Registering the Kaspersky Security Service as a protected service

Protected Process Light (also referred to as "PPL") technology ensures that the operating system only loads trusted services and processes. For a service to run as a protected service, an Early Launch Antimalware driver must be installed on the protected device.

An Early Launch Antimalware (also referred to as "ELAM") driver provides protection for the devices in your network when they start and before third-party drivers are initialized.

The ELAM driver is automatically installed during the Kaspersky Embedded Systems Security installation and is used for registering the Kaspersky Security Service as PPL when the operating system starts. When the Kaspersky Security Service (KAVFS) is started as a system protected process, other non-protected processes on the system are not able to inject threads, write into the virtual memory of the protected process, or stop the service.

When a process is started as PPL, it cannot be managed by user disregarding the assigned user permissions. The Kaspersky Security Service registration as PPL using the ELAM driver is supported on the Microsoft Windows 10 and higher operating systems. If you install Kaspersky Embedded Systems Security on a server running PPL-supporting operating system, the permission management for Kaspersky Security Service (KAVFS) will not be available.

To install Kaspersky Embedded Systems Security as PPL, run the following command:

msiexec /i ess_x64.msi NOPPL=0 EULA=1 PRIVACYPOLICY=1 /qn