Kaspersky Endpoint Security 12.1 for Windows
- Čeština (Česká republika)
- Deutsch
- Español (España)
- Español (México)
- Français
- Italiano
- Magyar (Magyarország)
- Nederlands (Nederland)
- Polski (Polska)
- Português (Brasil)
- Português (Portugal)
- Română (România)
- Tiếng Việt (Việt Nam)
- Türkçe (Türkiye)
- Русский
- العربية (الإمارات العربية المتحدة)
- 한국어 (대한민국)
- 简体中文
- 繁體中文
- 日本語(日本)
- Čeština (Česká republika)
- Deutsch
- Español (España)
- Español (México)
- Français
- Italiano
- Magyar (Magyarország)
- Nederlands (Nederland)
- Polski (Polska)
- Português (Brasil)
- Português (Portugal)
- Română (România)
- Tiếng Việt (Việt Nam)
- Türkçe (Türkiye)
- Русский
- العربية (الإمارات العربية المتحدة)
- 한국어 (대한민국)
- 简体中文
- 繁體中文
- 日本語(日本)
- Kaspersky Endpoint Security for Windows Help
- Kaspersky Endpoint Security for Windows
- Installing and removing the application
- Deployment through Kaspersky Security Center
- Installing the application locally using the Wizard
- Remotely installing the application using System Center Configuration Manager
- Description of setup.ini file installation settings
- Change application components
- Upgrading from a previous version of the application
- Remove the application
- Application licensing
- About the End User License Agreement
- About the license
- About the license certificate
- About subscription
- About license key
- About activation code
- About the key file
- Comparison of application functionality depending on license type for workstations
- Comparison of application functionality depending on license type for servers
- Activating the application
- Viewing license information
- Purchasing a license
- Renewing subscription
- Data provision
- Getting started
- About the Kaspersky Endpoint Security for Windows Management Plug-in
- Special considerations when working with different versions of management plug-ins
- Special considerations when using encrypted protocols for interacting with external services
- Application interface
- Getting started
- Managing policies
- Task management
- Configuring local application settings
- Starting and stopping Kaspersky Endpoint Security
- Pausing and resuming computer protection and control
- Creating and using a configuration file
- Restoring the default application settings
- Malware Scan
- Updating databases and application software modules
- Database and application module update scenarios
- Starting and stopping an update task
- Starting an update task under the rights of a different user account
- Selecting the update task run mode
- Adding an update source
- Configuring updates from a shared folder
- Updating application modules
- Using a proxy server for updates
- Last update rollback
- Working with active threats
- Computer protection
- File Threat Protection
- Enabling and disabling File Threat Protection
- Automatic pausing of File Threat Protection
- Changing the action taken on infected files by the File Threat Protection component
- Forming the protection scope of the File Threat Protection component
- Using scan methods
- Using scan technologies in the operation of the File Threat Protection component
- Optimizing file scanning
- Scanning compound files
- Changing the scan mode
- Web Threat Protection
- Mail Threat Protection
- Enabling and disabling Mail Threat Protection
- Changing the action to take on infected email messages
- Forming the protection scope of the Mail Threat Protection component
- Scanning compound files attached to email messages
- Email messages attachment filtering
- Exporting and importing extensions for attachment filtering
- Scanning emails in Microsoft Office Outlook
- Network Threat Protection
- Firewall
- BadUSB Attack Prevention
- AMSI Protection
- Exploit Prevention
- Behavior Detection
- Enabling and disabling Behavior Detection
- Selecting the action to take on detecting malware activity
- Protection of shared folders against external encryption
- Enabling and disabling protection of shared folders against external encryption
- Selecting the action to take on detection of external encryption of shared folders
- Creating an exclusion for protection of shared folders against external encryption
- Configuring addresses of exclusions from protection of shared folders against external encryption
- Exporting and importing a list of exclusions from protection of shared folders against external encryption
- Host Intrusion Prevention
- Remediation Engine
- Kaspersky Security Network
- Encrypted connections scan
- Wipe Data
- File Threat Protection
- Computer control
- Web Control
- Device Control
- Enabling and disabling Device Control
- About access rules
- Editing a device access rule
- Editing a connection bus access rule
- Managing access to mobile devices
- Control of printing
- Control of Wi-Fi connections
- Monitoring usage of removable drives
- Changing the caching duration
- Actions with trusted devices
- Obtaining access to a blocked device
- Editing templates of Device Control messages
- Anti-Bridging
- Adaptive Anomaly Control
- Enabling and disabling Adaptive Anomaly Control
- Enabling and disabling an Adaptive Anomaly Control rule
- Modifying the action taken when an Adaptive Anomaly Control rule is triggered
- Creating an exclusion for an Adaptive Anomaly Control rule
- Exporting and importing exclusions for Adaptive Anomaly Control rules
- Applying updates for Adaptive Anomaly Control rules
- Editing Adaptive Anomaly Control message templates
- Viewing Adaptive Anomaly Control reports
- Application Control
- Application Control functionality limitations
- Receiving information about the applications that are installed on users' computers
- Enabling and disabling Application Control
- Selecting the Application Control mode
- Managing Application Control rules
- Adding a trigger condition for the Application Control rule
- Adding executable files from the Executable files folder to the application category
- Adding event-related executable files to the application category
- Adding an Application Control rule
- Changing the status of an Application Control rule via Kaspersky Security Center
- Exporting and importing Application Control rules
- Viewing events resulting from operation of the Application Control component
- Viewing a report on blocked applications
- Testing Application Control rules
- Application activity monitor
- Rules for creating name masks for files or folders
