Open the Kaspersky Security Center Administration Console.
In the Managed devices folder in the Administration Console tree, open the folder with the name of the administration group to which the relevant client computers belong.
In the workspace, select the Policies tab.
Select the necessary policy and double-click to open the policy properties.
In the policy window, select Data Encryption → File Level Encryption.
In the right part of the window, select the Decryption tab.
In the Encryption mode drop-down list, select the Default rules item.
On the Decryption tab, click the Add button, and in the drop-down list select one of the following items:
Select the Predefined folders item to add files from folders of local user profiles suggested by Kaspersky experts to a decryption rule.
Select the Custom folder item to add a manually entered folder path to a decryption rule.
Select the Files by extension item to add individual file extensions to a decryption rule. Kaspersky Endpoint Security does not encrypt files with the specified extensions on all local drives of the computer.
Select the Files by groups of extensions item to add groups of file extensions to a decryption rule (for example, Microsoft Office Documents). Kaspersky Endpoint Security does not encrypt files that have the extensions listed in the groups of extensions on all local drives of the computer.
Save your changes.
If the same file has been added to the encryption rule and the decryption rule, Kaspersky Endpoint Security does not encrypt this file if it is not encrypted, and decrypts the file if it is encrypted.