1. On the Kaspersky Security Center administrator's workstation, unpack the archive with the files of the Kaspersky Endpoint Security installation package.
2. Open the folder with the files of the Kaspersky Endpoint Security installation package.
3. Double-click klcfginst.exe.

Installation of the Kaspersky Endpoint Security administration plug-in starts.

1. On the remote computer, open the folder with the Network Agent distribution kit.
2. Open the Network Agent distribution kit (.dmg file).

   A window with the contents of the distribution kit opens.

3. In the window with the contents of the distribution kit, double-click Kaspersky Network Agent.
4. Confirm that you want to install Network Agent by clicking Continue.
5. In the Introduction window, click Continue.
6. In the License window, read the text of the Network Agent End User License Agreement between you and AO Kaspersky Lab and do the following:
   • To accept all the terms of the agreement and proceed with the installation, click the Continue button.
   • To print the text of the agreement, click the Print button.
   • To save the agreement as a text file, click the Save button.
7. In the confirmation window, do one of the following:
   • To proceed with the installation of Network Agent, click the Agree button.
   • To return to the text of the End User License Agreement, click the Read License button.
   • To cancel the installation, click the Disagree button.
8. In the Preferences window, do the following:
   1. In the Server field, specify the IP address or DNS name of the server on which Kaspersky Security Center is installed.
   2. In the Port field, specify the port number for an unencrypted connection to the server.
   3. In the SSL Port field, specify the port number for an SSL connection to the server.
   4. If you want to launch Network Agent immediately after installation, select the Run after installation checkbox.

   If you do not want to use SSL to connect to the server, deselect the Use SSL checkbox. To proceed with the installation, click the Continue button.

9. In the Installation Type window, read the information about the drive on which Network Agent will be installed.

   To install Network Agent using the recommended settings, click the Install button and enter the administrator's password to confirm your choice.

   Wait until the Network Agent installer finishes installing the application components.

10. Click the Close button to quit the installer.

1. Start Administration Console of Kaspersky Security Center.
2. Maximize the Administration Server <Server name> node.
3. In the console tree, select the Advanced folder, then Remote installation subfolder, and then the Installation packages subfolder.
4. In the workspace, click the Create installation package button.
5. In the Select installation package type window, click Create an installation package for Kaspersky Lab application.
6. In the Defining installation package name window, type the name of the new installation package in the Name field and click Next.
7. In the Selecting the distribution package for installation window, click the Browse button.
8. The window for selecting a file for creating the installation package opens.
9. Open the folder with the contents of the Network Agent installation package and select the klnagent.kud file.

   The Selecting the distribution package for installation window shows the name and version of the application to be installed remotely using the file that has been added.

10. Click Next.

    The Kaspersky Endpoint Security installation package is created with the specified settings.

11. In the last window of the wizard, click the Finish button to exit the New Package Wizard.

1. Start Administration Console of Kaspersky Security Center.
2. Maximize the Administration Server <Server name> node.
3. Select the Tasks folder.
4. In the workspace, start the New Task Wizard by clicking the Create a task button.
5. Follow the steps of the New Task Wizard below to create a task for remote installation of Kaspersky Endpoint Security on the client computer.

1. In the Select the task type window, maximize the Kaspersky Security Center 10 Administration Server node.
2. Select the Install application remotely task.

In the Select installation package window, do one of the following:

• If the Network Agent installation package with the required settings has been created previously, select it in the list of installation packages in the upper part of the Select installation package window.
• If the required installation package has not been created yet, click New to start the New Package Wizard.

1. Select the Using operating system resources by means of Administration server checkbox.
2. Deselect all other checkboxes.

In the Moving to the list of managed computers window, select a group to which computers will be moved after installation if necessary.

In the Select devices to which the task will be assigned window, select the method you want to use to specify client computers:

• To select from among computers detected on the network by Administration Server, select the Select networked devices detected by Administration Server option.
• To specify the IP addresses of computers manually or import the IP addresses of computers from a file, select the Specify device addresses manually, or import addresses from list option.
• To create a task for a selection of devices based on a preset criterion, select the Assign task to a device selection option.
• To select computers from a specific administration group, select the Assign task to an administration group option.