- Editing Application Control message templates
- Best practices for implementing a list of allowed applications
- Network ports monitoring
- Log Inspection
- File Integrity Monitor
- Password protection
- Trusted zone
- Managing Backup
- Notification service
- Managing reports
- Kaspersky Endpoint Security Self-Defense
- Kaspersky Endpoint Security performance and compatibility with other applications
- Data Encryption
- Encryption functionality limitations
- Changing the length of the encryption key (AES56 / AES256)
- Kaspersky Disk Encryption
- Special features of SSD drive encryption
- Starting Kaspersky Disk Encryption
- Creating a list of hard drives excluded from encryption
- Exporting and importing a list of hard drives excluded from encryption
- Enabling Single Sign-On (SSO) technology
- Managing Authentication Agent accounts
- Using a token and smart card with Authentication Agent
- Hard drive decryption
- Restoring access to a drive protected by Kaspersky Disk Encryption technology
- Signing in with the Authentication Agent service account
- Updating the operating system
- Eliminating errors of encryption functionality update
- Selecting the Authentication Agent tracing level
- Editing Authentication Agent help texts
- Removing leftover objects and data after testing the operation of Authentication Agent
- BitLocker Management
- File Level Encryption on local computer drives
- Encrypting files on local computer drives
- Forming encrypted file access rules for applications
- Encrypting files that are created or modified by specific applications
- Generating a decryption rule
- Decrypting files on local computer drives
- Creating encrypted packages
- Restoring access to encrypted files
- Restoring access to encrypted data after operating system failure
- Editing templates of encrypted file access messages
- Encryption of removable drives
- Viewing data encryption details
- Working with encrypted devices when there is no access to them
- Detection and Response solutions
- KSWS to KES Migration Guide
- Correspondence of KSWS and KES components
- Correspondence of KSWS and KES settings
- Migrating KSWS components
- Migrating KSWS tasks and policies
- Installing KES instead of KSWS
- Migrating the [KSWS+KEA] configuration to [KES+built-in agent] configuration
- Making sure Kaspersky Security for Windows Server was successfully removed
- Activating KES with a KSWS key
- Special considerations for migrating high-load servers
- Example of migration from [KSWS+KEA] to KES
- Managing the application on a Core Mode server
- Managing the application from the command line
- Installing the application
- Activating the application
- Remove the application
- AVP commands
- SCAN. Malware Scan
- UPDATE. Updating databases and application software modules
- ROLLBACK. Last update rollback
- TRACES. Tracing
- START. Start the profile
- STOP. Stopping a profile
- STATUS. Profile status
- STATISTICS. Profile operation statistics
- RESTORE. Restoring files from Backup
- EXPORT. Exporting application settings
- IMPORT. Importing application settings
- ADDKEY. Applying a key file
- LICENSE. Licensing
- RENEW. Purchasing a license
- PBATESTRESET. Reset the disk check results before encrypting the disk
- EXIT. Exit the application
- EXITPOLICY. Disabling policy
- STARTPOLICY. Enabling policy
- DISABLE. Disabling protection
- SPYWARE. Spyware detection
- KSN. Switching between KSN / KPSN
- KESCLI commands
- Scan. Malware Scan
- GetScanState. Scan completion status
- GetLastScanTime. Determining the scan completion time
- GetThreats. Obtaining data on detected threats
- UpdateDefinitions. Updating databases and application software modules
- GetDefinitionState. Determining the update completion time
- EnableRTP. Enabling protection
- GetRealTimeProtectionState. File Threat Protection status
- Version. Identifying the application version
- Detection and Response management commands
- Error codes
- Appendix. Application profiles
- Managing the application through the REST API
- Sources of information about the application
- Contacting Technical Support
- Limitations and warnings
- Glossary
- Active key
- Additional key
- Administration group
- Anti-virus databases
- Archive
- Authentication Agent
- Certificate issuer
- Database of malicious web addresses
- Database of phishing web addresses
- Disinfection
- False alarm
- Infectable file
- Infected file
- IOC
- IOC file
- License certificate
- Mask
- Network Agent
- Normalized form of the address of a web resource
- OLE object
- OpenIOC
- Portable File Manager
- Protection scope
- Scan scope
- Task
- Trusted Platform Module
- Appendices
- Appendix 1. Application settings
- File Threat Protection
- Web Threat Protection
- Mail Threat Protection
- Network Threat Protection
- Firewall
- BadUSB Attack Prevention
- AMSI Protection
- Exploit Prevention
- Behavior Detection
- Host Intrusion Prevention
- Remediation Engine
- Kaspersky Security Network
- Log Inspection
- Web Control
- Device Control
- Application Control
- Adaptive Anomaly Control
- File Integrity Monitor
- Endpoint Sensor
- Kaspersky Sandbox
- Endpoint Detection and Response
- Endpoint Detection and Response (KATA)
- Full Disk Encryption
- File Level Encryption
- Encryption of removable drives
- Templates (data encryption)
- Exclusions
- Application settings
- Reports and storage
- Network settings
- Interface
- Manage Settings
- Updating databases and application software modules
- Appendix 2. Application trust groups
- Appendix 3. File extensions for quick removable drives scan
- Appendix 4. File Types for the Mail Threat Protection attachment filter
- Appendix 5. Network settings for interaction with external services
- Appendix 6. Application events
- Appendix 7. Supported file extensions for Execution prevention
- Appendix 8. Supported script interpreters for Execution prevention
- Appendix 9. IOC scan scope in the registry (RegistryItem)
- Appendix 10. IOC file requirements
- Appendix 1. Application settings
- Information about third-party code
- Trademark notices
Correspondence of KSWS and KES settings
When migrating policies and tasks, KES is configured in accordance with KSWS settings. Settings of application components that KSWS does not have are set to default values.
Application settings
Scalability, interface and scanning settings
Application settings are not supported in Kaspersky Endpoint Security for Windows.
