Configuring general application settings via the Application Console

Expand all | Collapse all

General settings and malfunction diagnostics settings of Kaspersky Embedded Systems Security for Windows establish the general operating conditions for the application. These settings allow you to control the number of working processes used by Kaspersky Embedded Systems Security for Windows, enable recovery of Kaspersky Embedded Systems Security for Windows tasks after an abnormal termination, maintain the log, enable creation of dump files of Kaspersky Embedded Systems Security for Windows processes after abnormal termination, and configure other general settings.

Application settings cannot be configured in the Application Console if the active Kaspersky Security Center policy blocks changes to these settings.

To configure Kaspersky Embedded Systems Security for Windows settings:

1. In the Application Console tree, select the Kaspersky Embedded Systems Security for Windows node and do one of the following:
   • Click the Application properties link in the details pane of the node.
   • Select Properties in the node's context menu.

   The Application settings window is displayed.

2. In the window that opens, configure Kaspersky Embedded Systems Security for Windows general settings according to your preferences:
   • The following settings can be configured on the Scalability and interface tab:
     • In the Scalability settings section:
       • Number of processes for Real-Time Computer Protection
         

         Number of processes for real-time protection

         Setting	Number of processes for real-time protection
         Description	This setting belongs to the Scalability settings group in Kaspersky Embedded Systems Security for Windows. Using this setting you can specify a fixed number of processes in which Kaspersky Embedded Systems Security for Windows will execute Real-Time Computer Protection tasks. A higher value will increase the scan speed in Real-Time Computer Protection tasks. However, the more processes Kaspersky Embedded Systems Security for Windows uses, the greater its impact on the general performance of the protected device and RAM usage. In Kaspersky Security Center Administration Console, you can change the Number of processes for real-time protection setting only for Kaspersky Embedded Systems Security for Windows installed on a stand-alone protected device (using the Application settings window). You cannot modify this setting in the policy settings for a group of protected devices.
         Possible values	Possible values: 1-8. A higher value reduces the impact of Kaspersky Embedded Systems Security for Windows on the data exchange rate between the devices and the protected device. This will further improve Real-Time Computer Protection performance. However, update tasks and On-Demand Scan tasks with Medium (Normal) priority will be executed in Kaspersky Embedded Systems Security for Windows processes that are already running. On-Demand Scan tasks will be executed more slowly. If the execution of a task causes an abnormal termination of a process, it will take more time to restart it. On-Demand Scan tasks with Low priority are always executed in a separate process or processes.
         Default value	Kaspersky Embedded Systems Security for Windows handles scalability automatically depending on the number of processors on the protected device: Number of processors Number of processes for real-time protection =1 1 >1 2

       • Number of working processes for background On-Demand Scan tasks
         

         Number of processes for background on-demand scan tasks

         Setting	Number of processes for background on-demand scan tasks
         Description	This setting belongs to the Scalability settings group in Kaspersky Embedded Systems Security for Windows. You can use this setting to specify the maximum number of processes which the application will use to run On-Demand Scan tasks in the background mode. The number of processes specified by this setting is not included in the total number of Kaspersky Embedded Systems Security for Windows processes specified by the Number of processes for Real-Time Server Protection setting. For example, if you specify the following values: Number of processes for Real-Time Computer Protection tasks – 3; Number of processes for background On-Demand Scan tasks – 1; and then start Real-Time Computer Protection tasks and one On-Demand Scan task in background mode, the total number of kavfswp.exe processes of Kaspersky Embedded Systems Security for Windows will be 4. Several On-Demand Scan tasks can be running in one process with low priority. You can increase the number of processes, for example, if you run several tasks in background mode in order to allocate a separate process for each task. Allocating separate processes for tasks increases the reliability and speed of task execution.
         Possible values	1-4
         Default value	1

   • In the Interaction with user section select if the System Tray Icon will be displayed in the taskbar after each application start.
   • The following settings can be configured on the Security and reliability tab:
     • In the Password protection settings section, configure the protection of application processes.
       

       If the Protect application processes from external threats function is enabled, the application protects its processes against code injection and accessing of process data.

       When enabling or disabling this function, there is no need to restart the application services for the changes to apply.

       The function is enabled by default.

     • In the Password protection settings section, configure the settings for password-protection of the application's functions.
     • In the Self-defense section, specify the number of attempts to recover an On-Demand Scan task if it crashes.
       

