Kaspersky Embedded Systems Security 3.4 for Windows
- About Kaspersky Embedded Systems Security for Windows
- What's new
- Sources of information about Kaspersky Embedded Systems Security for Windows
- Kaspersky Embedded Systems Security for Windows
- Installing and removing the application
- About Kaspersky Embedded Systems Security for Windows update
- Migrating settings values of the updated application version
- About Kaspersky Embedded Systems Security for Windows Administration Tools update
- Kaspersky Embedded Systems Security for Windows software component codes for the Windows Installer service
- System changes after Kaspersky Embedded Systems Security for Windows installation
- Kaspersky Embedded Systems Security for Windows processes
- Installation and recovery settings, and Windows Installer command-line options
- Kaspersky Embedded Systems Security for Windows install and uninstall logs
- Installation planning
- Installing and uninstalling the application using a wizard
- Installing using the Setup Wizard
- Modifying the set of components and repairing Kaspersky Embedded Systems Security for Windows
- Uninstalling using the Setup Wizard
- Installing and uninstalling the application from the command line
- About installing and uninstalling Kaspersky Embedded Systems Security for Windows from command line
- Example commands for installing Kaspersky Embedded Systems Security for Windows
- Actions to perform after Kaspersky Embedded Systems Security for Windows installation
- Adding / removing components. Sample commands
- Kaspersky Embedded Systems Security for Windows uninstallation. Sample commands
- Return codes
- Installing and uninstalling the application using Kaspersky Security Center
- General information about installing via Kaspersky Security Center
- Rights to install or uninstall Kaspersky Embedded Systems Security for Windows
- Installing Kaspersky Embedded Systems Security for Windows via Kaspersky Security Center
- Actions to perform after Kaspersky Embedded Systems Security for Windows installation
- Installing the Application Console via Kaspersky Security Center
- Uninstalling Kaspersky Embedded Systems Security for Windows via Kaspersky Security Center
- Installing and uninstalling via Active Directory group policies
- Checking Kaspersky Embedded Systems Security for Windows functions. Using the EICAR test virus
- Application interface
- Application licensing
- About the End User License Agreement
- About the license
- About license certificate
- About the key
- About the key file
- About activation code
- About data provision
- Activating the application with a key file
- Activating the application with an activation code
- Viewing information about current license
- Functional limitations when the license expires
- Renewing license
- Deleting the key
- Working with the Administration Plug-in
- Managing Kaspersky Embedded Systems Security for Windows from Kaspersky Security Center
- Managing application settings
- Creating and configuring policies
- Creating and configuring tasks using Kaspersky Security Center
- About task creation in Kaspersky Security Center
- Creating a task using Kaspersky Security Center
- Going to the local task settings and general application settings for an individual computer
- Configuring group tasks in Kaspersky Security Center
- Configuring crash diagnostics settings in Kaspersky Security Center
- Managing task schedules
- Reports in Kaspersky Security Center
- Working with the Kaspersky Embedded Systems Security for Windows Console
- About the Kaspersky Embedded Systems Security for Windows Console
- Kaspersky Embedded Systems Security for Windows Console interface
- Managing Kaspersky Embedded Systems Security for Windows via the Application Console on another device
- Configuring general application settings via the Application Console
- Managing Kaspersky Embedded Systems Security for Windows tasks
- Viewing protection status and Kaspersky Embedded Systems Security for Windows information
- Working with the Web Plug-in from Web Console and Cloud Console
- Managing Kaspersky Embedded Systems Security for Windows from Web Console and Cloud Console
- Web Plug-in limitations
- Managing application settings
- Creating and configuring policies
- Creating and configuring tasks using Kaspersky Security Center
- Reports in Kaspersky Security Center
- Compact Diagnostic Interface
- Kaspersky Embedded Systems Security for Windows database and software modules update
- About Update tasks
- About Software Modules Update
- About Database Update
- Kaspersky Embedded Systems Security for Windows database and software modules updating schemes
- Configuring Update tasks
- Rolling back Kaspersky Embedded Systems Security for Windows database updates
- Rolling back application module updates
- Update task statistics
- Isolating objects and copying backups
- Isolating probably infected objects. Quarantine
- Making backup copies of objects. Backup
- Blocking access to network resources. Blocked network sessions
- Event registration. Kaspersky Embedded Systems Security for Windows logs
- Ways to register Kaspersky Embedded Systems Security for Windows events
- System audit log
- Task logs
- Security log
- Viewing the event log of Kaspersky Embedded Systems Security for Windows in Event Viewer
- Configuring log settings via the Application Console