In the window that opens (Select devices, Device selection, or Select Administration group, depending on the option you selected in the previous step), select the client computers, specify the IP addresses of computers, specify a computer selection, or select the administration group to which the task will be applied.

1. In the Selecting an account to run the task window, select the Account required (for installation without Network Agent) checkbox.
2. Click the Add button.

   The Account window opens.

3. Specify the login and password of the dedicated administrator account of a remote computer.
4. Click OK.

1. In the Configure task scheduling settings window, select the start mode in the Scheduled start drop-down list.
2. If necessary, configure a scheduled task to start automatically (by specifying the task start date and time).
3. If you want to run tasks that the application was unable to start according to schedule (for example, because the computer was turned off at the scheduled time), select the Run missed tasks checkbox.

   Kaspersky Endpoint Security starts the task as soon as the obstacle preventing the task from being started is eliminated.

In the Define the task name window, in the Name field, enter the name of the task you are creating.

In the Finishing creating the task window, do the following:

1. If you want the task to start as soon as the wizard is finished, select the Run task after Wizard finishes checkbox.
2. Click the Finish button to close the wizard.

1. Start the SSH client on the administrator's workstation.
2. Connect to the remote computer.
3. Connect the shared folder of Administration Server as a network drive on the remote computer. To do this, enter the following commands in the SSH client:

   mkdir /Volumes/KLSHARE

   mount_smbfs //<administrator account>:<password>@<Administration Server IP address>/KLSHARE /Volumes/KLSHARE

   Parameter descriptions:

   • <administrator account> – Name of the administrator account on Administration Server.
   • <password> – Password of the administrator on Administration Server.
   • <Administration Server IP address> – IP address of the server hosting Kaspersky Security Center.
4. Run the installation script. To do this, enter the following command in the SSH client:

   cd /Volumes/KLSHARE/<klnagent_package_folder>

   where <klnagent_package_folder> is the folder in which the Network Agent installation package is located.

   sudo ./install.sh -r <server> [-s <action>] [-p <port number>] [-l <SSL port number>]

   Parameter descriptions:

   • <action> – Parameter that defines whether or not encryption will be used when establishing the connection between Network Agent and Administration Server. If the value is "0", an unencrypted connection is used. If the value is "1", the connection is established via the SSL protocol (default value).
   • <server> – IP address or DNS name of the server on which Kaspersky Security Center is installed.
   • <port number> – Number of the port that will be used to establish an unencrypted connection to Administration Server. Port 14000 is used by default.
   • <SSL port number> – Number of the port that will be used to establish an encrypted connection to Administration Server using the SSL protocol. Port 13000 is used by default.

   Important: Administrator rights are required for executing this command.

5. Disconnect the network drive on the remote computer. To do this, enter the following command in the SSH client:

   umount /Volumes/KLSHARE

6. Check if Network Agent functions properly on the remote computer. To do this, enter the following commands in the SSH client:

   cd /Library/Application\ Support/Kaspersky\ Lab/klnagent/Binaries/

   sudo ./klnagchk

   If the check is successful, Network Agent functions properly.

On the remote computer, run the klnagchk utility from the command line.

The klnagchk utility is included in the Network Agent distribution kit.

On the remote computer, run the klmover utility from the command line.

The klmover utility is included in the Network Agent installation package.

1. Start the SSH client on the Kaspersky Security Center administrator's workstation.
2. Connect to the remote computer.
3. Connect the shared folder of Administration Server as a network drive on the remote computer. To do this, enter the following commands in the SSH client:

   mkdir /Volumes/KLSHARE

   mount_smbfs //<administrator account>:<password>@<Administration Server IP address>/KLSHARE /Volumes/KLSHARE

   Parameter descriptions:

   • <administrator account> – Name of the administrator account on Administration Server.
   • <password> – Password of the administrator on Administration Server.
   • <Administration Server IP address> – IP address of the server hosting Kaspersky Security Center.
4. Run the installation script. To do this, enter the following commands in the SSH client:

   cd /Volumes/KLSHARE/<KES package folder>

   sudo ./install.sh

   where <KES package folder> is the folder in which the Kaspersky Endpoint Security installation package is located.