Application settings
Kaspersky Security for Windows Server settings |
Kaspersky Endpoint Security for Windows settings |
---|---|
Scalability settings |
(does not migrate) Kaspersky Endpoint Security manages all work processes. |
Show System Tray Icon |
(does not migrate) On a client computer, the main window of Kaspersky Endpoint Security and the icon in the Windows notification area are available by default. In the context menu of the icon, the user can perform operations with Kaspersky Endpoint Security. Kaspersky Endpoint Security also displays notifications above the application icon. You can configure user interaction in the application interface settings. |
Restore file attributes after scanning |
(does not migrate) Kaspersky Endpoint Security automatically restores file attributes after scanning a file. |
Limit CPU usage for scanning threads |
(does not migrate) Kaspersky Endpoint Security does not limit CPU usage when scanning. You can configure the task to run when the computer is operating under minimum load. |
Folder for temporary files created during scanning |
(does not migrate) Kaspersky Endpoint Security places the temporary files in the C:\Windows\Temp folder. |
HSM system settings |
(does not migrate) Kaspersky Endpoint Security does not support HSM systems. |
KSWS security settings are migrated to the General settings section, Application settings and Interface subsections.
Application security settings
Kaspersky Security for Windows Server settings |
Kaspersky Endpoint Security for Windows settings |
---|---|
Protect application processes from external threats |
Enable Self-Defense (Application settings subsection) |
Apply password protection |
(does not migrate) Kaspersky Endpoint Security has a built-in Password protection feature (see the Interface subsection). |
Perform task recovery |
(does not migrate) Kaspersky Endpoint Security only automatically restores Malware Scan tasks. Kaspersky Endpoint Security runs other tasks on a schedule. |
Do not start scheduled scan tasks |
Postpone scheduled tasks while running on battery power (Application settings subsection) |
Stop current scan tasks |
(does not migrate) When the computer becomes powered by an UPS, Kaspersky Endpoint Security does not stop scan tasks that are already running. |
Administration Server interaction settings are migrated to the General settings section, Network settings and Application settings subsections.
Administration Server interaction settings
Kaspersky Security for Windows Server settings |
Kaspersky Endpoint Security for Windows settings |
---|---|
Proxy server settings |
Proxy Server Settings (Network settings subsection) |
Do not use proxy server for local addresses |
Bypass proxy server for local addresses (Network settings subsection) |
Proxy server authentication settings |
Use proxy server authentication (Network settings subsection) Kaspersky Endpoint Security does not support NTLM authentication. If NTLM authentication is enabled in KSWS settings, after migration, you must configure proxy server authentication and configure a user name and a password. The proxy server authentication password is not migrated. After a policy is migrated, the password must be entered manually. |
Use Kaspersky Security Center as a proxy server when activating the application |
Use Kaspersky Security Center as proxy server for activation (Application settings subsection) |
Kaspersky Endpoint Security ignores the settings for running local system tasks of Kaspersky Security for Windows Server. You can configure the use of local KES tasks under Local Tasks, Task management. You can also configure a schedule for running the Malware Scan and Update tasks in the properties of these tasks.
Supplementary
KSWS trusted zone settings are migrated to the General settings section, Exclusions subsection.
Trusted zone settings
Kaspersky Security for Windows Server settings |
Kaspersky Endpoint Security for Windows settings |
---|---|
Object to scan (Exclusions) |
Scan exclusions (Scan exclusions) The methods used by KSWS and KES for selecting objects differ. When migrating, KES supports exclusions defined as individual files or paths to file / folder. If KSWS has exclusions configured as a predefined area or a script URL, such exclusions are not migrated. After migration, you must add such exclusions manually. |
Apply also to subfolders (Exclusions) |
Including subfolders (Scan exclusions) |
Objects to detect (Exclusions) |
Object name (Scan exclusions) |
Exclusion usage scope (Exclusions) |
Protection components (Scan exclusions) If at least one component is selected in KSWS, KES applies the exclusions to all application components. |
Comment (Exclusions) |
Comment (Scan exclusions) |
Trusted process (Trusted process) |
Trusted applications Trusted process / application selection methods differ in KSWS and KES. When migrating, KES supports trusted applications configured as a path to the executable file or mask. If KSWS has trusted processes configured as a file has, such trusted processes are not migrated. After migration, you must add such trusted processes manually. |
Do not check file backup operations (Trusted process) |
Do not monitor application activity (Trusted applications) |
Removable Drives Scan settings are migrated to the Local Tasks section, Removable drives scan subsection.
Removable Drives Scan settings
Kaspersky Security for Windows Server settings |
Kaspersky Endpoint Security for Windows settings |
---|---|
Scan removable drives on connection via USB |
Action when a removable drive is connected |
Scan removable drives if its stored data volume does not exceed (MB) |
Maximum removable drive size |
Scan with security level:
|
Action when a removable drive is connected:
KSWS security levels correspond to KES scan modes as follows:
|
User permissions for application management
Kaspersky Endpoint Security does not support assigning user access permissions for application management and application service management. You can configure access settings for users and user groups for managing the application in Kaspersky Security Center.
User access permissions for Kaspersky Security Service management
Kaspersky Endpoint Security does not support assigning user access permissions for application management and application service management. You can configure access settings for users and user groups for managing the application in Kaspersky Security Center.
KSWS storage settings are migrated to General settings section, Reports and Storage subsection, and to Essential Threat Protection section, Network Threat Protection subsection.
