When creating a policy, the wizard suggests settings that are relevant for the selected mode. For example, for Light Agent mode, you must add a Protection Server (SVM). When using the application to protect an SQL server, you must add predefined scan exclusions to make sure the operation of the server is not interfered with. The wizard suggests relevant policy settings after selecting a mode. You can then edit these settings in policy properties.
How to create a policy in the Administration Console (MMC)
The Policy Wizard starts.
Step 1. Selecting the application to create group policy
Select the Kaspersky Endpoint Security for Windows (12.8) application.
Step 2. Naming the group policy
Enter a name for the group policy, for example, Policy for the office.
You can also create new policies based on the existing policies using the Policy Wizard. To do so, when specifying the group policy name, select the Use policy settings for an earlier version of the application check box. The wizard also allows creating a Kaspersky Endpoint Security (KES) policy based on a policy of a different solution, for example, Kaspersky Security for Windows Server (KSWS) or Kaspersky Security for Virtualization Light Agent for Windows
Step 3. Participating in Kaspersky Security Network
Please read and accept the terms of the Kaspersky Security Network (KSN) Statement.
Step 4. Selecting the application usage mode on computers
Depending on the purpose of using Kaspersky Endpoint Security, you can deploy the Kaspersky Endpoint Security application in different modes:
If you select this mode, you can specify basic policy settings while the wizard is running. You can also import basic policy settings from a configuration file.
If you select this mode, you can create a policy only with default settings. To configure EDR Agent settings, you must navigate to policy properties after the wizard finishes.
If you select this mode, at the next step, you must configure the connection to the Protection Server (SVM). These settings are required for the application to work in Light Agent mode.
Kaspersky Endpoint Security provides a common policy for all application modes and OS types. This means that the policy covers the whole set of settings. However, the application may ignore some of the policy settings because Kaspersky Endpoint Security is deployed in a mode in which some functionality is not available. For example, when using the application in Endpoint Detection and Response Agent mode, only settings that are relevant to the integration with Kaspersky Detection and Response solutions and to integration with KUMA are available.
We recommend using different policies for different modes and operating system types.
Step 5. Configuring the trusted zone
Configure the trusted zone. You can add predefined scan exclusions and trusted applications. Predefined scan exclusions and trusted applications help quickly configure Kaspersky Endpoint Security on SQL servers, Microsoft Exchange servers, and System Center Configuration Manager. This means you do not need to manually set up a trusted zone for the application on servers. Predefined scan exclusions and trusted applications can also help you quickly configure Kaspersky Endpoint Security in Light Agent mode in Citrix and VMware virtual environments.
Step 6. Selecting the policy status
The settings of an active policy are saved on client computers during synchronization. You cannot simultaneously apply multiple policies to one computer, therefore only one policy may be active in each group.
You can create an unlimited number of inactive policies. An inactive policy does not affect application settings on computers in the network. Inactive policies are intended as preparations for emergency situations, such as a virus attack. If there is an attack via flash drives, you can activate a policy that blocks access to flash drives. In this case, the active policy automatically becomes inactive.
Exit the Wizard.
How to create a policy in the Web Console and Cloud Console
The Policy Wizard starts.
If you select this mode, you can create a policy to integrate the computer with Kaspersky Detection and Response solutions. The wizard prompts you to configure the integration for Kaspersky Managed Detection and Response and then Kaspersky Anti Targeted Attack Platform (EDR).
If you select this mode, at the next step, you must configure the connection to the Protection Server (SVM). These settings are required for the application to work in Light Agent mode.
Kaspersky Endpoint Security provides a common policy for all application modes and OS types. This means that the policy covers the whole set of settings. However, the application may ignore some of the policy settings because Kaspersky Endpoint Security is deployed in a mode in which some functionality is not available. For example, when using the application in Endpoint Detection and Response Agent mode, only settings that are relevant to the integration with Kaspersky Detection and Response solutions and to integration with KUMA are available.
We recommend using different policies for different modes and operating system types.
The settings of an active policy are saved on client computers during synchronization. You cannot simultaneously apply multiple policies to one computer, therefore only one policy may be active in each group.
You can create an unlimited number of inactive policies. An inactive policy does not affect application settings on computers in the network. Inactive policies are intended as preparations for emergency situations, such as a virus attack. If there is an attack via flash drives, you can activate a policy that blocks access to flash drives. In this case, the active policy automatically becomes inactive.
As a result, Kaspersky Endpoint Security settings will be configured on client computers during the next synchronization. You can view information about the policy that is being applied to the computer in the Kaspersky Endpoint Security interface by clicking the button on the main screen (for example, the policy name). To do so, in the settings of the Network Agent policy, you need to enable the receipt of extended policy data. For more details about a Network Agent policy, please refer to the Kaspersky Security Center Help.