- About Kaspersky Security for Windows Server
- What's new
- Sources of information about Kaspersky Security for Windows Server
- Kaspersky Security for Windows Server
- Kaspersky Endpoint Agent
- Installing and removing the application
- Kaspersky Security for Windows Server software component codes for the Windows Installer service
- System changes after Kaspersky Security for Windows Server installation
- Kaspersky Security for Windows Server processes
- Installation and uninstallation settings and command line options for the Windows Installer service
- Kaspersky Security for Windows Server install and uninstall logs
- Installation planning
- Installing and uninstalling the application using a wizard
- Installing using the Setup Wizard
- Kaspersky Security for Windows Server installation
- Kaspersky Security for Windows Server Console installation
- Kaspersky Security Microsoft Outlook Add-in installation
- Advanced settings after installation of the Application Console on another device
- Actions to perform after Kaspersky Security for Windows Server installation
- Modifying the set of components and repairing Kaspersky Security for Windows Server
- Uninstalling using the Setup Wizard
- Installing using the Setup Wizard
- Installing and uninstalling the application from the command line
- About installing and uninstalling Kaspersky Security for Windows Server from command line
- Example commands for installing Kaspersky Security for Windows Server
- Actions to perform after Kaspersky Security for Windows Server installation
- Adding / removing components. Sample commands
- Kaspersky Security for Windows Server uninstallation. Sample commands
- Return codes
- Installing and uninstalling the application using Kaspersky Security Center
- General information about installing via Kaspersky Security Center
- Rights to install or uninstall Kaspersky Security for Windows Server
- Installing Kaspersky Security for Windows Server via Kaspersky Security Center
- Actions to perform after Kaspersky Security for Windows Server installation
- Installing the Application Console via Kaspersky Security Center
- Uninstalling Kaspersky Security for Windows Server via Kaspersky Security Center
- Installing and uninstalling via Active Directory group policies
- Checking Kaspersky Security for Windows Server functions. Using the EICAR test virus
- Application interface
- Application licensing
- About the End User License Agreement
- About the license
- About license certificate
- About the key
- About the key file
- About activation code
- About subscription
- About data provision
- About activating the application through Cloud Console
- Activating the application with a key file
- Activating the application with an activation code
- Viewing information about the current license
- Functional limitations when the license expires
- Renewing the license
- Deleting the key
- Working with the Administration Plug-in
- Managing Kaspersky Security for Windows Server from Kaspersky Security Center
- Managing application settings
- Creating and configuring policies
- Creating and configuring tasks using Kaspersky Security Center
- About task creation in Kaspersky Security Center
- Creating a task using Kaspersky Security Center
- Configuring local tasks in the Application settings window of the Kaspersky Security Center
- Configuring group tasks in Kaspersky Security Center
- Configuring crash diagnostics settings in Kaspersky Security Center
- Managing task schedules
- Reports in Kaspersky Security Center
- Working with the Kaspersky Security for Windows Server Console
- About the Kaspersky Security for Windows Server Console
- Kaspersky Security for Windows Server Console interface
- Managing Kaspersky Security for Windows Server via the Application Console on another device
- Configuring general application settings via the Application Console
- Managing Kaspersky Security for Windows Server tasks
- Viewing the protection status and Kaspersky Security for Windows Server information
- Working with the Web Plug-in from Web Console and Cloud Console
- Managing Kaspersky Security for Windows Server from Web Console and Cloud Console
- Web Plug-in limitations
- Managing application settings
- Creating and configuring policies
- Creating and configuring tasks using Kaspersky Security Center
- Reports in Kaspersky Security Center
- Compact Diagnostic Interface
- Updating Kaspersky Security for Windows Server databases and software modules