   Important: Administrator rights are required for executing this command.

5. Disconnect the network drive on the remote computer. To do this, enter the following command in the SSH client:

   umount /Volumes/KLSHARE

1. Start Administration Console of Kaspersky Security Center.
2. Maximize the Administration Server <Server name> node.
3. Select the Tasks folder.
4. In the workspace, start the New Task Wizard by clicking the Create a task button.
5. Follow the steps of the New Task Wizard below to create a task for remote installation of Kaspersky Endpoint Security on the client computer.

1. In the Select the task type window, maximize the Kaspersky Security Center 10 Administration Server node.
2. Select the Install application remotely task.

1. In the Select installation package window, do one of the following:
   • If the Kaspersky Endpoint Security installation package with the required settings has been created previously, select it in the list of installation packages in the upper part of the Select installation package window.
   • If the required installation package has not been created yet, click New to start the New Package Wizard.

In the Advanced window, select the Install Network Agent checkbox and the Nagent for Mac checkbox if you want to install Network Agent on the client computer.

Note: The installation package for Network Agent must be created beforehand.

In the Settings window, configure remote installation of the application.

In the Moving to the list of managed computers window, select a group to which computers will be moved after installation if necessary.

Note: The Moving to the list of managed computers window appears if you select to install Network Agent in step 3.

In the Select devices to which the task will be assigned window, select the method you want to use to specify client computers:

• To select from among computers detected on the network by Administration Server, select the Select networked devices detected by Administration Server option.
• To specify the IP addresses of computers manually or import the IP addresses of computers from a file, select the Specify device addresses manually, or import addresses from list option.
• To create a task for a selection of devices based on a preset criterion, select the Assign task to a device selection option.
• To select computers from a specific administration group, select the Assign task to an administration group option.

In the window that opens (Select devices, Device selection, or Select Administration group, depending on the option you selected in the previous step), select the client computers, specify the IP addresses of computers, specify a computer selection, or select the administration group to which the task will be applied.

In the Selecting an account to run the task window, select the No account required (Network Agent installed) checkbox.

It is assumed that you have installed Network Agent before starting this wizard.

1. In the Configure task scheduling settings window, select the start mode in the Scheduled start drop-down list.
2. If necessary, configure a scheduled task to start automatically (by specifying the task start date and time).
3. If you want to run tasks that the application was unable to start according to schedule (for example, because the computer was turned off at the scheduled time), select the Run missed tasks checkbox.

   Kaspersky Endpoint Security starts the task as soon as the obstacle preventing the task from being started is eliminated.

In the Define the task name window, in the Name field, enter the name of the task you are creating.

In the Finishing creating the task window, do the following:

1. If you want the task to start as soon as the wizard is finished, select the Run task after Wizard finishes checkbox.
2. Click the Finish button to close the wizard.

The task that you have created appears in the workspace of the Tasks folder.

1. Start Administration Console of Kaspersky Security Center.
2. Maximize the Administration Server <Server name> node.
3. In the console tree, select the Advanced folder, then Remote installation subfolder, and then the Installation packages subfolder.
4. In the workspace, click the Create installation package button.
5. In the Select installation package type window, click Create an installation package for Kaspersky Lab application.
6. In the Defining installation package name window, type the name of the new installation package in the Name field and click Next.
7. In the Selecting the distribution package for installation window, click the Browse button.

   The window for selecting a file for creating the installation package opens.

8. Open the folder with the contents of the Kaspersky Endpoint Security installation package and select the kesmac.kud file.

   The Selecting the distribution package for installation window shows the name and version of the application to be installed remotely using the file that has been added.

9. Select the Copy updates from repository to installation package checkbox to copy application updates from the Kaspersky Security Center storage into the installation package if necessary and click Next.

   The License Agreement window opens.

10. In the License Agreement window, select the I accept the terms of the License Agreement checkbox and click Next.

    The installation package starts uploading to Administration Server. When the upload is finished, the Installation Type window opens.

11. In the Installation Type window, do the following:
    1. In the Packages to install section, deselect the checkboxes next to the names of the components that you want to skip during installation on the client computer.