Storage settings
Kaspersky Security for Windows Security settings |
Kaspersky Endpoint Security for Windows settings |
---|---|
Backup folder |
(does not migrate) Kaspersky Endpoint Security saves backup copies of files in the |
Maximum Backup size (MB) |
Limit the size of Backup to N MB (General settings → Reports and Storage section) |
Threshold value for space available (MB) |
(does not migrate) Kaspersky Endpoint Security logs the Quarantine storage is almost out of space event when the 50 % threshold is reached. |
Target folder for restoring objects |
(does not migrate) Kaspersky Endpoint Security restores files to their original folder. |
Quarantine folder |
(does not migrate) Kaspersky Endpoint Security saves backup copies of files in the |
Maximum Quarantine size (MB) |
(does not migrate) Kaspersky Endpoint Security uses Backup to store probably infected objects. During migration, Kaspersky Endpoint Security ignores Quarantine settings. |
Threshold value for space available (MB) |
(does not migrate) Kaspersky Endpoint Security uses Backup to store probably infected objects. During migration, Kaspersky Endpoint Security ignores Quarantine settings. |
Target folder for restoring objects |
(does not migrate) Kaspersky Endpoint Security restores files to their original folder. |
Unblock automatically in N |
Block attacking devices for N min (Essential Threat Protection → Network Threat Protection section) |
Real-time server protection
KSWS Real-Time File Protection settings are migrated to the Essential Threat Protection section, File Threat Protection subsection.
Real-Time File Protection settings
Kaspersky Security for Windows Server settings |
Kaspersky Endpoint Security for Windows settings |
---|---|
Objects protection mode:
|
Scan mode:
|
Deeper analysis of launching processes |
(does not migrate) Kaspersky Endpoint Security supports only one analysis mode, the Optimal mode. |
Heuristic analyzer:
|
Heuristic analysis:
|
Apply Trusted Zone |
(does not migrate) Kaspersky Endpoint Security applies the trusted zone to all components. You can configure exclusions in trusted zone settings. |
Use KSN for protection |
(does not migrate) Kaspersky Endpoint Security uses KSN for all application components. |
Block access to network shared resources for the hosts that show malicious activity |
(does not migrate) By default, Kaspersky Endpoint Security blocks access to network shared resources for hosts that show malicious activity. |
Launch critical areas scan when active infection is detected |
(does not migrate) Kaspersky Endpoint Security does not launch the critical areas scan task when active infection is detected. |
Use Kaspersky Sandbox for protection |
(does not migrate) By default, Kaspersky Endpoint Security sends objects for scanning to Kaspersky Sandbox. |
Protection scope |
Protection scope |
Schedule settings |
(does not migrate) Kaspersky Endpoint Security uses its own schedule for pausing File Threat Protection. |
KSWS settings for Kaspersky Security Network are migrated to the Advanced Threat Protection section, Kaspersky Security Network subsection.
Kaspersky Security Network settings
Kaspersky Security for Windows Server settings |
Kaspersky Endpoint Security for Windows settings |
---|---|
I confirm that I have fully read, understood, and accept the terms of participation in Kaspersky Security Network |
Kaspersky Security Network Statement Kaspersky Endpoint Security requests consent to the Kaspersky Security Network Statement when the application is installed, a new policy is created, or Kaspersky Security Network usage is enabled. |
Send data about scanned files |
(does not migrate) Kaspersky Endpoint Security sends data about scanned files automatically if KSN is enabled. |
Send data about requested URLs |
(does not migrate) Kaspersky Endpoint Security sends data about requested URLs automatically if KSN is enabled. |
Send Kaspersky Security Network statistics |
Enable extended KSN mode |
Accept the terms of the Kaspersky Managed Protection Statement |
(does not migrate) Kaspersky Endpoint Security does not include the KMP service. |
Action to perform on KSN untrusted objects |
(does not migrate) You can configure the Action on threat detection in Protection component settings and Scan task settings. |
Do not calculate checksum before sending to KSN if file size exceeds N MB |
(does not migrate) You can configure large file scanning restrictions in Protection component settings and Scan task settings. |
Use Kaspersky Security Center as KSN Proxy |
Use KSN Proxy |
Schedule settings |
(does not migrate) It is not possible to configure a separate schedule for the component. The component is always on while Kaspersky Endpoint Security is operational. |
KSWS Traffic Security settings are migrated to the Essential Threat Protection section, Web Threat Protection and Mail Threat Protection subsection, Security Controls section, Web Control subsection, General settings section, Network settings subsection.
Traffic Security settings
Kaspersky Security for Windows Server settings |
Kaspersky Endpoint Security for Windows settings |
---|---|
Apply URL-based rules |
Web Control (Web Control subsection) URL-based rules are migrated to separate rules in Kaspersky Endpoint Security. |
Apply certificate-based rules |
(does not migrate) Kaspersky Endpoint Security does not support certificate-based rules. |
Apply rules for web traffic category control |
Web Control (Web Control subsection) Blocking rules for web traffic category control are migrated to a single blocking rule in Kaspersky Endpoint Security. Kaspersky Endpoint Security ignores allowing rules for category control. The correspondence of KSWS and KES categories is listed below. |
Allow access if the web page can not be categorized |
(does not migrate) Kaspersky Endpoint Security allows access if the web page can not be categorized. |
Allow access to legitimate web resources that can be used to damage a protected device |
(does not migrate) Kaspersky Endpoint Security allow access to legitimate web resources that can be used to damage the protected device. |
Allow access to legitimate advertisement |
(does not migrate) You can manage access to legitimate advertisement using the Banners web resource category in Web Control settings. |
Operation mode:
|
(does not migrate) Kaspersky Endpoint Security supports only the Driver Interceptor mode. |
ICAP-service connection settings |
(does not migrate) Kaspersky Endpoint Security does not support ICAP Network Storage Protection. |
Check safe connections through the HTTPS protocol |
Scan encrypted connections / Always scan encrypted connections mode (Network settings subsection) |
Use TLS protocol version |
(does not migrate) Kaspersky Endpoint Security scans encrypted network traffic transmitted over the following protocols:
You can additionally block SSL 2.0 connections in encrypted connections scan settings. |
Do not trust web-servers with invalid certificate |
When visiting a domain with an untrusted certificate (Network settings subsection) |
Intercept ports (Interception area) |
Monitored ports (Network settings subsection) During migration, KES clears the check boxes Monitor all ports for the applications from the list recommended by Kaspersky and Monitor all ports for specified applications. |
Exclude ports (Interception area) |
(does not migrate) |
Exclude IP addresses (Interception area) |
Trusted addresses (Network settings subsection) |
Exclude processes (Interception area) |
Trusted applications (Network settings subsection) During migration, KES configures the following settings for the trusted application:
|
Security port |
(does not migrate) |
Use malicious URL database to scan web links |
Check the web address against the database of malicious web addresses (Web Threat Protection subsection) |
Use anti-phishing database to scan web pages |
Check the web address against the database of phishing web addresses (Web Threat Protection subsection) |
Use KSN for protection |
(does not migrate) Kaspersky Endpoint Security uses KSN for all application components. |
Use Trusted Zone |
(does not migrate) Kaspersky Endpoint Security applies the trusted zone to all components. You can configure exclusions in trusted zone settings. |
Use heuristic analyzer |
Use Heuristic Analysis (Web Threat Protection and Mail Threat Protection subsections) |
Security level |
(does not migrate) Kaspersky Endpoint Security has its own security levels for Web Threat Protection and Mail Threat Protection components. By default, Kaspersky Endpoint Security sets the recommended security level. |
Enable mail threat protection |
Mail Threat Protection (Mail Threat Protection subsection) Connect Microsoft Outlook extension Incoming messages only (Protection scope) Scan when receiving (Email protection) |
Schedule settings |
(does not migrate) It is not possible to configure a separate schedule for the component. The component is always on while Kaspersky Endpoint Security is operational. |
KSWS Exploit Prevention settings are migrated to the Advanced Threat Protection section, Exploit Prevention subsection.
