Kaspersky Next Pro View
- Kaspersky Next help
- What's new
- About Kaspersky Next
- Quick Start Guide
- Getting started with Kaspersky Next
- Kaspersky Next Management Console
- Initial setup of Kaspersky Next
- Interface of Kaspersky Next Management Console
- Deployment of security applications
- Upgrading Kaspersky Next
- Managing user accounts
- Managing devices
- Viewing the list of devices
- About device statuses
- Viewing the properties of a device
- Connecting Windows devices and Mac devices
- Renaming devices
- Assigning the owner of a Windows device or a Mac device
- Scenario: Creating, renewing, and uploading an APNs certificate
- Connecting mobile devices
- Sending commands to users' devices
- Deleting devices from the list of devices
- Starting and stopping anti-malware database updates and malware scans
- Updating the security application on devices running Windows and macOS
- Managing security profiles
- Endpoint Detection and Response
- About Endpoint Detection and Response
- About Indicators of Compromise
- Starting the use of Endpoint Detection and Response
- Scenario: Configuring and using Endpoint Detection and Response
- Configuring IoC scans for potential threats
- Configuring execution prevention
- Viewing information about Endpoint Detection and Response alerts
- Taking manual response measures
- Canceling network isolation of a Windows device
- Exporting information about Endpoint Detection and Response alerts
- Disabling Endpoint Detection and Response
- Root-Cause Analysis
- Adaptive Anomaly Control
- Data Discovery
- About Data Discovery
- Categories of information detected by Data Discovery
- Starting the use of Data Discovery
- Connecting an Office 365 organization to your workspace
- Viewing information about Data Discovery detections
- Example of analyzing a Data Discovery detection
- Exporting information about Data Discovery detections
- Disabling Data Discovery
- Cloud Discovery
- About Cloud Discovery
- Starting the use of Cloud Discovery
- Enabling and disabling Cloud Discovery in security profiles
- Viewing information about the use of cloud services
- Risk level of a cloud service
- Blocking access to unwanted cloud services
- Enabling and disabling the monitoring of internet connections on Windows devices
- Vulnerability Assessment and Patch Management
- Encryption Management
- Performing typical tasks
- Closing a Management Console session
- Viewing widgets
- Configuring protection
- Configuring protection components on Windows devices
- Selecting the types of detectable objects on Windows devices
- Configuring the File Threat Protection component on Windows devices
- Configuring the scanning of removable drives when they are connected to a computer
- Configuring the Mail Threat Protection component on Windows devices
- Configuring the Web Threat Protection component on Windows devices
- Configuring the Behavior Detection, Exploit Prevention, and Remediation Engine components on Windows devices
- Enabling and disabling AMSI Protection
- Configuring the BadUSB Attack Prevention component
- Configuring the Network Threat Protection component on Windows devices
- Configuring network ports exclusions
- Enabling and disabling Advanced Disinfection
- Configuring protection components on Mac devices
- Trusted zone
- Configuring anti-malware protection on Android devices
- Configuring protection components on Windows devices
- Configuring the Host Intrusion Prevention component on Windows devices
- Defining proxy server settings
- Managing the startup of applications on users' devices
- Compliance control of Android devices with corporate security requirements
- Configuring user access to device features
- Controlling network and storage devices on Windows devices
- Generating a list of trusted network and storage devices on Windows devices
- Configuring interaction of Kaspersky Endpoint Security for Windows with end users
- Configuring interaction of Kaspersky Endpoint Security for Mac with end users
- Controlling user access to the features of Android devices
- Controlling user access to the features of iOS and iPadOS devices
- Device hack detection (root access)
- Configuring password protection of Windows devices
- Configuring the unlock password for mobile devices
- Configuring Firewall on Windows devices
- Configuring user access to websites
- Configuring a proxy server
- Configuring an internet connection
- Configuring email on iOS and iPadOS devices
- Configuring CalDAV Calendar on iOS and iPadOS devices
- Protecting Kaspersky Endpoint Security for Android against removal
- Configuring notifications from Kaspersky Endpoint Security for Android
- Enabling and disabling performance features of Kaspersky Endpoint Security for Windows
- Configuring performance features of Kaspersky Endpoint Security for Mac
- Enabling and disabling the transmission of dump files and trace files to Kaspersky for analysis
- Viewing license details and entering an activation code
- Leaving feedback
- Reports on device protection
- List of reports on device protection
