Creating and configuring policies
October 25, 2023
This section provides information on using Kaspersky Security Center policies for managing Kaspersky Embedded Systems Security for Windows on several protected devices.
Global Kaspersky Security Center policies can be created for managing protection on several devices where Kaspersky Embedded Systems Security for Windows is installed.
A policy enforces the specified Kaspersky Embedded Systems Security for Windows settings, functions and tasks on all protected devices for one administration group.
Several policies for one administration group can be created and enforced in turns. The policy currently active for a group has active status in the Administration Console.
Information on policy enforcement is logged in the Kaspersky Embedded Systems Security for Windows system audit log. This information can be viewed in the Application Console in the System audit log node.
Kaspersky Security Center offers one way to apply policies on protected devices: Prohibit changing the settings. After a policy has been applied, Kaspersky Embedded Systems Security for Windows uses the settings for which you have selected the icon in the policy properties on protected devices. In this case, the selected settings are used instead of the settings in effect before the policy was applied. Kaspersky Embedded Systems Security for Windows does not apply the active policy settings for which the icon is selected in the policy properties.
If a policy is active, the values of settings marked with the icon in the policy are displayed in the Application Console but cannot be edited. The values of other settings (marked with the icon in the policy) can be edited in the Application Console.
The settings configured in the active policy and marked with the icon also block changes in Kaspersky Security Center for an individual protected device in the Properties: <Protected device name> window.
Settings that are specified and sent to the protected device using an active policy are saved in the local task settings after the active policy is disabled.
If a policy defines settings for any Real-Time Computer Protection task that is currently running, the settings defined by the policy will change immediately after the policy is applied. If the task is not running, the settings are applied when it starts.