- About Update tasks
- About Software Modules Update
- About Databases Update
- Schemes for updating anti-virus application databases and modules used within an organization
- Configuring Update tasks
- Rolling back Kaspersky Security for Windows Server database updates
- Rolling back application module updates
- Update task statistics
- Isolating objects and copying backups
- Isolating probably infected objects. Quarantine
- Making backup copies of objects. Backup
- Blocking access to network resources. Blocked Hosts
- Event registration. Kaspersky Security for Windows Server logs
- Notification settings
- Starting and stopping Kaspersky Security for Windows Server
- Kaspersky Security for Windows Server self-defense
- About Kaspersky Security for Windows Server self-defense
- Protection from changes to folders with installed Kaspersky Security for Windows Server components
- Protection from changes to Kaspersky Security for Windows Server registry keys
- Registering the Kaspersky Security Service as a protected service
- Managing access permissions for Kaspersky Security for Windows Server functions
- About permissions to manage Kaspersky Security for Windows Server
- About permissions to manage registered services
- About access permissions for the Kaspersky Security Management Service
- About permissions to manage the Kaspersky Security Service
- Managing access permissions via the Administration Plug-in
- Managing access permissions via the Application Console
- Managing access permissions via the Web Plug-in
- Real-Time File Protection
- About the Real-Time File Protection task
- About the task protection scope and security settings
- About virtual protection scopes
- Predefined protection scopes
- About predefined security levels
- File extensions scanned by default in the Real-Time File Protection task
- Default Real-Time File Protection task settings
- Managing the Real-Time File Protection task via the Administration Plug-in
- Managing Real-Time File Protection task via the Application Console
- Managing Real-Time File Protection task via the Web Plug-in
- Script Monitoring
- KSN Usage
- Network Threat Protection
- About the Network Threat Protection task
- Default Network Threat Protection task settings
- Configuring the Network Threat Protection task via the Application Console
- Configuring the Network Threat Protection task via the Administration Plug-in
- Configuring the Network Threat Protection task via the Web Plug-in
- Traffic Security
- About the Traffic Security task
- About Traffic Security rules
- Mail threat protection
- List of categories
- Predefined protection level settings
- Default Traffic Security task settings
- Managing Traffic Security via the Administration Plug-in
- Managing Traffic Security via the Application Console
- Managing Traffic Security via the Web Plug-in
- Anti-Cryptor
- Applications Launch Control
- About the Applications Launch Control task
- About Applications Launch Control rules
- About Software Distribution Control
- About KSN usage for the Applications Launch Control task
- About Applications Launch Control rules generation
- Default Applications Launch Control task settings
- Managing Applications Launch Control via the Administration Plug-in
- Navigation
- Configuring Applications Launch Control task settings
- Configuring Software Distribution Control
- Configuring the Rule Generator for Applications Launch Control task
- Configuring Applications Launch Control rules via the Kaspersky Security Center
- Adding an Applications Launch Control rule
- Enabling the Default Allow mode
- Creating allowing rules from Kaspersky Security Center events
- Importing rules from a Kaspersky Security Center report on blocked applications
- Importing Applications Launch Control rules from an XML file
- Checking application launches
- Creating a Rule Generator for Applications Launch Control task
- Managing Applications Launch Control via the Application Console
- Managing Applications Launch Control via the Web Plug-in
- Device Control
- About Device Control task
- About Device Control rules
- About Device Control rules generation
- About Rule Generator for Device Control task
- Device Control default task settings
- Managing Device Control via the Administration Plug-in
- Navigation
- Configuring Device Control task
- Configuring the Rule Generator for Device Control task
