About using accounts to start tasks
You can specify the account to run the following Kaspersky Embedded Systems Security for Windows tasks:
- Rule Generator for Applications Launch Control
- Rule Generator for Device Control
- On-Demand Scan
- Update
By default, these tasks are run using system account permissions.
A different account with proper access permissions is recommended in the following cases:
- Update task: if you specified a shared folder on a different device on the network as the update source.
- Update task: if you use a proxy server with built-in Windows NTLM authentication to access the update source.
- On-Demand Scan tasks: if the system account does not have permission to access the scanned objects (for example, files in shared folders on the protected device).
- Rule Generator for Applications Launch Control task: if the generated rules are exported to a configuration file that the system account cannot access (for example, in a shared folder on the protected device).
You can run Update, On-Demand Scan, and Rule Generator for Applications Launch Control tasks with system account permissions. Kaspersky Embedded Systems Security for Windows performs these tasks and accesses shared folders on another device in the network if this device is registered in the same domain as the protected device. In this case, the system account must have access permissions for these folders. Kaspersky Embedded Systems Security for Windows accesses the device using permissions for the account <domain name \ device_name>.
