Protecting the application with password

This Help provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

To restrict Kaspersky Endpoint Agent operations, which can result in decrease of protection level of the user computer and the data processed on this computer, as well as decrease of the application self-defense level, it is required to protect the application with password.

Password is required to execute the following commands in Kaspersky Endpoint Agent command line interface:

• --sandbox=disable
• --sandbox=show
• --sandbox=enable --tls=no
• --sandbox=enable --pinned-certificate=<full path to the TLS certificate file for connecting Kaspersky Endpoint Agent with Kaspersky Sandbox>
• --quarantine=delete –ouid
• --quarantine=show
• --quarantine=restore
• --quarantine=add
• --product=stop
• --password=reset
• --isolation=disable
• --prevention=disable
• --selfdefense
• --license=delete
• --message-broker --type=kata <settings>
• --event --action=enable
• --event --action=disable

To enter the password, use the --pwd=<current user password> parameter.

The password is also required when performing the following actions on the application:

• Application uninstallation and remote application uninstallation using Kaspersky Security Center
• Changing the set of the application components (modify)
• Application update (upgrade)
• Application repair (repair)
• Operations in the application installation wizard
• Operations in the command line interface

After enabling password protection and applying Kaspersky Security Center policy, a single password is applied to all devices of Kaspersky Endpoint Agent managed group.

After disabling password protection in the policy, password protection settings retain for the local device and can be edited.

The password is stored in the application settings in encrypted form (as a checksum).

To enter the password, use the --pwd=<current user password> parameter.

To configure Kaspersky Endpoint Agent password protection using the command line interface:

1. On the device, run a command line interpreter (for example, Command Prompt cmd.exe) with the permissions of the local administrator.
2. Using the cd command, navigate to the folder where the Agent.exe file is located.

   For example, you can type the following command cd "C:\Program Files (x86)\Kaspersky Lab\Endpoint Agent\" and press ENTER.

3. Enter one of the following commands and press ENTER:
   • agent.exe --password=state to view the current password protection status of the application.
   • agent.exe --password=set --pwd=<current user password> --new=<new user password> to set a new user password.
   • agent.exe --password=reset --pwd=<current user password> to reset the user password.