About permissions to manage the Kaspersky Security Service
During installation, Kaspersky Embedded Systems Security for Windows registers the Kaspersky Security Service (KAVFS) in Windows, and internally enables the functional components that are started at operating system startup. To reduce the risk of third-party access to application functions and security settings on the protected device via the Kaspersky Security Service, you can restrict permissions for managing the Kaspersky Security Service from the Application Console or the Administration Plug-in.
By default, access permissions for managing the Kaspersky Security Service are granted to users in the Administrators group on the protected device. Read permissions are granted to the SERVICE and INTERACTIVE groups, and read and execute permissions are granted to the SYSTEM group.
You cannot delete the SYSTEM user account or edit permissions for this account. If the permissions for the SYSTEM account are edited, the maximum privileges are restored for this account when you save the changes.
Users who have access to functions of the Edit permissions level can grant access permissions for managing the Kaspersky Security Service to other users registered on the protected device or included in the domain.
You can choose one of the following preset levels of access permissions for a user or group of users of Kaspersky Embedded Systems Security for Windows for managing the Kaspersky Security Service:
- Full control: ability to view and edit general settings and user permissions for the Kaspersky Security Service, and to start and stop the Kaspersky Security Service.
- Read: ability to view Kaspersky Security Service general settings and user permissions.
- Modification: ability to view and edit Kaspersky Security Service general settings and user permissions.
- Execution: ability to start and stop the Kaspersky Security Service.
You can also configure advanced access permissions: allow or deny access to specific Kaspersky Embedded Systems Security for Windows functions (see the table below).
If you have manually configured access permissions for a user or group, then the Special permissions access level is set for this user or group.
Access permissions for Kaspersky Security Service functions
Feature | Description |
|---|---|
View service configurations | Ability to view Kaspersky Security Service general settings and user permissions. |
Request service status from Service Control Manager | Ability to request the execution status of the Kaspersky Security Service from the Microsoft Windows Service Control Manager. |
Request status from service | Ability to request the service execution status from the Kaspersky Security Service. |
Read list of dependent services | Ability to view a list of services which the Kaspersky Security Service depends on and which depend on the Kaspersky Security Service. |
Editing service settings | Ability to view and edit Kaspersky Security Service general settings and user permissions. |
Start the service | Ability to start the Kaspersky Security Service. |
Stop the service | Ability to stop the Kaspersky Security Service. |
Pause / Resume the service | Ability to pause and resume the Kaspersky Security Service. |
Read permissions | Ability to view the list of Kaspersky Security Service users and each user's access privileges. |
Edit permissions | Ability to:
|
Delete the service | Ability to unregister the Kaspersky Security Service in the Microsoft Windows Service Control Manager. |
User defined requests to service | Ability to create and send user requests to the Kaspersky Security Service. |