- Configuring logs and notifications settings via the Administration Plug-in
- Notification settings
- Starting and stopping Kaspersky Embedded Systems Security for Windows
- Starting the Kaspersky Embedded Systems Security for Windows Administration Plug-in
- Starting the Kaspersky Embedded Systems Security for Windows Console from the Start menu
- Starting and stopping the Kaspersky Security Service
- Starting Kaspersky Embedded Systems Security for Windows components in the operating system safe mode
- Kaspersky Embedded Systems Security for Windows self-defense
- About Kaspersky Embedded Systems Security for Windows self-defense
- Protection from changes to folders with installed Kaspersky Embedded Systems Security for Windows components
- Protection from changes to Kaspersky Embedded Systems Security for Windows registry keys
- Registering Kaspersky Security as a protected service
- Managing access permissions for Kaspersky Embedded Systems Security for Windows functions
- About permissions to manage Kaspersky Embedded Systems Security for Windows
- About permissions to manage registered services
- About access permissions for the Kaspersky Security Management Service
- About permissions to manage the Kaspersky Security Service
- Managing access permissions via the Administration Plug-in
- Managing access permissions via the Application Console
- Managing access permissions via the Web Plug-in
- Real-Time File Protection
- About the Real-Time File Protection task
- About the task protection scope and security settings
- About virtual protection scopes
- Predefined protection scopes
- About predefined security levels
- File extensions scanned by default in the Real-Time File Protection task
- Default Real-Time File Protection task settings
- Managing the Real-Time File Protection task via the Administration Plug-in
- Managing the Real-Time File Protection task via the Application Console
- Managing Real-Time File Protection task via the Web Plug-in
- KSN Usage
- Network Threat Protection
- About the Network Threat Protection task
- Default Network Threat Protection task settings
- Configuring the Network Threat Protection task via the Application Console
- Configuring the Network Threat Protection task via the Administration Plug-in
- Configuring the Network Threat Protection task via the Web Plug-in
- Applications Launch Control
- About the Applications Launch Control task
- About Applications Launch Control rules
- About Software Distribution Control
- About KSN usage for the Applications Launch Control task
- About the Rule Generator for Applications Launch Control
- Default Applications Launch Control task settings
- Managing Applications Launch Control via the Administration Plug-in
- Navigation
- Configuring Applications Launch Control task settings
- Configuring Software Distribution Control
- Configuring a Rule Generator for Applications Launch Control task
- Configuring Applications Launch Control rules via the Kaspersky Security Center
- Adding an Applications Launch Control rule
- Enabling the Default Allow mode
- Creating allowing rules for applications launch control from Kaspersky Security Center events
- Importing rules from a Kaspersky Security Center report on blocked applications
- Importing Applications Launch Control rules from an XML file
- Checking application launches
- Creating a Rule Generator for Applications Launch Control task
- Managing Applications Launch Control via the Application Console
- Managing Applications Launch Control via the Web Plug-in
- Device Control
- About Device Control task
- About Device Control rules
- Default Device Control task settings
- Managing Device Control via the Administration Plug-in
- Managing Device Control via the Application Console
- Managing Device Control via the Web Plug-in
- Firewall Management
- About the Firewall Management task
- About Firewall rules
- Default Firewall Management task settings
- Configuring the Firewall Management task using the Administration Plug-in
- Configuring the Firewall Management task using the Application Console
- Configuring the Firewall Management task using the Web Plug-in
- File Integrity Monitor
- AMSI Scanner
- Registry Access Monitor
- About the Registry Access Monitor task
- About the registry access monitoring rules
- Default Registry Access Monitor task settings
- Managing the Registry Access Monitor via the Administration Plug-in
- Managing the Registry Access Monitor task via the Application Console
- Managing the Registry Access Monitor via the Web Plug-in
- Log Inspection
- On-Demand Scan
- About On-Demand Scan tasks
- About the task scan scope and security settings
- Predefined scan scopes
- Online storage file scanning
- About predefined security levels
- Removable Drives Scan
- About the Baseline File Integrity Monitor task
- Enabling start of On-Demand Scan task from context menu
- Default On-Demand Scan tasks settings
- Managing On-Demand Scan tasks via the Administration Plug-in
- Managing On-Demand Scan tasks via the Application Console
- Managing On-Demand Scan tasks via the Web Plug-in
- Trusted zone
- Exploit Prevention
- Integrating with third-party systems
- Performance counters for System Monitor
- About Kaspersky Embedded Systems Security for Windows performance counters
- Total number of requests denied
- Total number of requests skipped
- Number of requests not processed because of lack of system resources
