applications Launch Control are generated based on running applications. If this check box is cleared, running applications are not taken into account when generating allowing rules. By default, the check box is cleared. This check box cannot be cleared if none of the folders are selected in the Create allowing rules for applications from the folders table. Create allowing rules for applications from the folders You can use the table to select or specify folders for the task and the types of executable files to be taken into account when creating Applications Launch Control rules. The task will generate allowing rules for files of the selected types that are located in the specified folders.
	Options	You can specify actions to perform while creating allowing rules for applications launch control: Use digital certificate Use digital certificate subject and thumbprint If the certificate is missing, use Use SHA256 hash Generate rules for user or group of users You can configure settings for configuration files with allowing rule lists that Kaspersky Embedded Systems Security for Windows creates upon task completion.
	Schedule	You can configure settings to start the task on a schedule.
Rule Generator for Device Control	Settings	Select the operation mode: consider system data about all external devices that have ever been connected or consider currently connected external devices only. Configure settings for configuration files with allowing rule lists that Kaspersky Embedded Systems Security for Windows creates upon task completion.
Rule Generator for Device Control	Schedule	You can configure settings to start the task on a schedule.
Activation of Application	Activation Settings	To activate the application or to renew the license, you can add a key file.
Activation of Application	Schedule	You can configure settings to start the task on a schedule.
Copying Updates	Update source	You can specify Kaspersky Security Center Administration Server or Kaspersky update servers as an application update source. You can also create a customized list of update sources: by adding custom HTTP and FTP servers or network folders manually and setting them as update sources. You can specify the usage of Kaspersky update servers, if manually customized servers are not available.
	Connection settings window	In the Connection settings window linked from the Update source section, you can specify whether a proxy server should be used to establish the connection to Kaspersky update servers or any other server.
	Copying updates settings	You can specify the set of updates intended for copying. In the Folder for local storage of copied updates field, specify a path to the folder that will be used by Kaspersky Embedded Systems Security for Windows to store copied updates.
	Schedule	You can configure settings to start the task on a schedule.
Database Update	Settings	You can specify Kaspersky Security Center Administration Server or Kaspersky update servers as an application update source in the Update source group box. You can also create a customized list of update sources: by adding custom HTTP and FTP servers or network folders manually and setting them as update sources. You can specify the usage of Kaspersky update servers, if manually customized servers are not available. In the Disk I/O usage optimization section you can configure the feature that reduces the workload on the disk subsystem: Lower the load on the disk I/O RAM used for optimization (MB)
	Connection settings window	In the Connection settings window linked from the Update source section, you can specify whether a proxy server should be used to establish the connection to Kaspersky update servers or any other server.
	Schedule	You can configure settings to start the task on a schedule.
Software Modules Update	Update source	You can specify Kaspersky Security Center Administration Server or Kaspersky update servers as an application update source. You can also create a customized list of update sources: by adding custom HTTP and FTP servers or network folders manually and setting them as update sources. You can specify the usage of Kaspersky update servers, if manually customized servers are not available.
	Connection settings window	In the Update source connection settings group box, you can specify whether a proxy server should be used to establish the connection to Kaspersky update servers or any other server.
	Settings	You can specify the actions that Kaspersky Embedded Systems Security for Windows will perform if critical application module updates are needed, as well as after installation of critical updates is complete. In addition, you can specify whether Kaspersky Embedded Systems Security for Windows will receive information about available scheduled updates.
	Schedule	You can configure settings to start the task on a schedule.
On-Demand Scan Settings	Scan scope	You can specify a scan scope for the On-Demand Scan task and configure security level settings.
	On-demand scan settings window	In the On-demand scan settings window linked from the Scan scope section, you can select one of the predefined security levels or customize a security level manually.
	Options	In the Heuristic analyzer settings block, you can enable or disable use of the heuristic analyzer for the On-Demand Scan task and set the analysis level using a slider. In the Integration with other components group box, you can configure the following settings: Apply Trusted Zone for On-Demand Scan tasks. Apply KSN usage for On-Demand Scan tasks. Set a priority for the On-Demand Scan task: perform task in background mode (low priority) or consider task a Critical Areas Scan.
	Schedule	You can configure settings to start the task on a schedule.
Application Integrity Control	Schedule	You can configure settings to start the task on a schedule.
Baseline File Integrity Monitor	Schedule	You can configure settings to start the task on a schedule.

For the Rollback of Database Update task, you can configure only the standard task settings controlled by Kaspersky Security Center in the Notification and Exclusions from task scope sections.

For detailed information on configuring settings in these sections, see Kaspersky Security Center Help.

In this section

Activation of the Application task

Update tasks

Application Integrity Control

Page top