Managing policies

This section describes managing policies and provides information about viewing the list of policies, creating a policy, modifying a policy, copying a policy, moving a policy, forced synchronization, viewing the policy distribution status chart, and deleting a policy.

Viewing the list of policies

You can view lists of policies created for the Administration Server or for any administration group.

To view a list of policies:

1. In the main menu, go to DEVICES → HIERARCHY OF GROUPS.
2. In the administration group structure, select the administration group for which you want to view the list of policies.

The list of policies appears in tabular format. If there are no policies, the table is empty. You can show or hide the columns of the table, change their order, view only lines that contain a value that you specify, or use search.

Creating a policy

You can create policies; you can also modify and delete existing policies.

To create a policy:

1. In the main menu, go to DEVICES → POLICIES & PROFILES.
2. Click Add.

   The Select application window opens.

3. Select the application for which you want to create a policy.
4. Click Next.

   The new policy settings window opens with the General tab selected.

5. If you want, change the default name, default status, and default inheritance settings of the policy.
6. Select the Application settings tab.

   Or, you can click Save and exit. The policy will appear in the list of policies, and you can edit its settings later.

7. On the Application settings tab, in the left pane, select the category that you want and in the results pane on the right, edit the settings of the policy. You can edit policy settings in each category (section).

   The set of settings depends on the application for which you create a policy. For details, refer to the following:

   • Administration Server configuration
   • Network Agent policy settings
   • Kaspersky Endpoint Security for Windows documentation

   For details about settings of other security applications, refer to the documentation for the corresponding application.

   When editing the settings, you can click Cancel to cancel the last operation.

8. Click Save to save the policy.

The policy will appear in the list of policies.

Modifying a policy

To modify a policy:

1. In the main menu, go to DEVICES → POLICIES & PROFILES.
2. Click the policy that you want to modify.

   The policy settings window opens.

3. Specify the general settings and settings of the application for which you create a policy. For details, refer to the following:
   • Administration Server configuration
   • Network Agent policy settings
   • Kaspersky Endpoint Security for Windows documentation

   For details about settings of other security applications, refer to the documentation for that application.

4. Click Save.

The changes made to the policy will be saved in the policy properties, and will appear in the Revision history section.

General policy settings

Expand all | Collapse all

General

In the General tab, you can modify the policy status and specify the inheritance of policy settings:

• In the Policy status block, you can select one of the policy modes:
  • Active

    If this option is selected, the policy becomes active.

    By default, this option is selected.

  • Out-of-office

    If this option is selected, the policy becomes active when the device leaves the corporate network.

  • Inactive

    If this option is selected, the policy becomes inactive, but it is still stored in the Policies folder. If required, the policy can be activated.

• In the Settings inheritance settings group, you can configure the policy inheritance:
  • Inherit settings from parent policy

    If this option is enabled, the policy setting values are inherited from the upper-level group policy and, therefore, are locked.

    By default, this option is enabled.

  • Force inheritance of settings in child policies

    If this option is enabled, after policy changes are applied, the following actions will be performed:

    • The values of the policy settings will be propagated to the policies of administration subgroups, that is, to the child policies.
    • In the Settings inheritance block of the General section in the properties window of each child policy, the Inherit settings from parent policy option will be automatically enabled.

    If this option is enabled, the child policies settings are locked.

    By default, this option is disabled.

Event configuration

The Event configuration tab allows you to configure event logging and event notification. Events are distributed by importance level on the following tabs:

• Critical

  The Critical section is not displayed in the Network Agent policy properties.

• Functional failure
• Warning
• Info

In each section, the list shows the types of events and the default event storage term on the Administration Server (in days). Clicking an event type lets you specify the following settings:

• Event registration

  You can specify how many days to store the event and select where to store the event:

  • Export to SIEM system using Syslog
  • Store in the OS event log on device
  • Store in the OS event log on Administration Server
• Event notifications

  You can select if you want to be notified about the event in one of the following ways:

  • Notify by email
  • Notify by SMS
  • Notify by running an executable file or script
  • Notify by SNMP

  By default, the notification settings specified on the Administration Server properties tab (such as recipient address) are used. If you want, you can change these settings in the Email, SMS, and Executable file to be run tabs.

