Kaspersky Embedded Systems Security 3.x

Creating and configuring policies

March 10, 2023

ID 193228

This section provides information on using Kaspersky Security Center policies for managing Kaspersky Embedded Systems Security on several protected devices.

Global Kaspersky Security Center policies can be created for managing protection on several devices where Kaspersky Embedded Systems Security is installed.

A policy enforces the specified Kaspersky Embedded Systems Security settings, functions and tasks on all protected devices for one administration group.

Several policies for one administration group can be created and enforced in turns. The policy currently active for a group has active status in the Administration Console.

Information on policy enforcement is logged in the Kaspersky Embedded Systems Security system audit log. This information can be viewed in the Application Console in the System audit log node.

Kaspersky Security Center offers one way to apply policies on protected devices: Prohibit changing the settings. After a policy has been applied, Kaspersky Embedded Systems Security uses the settings for which you have selected the "Open lock" icon icon in the policy properties on protected devices. In this case, the selected settings are used instead of the settings in effect before the policy was applied. Kaspersky Embedded Systems Security does not apply the active policy settings for which the "Open lock" icon icon is selected in the policy properties.

If a policy is active, the values of settings marked with the "Open lock" icon icon in the policy are displayed in the Application Console but cannot be edited. The values of other settings (marked with the "Open lock" icon icon in the policy) can be edited in the Application Console.

The settings configured in the active policy and marked with the "Open lock" icon icon also block changes in Kaspersky Security Center for one protected device in the Properties: <Protected device name> window.

Settings that are specified and sent to the protected device using an active policy are saved in the local task settings after the active policy is disabled.

If the policy defines the settings for any Real-Time Computer Protection task, and if such a task is currently running, then the settings defined by the policy will be modified as soon as the policy is applied. If the task is not running, the settings are applied when it starts.

In this section

Creating a policy

Kaspersky Embedded Systems Security policy settings sections

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.