- Protection status report
- Threats report
- Status of anti-malware database updates report
- Network attacks report
- Vulnerabilities report
- Cloud Discovery reports
- Adaptive Anomaly Control reports
- Detections by Device Control component report
- Detections by Web Control component report
- Encryption status of devices report
- Kaspersky applications versions report
- Working with reports
- Configuring regular delivery of reports by email
- List of reports on device protection
- Viewing the event log and configuring event notifications
- Adjusting the general settings of Kaspersky Next
- Managing objects in Quarantine
- Kaspersky Security Network
- Kaspersky Business Hub
- About Kaspersky Business Hub
- Managing the list of companies on Kaspersky Business Hub
- Viewing the list of companies on Kaspersky Business Hub
- Viewing aggregated protection statistics
- Adding a new company to Kaspersky Business Hub
- Adding another workspace for a company registered on Kaspersky Business Hub
- Editing company information
- Deleting the workspace of a company
- Canceling deletion of a company workspace
- Viewing news and sending feedback
- Managing the list of licenses on Kaspersky Business Hub
- Taking cybersecurity training
- Selecting the data centers used to store Kaspersky Next information
- Resetting your password
- Editing the settings of an account in Kaspersky Business Hub
- Quick Start Guide for Managed Service Providers (MSPs)
- Kaspersky Next licensing
- Contact Technical Support
- Sources of information about the application
- Glossary
- Account on Kaspersky Business Hub
- Administration Server
- Anti-malware databases
- Apple Push Notification service (APNs) certificate
- Background scan
- Certificate Signing Request
- Compliance control
- Device owner
- File Threat Protection
- Host Intrusion Prevention (Application Privilege Control)
- Kaspersky Business Hub
- Kaspersky Next Management Console
- Kaspersky Security Network (KSN)
- Mail Threat Protection
- Malicious web addresses
- Malware
- Managed device
- Network Agent
- Network Threat Protection
- Patch
- Phishing
- Proxy server
- Quarantine
- Security application
- Security profile
- Supervised device
- Trusted device
- Trusted Platform Module (TPM)
- Trusted zone
- Update importance level
- User alias
- Vulnerability
- Vulnerability severity level
- Web Threat Protection
- Windows device name
- Workspace
- Information about third-party code
- Trademark notices
Configuring the trusted zone on Windows devices
This section describes how to configure the trusted zone for devices running Windows.
To configure the trusted zone on Windows devices:
- Open Kaspersky Next Management Console.
- Select the Security management → Security profiles section.
The Security profiles section contains a list of security profiles configured in Kaspersky Next.
- In the list, select the security profile for the devices on which you want to configure the trusted zone.
- Click the link with the profile name to open the security profile properties window.
The security profile properties window displays settings available for all devices.
- In the Windows group, select the Advanced section.
- Click the Settings link below the Threat detection and exclusions section.
The Threat detection and exclusions window opens.
- Define the required settings:
- Trusted applications
- In the Trusted applications section, click Settings.
The Trusted applications window opens.
- Do any of the following:
- To add an application that you want to be excluded from monitoring:
- Click the Add button.
The Add a trusted application window opens.
- Under Path or path mask to the application, specify the path to the executable file of the application to be excluded.
When specifying the path, you can use environment variables (for example, %ProgramFiles%).
- Select the check boxes next to the application activities that do not need to be controlled:
- Do not scan files opened by the application
All files that are opened by the application are excluded from scans. For example, if you are using applications to back up files, this feature helps reduce the consumption of the devices' resources by Kaspersky Endpoint Security for Windows.
This option is applicable for the following Kaspersky Endpoint Security for Windows components: File Threat Protection.
- Do not monitor application activity
Kaspersky Endpoint Security for Windows does not monitor the application's file activity and network activity in the operating system.
This option is applicable for the following Kaspersky Endpoint Security for Windows components: Firewall and Behavior Detection, Exploit Prevention, and Remediation Engine.
- Do not monitor activity of all child applications
Kaspersky Endpoint Security for Windows does not monitor the file activity and network activity of applications that are started by this application.
This option is applicable for the following Kaspersky Endpoint Security for Windows components: Firewall and Behavior Detection, Exploit Prevention, and Remediation Engine.
