Protecting the application with password

To restrict Kaspersky Endpoint Agent's operations that might result in a decrease in the protection level of the user's computer and the data processed on that computer, as well as a decrease in the application's self-defense level, it is necessary to password protect the application.

The password is required to execute the following commands in Kaspersky Endpoint Agent command line interface:

• --sandbox=disable
• --sandbox=show
• --sandbox=enable --tls=no
• --sandbox=enable --pinned-certificate=<full path to the TLS certificate file for connecting Kaspersky Endpoint Agent to Kaspersky Sandbox>
• --quarantine=delete –ouid
• --quarantine=show
• --quarantine=restore
• --quarantine=add
• --product=stop
• --password=reset
• --isolation=disable
• --prevention=disable
• --selfdefense
• --license=delete
• --message-broker --type=kata <settings>
• --event --action=enable
• --event --action=disable

To enter the password, use the --pwd=<current user password> parameter.

The password is also required when performing the following actions on the application:

• Application uninstallation and remote application uninstallation using Kaspersky Security Center
• Application update (upgrade)
• Application repair (repair)
• Operations in the application installation wizard
• Operations in the command line interface

After enabling password protection and applying the Kaspersky Security Center policy, the same password is applied to all devices in the Kaspersky Endpoint Agent managed group.

After disabling password protection in the policy, the password protection settings are retained for the local device and can be edited.

The password is stored in the application settings in encrypted form (as a checksum).

To enter the password, use the --pwd=<current user password> parameter.

To configure Kaspersky Endpoint Agent password protection using the command line interface:

1. On the device, run a command line interpreter (for example, Command Prompt cmd.exe) with the permissions of the local administrator.
2. Using the cd command, navigate to the folder where the Agent.exe file is located.

   For example, enter the command cd "C:\Program Files (x86)\Kaspersky Lab\Endpoint Agent\" and press ENTER.

3. Enter one of the following commands and press ENTER:
   • agent.exe --password=state to view the current password protection status of the application.
   • agent.exe --password=set --pwd=<current user password> --new=<new user password> to set a new user password.
   • agent.exe --password=reset --pwd=<current user password> to reset the user password.