Revision history

The Revision history tab allows you to view the list of the policy revisions and roll back changes made to the policy, if necessary.

Enabling and disabling a policy inheritance option

To enable or disable the inheritance option in a policy:

1. Open the required policy.
2. Open the General tab.
3. Enable or disable policy inheritance:
   • If you enable Inherit settings from parent policy in a child policy and an administrator locks some settings in the parent policy, then you cannot change these settings in the child policy.
   • If you disable Inherit settings from parent policy in a child policy, then you can change all of the settings in the child policy, even if some settings are locked in the parent policy.
   • If you enable Force inheritance of settings in child policies in the parent group, this enables the Inherit settings from parent policy option for each child policy. In this case, you cannot disable this option for any child policy. All of the settings that are locked in the parent policy are forcibly inherited in the child groups, and you cannot change these settings in the child groups.
4. Click the Save button to save changes or click the Cancel button to reject changes.

By default, the Inherit settings from parent policy option is enabled for a new policy.

If a policy has profiles, all of the child policies inherit these profiles.

Copying a policy

You can copy policies from one administration group to another.

To copy a policy to another administration group:

1. In the main menu, go to DEVICES → POLICIES & PROFILES.
2. Select the check box next to the policy (or policies) that you want to copy.
3. Click the Copy button.

   On the right side of the screen, the tree of the administration groups appears.

4. In the tree, select the target group, that is, the group to which you want to copy the policy (or policies).
5. Click the Copy button at the bottom of the screen.
6. Click OK to confirm the operation.

The policy (policies) will be copied to the target group with all its profiles. The status of each copied policy in the target group will be Inactive. You can change the status to Active at any time.

If a policy with the name identical to that of the newly moved policy already exists in the target group, the name of the newly moved policy is expanded with the (<next sequence number>) index, for example: (1).

Moving a policy

You can move policies from one administration group to another. For example, you want to delete a group, but you want to use its policies for another group. In this case, you may want move the policy from the old group to the new one before deleting the old group.

To move a policy to another administration group:

1. In the main menu, go to DEVICES → POLICIES & PROFILES.
2. Select the check box next to the policy (or policies) that you want to move.
3. Click the Move button.

   On the right side of the screen, the tree of the administration groups appears.

4. In the tree, select the target group, that is, the group to which you want to move the policy (or policies).
5. Click the Move button at the bottom of the screen.
6. Click OK to confirm the operation.

If a policy is not inherited from the source group, it is moved to the target group with all its profiles. The status of the policy in the target group is Inactive. You can change the status to Active at any time.

If a policy is inherited from the source group, it remains in the source group. It is copied to the target group with all its profiles. The status of the policy in the target group is Inactive. You can change the status to Active at any time.

If a policy with the name identical to that of the newly moved policy already exists in the target group, the name of the newly moved policy is expanded with the (<next sequence number>) index, for example: (1).

Forced synchronization

Although Kaspersky Security Center automatically synchronizes the status, settings, tasks, and policies for managed devices, in some cases the administrator must know for certain, at a given moment, whether synchronization has already been performed for a specified device.

Synchronizing a single device

To force synchronization between the Administration Server and a managed device:

1. Go to DEVICES → MANAGED DEVICES.
2. Click the name of the device that you want to synchronize with the Administration Server.

   A property window opens with the General section selected.

3. Click the Force synchronization button.

The application synchronizes the selected device with the Administration Server.

Synchronizing multiple devices

This feature is applicable only to Kaspersky Security Center 12.1 or a later version.