- Configuring Device Control rules via the Kaspersky Security Center
- Creating allowing rules based on system data in a Kaspersky Security Center policy
- Generating rules for connected devices
- Importing rules from the Kaspersky Security Center report on blocked devices
- Creating rules using the Rule Generator for Device Control task
- Adding generated rules to the Device Control rules list
- Managing Device Control via the Application Console
- Navigation
- Configuring Device Control task settings
- Configuring Device Control rules
- Importing Device Control rules from XML file
- Filling rules list basing on Device Control task events
- Adding an allowing rule for one or several external devices
- Removing Device Control rules
- Exporting Device Control rules
- Activating and deactivating of Device Control rules
- Expanding Device Control rules usage scope
- Configuring Rule Generator for Device Control task
- Managing Device Control via the Application Console Web Plug-in
- Firewall Management
- File Integrity Monitor
- Log Inspection
- On-Demand Scan
- About On-Demand Scan tasks
- About the task scan scope and security settings
- Predefined scan scopes
- Online storage file scanning
- About predefined security levels
- About the Removable Drives Scan
- About the Baseline File Integrity Monitor task
- Enabling start of On-Demand Scan task from context menu
- Default On-Demand Scan tasks settings
- Managing On-Demand Scan tasks via the Administration Plug-in
- Managing On-Demand Scan tasks via the Application Console
- Managing On-Demand Scan tasks via the Web Plug-in
- Trusted Zone
- Exploit Prevention
- Hierarchical storage management
- Network Attached Storage Protection
- Integrating Kaspersky Security for Windows Server with network attached storages
- Working with the Kaspersky Security for Windows Server Console
- About the Kaspersky Security for Windows Server Console
- Starting the Kaspersky Security for Windows Server Console from the Start menu
- Kaspersky Security for Windows Server Console window
- Viewing status information for Network Attached Storage Protection
- Managing Network Attached Storage Protection tasks
- Protecting EMC network attached storages of the Celerra / VNX group
- RPC Network Storage Protection
- About the RPC Network Storage Protection
- About scanning symbolic links
- About scanning snapshots and other read-only volumes and folders
- Configuring a connection between an RPC network storage and Kaspersky Security for Windows Server
- Configuring the RPC Network Storage Protection task
- Security levels in the RPC Network Storage Protection task
- About security levels in the RPC Network Storage Protection task
- Applying a preset security level in the RPC Network Storage Protection task
- Manually configuring the security level settings in the RPC Network Storage Protection task
- Using security level settings templates in the RPC Network Storage Protection task
- Viewing statistics of the RPC Network Storage Protection task
- ICAP Network Storage Protection
- About the ICAP Network Storage Protection
- Configuring a connection between an ICAP network storage and Kaspersky Security for Windows Server
- Configuring the ICAP Network Storage Protection task
- Security levels in the ICAP Network Storage Protection task
- Viewing statistics of the ICAP Network Storage Protection task
- Anti-Cryptor for NetApp
- Managing Network Attached Storage Protection tasks from Kaspersky Security Center
- Configuring Network Attached Storage Protection settings using policies
- Configuring Network Attached Storage Protection settings for one server in Kaspersky Security Center
- Manually configuring the security level settings in the RPC Network Storage Protection task
- Manually configuring the security level settings in the ICAP Network Storage Protection task
- Integrating with third-party systems
- Performance counters for System Monitor
- About Kaspersky Security for Windows Server performance counters
- Total number of requests denied
- Total number of requests skipped
- Number of requests not processed because of lack of system resources
- Number of requests sent to be processed
- Average number of file interception dispatcher streams
- Maximum number of file interception dispatcher streams
- Number of elements in the infected objects queue
- Number of objects processed per second
- Kaspersky Security for Windows Server SNMP counters and traps
- Integrating with WMI