- Number of requests sent to be processed
- Average number of file interception dispatcher streams
- Maximum number of file interception dispatcher streams
- Number of elements in the infected objects queue
- Number of objects processed per second
- Kaspersky Embedded Systems Security for Windows SNMP counters and traps
- About Kaspersky Embedded Systems Security for Windows SNMP counters and traps
- Kaspersky Embedded Systems Security for Windows SNMP counters
- Kaspersky Embedded Systems Security for Windows SNMP traps and their options
- Kaspersky Embedded Systems Security for Windows SNMP traps options descriptions and possible values
- Integrating with WMI
- Performance counters for System Monitor
- Working with Kaspersky Embedded Systems Security for Windows from the command line
- Commands
- Displaying command help for Kaspersky Embedded Systems Security for Windows. KAVSHELL HELP
- Starting and stopping the Kaspersky Security Service: KAVSHELL START, KAVSHELL STOP
- Scanning a specified scope: KAVSHELL SCAN
- Starting the Critical Areas Scan task: KAVSHELL SCANCRITICAL
- Managing tasks asynchronously: KAVSHELL TASK
- Removing the PPL attribute: KAVSHELL CONFIG
- Starting and stopping Real-Time Computer Protection tasks. KAVSHELL RTP
- Managing the Applications Launch Control task: KAVSHELL APPCONTROL /CONFIG
- Rule Generator for Applications Launch Control: KAVSHELL APPCONTROL /GENERATE
- Filling the list of Applications Launch Control rules. KAVSHELL APPCONTROL
- Filling the list of Device Control rules. KAVSHELL DEVCONTROL
- Starting the Database Update task: KAVSHELL UPDATE
- Rolling back Kaspersky Embedded Systems Security for Windows database updates: KAVSHELL ROLLBACK
- Managing Log Inspection: KAVSHELL TASK LOG-INSPECTOR
- Activation of Application. KAVSHELL LICENSE
- Enabling, configuring, and disabling trace logs. KAVSHELL TRACE
- Kaspersky Embedded Systems Security for Windows log files defragmentation. KAVSHELL VACUUM
- Cleaning iSwift base. KAVSHELL FBRESET
- Enabling and disabling dump file creation. KAVSHELL DUMP
- Importing settings. KAVSHELL IMPORT
- Exporting settings. KAVSHELL EXPORT
- Integration with Microsoft Operations Management Suite. KAVSHELL OMSINFO
- Managing the Baseline File Integrity Monitor task: KAVSHELL FIM /BASELINE
- Command return codes
- Return code for the KAVSHELL START and KAVSHELL STOP commands
- Return code for KAVSHELL SCAN and KAVSHELL SCANCRITICAL commands
- Return code for the KAVSHELL TASK LOG-INSPECTOR command
- Return codes for the KAVSHELL TASK command
- Return codes for the KAVSHELL RTP command
- Return codes for the KAVSHELL UPDATE command
- Return codes for the KAVSHELL ROLLBACK command
- Return codes for the KAVSHELL LICENSE command
- Return codes for the KAVSHELL TRACE command
- Return codes for the KAVSHELL FBRESET command
- Return codes for the KAVSHELL DUMP command
- Return codes for the KAVSHELL IMPORT command
- Return codes for the KAVSHELL EXPORT command
- Return codes for the KAVSHELL FIM /BASELINE command
- Commands
- Contacting Technical Support
- Glossary
- Active key
- Administration Server
- Anti-virus databases
- Archive
- Backup
- Disinfection
- Event importance
- False positive
- File mask
- Heuristic analyzer
- Infectable file
- Infected object
- Kaspersky Security Network (KSN)
- License term
- Local task
- OLE object
- Policy
- Protection state
- Quarantine
- Security level
- SIEM
- Startup objects
- Task
- Task settings
- Update
- Vulnerability
- Information about third-party code
- Trademark notices
Configuring Applications Launch Control task settings
To configure general Applications Launch Control task settings:
- Open the Applications Launch Control window.
- On the General tab, select the following settings in the Task mode section:
- In the Task modedrop-down list, specify the task mode.
In this drop-down list, you can select the Applications Launch Control task's mode:
- Active. Kaspersky Embedded Systems Security for Windows uses the specified rules to control the launch of any application.
- Statistics only. Kaspersky Embedded Systems Security for Windows does not use Applications Launch Control rules. It only records information about the start of applications in the task log. All applications are allowed to start. You can use this mode to generate a list of Applications Launch Control rules based on the information about denied application launches recorded in the task log.
By default, the Applications Launch Control task runs in Statistics only mode.
- Clear or select the Repeat action taken for the first file launch on all the subsequent launches for this filecheck box.
The check box enables or disables launch control for the second and subsequent attempts to start applications based on the event information stored in the cache.
If the check box is selected, Kaspersky Embedded Systems Security for Windows allows or denies subsequent launches of an application based on the task's conclusion regarding the first launch of the application. For example, if the first application launch was allowed by the rules, information about this decision will be stored in the cache, and the second and all subsequent launches will also be allowed without rechecking.
If the check box is cleared, Kaspersky Embedded Systems Security for Windows analyzes an application every time a launch is attempted.
By default, the check box is cleared.