To force synchronization between the Administration Server and multiple managed devices:

1. Open the device list of an administration group or a device selection:
   • In the main menu, go to DEVICES → MANAGED DEVICES, click the path link in the Current path field above the list of managed devices, then select the administration group that contains devices to synchronize.
   • Run a device selection to view the device list.
2. Select the check boxes next to the devices that you want to synchronize with the Administration Server.
3. Above the list of managed devices, click the ellipsis button (), and then click the Force synchronization button.

   The application synchronizes the selected devices with the Administration Server.

4. In the device list, check that the time of last connection to the Administration Server has changed, for the selected devices, to the current time. If the time has not changed, update the page content by clicking the Refresh button.

The selected devices are synchronized with the Administration Server.

Viewing the time of a policy delivery

After changing a policy for a Kaspersky application on the Administration Server, the administrator can check whether the changed policy has been delivered to a specific managed device. A policy can be delivered during a regular synchronization or a forced synchronization.

To view the date and time that an application policy was delivered to a managed device:

1. Go to DEVICES → MANAGED DEVICES.
2. Click the name of the device that you want to synchronize with the Administration Server.

   A property window opens with the General section selected.

3. Click the Applications tab.
4. Select the application for which you want to view the policy synchronization date.

   The application policy window opens with the General section selected and the policy delivery date and time displayed.

Viewing the policy distribution status chart

In Kaspersky Security Center, you can view the status of policy application on each device in a policy distribution status chart.

To view the policy distribution status on each device:

1. In the main menu, go to DEVICES → POLICIES & PROFILES.
2. Select check box next to the name of the policy for which you want to view the distribution status on devices.
3. In the menu that appears, select the Distribution link.

   The <Policy name> distribution results window opens.

4. In the <Policy name> distribution results window that opens, the Status description of the policy is displayed.

You can change number of results displayed in the list with policy distribution. The maximum number of devices is 100000.

To change the number of devices displayed in the list with policy distribution results:

1. In the main menu, go to the Interface options section in the toolbar.
2. In the Limit of devices displayed in policy distribution results, enter the number of devices (up to 100000).

   By default, the number is 5000.

3. Click Save.

   The settings are saved and applied.

Activating a policy automatically at the Virus outbreak event

To make a policy perform automatic activation at a Virus outbreak event:

1. At the top of the screen, click the settings icon () next to the name of the required Administration Server.

   The Administration Server properties window opens, with the General tab selected.

2. Select the Virus outbreak section.
3. In the right pane, click the Configure policies to activate when a Virus outbreak event occurs link.

   The Policy activation window opens.

4. In the section relating to the component that detects a virus outbreak—Anti-Virus for workstations and file servers, Anti-Virus for mail servers, or Anti-Virus for perimeter defense—select the option button next to the entry you want, and then click Add.

   A window opens with the Managed devices administration group.

5. Click the chevron icon () next to Managed devices.

   A hierarchy of administration groups and their policies is displayed.

6. In the hierarchy of administration groups and their policies, click the name of a policy or policies that are activated when a virus outbreak is detected.

   To select all policies in the list or in a group, select the check box next to the required name.

7. Click the Save button.

   The window with the hierarchy of administration groups and their policies is closed.

The selected policies are added to the list of policies that are activated when a virus outbreak is detected. The selected policies are activated at the virus outbreak, independent whether they are active or inactive.

If a policy has been activated on the Virus outbreak event, you can return to the previous policy only by using the manual mode.

Deleting a policy

You can delete a policy if you do not need it anymore. You can delete only a policy that is not inherited in the specified administration group. If a policy is inherited, you can only delete it in the upper-level group for which it was created.

To delete a policy:

1. In the main menu, go to DEVICES → POLICIES & PROFILES.
2. Select the check box next to the policy that you want to delete, and click Delete.

   The Delete button becomes unavailable (dimmed) if you select an inherited policy.

3. Click OK to confirm the operation.

The policy is deleted together with all its profiles.