       If you skip installation of the Graphical User Interface (GUI) component, the user of the client computer will not be able to activate Kaspersky Endpoint Security and manage the application via the local graphical user interface or configure the application settings and Kaspersky Security Network usage settings via the local GUI.

    2. If you want to participate in
       Kaspersky Security Network

       An infrastructure of services that provides access to a database with constantly updated information about the reputation of files, web resources, and software. Kaspersky Security Network ensures faster responses by Kaspersky Lab applications to threats, improves the performance of some protection components, and reduces the likelihood of false positives.

       , in the Kaspersky Security Network settings section, select the Participate in Kaspersky Security Network checkbox and confirm that you accept the terms of participation in KSN.
    3. If you want to read the text of the Kaspersky Security Network Statement, click the KSN Statement button.

       As you continue to use Kaspersky Endpoint Security, you can opt in or out of participation in Kaspersky Security Network at any time.

12. In the Installation Type window, click Next.

    The Kaspersky Endpoint Security installation package is created with the specified settings.

13. In the last window of the wizard, click the Finish button to exit the New Package Wizard.

1. Start Administration Console of Kaspersky Security Center.
2. Maximize the Administration Server <Server name> node.
3. Select the Tasks folder.
4. In the workspace, start the New Task Wizard by clicking the Create a task button.
5. Follow the steps of the New Task Wizard below to create the task for remote uninstallation of Kaspersky Endpoint Security from the client computer.

1. In the Select task type window, expand the Kaspersky Security Center 10 Administration Server node.
2. Expand the Advanced child node.
3. Select the Uninstall application remotely task.

In the Select application to be removed window, select Uninstall application supported by Kaspersky Security Center 10.

In the Settings window, in the Application to be removed drop-down list, select Kaspersky Endpoint Security 10 Service Pack 2 Maintenance Release 1 for Mac.

In the Selecting operating system restart option window, select the Do not restart the computer option.

In the Select devices to which the task will be assigned window, select the method you want to use to specify client computers:

• To select from among computers detected on the network by Administration Server, select the Select networked devices detected by Administration Server option.
• To specify the IP addresses of computers manually or import the IP addresses of computers from a file, select the Specify device addresses manually, or import addresses from list option.
• To create a task for a selection of devices based on a preset criterion, select the Assign task to a device selection option.
• To select computers from a specific administration group, select the Assign task to an administration group option.

In the window that opens (Select devices, Device selection, or Select Administration group, depending on the option you selected in the previous step), select the client computers, specify the IP addresses of computers, specify a computer selection, or select the administration group to which the task will be applied.

In the Selecting an account to run the task window, select the No account required (Network Agent installed) checkbox.

It is assumed that you have installed Network Agent before starting this wizard.

1. In the Configure task scheduling settings window, select the start mode in the Scheduled start drop-down list.
2. If necessary, configure a scheduled task to start automatically (by specifying the task start date and time).
3. If you want to run tasks that the application was unable to start according to schedule (for example, because the computer was turned off at the scheduled time), select the Run missed tasks checkbox.

   Kaspersky Endpoint Security starts the task as soon as the obstacle preventing the task from being started is eliminated.

In the Define the task name window, in the Name field, enter the name of the task you are creating.

1. To start the task as soon as the wizard is finished, in the Finish creating the task window, select the Run task after Wizard finishes checkbox.
2. Click the Finish button to exit the wizard.

The task that you have created appears in the workspace of the Tasks folder.

1. Start Administration Console of Kaspersky Security Center.
2. Expand the Administration Server <Server name> node.
3. In the console tree, select the Managed devices node.
4. Select the administration group that contains the required client computer.
5. Select the Devices tab.
6. Select a computer from the list of client computers.
7. Open the Properties: <Computer name> window in one of the following ways:
   • Double-click the name of the client computer.
   • Right-click the client computer and choose Properties from the context menu.
8. Select the Applications section.
9. In the Kaspersky Lab applications installed on client computer list, right-click to open the context menu of the Kaspersky Endpoint Security 10 item and do one of the following:
   • To start the application, select the Start item.
   • To stop the application, select the Stop item.

