Organizing computer protection

Kaspersky Endpoint Security provides comprehensive computer protection against various types of threats, network and phishing attacks.

Each type of threat is handled by a dedicated component. Components can be enabled or disabled independently of one another, and their settings can be configured.

In addition to the real-time protection that the application components provide, we recommend that you regularly scan the computer for viruses and other threats. This helps to rule out the possibility of spreading malware that is undetected by protection components due to a low security level setting or for other reasons.

To keep Kaspersky Endpoint Security up to date, you must update the databases and modules that the application uses. The application is updated automatically by default, but if necessary, you can update the databases and application modules manually.

The following application components are control components:

• Application Startup Control. This component keeps track of user attempts to start applications and regulates the startup of applications.
• Application Privilege Control. This component registers the actions of applications in the operating system and regulates application activity depending on the trust group of a particular application. A set of rules is specified for each group of applications. These rules regulate the access of applications to user data and to resources of the operating system. Such data includes user files (My Documents folder, cookies, user activity information) and files, folders, and registry keys that contain settings and important information from the most frequently used applications.
• Vulnerability Monitor. The Vulnerability Monitor component runs a real-time vulnerability scan of applications that are started or are running on the user's computer.
• Device Control. This component lets you set flexible restrictions on access to data storage devices (such as hard drives, removable drives, tape drives, and CD/DVD disks), data transmission equipment (such as modems), equipment that converts information into hard copies (such as printers), or interfaces for connecting devices to computers (such as USB, Bluetooth, and Infrared).
• Web Control. This component lets you set flexible restrictions on access to web resources for different user groups.

The operation of control components is based on the following rules:

• Application Startup Control uses Application Startup Control rules.
• Application Privilege Control uses Application Control rules.
• Device Control uses device access rules and connection bus access rules.
• Web Control uses web resource access rules.

The following application components are protection components:

• File Anti-Virus. This component protects the file system of the computer from infection. File Anti-Virus starts together with Kaspersky Endpoint Security, continuously remains active in computer memory, and scans all files that are opened, saved, or started on the computer and on all connected drives. File Anti-Virus intercepts every attempt to access a file and scans the file for viruses and other threats.
• System Watcher. This component keeps a record of application activity on the computer and provides this information to other components to ensure more effective protection of the computer.
• Mail Anti-Virus. This component scans incoming and outgoing email messages for viruses and other threats.
• Web Anti-Virus. This component scans traffic that arrives on the user's computer via the HTTP and FTP protocols, and checks whether URLs are listed as malicious or phishing web addresses.
• IM Anti-Virus. This component scans traffic that arrives on the computer via IM client protocols. The component lets you securely use many IM clients.
• Firewall. This component protects data that is stored on the computer and blocks most possible threats to the operating system while the computer is connected to the Internet or to a local area network. The component filters all network activity according to rules of two kinds: network rules for applications and network packet rules.
• Network Monitor. This component lets you view network activity of the computer in real time.
• Network Attack Blocker. This component inspects inbound network traffic for activity that is typical of network attacks. Upon detecting an attempted network attack that targets your computer, Kaspersky Endpoint Security blocks network activity from the attacking computer.

The following tasks are provided in Kaspersky Endpoint Security:

• Full Scan. Kaspersky Endpoint Security scans the operating system, including RAM, objects that are loaded at startup, backup storage of the operating system, and all hard drives and removable drives.
• Custom Scan. Kaspersky Endpoint Security scans the objects that are selected by the user.
• Critical Areas Scan. Kaspersky Endpoint Security scans objects that are loaded at operating system startup, RAM, and objects that are targeted by rootkits.
• Update. Kaspersky Endpoint Security downloads updated databases and application modules. Updating keeps the computer protected against the latest viruses and other threats.
• Vulnerability Scan. Kaspersky Endpoint Security scans the operating system and installed software for vulnerabilities. This scanning ensures timely detection and removal of potential problems that intruders can exploit.

File encryption functionality lets you encrypt files and folders that are stored on local computer drives. The drive encryption functionality allows encryption of hard drives and removable drives.

Remote administration through Kaspersky Security Center

Kaspersky Security Center makes it possible to remotely start and stop Kaspersky Endpoint Security on a client computer, and to remotely manage and configure application settings.

Service functions of the application

Kaspersky Endpoint Security includes a number of service functions. Service functions are meant to keep the application up to date, expand its functionality, and assist the user with operating the application.

• Reports. In the course of its operation, the application keeps a report on each application component and task. The report contains a list of Kaspersky Endpoint Security events and all operations that the application performs. In case of an incident, you can send reports to Kaspersky, where Technical Support specialists can look into the issue in more detail.
• Data storage. If the application detects infected or probably infected files while scanning the computer for viruses and other threats, it blocks those files. Kaspersky Endpoint Security moves probably infected files to a special storage called Quarantine. Kaspersky Endpoint Security stores copies of disinfected and deleted files in Backup. Kaspersky Endpoint Security moves files that are not processed for any reason to the list of unprocessed files. You can scan files, restore files to their original folders, and empty the data storage.
• Notification service. The notification service keeps the user informed about the current protection status of the computer and about the operation of Kaspersky Endpoint Security. Notifications can be displayed on the screen or sent by email.
• Kaspersky Security Network. User participation in Kaspersky Security Network enhances the effectiveness of computer protection through real-time collection of information on the reputation of files, web resources, and software from users worldwide.
• License. Purchasing a license unlocks full application functionality, provides access to application database and module updates, and support by phone or via email on issues related to installation, configuration, and use of the application.
• Support. All registered users of Kaspersky Endpoint Security can contact Technical Support specialists for assistance. You can send a request from My Kaspersky Account on the Technical Support website or receive assistance from support personnel over the phone.

If the application returns an error or hangs up during operation, it may be restarted automatically.

If the application encounters recurring errors that cause the application to crash, the application performs the following operations:

1. Disables control and protection functions (encryption functionality remains enabled).
2. Notifies the user that the functions have been disabled.
3. Attempts to restore the application to a functional state after updating anti-virus databases or applying application module updates.

The application receives information on recurring errors and system hangs using special-purpose algorithms defined by Kaspersky experts.