Organizing computer protection

Kaspersky Endpoint Security provides comprehensive computer protection against various types of threats, network and phishing attacks.

Each type of threat is handled by a dedicated component. Components can be enabled or disabled independently of one another, and their settings can be configured.

In addition to the real-time protection that the application components provide, we recommend that you regularly scan the computer for viruses and other threats. This helps to rule out the possibility of spreading malware that is undetected by protection components due to a low security level setting or for other reasons.

To keep Kaspersky Endpoint Security up to date, you must update the databases and modules that the application uses. The application is updated automatically by default, but if necessary, you can update the databases and application modules manually.

The following application components are control components:

• Application Control. This component keeps track of user attempts to start applications and regulates the startup of applications.
• Device Control. This component lets you set flexible restrictions on access to data storage devices (such as hard drives, removable drives, tape drives, and CD/DVD disks), data transmission equipment (such as modems), equipment that converts information into hard copies (such as printers), or interfaces for connecting devices to computers (such as USB, Bluetooth, and Infrared).
• Web Control. This component lets you set flexible restrictions on access to web resources for different user groups.

The operation of control components is based on the following rules:

• Application Control uses Application Control rules.
• Host Intrusion Prevention uses application privilege control rules.
• Device Control uses device access rules and connection bus access rules.
• Web Control uses web resource access rules.

The following application components are protection components:

• Behavior Detection. This component collects information about the actions of applications on your computer and provides this information to other components for more effective protection.
• Exploit Prevention. This component tracks executable files that are run by vulnerable applications. When there is an attempt to run an executable file from a vulnerable application that was not initiated by the user, Kaspersky Endpoint Security blocks this file from running.
• Host Intrusion Prevention. This component registers the actions of applications in the operating system and regulates application activity depending on the trust group of a particular application. A set of rules is specified for each group of applications. These rules regulate the access of applications to user data and to resources of the operating system. Such data includes user files (My Documents folder, cookies, user activity information) and files, folders, and registry keys that contain settings and important information from the most frequently used applications.
• Remediation Engine. This component lets Kaspersky Endpoint Security roll back actions that have been performed by malware in the operating system.
• File Threat Protection. This component protects the file system of the computer from infection. File Anti-Virus starts together with Kaspersky Endpoint Security, continuously remains active in computer memory, and scans all files that are opened, saved, or started on the computer and on all connected drives. This component intercepts every attempt to access a file and scans the file for viruses and other threats.
• Web Threat Protection. This component scans traffic that arrives on the user's computer via the HTTP and FTP protocols, and checks whether URLs are listed as malicious or phishing web addresses.
• Mail Threat Protection. This component scans incoming and outgoing email messages for viruses and other threats.
• Network Threat Protection. This component inspects inbound network traffic for activity that is typical of network attacks. Upon detecting an attempted network attack that targets your computer, Kaspersky Endpoint Security blocks network activity from the attacking computer.
• Firewall. This component protects data that is stored on the computer and blocks most possible threats to the operating system while the computer is connected to the Internet or to a local area network. The component filters all network activity according to rules of two kinds: network rules for applications and network packet rules.
• BadUSB Attack Prevention. This component prevents infected USB devices emulating a keyboard from connecting to the computer.
• Network Monitor. This component lets you view network activity of the computer in real time.

The following tasks are provided in Kaspersky Endpoint Security:

• Integrity Check. Kaspersky Endpoint Security checks the application modules in the application installation folder for corruption or modifications. If an application module has an incorrect digital signature, the module is considered corrupt.
• Full Scan. Kaspersky Endpoint Security scans the operating system, including RAM, objects that are loaded at startup, backup storage of the operating system, and all hard drives and removable drives.
• Custom Scan. Kaspersky Endpoint Security scans the objects that are selected by the user.
• Critical Areas Scan. Kaspersky Endpoint Security scans objects that are loaded at operating system startup, RAM, and objects that are targeted by rootkits.
• Rollback. Kaspersky Endpoint Security rolls back the last update of databases and modules.
• Update. Kaspersky Endpoint Security downloads updated databases and application modules. Updating keeps the computer protected against the latest viruses and other threats.

File encryption functionality lets you encrypt files and folders that are stored on local computer drives. The full disk encryption functionality allows encryption of hard drives and removable drives.

Remote administration through Kaspersky Security Center

Kaspersky Security Center makes it possible to remotely start and stop Kaspersky Endpoint Security on a client computer, and to remotely manage and configure application settings.

Service functions of the application

Kaspersky Endpoint Security includes a number of service functions. Service functions are meant to keep the application up to date, expand its functionality, and assist the user with operating the application.

• Reports. In the course of its operation, the application keeps a report on each application component and task. The report contains a list of Kaspersky Endpoint Security events and all operations that the application performs. In case of an incident, you can send reports to Kaspersky, where Technical Support specialists can look into the issue in more detail.
• Data storage. If the application detects infected files while scanning the computer for viruses and other threats, it blocks those files. Kaspersky Endpoint Security stores copies of disinfected and deleted files in Backup. Kaspersky Endpoint Security moves files that are not processed for any reason to the list of active threats. You can scan files, restore files to their original folders, and empty the data storage.
• Notification service. The notification service keeps the user informed about the current protection status of the computer and about the operation of Kaspersky Endpoint Security. Notifications can be displayed on the screen or sent by email.
• Kaspersky Security Network. User participation in Kaspersky Security Network enhances the effectiveness of computer protection through real-time collection of information on the reputation of files, web resources, and software from users worldwide.
• License. Purchasing a license unlocks full application functionality, provides access to application database and module updates, and support by phone or via email on issues related to installation, configuration, and use of the application.
• Support. All registered users of Kaspersky Endpoint Security can contact Technical Support specialists for assistance. You can send a request from My Kaspersky Account on the Technical Support website or receive assistance from support personnel over the phone.

If the application returns an error or hangs up during operation, it may be restarted automatically.

If the application encounters recurring errors that cause the application to crash, the application performs the following operations:

1. Disables control and protection functions (encryption functionality remains enabled).
2. Notifies the user that the functions have been disabled.
3. Attempts to restore the application to a functional state after updating anti-virus databases or applying application module updates.

The application receives information on recurring errors and system hangs using special-purpose algorithms defined by Kaspersky experts.

Page top