- Clear or select the Deny the command interpreters launch with no command to execute.
If the check box is selected, Kaspersky Embedded Systems Security for Windows denies the launch of command line interpreters even if launching interpreters is allowed. A command line interpreter can only be launched with no command if both of the following conditions are met:
- Launch of the command line interpreter is allowed.
- The command to be executed is allowed.
If the check box is cleared, Kaspersky Embedded Systems Security for Windows only considers allowing rules when launching a command line interpreter. The launch is denied if no allowing rule applies or the executable process is not trusted by KSN. If an allowing rule applies or the process is trusted by KSN, a command line interpreter can be launched with or without a command to execute.
Kaspersky Embedded Systems Security for Windows recognizes the following command line interpreters:
- cmd.exe
- powershell.exe
- python.exe
- perl.exe
By default, the check box is cleared.
- In the
- In the Rules managing block, configure settings for applying rules:
- Click the Rules list button to add allowing rules for the Applications Launch Control task.
Kaspersky Embedded Systems Security for Windows does not recognize paths that contain slashes ("/"). Use backslash ("\") to enter the path correctly.
- Select the mode for applying rules:
- Replace local rules with policy rules
The application applies the rule list specified in the policy for centralized application launch control on a group of protected devices. Local rule lists cannot be created, edited, or applied.
- Add policy rules to the local rules
The application applies the rule list specified in a policy together with local rule lists. You can edit the local rule lists using the Rule Generator for Applications Launch Control task.
- Replace local rules with policy rules
- Click the Rules list button to add allowing rules for the Applications Launch Control task.
- In the Rule usage scope section, specify the following settings:
- Apply rules to executable files.
The check box either enables or disables launch control of executable files.
If this check box is selected, Kaspersky Embedded Systems Security for Windows allows or blocks start of executable files using the specified rules whose settings specify Executable files as the scope.
If the check box is cleared, Kaspersky Embedded Systems Security for Windows does not control start of executable files using the specified rules. Startup of executable files is allowed.
The check box is selected by default.
- Monitor loading of DLL modules.
The check box either enables or disables control of loading of DLL modules.
If this check box is selected, Kaspersky Embedded Systems Security for Windows allows or blocks loading of DLL modules using the specified rules whose settings specify Executable files as the scope.
If this check box is cleared, Kaspersky Embedded Systems Security for Windows does not control loading of DLL modules using the specified rules. Loading of DLL modules is allowed.
The check box is active if the Apply rules to executable files check box is selected.
The check box is selected by default.
Controlling loading of DLL modules may affect the performance of the operating system.
- Apply rules to scripts and MSI packages.
The check box either enables or disables launch of scripts and MSI packages.
If this check box is selected, Kaspersky Embedded Systems Security for Windows allows or blocks start of scripts and MSI packages using the specified rules whose settings specify Scripts and MSI packages as the scope.
If the check box is cleared, Kaspersky Embedded Systems Security for Windows does not control start of scripts and MSI packages using specified rules. Start of scripts and MSI packages is allowed.
The check box is selected by default.
- In the KSN Usage group box, configure the following application launch settings:
- Deny applications untrusted by KSN.
The check box either enables or disables Applications Launch Control according to application reputation data in KSN.
If this check box is selected, Kaspersky Embedded Systems Security for Windows blocks any application from running if it is not trusted in KSN. Applications Launch Control allowing rules that apply to applications not trusted in KSN will not be triggered. Selecting the check box provides additional protection from malware.
If the check box is cleared, Kaspersky Embedded Systems Security for Windows does not consider the reputation of applications not trusted in KSN and allows or blocks start in accordance with the rules that apply to such applications.
By default, the check box is cleared.
- Allow applications trusted by KSN.
The check box either enables or disables Applications Launch Control according to application reputation data in KSN.
If this check box is selected, Kaspersky Embedded Systems Security for Windows allows applications to run if they are trusted in KSN. Denying application launch control rules that apply to KSN-trusted applications have higher priority: if an application is trusted by KSN services, the application launch will be blocked.
If the check box is cleared, Kaspersky Embedded Systems Security for Windows does not consider the reputation of KSN-trusted applications and allows or denies launch in accordance with rules that apply to such applications.
By default, the check box is cleared.
- Users and / or user groups allowed to launch applications trusted in KSN:
- In the context menu of the Edit button, select the method for adding users.
The Select user or user group window opens.
- Select a user or user group.
- Click the OK button.
- In the context menu of the Edit button, select the method for adding users.
- On the Software Distribution Control tab, configure the settings for software distribution control.
- On the Task management tab, configure the task start schedule settings.
- Click the OK button in the Applications Launch Control window.
Kaspersky Embedded Systems Security for Windows immediately applies the new settings to the running task. Information about the date and time when the settings were modified, and the values of task settings before and after modification, are saved in the system audit log.