Kaspersky Anti Targeted Attack Platform
5.0
English

Contents

Configuring Kaspersky Endpoint Agent security settings

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

To ensure maximum security of the IT infrastructure in your organization, you can configure access of users and third-party processes to Kaspersky Endpoint Agent.

See also

Opening Kaspersky Endpoint Agent settings window

Configuring Kaspersky Endpoint Agent connection settings to a proxy server

Configuring Kaspersky Security Center as a proxy server for Kaspersky Endpoint Agent activation

Configuring KSN usage in Kaspersky Endpoint Agent

Configuring integration between Kaspersky Endpoint Agent and KATA Central Node

Configuring storage settings in Kaspersky Endpoint Agent

Configuring integration between Kaspersky Endpoint Agent and Kaspersky Managed Detection and Response

Configuring failure diagnosis

In this Help section

Configuring user permissions

Enabling Password protection

Enabling and disabling Self-Defense
Page top
[Topic 193097]

Configuring user permissions

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

You can grant access to Kaspersky Endpoint Agent to individual users or groups of users. As a result, only specified users will be able to manage settings or services of the application.

To configure user permissions:

  1. Open Kaspersky Security Center Administration Console.
  2. In the console tree, open the Policies folder.
  3. Select Kaspersky Endpoint Agent policy and open its properties window in one of the following ways:
    • Double-click the policy name.
    • Select Properties in the policy context menu.
    • Select the Configure policy settings item in the right part of the window.
  4. In the Application settings section select the Security settings subsection.
  5. In the User permissions group of settings, click the Configure button next to the name of the required setting.

    The permissions window for Kaspersky Endpoint Agent group will open.

  6. In the upper block of settings for groups or users, select the group or user to which you want to grant permissions.
  7. In the lower block of permission settings for groups or users, select the check boxes for the items with the desired permissions.
  8. Click OK.
  9. In the upper right corner of the settings group, change the switch from Unaffected by policy to Under policy.
  10. In the policy properties window, click OK.

The user permissions for managing the application settings and services have now been configured and applied.

See also

Enabling Password protection

Enabling and disabling Self-Defense
Page top
[Topic 193096]

Enabling Password protection

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

Unrestricted user access to the application and its settings can reduce the security level of the device. Password protection is a means to limit user access to the application.

To enable password protection:

  1. Open Kaspersky Security Center Administration Console.
  2. In the console tree, open the Policies folder.
  3. Select Kaspersky Endpoint Agent policy and open its properties window in one of the following ways:
    • Double-click the policy name.
    • Select Properties in the policy context menu.
    • Select the Configure policy settings item in the right part of the window.
  4. In the Application settings section select the Security settings subsection.
  5. In the Password protection group of settings select the Apply password protection check box.
  6. Enter a password and confirm it.

    It is recommended to select a password that satisfies the following requirements:

    • It is at least 8 characters long.
    • It does not contain the user account name.
    • It does not match the name of the device on which Kaspersky Endpoint Agent is installed.
    • It contains characters from at least three of the following groups:
      • uppercase characters (A-Z);
      • lowercase characters (a-z);
      • numbers (0-9);
      • special characters (!$#%).
  7. In the upper right corner of the settings group, change the switch from Unaffected by policy to Under policy.
  8. Click OK.

Password protection is now enabled. If a user attempts to perform a password protected action, the application will prompt the user to enter the password.

The application does not check the strength of the specified password. We recommend that you use third-party tools to verify the strength of the password. The password is considered strong enough if verification results confirm that the password cannot be guessed for at least 6 months.

The application does not prohibit login attempts after many attempts of entering an incorrect password.

See also

Configuring user permissions

Enabling and disabling Self-Defense
Page top
[Topic 193095]

Enabling and disabling Self-Defense

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

The Self-Defense mechanism of Kaspersky Endpoint Agent provides protection from malware that tries to lock or delete the application. The Self-Defense mechanism prevents the alteration or deletion of application files on the hard drive, memory processes, and entries in the system registry.

To enable or disable Self-Defense:

  1. Open Kaspersky Security Center Administration Console.
  2. In the console tree, open the Policies folder.
  3. Select Kaspersky Endpoint Agent policy and open its properties window in one of the following ways:
    • Double-click the policy name.
    • Select Properties in the policy context menu.
    • Select the Configure policy settings item in the right part of the window.
  4. In the Application settings section select the Security settings subsection.
  5. In the Self-defense group of settings, enable or disable the Enable self-defense for application modules in memory setting.

    The setting is enabled by default.

  6. In the upper right corner of the settings group, change the switch from Unaffected by policy to Under policy.
  7. Click OK.

The Self-Defense mechanism is now enabled or disabled.

See also

Configuring user permissions

Enabling Password protection
Page top
[Topic 193094]