- Performance counters for System Monitor
- Working with Kaspersky Security for Windows Server from the command line
- Commands
- Displaying Kaspersky Security for Windows Server command help: KAVSHELL HELP
- Starting and stopping the Kaspersky Security Service KAVSHELL START: KAVSHELL STOP
- Scanning a selected area: KAVSHELL SCAN
- Starting the Critical Areas Scan task: KAVSHELL SCANCRITICAL
- Managing tasks asynchronously: KAVSHELL TASK
- Removing the PPL attribute: KAVSHELL CONFIG
- Starting and stopping Real-Time Server Protection tasks: KAVSHELL RTP
- Managing the Applications Launch Control task: KAVSHELL APPCONTROL /CONFIG
- Rule Generator for Applications Launch Control: KAVSHELL APPCONTROL /GENERATE
- Filling the list of Applications Launch Control rules: KAVSHELL APPCONTROL
- Filling the list of Device Control rules: KAVSHELL DEVCONTROL
- Starting the Database Update task: KAVSHELL UPDATE
- Rolling back Kaspersky Security for Windows Server database updates: KAVSHELL ROLLBACK
- Managing log inspection: KAVSHELL TASK LOG-INSPECTOR
- Activating the application: KAVSHELL LICENSE
- Enabling, configuring and disabling trace logs: KAVSHELL TRACE
- Defragmenting Kaspersky Security for Windows Server log files: KAVSHELL VACUUM
- Cleaning iSwift base: KAVSHELL FBRESET
- Enabling and disabling dump file creation: KAVSHELL DUMP
- Importing settings: KAVSHELL IMPORT
- Exporting settings: KAVSHELL EXPORT
- Integration with Microsoft Operations Management Suite: KAVSHELL OMSINFO
- Managing the Baseline File Integrity Monitor task: KAVSHELL FIM /BASELINE
- Command return codes
- Return code for the KAVSHELL START and KAVSHELL STOP commands
- Return code for KAVSHELL SCAN and KAVSHELL SCANCRITICAL commands
- Return codes for the KAVSHELL TASK LOG-INSPECTOR command
- Return codes for the KAVSHELL TASK command
- Return codes for the KAVSHELL RTP command
- Return codes for the KAVSHELL UPDATE command
- Return codes for the KAVSHELL ROLLBACK command
- Return codes for the KAVSHELL LICENSE command
- Return codes for the KAVSHELL TRACE command
- Return codes for the KAVSHELL FBRESET command
- Return codes for the KAVSHELL DUMP command
- Return codes for the KAVSHELL IMPORT command
- Return codes for the KAVSHELL EXPORT command
- Return codes for the KAVSHELL FIM /BASELINE command
- Commands
- Contacting Technical Support
- Glossary
- Active key
- Administration Server
- Anti-virus databases
- Archive
- Backup
- Disinfection
- Event severity
- False positive
- File mask
- Heuristic analyzer
- Infectable file
- Infected object
- Kaspersky Security Network (KSN)
- License term
- Local task
- OLE object
- Policy
- Protection status
- Quarantine
- Real-time protection
- Security level
- SIEM
- Startup objects
- Task
- Task settings
- Update
- Vulnerability
- Information about third-party code
- Trademark notices
Configuring the task protection scope
To configure a protection scope for Real-Time File Protection task:
- In the main window of the Web Console, select Devices → Policies & profiles.
- Click the policy name you want to configure.
- In the <Policy name> window that opens select the Application settings tab.
- Select the Real-time server protection section.
- Click Settings in the Real-Time File Protection subsection.
- Select the Protection scope section.
- Do one of the following:
- Click Add button to add a new rule.
- Select an existing rule and click Edit button.
The Edit scope window opens.
- Switch the toggle button to Active and select an object type.
- In the Objects protection section, configure the following settings:
- Objects protection mode:
- All objects
Kaspersky Security for Windows Server scans all objects.
- Objects scanned by format
Kaspersky Security for Windows Server scans only infectable objects based on file format.
Kaspersky compiles the list of formats. It is included in the Kaspersky Security for Windows Server databases.
- Objects scanned according to list of extensions specified in anti-virus database
Kaspersky Security for Windows Server scans only infectable objects based on file extension.
Kaspersky compiles the list of extensions. It is included in the Kaspersky Security for Windows Server databases.
- Objects scanned by specified list of extensions
Kaspersky Security for Windows Server scans files based on file extension. The list of file extensions can be manually customized in the List of extensions window, which can be opened by clicking the Modify button.