       Task recovery

       Setting	Perform task recovery
       Description	This setting belongs to the Self-defense group in Kaspersky Embedded Systems Security for Windows. It enables recovery of tasks if they terminate abnormally and defines the number of attempts to recover On-Demand Scan tasks. When a task crashes, the kavfs.exe process of Kaspersky Embedded Systems Security for Windows attempts to restart the process the task was running at the time of the crash. If task recovery is disabled, the application does not restore the Real-Time Computer Protection and On-Demand Scan tasks. If task recovery is enabled, the application attempts to restore the Real-Time Computer Protection tasks until they are started successfully. The application also tries to restore On-Demand Scan tasks using the number of attempts specified in the setting.
       Possible values	Enabled / disabled. The number of attempts to recover On-Demand Scan tasks: 1–10.
       Default value	Task recovery is enabled. The number of attempts to recover On-Demand Scan tasks: 2.

   • In the Recover on-demand scan tasks no more than (times) section, specify actions that Kaspersky Embedded Systems Security for Windows performs when switching to UPS power.
     

     Use of an uninterruptible power supply

     Setting	Recover on-demand scan tasks no more than (times)
     Description	This setting determines the actions that Kaspersky Embedded Systems Security for Windows performs when the protected device switches to an uninterruptible power supply.
     Possible values	Run or do not run On-Demand Scan tasks to be started according to a schedule. Perform or stop all active On-Demand Scan tasks.
     Default value	By default, if an uninterruptible power supply is used to power the protected device, Kaspersky Embedded Systems Security for Windows: Does not run On-Demand Scan tasks that run according to a schedule. Automatically stops all active On-Demand Scan tasks.

   • On the Scan settings tab:
     • Restore file attributes after scanning
       

       When Kaspersky Embedded Systems Security for Windows performs On-Demand Scan and Real-Time File Protection tasks, the time when each scanned file was last accessed is updated. After the scan, Kaspersky Embedded Systems Security for Windows resets the time when the file was last accessed to the initial value.

       This behavior can affect the work of backup systems by causing creation of backup copies for files that haven’t been changed. This can also cause false detections in file change tracking applications.

       By default, this function is enabled.

     • Limit CPU usage for scanning threads
       

       Kaspersky Embedded Systems Security for Windows limits its use of the protected device CPU during on-demand scan tasks to the value specified in the Upper limit (per cent) field.

       Enabling of this option can negatively affect the performance of Kaspersky Embedded Systems Security for Windows.

       By default, this option is disabled.

     • Upper limit (per cent)
       

       Maximum allowable value of CPU utilization by Kaspersky Embedded Systems Security for Windows.

       The entry field is available if the Limit CPU usage for scanning threads option is selected.

     • Folder for temporary files created during scanning
       

       Folder into which Kaspersky Embedded Systems Security for Windows needs to unpack archive files during scanning.

       By default, the C:\Windows\Temp folder is used.

   • On the Connection settings tab:
     • In the Proxy server settings section, specify the proxy server settings.
     • In the Proxy server authentication settings section, specify the authentication type and details required for authentication on the proxy server.
     • In the Licensing section, indicate whether Kaspersky Security Center will be used as a proxy-server for application activation.
   • On the Malfunction diagnosis tab:
     • If you want the application to write debug information to a file, in the Troubleshooting settings subsection, select the Enable tracing check box.
     • In the Trace folder field, specify the absolute path to the local folder where Kaspersky Embedded Systems Security for Windows will save trace files.

       The folder must be created in advance and be writable by the SYSTEM account. You cannot specify a network folder, drive, or environment variables.

     • Configure the level of detail of debug information.
       

       This drop-down list lets you select the level of detail of debug information that Kaspersky Embedded Systems Security for Windows saves to the trace file. The setting is available if the Enable tracing check box is selected.

       You can select one of the following modes:

       • Full information – Kaspersky Embedded Systems Security for Windows saves all debug information to the trace file.
       • Brief information – Kaspersky Embedded Systems Security for Windows saves information only about critical events to the trace file.

       A Technical Support representative determines the detail level required to resolve any potential issues.

       The default level of detail is set to Full information.

     • Specify the Maximum size of trace files.

       Available values: from 1 to 4095 MB. By default, the maximum size of trace files is 50 MB.

     • If you want the application to remove the oldest files after the maximum number of trace files is reached, select the Remove the oldest trace files check box.
     • Specify the Maximum number of files for one trace log.

       Available values: from 1 to 999. By default, the maximum number of files is 5. The field is available only if the Remove the oldest trace files check box is selected.

     • If you want the application to create a dump file, select the Create dump file check box.
     • In the Dump file folder field, specify the absolute path to the local folder where Kaspersky Embedded Systems Security for Windows will save dump files.

       The folder must be created in advance and be writable by the SYSTEM account. You cannot specify a network folder, drive, or environment variables.

     Kaspersky Embedded Systems Security for Windows writes information to trace files and the dump file in unencrypted form. The folder where files are saved is selected by the user and managed by the operating system configuration and Kaspersky Embedded Systems Security for Windows settings. You can configure access permissions and allow only required users to access logs, trace files and dump files.

3. Click the OK button.

Kaspersky Embedded Systems Security for Windows settings are saved.