File Level Encryption
You can compile lists of files by extension or group of extensions and lists of folders stored on local computer drives, and create rules for encrypting files that are created by specific applications. After a policy is applied, Kaspersky Endpoint Security encrypts and decrypts the following files:
- files individually added to lists for encryption and decryption;
- files stored in folders added to lists for encryption and decryption;
- files created by separate applications.
This component is available if Kaspersky Endpoint Security is installed on a computer that runs on Windows for workstations. This component is unavailable if Kaspersky Endpoint Security is installed on a computer that runs on Windows for servers.
File encryption has the following special features:
- Kaspersky Endpoint Security encrypts / decrypts files in predefined folders only for local user profiles of the operating system. Kaspersky Endpoint Security does not encrypt or decrypt files in predefined folders of roaming user profiles, mandatory user profiles, temporary user profiles, or redirected folders.
- Kaspersky Endpoint Security does not encrypt files whose modification could harm the operating system and installed applications. For example, the following files and folders with all nested folders are on the list of encryption exclusions:
- %WINDIR%;
- %PROGRAMFILES% and %PROGRAMFILES(X86)%;
- Windows registry files.
The list of encryption exclusions cannot be viewed or edited. While files and folders on the list of encryption exclusions can be added to the encryption list, they will not be encrypted during file encryption.
File Level Encryption component settings
Parameter
Description
Encryption mode
Leave unchanged. If this item is selected, Kaspersky Endpoint Security leaves the files and folders unchanged without encrypting or decrypting them.
According to rules. If this item is selected, Kaspersky Endpoint Security encrypts the files and folders according to encryption rules, decrypts the files and folders according to decryption rules, and regulates the access of applications to encrypted files according to application rules.
Decrypt all. If this item is selected, Kaspersky Endpoint Security decrypts all encrypted files and folders.
Encryption
This tab shows encryption rules for files stored on local drives. You can add files as follows:
- Predefined folders. Kaspersky Endpoint Security allows you to add the following areas:
Documents. Files in the standard Documents folder of the operating system, and its subfolders.
Favorites. Files in the standard Favorites folder of the operating system, and its subfolders.
Desktop. Files in the standard Desktop folder of the operating system, and its subfolders.
Temporary files. Temporary files related to the operation of applications installed on the computer. For example, Microsoft Office applications create temporary files containing backup copies of documents.
Outlook files. Files related to the operation of the Outlook mail client: data files (PST), offline data files (OST), offline address book files (OAB), and personal address book files (PAB).
- Custom folder. You can type the path to the folder. When adding a folder path, adhere to the following rules:
Use an environment variable (for example,
%FOLDER%\UserFolder\). You can use an environment variable only once and only at the beginning of the path.Do not use relative paths.
Do not use the
*and?characters.Do not use UNC paths.
Use
;or,as a separator character. - Files by extension. You can select extension groups from the list, such as the extension group Archives. You can also manually add the file extension.
Decryption
This tab shows decryption rules for files stored on local drives.
Rules for applications
The tab displays a table containing encrypted file access rules for applications and encryption rules for files that are created or modified by individual applications.
Encrypted packages
Password strength requirements to meet when creating encrypted packages.
