Support

Support for business applications

Kaspersky Security for Virtualization 6.x Agentless

Managing the application via Kaspersky Security Center

About access rights to the settings of policies and tasks

Kaspersky Security for Virtualization 6.x Agentless
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ System requirements Download Forum Contact support Recovery tools Product videos

About access rights to the settings of policies and tasks

December 13, 2023

ID 96369

The rights to access the settings of policies and tasks (read, write, execute) are defined for each user who has access to the Kaspersky Security Center Administration Server. In the Kaspersky Security Center Administration Console, you can grant user accounts the rights to perform certain actions within functional scopes of Kaspersky Security.

Kaspersky Security has the following functional scopes:

  • Anti-Virus protection. This functional scope includes the following settings and functions:
    • Enables or disables the anti-virus protection function.
    • All security level settings in policies:
      • Scan archives, self-extracting archives and embedded OLE objects.
      • Scan large compound files.
      • File scan duration limit.
      • List of objects to detect.
    • Action that Kaspersky Security performs when it detects infected files during virtual machine protection.
    • Scan files on network drives during virtual machine protection.
    • Enabling and disabling the web address scanning function.
    • List of web address categories detected by Kaspersky Security.
    • Action that Kaspersky Security performs if it detects a web address that belongs to one or more of the web address categories selected for detection.
    • Backup settings.
    • KSN usage settings.
    • List of additional protection profiles in a policy.
    • Assigning or changing the protected infrastructure for a policy.
    • Assigning protection profiles to VMware virtual infrastructure objects.
    • Full scan tasks and custom scan tasks.
  • Basic functionality. This functional scope includes the following settings and functions:
    • SNMP monitoring settings.
    • Language of the blocked web address notification that is displayed in the browser on the protected virtual machine.
    • Application database update task and latest application database update rollback task.
    • Application activation task.
    • Automatic patch installation task.
  • Intrusion Prevention. This functional scope includes the following settings and functions:
    • Enabling and disabling the Network Attack Blocker feature.
    • Action that Kaspersky Security performs when it detects a network attack.
    • Enabling and disabling Network Activity Scanner for virtual machines.
    • Action that Kaspersky Security performs when it detects suspicious network activity.
    • List of application categories whose signs of network activity are detected by Kaspersky Security.
    • Duration for blocking the IP address from which the network attack or suspicious network activity originated.
  • Trusted zone. This functional scope includes the following settings and functions:
    • List of file extensions excluded from protection.
    • List of file extensions included in the protection scope.
    • List of folders and files excluded from protection.
    • List of rules for identifying suspicious network activity that Kaspersky Security does not apply when analyzing traffic of protected virtual machines.
    • List of network threat protection exclusion rules.
    • List of web addresses that Kaspersky Security does not block, regardless of the configured web address scan settings.

The following actions are available to the user regardless of the rights of the user account within the functional scopes of Kaspersky Security:

  • Viewing the settings of policies and tasks.
  • Creating a policy.

Rights within the functional scopes of Kaspersky Security are required for performing the following actions with policies and tasks:

  • To reconfigure a previously saved policy, the user account must have modification rights within the functional scopes of those settings.
  • To modify the status of a policy (active / inactive) or remove a policy, the user account must have modification rights within the functional scopes of all policy settings. If a user account does not have the rights to edit any policy setting, the user cannot remove the policy or change the status of the policy.
  • To create, remove, or configure the settings of tasks, the user account must have modification rights within the functional scope of the task.
  • To run a task, the user account must have execution rights within the functional scope of the task.

Access to functional scopes of Kaspersky Security is configured in the properties window of the Kaspersky Security Center Administration Server in the Security section.

By default, the Security section is not displayed in the Administration Server properties window. To enable the display of the Security section, you must select the Display security settings sections check box in the Configure interface window (View → Configure interface menu) and restart the Kaspersky Security Center Administration Console.

For more details on access rights to Kaspersky Security Center objects, please refer to the Kaspersky Security Center documentation.

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.