Application settings
You can configure the following general settings of the application:
- Operating mode
- Self-Defense
- Performance
- Debug information
- Computer status when settings are applied
Application settings
Parameter
Description
Start Kaspersky Endpoint Security on computer startup (recommended)
When the check box is selected, Kaspersky Endpoint Security is started after the operating system loads, protecting the computer during the entire session.
When the check box is cleared, Kaspersky Endpoint Security is not started after the operating system loads, until the user starts it manually. Computer protection is disabled and user data may be exposed to threats.
Use Advanced Disinfection technology (requires considerable computer resources)
If the check box is selected, a pop-up notification appears on the screen when malicious activity is detected in the operating system. In its notification, Kaspersky Endpoint Security offers the user to perform Advanced Disinfection of the computer. After the user approves this procedure, Kaspersky Endpoint Security neutralizes the threat. After completing the advanced disinfection procedure, Kaspersky Endpoint Security restarts the computer. The advanced disinfection technology uses considerable computing resources, which may slow down other applications.
When the application is in process of detecting an active infection, some operating system functionality can be unavailable. The availability of the operating system is restored when Advanced Disinfection is complete and the computer is restarted.
If Kaspersky Endpoint Security is installed on a computer running Windows for Servers, Kaspersky Endpoint Security does not show the notification. Therefore, the user cannot select an action to disinfect an active threat. To disinfect a threat, you need to enable Advanced Disinfection technology in application settings and enable immediate Advanced Disinfection in Malware Scan task settings. Then you need to start a Malware Scan task.
Use Kaspersky Security Center as proxy server for activation
(available only in the Kaspersky Security Center Console)
If this check box is selected, the Kaspersky Security Center Administration Server is used as a proxy server when activating the application.
Enable Self-Defense
When this check box is selected, Kaspersky Endpoint Security prevents alteration or deletion of application files on the hard drive, memory processes, and entries in the system registry.
Enable external management of system services
If the check box is selected, Kaspersky Endpoint Security allows management of application services from a remote computer. When an attempt is made to manage application services remotely, a notification is displayed in the Microsoft Windows taskbar, above the application icon (unless the notification service has been disabled by the user).
Postpone scheduled tasks while running on battery power
If the check box is selected, energy conservation mode is enabled. Kaspersky Endpoint Security postpones scheduled tasks. You can start scan and update tasks manually, if necessary.
When energy conservation mode is enabled and the computer is running on battery power, the following tasks are not run even if scheduled:
- Update
- Full Scan
- Critical Areas Scan
- Custom Scan
- Integrity check
- IOC Scan.
Concede resources to other applications
Consumption of computer resources by Kaspersky Endpoint Security when scanning the computer may increase the load on the CPU and hard drive subsystems. This may slow down other applications. To optimize the performance, Kaspersky Endpoint Security provides a mode for transferring resources to other applications. In this mode, the operating system can decrease the priority of Kaspersky Endpoint Security scan task threads when the CPU load is high. This allows redistributing operating system resources to other applications. Thus, scan tasks will receive less CPU time. As a result, Kaspersky Endpoint Security will take longer to scan the computer. By default, the application is configured to concede resources to other applications.
Enable dump writing
If the check box is selected, Kaspersky Endpoint Security writes dumps when it crashes.
If the check box is cleared, Kaspersky Endpoint Security does not write dumps. The application also deletes existing dump files from the computer hard drive.
Enable dump and trace files protection
If the check box is selected, access to dump files is granted to the system administrator and local administrator as well as to the user who enabled dump writing. Only system and local administrators can access trace files.
If the check box is cleared, any user can access dump files and trace files.
Computer status when settings are applied
(available only in the Kaspersky Security Center Console)
Settings for displaying the statuses of client computers with Kaspersky Endpoint Security installed in the Web Console when errors occur while applying a policy or executing a task. The following statuses are available OK, Warning and Critical.
Install updates without computer restart
Upgrading the application without computer restart allows you to ensure uninterrupted operation of servers.
You can upgrade the application without a restart starting with version 11.10.0. To upgrade an earlier version of the application, you must restart the computer.
Starting with version 11.11.0 you can perform the following actions without restarting a computer:
- install patches
- change the set of application components
- install Kaspersky Endpoint Security over Kaspersky Security for Windows Server
The default value of the parameter varies depending on the type of the operating system. If the application is installed on a workstation, the upgrading the application without a restart option is disabled. If the application is installed on a server, the upgrading the application without a restart option is enabled.
Compatibility with remote administration software
(available only in the Kaspersky Security Center Console)
If using Kaspersky Endpoint Security alongside Remote Administration Tools (RAT) causes problems, you can enable the compatibility mode. The problems may be related to the incompatibility of RATs with the Secure Desktop functionality of the application. This purpose of this functionality is to confirm actions that can potentially lower the security level of the computer. This functionality lets an application display a confirmation dialog that is isolated from other processes. This functionality uses elevated rights to secure the request. In this way, only the user can confirm the action and not the malware.
If the check box is selected, the RAT compatibility mode is enabled. The Secure Desktop functionality for Kaspersky Endpoint Security is disabled. The application displays a confirmation dialog without this functionality. This can reduce the security level of the computer. We do not recommend enabling the compatibility mode if Kaspersky Endpoint Security is not causing problems with your RAT.
If the check box is cleared, the RAT compatibility mode is disabled. The Secure Desktop functionality is enabled. This check box is cleared by default.
Example: When using the browser in RemoteApp mode, Kaspersky Endpoint Security may not display a confirmation window when visiting a website with an untrusted certificate because RemoteApp does not support the Secure Desktop functionality of the application. This can cause the browser to become unresponsive. For the browser to work correctly in RemoteApp mode, you must enable the compatibility mode.
You can also try enabling the compatibility mode if you encounter problems with the Secure Desktop functionality when using other third-party software.
