Open the Administration Console of Kaspersky Security Center.
In the Managed devices folder of the Administration Console tree, open the folder with the name of the administration group for which you want to configure encryption of files on local drives.
In the workspace, select the Policies tab.
Select the necessary policy.
Open the Properties: <Policy name> window by using one of the following methods:
In the context menu of the policy, select Properties.
Click the Configure policy link located in the right part of the Administration Console workspace.
In the Data encryption section, select the Encryption of files and folders subsection.
In the right part of the window, select the Encryption tab.
In the Encryption mode drop-down list, select the Default rules item.
On the Encryption tab, click the Add button, and in the drop-down list select one of the following items:
Select the Predefined folders item to add files from folders of local user profiles suggested by Kaspersky experts to an encryption rule.
The Select predefined folders window opens.
Select the Custom folder item to add a manually entered folder path to an encryption rule.
The Add custom folder window opens.
Select the Files by extension item to add file extensions to an encryption rule. Kaspersky Endpoint Security encrypts files with the specified extensions on all local drives of the computer.
The Add / edit list of file extensions window opens.
Select the Files by group(s) of extensions item to add groups of file extensions to an encryption rule. Kaspersky Endpoint Security encrypts files that have the extensions listed in the groups of extensions on all local drives of the computer.
The Select groups of file extensions window opens.
To save your changes, in the Properties: <Policy name> window, click OK.
Apply the policy.
View the Kaspersky Security Center Administrator's Guide for details on applying the Kaspersky Security Center policy.
As soon as the policy is applied, Kaspersky Endpoint Security encrypts the files that are included in the encryption rule and not included in the decryption rule.
If the same file has been added to the encryption rule and the decryption rule, Kaspersky Endpoint Security does not encrypt this file if it is not encrypted, and decrypts the file if it is encrypted.
Kaspersky Endpoint Security encrypts unencrypted files if their properties (file path / file name / file extension) still meet the encryption rule criteria after modification.
Kaspersky Endpoint Security postpones the encryption of open files until they are closed.
When the user creates a new file whose properties meet the encryption rule criteria, Kaspersky Endpoint Security encrypts the file as soon as it is opened.
If you move an encrypted file to another folder on the local drive, the file remains encrypted regardless of whether or not this folder is included in the encryption rule.