Exploit Prevention settings
Kaspersky Security for Windows Server settings |
Kaspersky Endpoint Security for Windows settings |
---|---|
Prevent vulnerable processes exploit:
|
On detecting exploit:
|
Notify about abused processes via Terminal Service |
(does not migrate) Kaspersky Endpoint Security does not support terminal services. |
Prevent vulnerable processes exploit even if Kaspersky Security Service is disabled |
(does not migrate) Kaspersky Endpoint Security constantly prevents vulnerable process exploits. |
Protected processes |
Enable system process memory protection Kaspersky Endpoint Security does not support selecting protected processes. You can only enable system processes memory protection. |
Exploit prevention techniques:
|
(does not migrate) Kaspersky Endpoint Security applies all available exploit prevention techniques. |
KSWS Network Threat Protection settings are migrated to the Essential Threat Protection section, Network Threat Protection subsection.
Network Threat Protection settings
Kaspersky Security for Windows Server settings |
Kaspersky Endpoint Security for Windows settings |
---|---|
Operation mode:
|
Network Threat Protection If Pass-through mode is selected, Network Threat Protection is disabled. If Only inform about network attacks mode or Block connections when attack is detected mode is selected, Network Threat Protection is enabled. Kaspersky Endpoint Security always works in the Block connections when attack is detected mode. |
Do not stop traffic analysis when the task is not running |
(does not migrate) Kaspersky Endpoint Security analyses traffic continuously if the component is enabled. |
Do not control excluded IP-addresses |
Exclusions |
Schedule settings |
(does not migrate) It is not possible to configure a separate schedule for the component. The component is always on while Kaspersky Endpoint Security is operational. |
Kaspersky Endpoint Security does not support the Script Monitoring component. Script Monitoring is handled by other components, for example, AMSI Protection.
Kaspersky Endpoint Security does not support all categories of Kaspersky Security for Windows Server. Categories that do not exist in Kaspersky Endpoint Security are not migrated. Therefore, web resource classification rules with unsupported categories are not migrated.
Website categories
Kaspersky Security for Windows Server categories |
Kaspersky Endpoint Security for Windows categories |
---|---|
Wargaming |
Video games |
Abortion |
(does not migrate) |
Lotteries (extended) |
Gambling, lotteries, sweepstakes |
Alcohol |
Alcohol, tobacco, drugs |
Anonymous proxy servers |
Anonymizers |
Anorexia |
(does not migrate) |
Rentals for real estate |
(does not migrate) |
Audio, video and software |
Software, audio, video |
Banks |
Banks |
Blogs |
Blogs |
Military |
Weapons, explosives, pyrotechnics |
For children |
(does not migrate) |
Discrimination |
Violence |
Home and family |
(does not migrate) |
Hosting and domain services |
Internet communication |
Pets and animals |
(does not migrate) |
Law and politics |
Forbidden by regional laws |
Restricted by Roskomnadzor (RF) |
Forbidden by Russian Federation laws |
Restricted by Federal Law 436 (RF) |
Forbidden by Russian Federation laws |
Restricted by RF legislation |
Forbidden by Russian Federation laws |
Restricted by global legislation |
Forbidden by regional laws |
Adult dating |
Adult content |
Internet services |
(does not migrate) |
Sex shops |
Adult content |
Information technologies |
(does not migrate) |
Casinos, card games |
Gambling, lotteries, sweepstakes |
Books and writing |
(does not migrate) |
Computer games |
Video games |
Health and beauty |
(does not migrate) |
Culture and society |
(does not migrate) |
LGBT |
Adult content |
Lotteries |
Gambling, lotteries, sweepstakes |
Medicine |
(does not migrate) |
Fashion |
(does not migrate) |
Music |
(does not migrate) |
Drugs |
Alcohol, tobacco, drugs |
Violence |
Violence |
Discontent |
(does not migrate) |
Illegal drugs |
Alcohol, tobacco, drugs |
Hate and discrimination |
Violence |
Obscene vocabulary |
Profanity, obscenity |
Lingerie |
Adult content |
News |
News media |
Nudism |
Adult content |
Education |
(does not migrate) |
Online shopping |
Online stores |
All communication media |
Internet communication |
Payment by credit cards |
Payment systems |
Online shopping (own payment system) |
Online stores |
Online encyclopedias |
(does not migrate) |
Online banking |
Banks |
Weapons |
Weapons, explosives, pyrotechnics |
Fishing and hunting |
(does not migrate) |
Payment systems |
Payment systems |
Job search |
Job search |
Search engines |
(does not migrate) |
Police decision (JP) |
Forbidden by Police of Japan |
Trusted by KPSN |
(does not migrate) |
Untrusted by KPSN |
(does not migrate) |
Porn |
Adult content |
Media hosting and streaming |
News media |
Web Mail |
Web-based mail |
Traveling |
(does not migrate) |
TV and radio |
News media |
Teasers and ads services |
Banners |
Religion |
Religions, religious associations |
Restaurants, cafe and food |
(does not migrate) |
Dating sites |
Dating sites |
Sex education |
Adult content |
Social networks |
Social networks |
Sport |
(does not migrate) |
Betting |
Gambling, lotteries, sweepstakes |
Suicide |
Violence |
Tobacco |
Alcohol, tobacco, drugs |
Torrents |
Torrents |
Mentioned in Federal list of extremists (RF) |
Forbidden by Russian Federation laws |
File sharing |
File sharing |
Pharmacy |
(does not migrate) |
Hobby and entertainment |
(does not migrate) |
Chats and forums |
Chats, forums, IM |
Schools and universities pages |
(does not migrate) |
Astrology and esoterica |
(does not migrate) |
Extremism and racism |
Violence |
E-commerce |
Online stores |
Erotic |
Adult content |
Humor |
(does not migrate) |
Local activity control
KSWS Application Control settings are migrated to the Security Controls section, Application Control subsection.
