Creating a policy

Support

Support for business applications

Kaspersky Endpoint Security 12 for Linux

Managing the application using the Administration Console

Managing policies in the Administration Console

Creating a policy

January 23, 2024

ID 198048

To create a policy:

Open the Administration Console of Kaspersky Security Center.
Do one of the following:
- Select the Managed devices folder to create a policy for all the devices managed by Kaspersky Security Center.
- In the Managed devices folder, select the folder with the name of the administration group containing client devices to which the policy should be applied.
In the workspace, select the Policies tab.
Click the New policy button.
The Policy Wizard starts.
In the drop-down list, select Kaspersky Endpoint Security 12.0 for Linux.
Proceed to the next step of the wizard.
Enter a name for the created policy.
To use the settings from the previous version of Kaspersky Endpoint Security policy in the policy being created, select the Use policy settings for the earlier application version check box.
Proceed to the next step of the wizard.
Decide whether you want to use Kaspersky Security Network. Carefully read the Kaspersky Security Network Statement and do one of the following:
- If you agree with all the terms and conditions of the Statement and want the application to use Kaspersky Security Network, select I confirm that I have fully read, understand, and accept the terms and conditions of Kaspersky Security Network Statement.
- If you do not want to use Kaspersky Security Network, select I do not accept the terms and conditions of the Kaspersky Security Network Statement and confirm your decision in the window that opens.
Refusal to use Kaspersky Security Network does not interrupt the policy creation process. At any time, you can enable or disable use of Kaspersky Security Network or change the KSN mode for managed devices in the policy settings.

Proceed to the next step of the wizard.
Specify the Kaspersky Endpoint Security usage mode:
- Standalone mode – the application is used to protect devices running Linux operating systems.
- Light Agent mode for protecting virtual environments – as part of the Kaspersky Security for Virtualization Light Agent solution, the application is used to protect virtual machines running Linux guest operating systems.
Proceed to the next step of the wizard.
If you are using the application in Light Agent mode to protect virtual environments, configure the SVM discovery settings:
1. Select the method that Light Agents use to discover SVMs available for connection.
  - Use the Integration Server
    If this option is selected, Light Agent connects to Integration Server to get a list of SVMs available for connection and their details.
  - Use a custom list of SVM addresses
    If this option is selected, you can specify a list of SVMs that Light Agents managed by this policy can connect to. Light agents will only connect to SVMs specified in the list.
  If you select the Use a custom list of SVM addresses option, the Light Agent is using the advanced SVM selection algorithm, and large infrastructure protection mode is enabled on an SVM (for more information, see the Kaspersky Security for Virtualization Light Agent Help), then connecting a Light Agent to this SVM is only possible if the SVM path is ignored. In the SVM selection algorithm section, you need to set the SVM path setting to Ignore SVM path. If any other value is set, Light Agents will not be able to connect to the SVM.
2. If you select Integration Server, the wizard displays the current settings for connecting Light Agents to the Integration Server: address and port for connecting. If necessary, specify new connection settings:
  1. Click the Edit button and specify new connection settings in the window that opens:
    - Address
      IP address in IPv4 format or fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
      
      If the device on which Kaspersky Security Center Administration Console is installed is part of a domain, the field indicates the domain name of this device by default.
      
      If the device on which the Kaspersky Security Center Administration Console is installed is not part of a domain or the Integration Server is installed on another device, the field must be filled in manually.
      
      If a NetBIOS name, "localhost", or 127.0.0.1 is specified as the address, the connection to the Integration Server fails with an error.
    - Port
      Port for connecting to the Integration Server.
      
      Port 7271 is used by default.
  2. Click OK.
  3. If the device hosting the Kaspersky Security Center Administration Console does not belong to a domain or your account does not belong to the KLAdmins local or domain group or to the local administrator group, the Integration Server administrator account is used for authentication on the Integration Server.
    In the window that opens, enter the password of the Integration Server administrator (password of the admin account) and click the OK button.
  4. The MMC plug-in checks the SSL certificate received from the Integration Server. If the certificate contains an error or is not trusted, the Integration Server certificate verification window opens. You can click the link in the window to view the details of the received certificate.
    If you encounter problems with an SSL certificate, we recommend to make sure that the data transmission channel you are using is secure.
    
    To continue connecting to the Integration Server, click the Ignore button. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed.
3. If you select a manually defined list of SVM addresses, the window displays a list of SVMs that Light Agents managed by this policy can connect to. To add an SVM to the list, click the Add button and in the window that opens specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the SVM. You can enter multiple IP addresses or FQDNs of SVMs on a new line.
  Specify only fully qualified domain names (FQDNs) that map to a single IP address. Using a fully qualified domain name that corresponds to multiple IP addresses can lead to errors in the application.
  
  You can delete addresses selected in the list by clicking the Delete button.
Proceed to the next step of the wizard.
If necessary, configure the File Threat Protection settings.
Proceed to the next step of the wizard.
If necessary, modify the default scan settings.
Proceed to the next step of the wizard.
If necessary, configure exclusion areas.
Proceed to the next step of the wizard.
If necessary, modify the default actions for infected objects.
Proceed to the next step of the wizard.
Complete the New Policy Wizard.

Kaspersky Endpoint Security for Linux: High protection without performance compromising

Detects and blocks advanced threats. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.