- Scan disk boot sectors and MBR
Enables protection of boot sectors and master boot records.
If the check box is selected, Kaspersky Security for Windows Server scans boot sectors and master boot records on hard drives and removable drives of the protected device.
The check box is selected by default.
- Scan alternate NTFS streams
Scanning of alternative file and folder streams on drives with the NTFS file system.
If the check box is selected, the application scans a probably infected object and all NTFS streams associated with that object.
If the check box is cleared, the application scans only the object that was detected and considered as probably infected.
The check box is selected by default.
- Objects protection mode:
- In the Objects protection section, select or clear the Protect only new and modified filescheck box.
This check box enables / disables scanning and protection of files that have been recognized by Kaspersky Security for Windows Server as new or modified since the last scan.
If the check box is selected, Kaspersky Security for Windows Server scans and protects only the files that it has recognized as new or modified since the last scan.
If the check box is cleared, Kaspersky Security for Windows Server scans and protects files regardless of their modification status.
By default, the check box for the Maximum performance security level is selected. If the Maximum protection or Recommended security levels are set, the check box is cleared.
- In the Compound objects protection section, specify the compound objects that you want to include in the scan scope:
- Archives
Scanning of ZIP, CAB, RAR, and ARJ archives and other archive formats.
If this check box is selected, Kaspersky Security for Windows Server scans archives.
If this check box is cleared, Kaspersky Security for Windows Server skips archives during scanning.
The default value depends on the selected protection level.
- SFX archives
Scanning of self-extracting archives.
If this check box is selected, Kaspersky Security for Windows Server scans SFX archives.
If this check box is cleared, Kaspersky Security for Windows Server skips SFX archives during scanning.
The default value depends on the selected protection level.
This option is active when the Archives check box is cleared.
- Packed objects
Scanning of executable files packed by binary code packers, such as UPX or ASPack.
If this check box is selected, Kaspersky Security for Windows Server scans executable files packed by packers.
If this check box is cleared, Kaspersky Security for Windows Server skips executable files packed by packers during scanning.
The default value depends on the selected protection level.
- Email databases
Scanning of Microsoft Outlook and Microsoft Outlook Express mail database files.
If this check box is selected, Kaspersky Security for Windows Server scans mail database files.
If this check box is cleared, Kaspersky Security for Windows Server skips mail database files during scanning.
The default value depends on the selected security level.
- Plain email
Scanning of files in mail formats, such as Microsoft Outlook and Microsoft Outlook Express messages.
If this check box is selected, Kaspersky Security for Windows Server scans files in mail formats.
If this check box is cleared, Kaspersky Security for Windows Server skips files in mail formats during scanning.
The default value depends on the selected security level.
- Embedded OLE objects
Scanning of objects embedded in files (such as Microsoft Word macros, or email message attachments).
If this check box is selected, Kaspersky Security for Windows Server scans objects embedded in files.
If this check box is cleared, Kaspersky Security for Windows Server skips objects embedded in files during scanning.
The default value depends on the selected protection level.
- Entirely remove compound file that cannot be modified by the application in case of embedded object detect
This check box enables or disables forced removal of the parent compound file when a malicious, probably infected or other detectable embedded child object is detected.
If the check box is selected and the task is configured to remove infected and probably infected objects, Kaspersky Security for Windows Server forcibly removes the entire parent compound object when a malicious or other embedded object is detected. The parent file along with all of its contents are forcibly removed if the application cannot remove only the detected child object (for example, if the parent object cannot be modified).
If this check box is cleared and the task is configured to remove infected and probably infected objects, Kaspersky Security for Windows Server does not perform the selected action if the parent object cannot be modified.
- Select the action to be performed on infected and other detected objects:
- Notify only.
When this mode is selected, Kaspersky Security for Windows Server does not block access to nor perform any actions on infected or other detected objects. The following event is recorded in the task log: Object not disinfected. Reason: no action was taken to neutralize detected object due to user-defined settings. The event specifies all available information about the detected object.