- Allow the application to interact with the Kaspersky Endpoint Security for Windows interface
The remote access application is allowed to manage Kaspersky Endpoint Security for Windows settings through the Kaspersky Endpoint Security for Windows interface.
This option is applicable for the following Kaspersky Endpoint Security for Windows components: Self-Defense.
- Do not scan network traffic of the application
Network traffic initiated by the application is excluded from scans.
You can exclude either all traffic or only encrypted traffic from scans. You can also exclude only individual IP addresses and port numbers from scans.
This option is applicable to all Kaspersky Endpoint Security for Windows components that scan network traffic.
- Do not scan files opened by the application
- Click OK to close the Add a trusted application window.
The added application appears in the list of exclusions in the Trusted applications window.
- Click the Add button.
- To modify an application that is excluded from monitoring:
- Select the check box next to the required application.
- Click the Edit button.
The Add a trusted application window opens. It contains details about the selected application and excluded activities.
- Make the necessary changes.
- Click OK to close the Add a trusted application window.
The modified application is displayed in the list of exclusions in the Trusted applications window.
- To delete an application from the list of monitoring exclusions:
- Select the check box next to the required application.
- Click the Delete button.
The deleted application disappears from the list of exclusions in the Trusted applications window.
- To add an application that you want to be excluded from monitoring:
- Click the Save button to save the changes.
- In the Trusted applications section, click Settings.
- Malware scan exclusions
- Click the Settings link below the Malware scan exclusions section.
The Malware scan exclusions window opens.
- Do any of the following:
- To add a file, a folder, or an object to the list of scan exclusions:
- Click the Add button.
The New record window opens.
- By selecting or clearing the File or folder and Object name check boxes, select whether the exclusion must include a file or folder, an object, or both.
- In the Comment entry field, type a description of the exclusion being created.
- If the File or folder check box is selected, fill in the Name or name mask of file or folder field with the files or folders that you do not want to be scanned.
When specifying files or folders, you can use environment variables (for example, %ProgramFiles%) and masks.
- If you want to exclude subfolders of the specified folder, select the Including subfolders check box.
- If the Object name check box is selected, fill in the Object name field with the objects that you do not want to be detected.
When specifying objects, you can use masks.
- Under Protection components, select the components to which the new exclusion will apply:
- All components—The exclusion will apply to all protection components available in Kaspersky Next.
- Selected components—The exclusion will apply only to the components that you select.
Kaspersky Next contains more protection components than those available for selection.
- Click OK to close the New record window.
The added record appears in the list of scan exclusions in the Malware scan exclusions window.
- Click the Add button.
- To modify a record in the list of scan exclusions:
- Select the check box next to the required record.
- Click the Edit button.
The New record window opens. It contains details about the selected scan exclusion.
- Make the necessary changes.
- Click OK to close the New record window.
The modified record is displayed in the list of exclusions in the Malware scan exclusions window.
- To enable or disable a record in the list of scan exclusions, enable or disable the toggle switch in the Status column.
By default, all predefined scan exclusions are disabled.
- To delete a record from the list of scan exclusions:
- Select the check box next to the required record.
- Click the Delete button.
The deleted record disappears from the list of exclusions in the Malware scan exclusions window.
- To add a file, a folder, or an object to the list of scan exclusions:
- Click the Save button to save the changes.
- Click the Settings link below the Malware scan exclusions section.
- Network ports exclusions
- Click the Settings link below the Network ports exclusions section.
The Network ports exclusions window opens.
- Do any of the following:
- To add network ports that you want to be excluded from monitoring:
- Click the Add button.
The Add ports to exclusions window opens. The window lists all network ports that are monitored by Kaspersky Next.
- Select the check boxes next to the network ports to be excluded.
- Click OK to close the Add ports to exclusions window.
The added network ports appear in the list of exclusions in the Network ports exclusions window.
- Click the Add button.
- To delete network ports from the list of monitoring exclusions:
- Select the check box next to the required network ports.
- Click the Delete button.
The deleted network ports disappear from the list of exclusions in the Network ports exclusions window.
- To add network ports that you want to be excluded from monitoring:
- Click the Save button to save the changes.
- Click the Settings link below the Network ports exclusions section.
- Trusted applications
The trusted zone is updated.
After the security profile is applied on users' devices, Kaspersky Endpoint Security for Windows does not scan or monitor the objects that are added to exclusions. The objects that are deleted from exclusions are controlled.