1. Start Administration Console of Kaspersky Security Center.
2. Expand the Administration Server <Server name> node.
3. In the console tree, select the Managed devices node.
4. Select the administration group that contains the required client computer.
5. In the workspace, select the Devices tab.
6. Select the computer from the list of client computers.
7. Open the Properties: <Computer name> window in one of the following ways:
   • Double-click the name of the client computer.
   • Right-click the client computer and choose Properties from the context menu.
8. In the Properties: <Computer name> window, select the Tasks section.

   The list of system tasks and custom tasks for the selected client computer is displayed in the workspace on the right.

9. Click the Add button in the lower part of the workspace.

   The New Task Wizard starts.

10. Follow the steps of the New Task Wizard to create a local task for a separate client computer.

1. Start Administration Console of Kaspersky Security Center.
2. Expand the Administration Server <Server name> node.
3. In the console tree, select the Managed devices node.
4. Select the administration group that contains the required client computer.
5. In the workspace, select the Tasks tab.
6. In the workspace, start the New Task Wizard by clicking the Create a task button.
7. Follow the steps of the New Task Wizard to create a task for client computers included in the administration group.

For detailed information on how to create group tasks, see Kaspersky Security Center Help.

1. Start Administration Console of Kaspersky Security Center.
2. Maximize the Administration Server <Server name> node.
3. In the console tree, select the Tasks node.
4. In the workspace, start the New Task Wizard by clicking the Create a task button.
5. Follow the steps of the New Task Wizard to create a task for an arbitrary set of computers.

Note: Depending on the task type, this step might appear either at the beginning or at the end of the wizard.

In the Define the task name window, in the Name field, specify the name of the task that you are creating.

1. In the Select the task type window, maximize the Kaspersky Endpoint Security 10 Service Pack 2 Maintenance Release 1 for Mac node.
2. Select the type of the task you want to create:
   • To create a task for adding a key, select Add key.
   • To create a task to roll back the latest update, select Rollback.
   • To create an update task, select Update.
   • To create a virus scan task, select Virus Scan.

Depending on the task type selected during the previous step, the contents of the settings window may vary. This window is not displayed for the Rollback task.

Application activation

In the Application activation window, do the following:

1. Select an activation code or key file from Kaspersky Security Center storage or add a key file stored on your computer.
2. If you want to add the specified key as a reserve key, select the Add as reserve key checkbox.

   The reserve key becomes active when the current active key expires.

Information about the specified key (key, key type, and key expiration date) is displayed in the Application activation window.

Update

By default, Kaspersky Endpoint Security updates databases and application modules and uses Kaspersky Security Center Administration Server and Kaspersky Lab update servers as updates sources.

If necessary, edit the Update task settings in the Update window:

1. To disable updates of application modules, deselect the Update application modules checkbox.
2. If you want Kaspersky Endpoint Security to copy the downloaded update files to the specified folder, select the Copy update files to folder checkbox and enter the path to the folder.
3. To change the update sources:
   1. Click the Settings button.

      The Settings: Update window opens.

   2. Select the checkboxes next to the update sources that you want to use.
   3. To specify a different update source, click the Add button.

      The Update source window opens.

   4. Specify the web address of the update source or the path to a local or network folder that is an update source and click OK.
   5. Click OK to save changes and close the Settings: Update window.

Virus Scan

By default, Kaspersky Endpoint Security uses the Recommended security level, prompts the user for an action when it detects an infected object after the scan, and scans the following objects:

• All removable drives
• All internal drives
• All network drives
• Memory

If necessary, edit the Virus Scan settings in the Virus Scan window:

1. Select one of the preset security levels or customize security settings.
2. Specify the action that Kaspersky Endpoint Security performs on detecting an infected object.
3. Define a scan scope.

Note: This step is not relevant for local or group tasks.

In the Select devices to which the task will be assigned window, select the method you want to use to specify client computers:

• To select from among computers detected on the network by Administration Server, select the Select networked devices detected by Administration Server option.
• To specify the IP addresses of computers manually or import the IP addresses of computers from a file, select the Specify device addresses manually, or import addresses from list option.
• To create a task for a selection of devices based on a preset criterion, select the Assign task to a device selection option.
• To select computers from a specific administration group, select the Assign task to an administration group option.

