Support

Support for business applications

Kaspersky Embedded Systems Security 3.x

Kaspersky Embedded Systems Security for Windows self-defense

Managing access permissions for Kaspersky Embedded Systems Security for Windows functions

About permissions to manage registered services

Kaspersky Embedded Systems Security 3.x
Нет результатов
Knowledge Base Online Help
FAQ Download Forum Contact support Recovery tools

About permissions to manage registered services

October 25, 2023

ID 148327

Save as PDF

During installation, Kaspersky Embedded Systems Security for Windows registers in Windows the Kaspersky Security Service (KAVFS), the Kaspersky Security Management Service (KAVFSGT) and Kaspersky Security Exploit Prevention Service (KAVFSSLP).

The Kaspersky Security Service can be registered as a Protected Process Light using the ELAM driver on Microsoft Windows 10 and higher operating systems. When a process is started as a PPL, it cannot be managed by a user regardless of the assigned user permissions. If you install Kaspersky Embedded Systems Security for Windows on a protected device running an operating system that supports PPL, permission management will not be available for the Kaspersky Security Service (KAVFS).

Kaspersky Security Service

By default, access permissions for managing the Kaspersky Security Service are granted to users in the Administrators group on the protected device, as well as to the SERVICE and INTERACTIVE groups with read permissions and to the SYSTEM group with read and execute permissions.

Users who have the Edit permissions level access can grant access permissions for managing Kaspersky Security Service to other users registered on the protected device or included in the domain.

Kaspersky Security Management Service

To manage the application via the Application Console installed on a different protected device, the account whose permissions are used to connect to Kaspersky Embedded Systems Security for Windows must have full access to the Kaspersky Security Management Service on the protected device.

By default, access to the Kaspersky Security Management Service is granted to users in the "Administrators" group on the protected device and users in the ESS Administrators group created on the protected device during installation of Kaspersky Embedded Systems Security for Windows.

You can only manage the Kaspersky Security Management Service via the Microsoft Windows Services snap-in.

Kaspersky Security Exploit Prevention Service

By default, access permissions for managing the Kaspersky Security Exploit Prevention Service are granted to users in the Administrators group on the protected device, as well as to the SYSTEM group with read and execute permissions.

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.