Application Control settings
Kaspersky Security for Windows Server settings |
Kaspersky Endpoint Security for Windows settings |
---|---|
Operation mode:
|
Action (Application Control):
|
Repeat action taken for the first file launch on all the subsequent launches for this file |
(does not migrate) Kaspersky Endpoint Security scans the application every time it attempts to run. |
Deny the command interpreters launch with no command to execute |
(does not migrate) Kaspersky Endpoint Security allows running command interpreters if they are not prohibited by Application Control. |
Rules |
Application Control rules (supported with limitations) Kaspersky Endpoint Security 11.11.0 introduces support for migrating Applications Launch Control rules. The Applications Launch Control rule migration functionality has some limitations. By default, KSWS Applications Launch Control includes two rules:
If at least one source KSWS rule has the Allow type, during the migration KES creates a new allowing rule, Applications with trusted root certificates. That is, KES Application Control uses a single rule to allow running trusted scripts, MSI packages, and executable files. If both source KSWS rules have the Deny type, KES does not add rules for managing applications with trusted root certificates. |
Apply rules to executable files |
(does not migrate) Rule application scope cannot be configured in KES Application Control settings. KES Application Control applies rules to all types of files: executable files, scripts, and MSI packages. If all file types are included in the rule application scope in KSWS, during migration KES carries over the KSWS rules. If some file type is excluded from the rule application scope in KSWS, during migration KES also carries over KSWS rules, but Test rules is selected as the Application Control action. |
Monitor loading of DLL modules |
Control DLL modules load (significantly increases the load on the system) |
Apply rules to scripts and MSI packages |
(does not migrate) Rule application scope cannot be configured in KES Application Control settings. KES Application Control applies rules to all types of files: executable files, scripts, and MSI packages. If all file types are included in the rule application scope in KSWS, during migration KES carries over the KSWS rules. If some file type is excluded from the rule application scope in KSWS, during migration KES carries over KSWS rules, but Test rules is selected as the Application Control action. |
Deny applications untrusted by KSN |
(does not migrate) Kaspersky Endpoint Security does not take into account the reputation of applications and allows or denies running applications in accordance with rules. |
Allow applications trusted by KSN |
During the migration, KES adds a new allowing rule. The Other Software → Applications trusted according to reputation in KSN KL category is specified as the rule triggering condition. |
Users and / or user groups allowed to run applications trusted by KSN |
Subjects and their rights in an Application Control allow rule that includes the KL category Other applications → Applications trusted according to reputation in KSN |
Automatically allow software distribution via applications and packages listed |
Software Distribution Control in KSWS and KES works differently. During the migration, KES adds new allowing rules for applications that have automatic software distribution allowed. The file hash is specified as the rule triggering condition. |
Always allow software distribution via Windows Installer |
Use trusted system certificate store (Exclusions subsection) The Trusted system certificate store setting has the Trusted root certification authorities value. |
Always allow software distribution via SCCM using the Background Intelligent Transfer Service |
(does not migrate) |
Software distribution applications and packages allowed |
Software Distribution Control in KSWS and KES works differently. During the migration, KES adds new allowing rules for applications that have automatic software distribution allowed. The file hash is specified as the rule triggering condition. |
Schedule settings |
(does not migrate) If a schedule is configured for the component in KSWS settings, the Application Control component is enabled upon migration. If a schedule is not configured for the component in KSWS settings, Application Control is disabled upon migration. It is not possible to configure a separate schedule for the component. The component is always on while Kaspersky Endpoint Security is operational. |
KSWS Device Control settings are migrated to the Security Controls section, Device Control subsection.
Device Control settings
Kaspersky Security for Windows Server settings |
Kaspersky Endpoint Security for Windows settings |
---|---|
Operation mode:
|
(does not migrate) Application Control operates in the Active mode. Device connection statistics is continuously provided by Audit. |
Allow using all external devices when the Device Control task is not running |
(does not migrate) Device Control is always on while Kaspersky Endpoint Security is running. |
Device Control rules |
Trusted devices During migration, Kaspersky Endpoint Security ignores disabled KSWS rules. |
Schedule settings |
(does not migrate) Kaspersky Endpoint Security uses its own schedule for gaining access to certain device types. |
Network-Attached Storages Protection
RPC Network Storage Protection
Kaspersky Endpoint Security does not support Network-Attached Storages Protection components. If you need these components, you can continue using Kaspersky Security for Windows Server.