Notify only mode should be separately configured for each protection or scan area. This mode is not used by default in any of the security levels. If you select this mode, Kaspersky Security for Windows Server automatically changes the security level to Custom.
- Block access.
When this option is selected, Kaspersky Security for Windows Server blocks access to the detected or probably infected object. In the drop-down list, you can select an additional action to perform on blocked objects.
- Perform additional action.
Select the action from the drop-down list:
- Disinfect.
- Disinfect. Remove if disinfection fails.
- Remove.
Kaspersky Security for Windows Server deletes the object and places a copy of it in Backup.
- Recommended.
Kaspersky Security for Windows Server performs an action recommended by Kaspersky experts.
- Select the action to be performed on probably infected objects:
- Notify only.
- Block access.
- Perform additional action.
Select the action from the drop-down list:
- Quarantine.
- Remove.
- Recommended.
- Configure actions to be performed on objects depending on the type of object detected:
- Clear or select the Perform actions depending on the type of object detectedcheck box.
If the check box is selected, you can independently set primary and secondary actions for each type of detected objects by clicking the Settings button next to the check box. However, Kaspersky Security for Windows Server will not allow to open or execute an infected object regardless of your choice.
If the check box is cleared, Kaspersky Security for Windows Server performs actions that are selected in the Action to perform on infected and other objects and Action to perform on probably infected objects sections for named object types respectively.
The check box is cleared by default.
- Click the Settings button.
- In the window that opens, select a primary action and a secondary action (to be performed if the primary action fails) for each type of detected object.
- Click OK.
- Clear or select the
- In the Exclusions section, configure the following settings:
- Clear or select the Exclude filescheck box.
Excluding files from scanning by file name or file name mask.
If this check box is selected, Kaspersky Security for Windows Server skips the specified objects during scanning.
If this check box is cleared, Kaspersky Security for Windows Server scans all objects.
The check box is cleared by default.
- Clear or select the Do not detectcheck box.
Objects are excluded from scanning by the name or name mask of the detectable object. The list of names of detectable objects is available on the Virus Encyclopedia website.
If this check box is selected, Kaspersky Security for Windows Server skips specified detectable objects during scanning.
If the check box is cleared, Kaspersky Security for Windows Server detects all objects specified in the application by default.
The check box is cleared by default.
- Clear or select the
- In the Performance section, configure the following settings:
- Stop scanning if it takes longer than (sec.)
Limits the duration of object scanning. The default value is 60 seconds.
If the check box is selected, scanning is limited to the specified maximum duration.
If the check box is cleared, scanning is unlimited.
By default, the check box for the Maximum performance security level is selected.
- Do not scan compound objects larger than (MB)
Excludes objects larger than the specified size from scanning.
If the check box is selected, Kaspersky Security for Windows Server skips compound objects whose size exceeds the specified limit during a virus scan.
If this check box is cleared, Kaspersky Security for Windows Server scans compound objects of any size.
By default, the check box is selected for the Maximum performance security level.
- Use iSwift technology
iSwift compares a file’s NTFS identifier stored in a database with its current identifier. Scanning is performed only for files whose identifiers have changed (new files and files modified since the last scan of NTFS system objects).
If the check box is selected, Kaspersky Security for Windows Server scans only new files or those modified since the last scan of NTFS system objects.
If the check box is cleared, Kaspersky Security for Windows Server scans NTFS file system objects regardless of the file creation date or file modification date, except for files from network folders.
The check box is selected by default.
- Use iChecker technology
iChecker calculates and remembers checksums of scanned files. If an object is modified, the checksum changes. The application compares all checksums and scans only files that are new and have been modified since the last scan.
If the check box is selected, Kaspersky Security for Windows Server scans only new and modified files.
If the check box is cleared, Kaspersky Security for Windows Server scans files regardless of the file creation date or file modification date.
The check box is selected by default.
- Click the OK button.