Saving important policy events in the Administration Server database
To avoid the Administration Server database overflow, we recommend that you save only important events to the database.
To configure registration of important events in the Administration Server database:
- In the main menu, go to DEVICES → POLICIES & PROFILES.
- Click the policy of Kaspersky Endpoint Security for Windows.
The properties window of the selected policy opens.
- In the policy properties, open the Event configuration tab.
- In the Critical section, click Add events and select check boxes next to the following events only:
- End User License Agreement violated
- Application autorun is disabled
- Activation error
- Active threat detected. Advanced Disinfection should be started
- Disinfection impossible
- Previously opened dangerous link detected
- Process terminated
- Network activity blocked
- Network attack detected
- Application startup prohibited
- Access denied (local bases)
- Access denied (KSN)
- Local update error
- Cannot start two tasks at the same time
- Error in interaction with Kaspersky Security Center
- Not all components were updated
- Error applying file encryption / decryption rules
- Error enabling portable mode
- Error disabling portable mode
- Could not load encryption module
- Policy cannot be applied
- Error changing application components
- Click OK.
- In the Functional failure section, click Add events and select check box next to the event Invalid task settings. Settings not applied.
- Click OK.
- In the Warning section, click Add events and select check boxes next to the following events only:
- Self-Defense is disabled
- Protection components are disabled
- Incorrect reserve key
- Legitimate software that can be used by intruders to damage your computer or personal data was detected (local bases)
- Legitimate software that can be used by intruders to damage your computer or personal data was detected (KSN)
- Object deleted
- Object disinfected
- User has opted out of the encryption policy
- File was restored from quarantine on the Kaspersky Anti Targeted Attack Platform server by the administrator
- File was quarantined on the Kaspersky Anti Targeted Attack Platform server by administrator
- Application startup blockage message to administrator
- Device access blockage message to administrator
- Web page access blockage message to administrator
- Click OK.
- In the Info section, click Add events and select check boxes next to the following events only:
- A backup copy of the object was created
- Application startup prohibited in test mode
- Click OK.
Registration of important events in the Administration Server database is configured.
Page top