ICAP Network Storage Protection
Kaspersky Endpoint Security does not support Network-Attached Storages Protection components. If you need these components, you can continue using Kaspersky Security for Windows Server.
Kaspersky Endpoint Security does not support Anti-Cryptor for NetApp. Anti-Cryptor functionality is provided by other application components, such as Behavior Detection.
Network activity control
Kaspersky Endpoint Security does not support KSWS Firewall Management. KSWS Firewall functions are performed by the system-level Firewall. After migration, you can configure the Kaspersky Endpoint Security Firewall.
Network Anti-Cryptor settings are migrated to the Advanced Threat Protection section, Behavior Detection subsection.
Anti-Cryptor settings
KSWS settings |
KES settings |
---|---|
Operation mode:
|
Upon detection of external encryption of shared folders:
|
Heuristic analyzer |
(does not migrate) Kaspersky Endpoint Security does not use Heuristic Analysis for Behavior Detection. |
Configuration of protection scope:
|
(does not migrate) Kaspersky Endpoint Security prevents encryption of all shared network folders of the protected computer. |
Exclusions |
(does not migrate) Kaspersky Endpoint Security has its own exclusions for the Behavior Detection component. You can manually add exclusions after migration. |
Schedule settings |
(does not migrate) It is not possible to configure a separate schedule for the component. The component is always on while Kaspersky Endpoint Security is operational. |
System Inspection
File Integrity Monitor settings from KSWS are migrated to the Security Controls section, File Integrity Monitor subsection.
File Integrity Monitor settings
KSWS settings |
KES settings |
---|---|
Log information about file operations that appear during the monitor interruption period |
(does not migrate) Kaspersky Endpoint Security does not log events for file operations performed during the monitor interruption period. |
Block attempts to compromise the USN log |
(does not migrate) Kaspersky Endpoint Security does not block attempts to compromise the USN log. |
Monitoring scope |
Monitoring scope (supported with limitations) Disabled monitoring scope records are not migrated to KES. Kaspersky Endpoint Security adds only enabled records to the monitoring scope. |
Trusted users |
(does not migrate) Kaspersky Endpoint Security considers all users' actions in the monitoring scope a security breach. |
File operation markers |
(does not migrate) Kaspersky Endpoint Security considers all available file operation markers. |
Calculate checksum for the file if possible |
(does not migrate) Kaspersky Endpoint Security does not calculate a checksum for the modified file. |
Exclusions |
Exclusions |
KSWS Log Inspection settings are migrated to the Security Controls section, Log Inspection subsection.
Log Inspection settings
Kaspersky Security for Windows Server settings |
Kaspersky Endpoint Security for Windows settings |
---|---|
Apply custom rules for log inspection |
(does not migrate) Kaspersky Endpoint Security applies all enabled custom rules. |
Custom rules |
Custom rules The A service was installed in the system (for Server 2003 OS) predefined rule is not migrated to KES. |
Apply predefined rules for log inspection |
(does not migrate) Kaspersky Endpoint Security applies all enabled predefined rules. |
Predefined rules |
Predefined rules |
Password brute-force detection |
Brute-force attack detection |
Network logon detection |
Network logon detection |
Exclusions (IP addresses) |
Exclusions (IP address) |
Exclusions (users) |
Exclusions (Users) |
Schedule settings |
(does not migrate) It is not possible to configure a separate schedule for the component. The component is always on while Kaspersky Endpoint Security is operational. |
Logs and notifications
KSWS Logs settings are migrated to the General settings section, Interface and Reports and Storage subsections.
Logs settings
Kaspersky Security for Windows Server settings |
Kaspersky Endpoint Security for Windows settings |
---|---|
Event logging |
Notifications (Interface subsection) |
Logs folder |
(does not migrate) Kaspersky Endpoint Security saves reports in the |
Remove task logs older than N day(s) |
(does not migrate) You can configure the storage period for KES reports under General settings, Reports and Storage. |
Remove from the audit log events N day(s) |
(does not migrate) Kaspersky Endpoint Security applies report storage limitations to all reports including system audit reports. |
Integration with SIEM |
(does not migrate) You can configure SIEM integration in Kaspersky Security Center. |
KSWS Notifications settings are migrated to the General settings section, Interface subsection.
Notifications settings
Kaspersky Security for Windows Server settings |
Kaspersky Endpoint Security for Windows settings |
---|---|
Notifications |
Notifications |
Notify users:
|
(does not migrate) Kaspersky Endpoint Security does not support modifying notification text. Kaspersky Endpoint Security displays standard notifications. |
Notify administrators:
|
Only email notification settings are migrated to Kaspersky Endpoint Security – Email notification settings (Notifications block). Other methods of notifying administrators are not supported. |
Application database is out of date |
Send the "Databases out of date" notification if databases were not updated |
Application database is extremely out of date |
Send the "Databases extremely out of date" notification if databases were not updated |
Critical areas scan has not been performed for a long time |
(does not migrate) Kaspersky Endpoint Security generates a missed Critical Areas Scan event after three days. |
Interaction with Administration Server
KSWS Administration Server interaction settings are migrated to the General settings section, Reports and Storage subsection.
Administration Server interaction settings
Kaspersky Security for Windows Server settings |
Kaspersky Endpoint Security for Windows settings |
---|---|
Quarantined files |
About Quarantine files |
Backed up files |
About files in Backup |
Blocked hosts |
(does not migrate) Kaspersky Endpoint Security automatically sends data about blocked hosts. |
Tasks
Kaspersky Endpoint Security does not support the Application activation task (KSWS). You can create a Add key task (KES), add a license key to the Installation package, or enable automatic license key distribution.
The Copying Updates task settings (KSWS) are migrated to the Update task (KES).
Copying Updates task settings
Kaspersky Security for Windows Server settings |
Kaspersky Endpoint Security for Windows settings |
---|---|
Update source:
|
Update source:
|
Use Kaspersky update servers if specified servers are not available |
(does not migrate) Kaspersky Endpoint Security allows selecting multiple update sources, including Kaspersky update servers. If the first update source is not available, Kaspersky Endpoint Security lets you obtain updates from another source in the list. |
Use proxy server settings to connect to Kaspersky update servers |
(does not migrate) Kaspersky Endpoint Security uses the proxy server for all components. You can configure the proxy server connection in network options of the application. |
Use proxy server settings to connect to other servers |
(does not migrate) Kaspersky Endpoint Security uses the proxy server for all components. You can configure the proxy server connection in network options of the application. |
Copying updates settings:
|
(does not migrate) Kaspersky Endpoint Security copies database updates and critical updates of application modules as a single package. |
Folder for local storage of copied updates |
Copy updates to folder |
Baseline File Integrity Monitor
Kaspersky Endpoint Security does not support the Baseline File Integrity Monitor task.
The Database Update task settings (KSWS) are migrated to the Update task (KES).
Database Update task settings
Kaspersky Security for Windows Server settings |
Kaspersky Endpoint Security for Windows settings |
---|---|
Update source:
|
Update source:
|
Use Kaspersky update servers if specified servers are not available |
(does not migrate) Kaspersky Endpoint Security allows selecting multiple update sources, including Kaspersky update servers. If the first update source is not available, Kaspersky Endpoint Security lets you obtain updates from another source in the list. |
Use proxy server settings to connect to Kaspersky update servers |
(does not migrate) Kaspersky Endpoint Security uses the proxy server for all components. You can configure the proxy server connection in network options of the application. |
Use proxy server settings to connect to other servers |
(does not migrate) Kaspersky Endpoint Security uses the proxy server for all components. You can configure the proxy server connection in network options of the application. |
Lower the load on the disk I/O |
(does not migrate) |
The Software Modules Update task settings (KSWS) are migrated to the Update task (KES).
Software Modules Update task settings
Kaspersky Security for Windows Server settings |
Kaspersky Endpoint Security for Windows settings |
---|---|
Update source:
|
Update source:
|
Use Kaspersky update servers if specified servers are not available |
(does not migrate) Kaspersky Endpoint Security allows selecting multiple update sources, including Kaspersky update servers. If the first update source is not available, Kaspersky Endpoint Security lets you obtain updates from another source in the list. |
Use proxy server settings to connect to Kaspersky update servers |
(does not migrate) Kaspersky Endpoint Security uses the proxy server for all components. You can configure the proxy server connection in network options of the application. |
Use proxy server settings to connect to other servers |
(does not migrate) Kaspersky Endpoint Security uses the proxy server for all components. You can configure the proxy server connection in network options of the application. |
Copy and install critical software modules updates |
Install critical and approved updates |
Only check for critical software updates available |
(does not migrate) Kaspersky Endpoint Security continually checks the availability of critical updates for application modules. |
Allow operating system restart |
(does not migrate) Kaspersky Endpoint Security prompts the user for permission to restart the computer. |
Receive information about available scheduled software modules updates |
(does not migrate) Kaspersky Endpoint Security displays notifications about software module updates. |
Rollback of Application Database Update
The Rollback of Application Database Update task settings (KSWS) are migrated to the Update rollback task (KES). The new Update rollback task (KES) has Manually for its task start schedule.
The On-Demand Scan task settings (KSWS) are migrated to the Malware Scan task (KES).
Virus Scan task settings
Kaspersky Security for Windows Server settings |
Kaspersky Endpoint Security for Windows settings |
---|---|
Scan scope |
Scan scope |
Protection level:
|
Security level:
Security level settings are different in KSWS and KES. |
Objects to scan:
|
File types:
Kaspersky Endpoint Security does not allow creating custom extension lists. Kaspersky Endpoint Security replaces the Objects scanned by specified list of extensions value with the Files scanned by extension value. |
Subfolders |
Including subfolders |
Subfiles |
(does not migrate) |
Scan disk boot sectors and MBR |
(does not migrate) |
Scan alternate NTFS streams |
(does not migrate) |
Scan only new and modified files |
Scan only new and modified files |
Scan of compound objects:
|
Scan of compound files:
|
Action to perform on infected and other objects:
|
Action on threat detection:
|
Action to perform on probably infected objects:
|
(does not migrate) Kaspersky Endpoint Security applies the action if any threat is detected. |
Perform actions depending on the type of object detected |
(does not migrate) |
Entirely remove compound file that cannot be modified by the application in case of embedded object detection |
(does not migrate) |
Exclude files |
(does not migrate) Kaspersky Endpoint Security applies the trusted zone to all components. You can configure exclusions in trusted zone settings. |
Do not detect |
(does not migrate) |
Stop scanning if it takes longer than N sec |
Skip files that are scanned for longer than N sec |
Do not scan compound objects larger than N MB |
Do not unpack large compound files |
Use iSwift technology |
iSwift Technology |
Use iChecker technology |
iChecker Technology |
Action on the offline files:
|
(does not migrate) Kaspersky Endpoint Security scans offline files in their entirety.
|
The Application Integrity Control task settings (KSWS) is migrated to the Integrity check task (KES).
Rule Generator for Applications Launch Control
Kaspersky Endpoint Security does not support the Applications Launch Control Generator task. You can generate rules in Application Control settings.
Rule Generator for Device Control
Kaspersky Endpoint Security does not support the Rule Generator for Device Control task. You can generate access rules in Device Control settings.