Note: This step is not relevant for local or group tasks.

In the window that opens (Select devices, Device selection, or Select Administration group, depending on the option you selected in the previous step), select the client computers, specify the IP addresses of computers, specify a computer selection, or select the administration group to which the task will be applied.

1. In the Configure task scheduling settings window, select the start mode in the Scheduled start drop-down list.
2. If necessary, configure a scheduled task to start automatically (by specifying the task start date and time).
3. If you want to run tasks that the application was unable to start according to schedule (for example, because the computer was turned off at the scheduled time), select the Run missed tasks checkbox.

   Kaspersky Endpoint Security starts the task as soon as the obstacle preventing the task from being started is eliminated.

4. If you want Kaspersky Security Center to automatically determine the interval between task launches on different computers, select the Define task launch delay automatically checkbox.

   This helps to reduce the load on Kaspersky Security Center Administration Server.

5. To set the interval between task launches on different computers manually, select the Randomize the task start with interval (min) checkbox and specify the number of minutes.

   This helps to reduce the load on Kaspersky Security Center Administration Server.

In the Finishing creating the task window, do the following:

1. If you want the task to start as soon as the wizard is finished, select the Run task after Wizard finishes checkbox.
2. Click the Finish button to close the wizard.

1. Open the list of tasks that contains the task that you want to start or stop.
2. Select the task that you want to start or stop.
3. Start or stop the task in one of the following ways:
   • Right-click to display the context menu of the task and choose Start or Stop.
   • In the workspace, click the Start or Stop button.
   • Right-click to display the context menu of the task and choose Properties. In the window that opens, click the Start or Stop button.

1. Select the task list from which you want to export the task:
   • Select the administration group and then open the Tasks tab.
   • In the console tree, select the Tasks folder.
2. Right-click the task you want to export and in the shortcut menu of the task choose All Tasks > Export.
3. In the Save As window, specify the file name and location where the exported task will be saved.
4. Click the Save button.

1. Select the task list to which you want to import the task:
   • Select the administration group and then open the Tasks tab.
   • In the console tree, select the Tasks folder.
2. Import the task in any of the following ways:
   • In the shortcut menu of the task list, select All Tasks > Import.
   • Click the Import task from file button.
3. In the Open window, specify the path to the task file you want to import.
4. Click the Open button.

The task is displayed in the task list.

1. Start Administration Console of Kaspersky Security Center.
2. Expand the Administration Server <Server name> node.
3. In the console tree, select the Managed devices node.
4. Select the administration group that contains the required client computer.
5. In the workspace, select the Tasks tab.

The list of tasks for computers in the selected administration group is displayed.

1. Start Administration Console of Kaspersky Security Center.
2. Expand the Administration Server <Server name> node.
3. In the console tree, select the Managed devices node.
4. Select the administration group that contains the required client computer.
5. In the workspace, select the Devices tab.
6. Select the computer from the list of client computers.
7. Open the Properties: <Computer name> window in one of the following ways:
   • Double-click the name of the client computer.
   • Right-click the client computer and choose Properties from the context menu.
8. In the Properties: <Computer name> window, select the Tasks section.

The list of system tasks and custom tasks for the selected client computer is displayed in the workspace on the right.

1. Start Administration Console of Kaspersky Security Center.
2. Maximize the Administration Server <Server name> node.
3. In the console tree, select the Tasks node.

The list of non-local tasks created for computers that may or may not be part of administration groups is displayed.

1. Open the list of local tasks.
2. Select a task in the list and open the task settings in one of the following ways:
   • Double-click the task name.
   • Right-click to display the shortcut menu of the task and select Properties.

1. Open the list of group tasks for an administration group.
2. Select a task in the list and open the task settings in one of the following ways:
   • Double-click the task name.
   • Right-click to display the shortcut menu of the task and select Properties.
   • Click the Change task settings link in the workspace.

1. Open the list of non-local tasks.
2. Select a task in the list and open the task settings in one of the following ways:
   • Double-click the task name.
   • Right-click to display the shortcut menu of the task and select Properties.
   • Click the Change task settings link in the workspace.

For more information about tasks, see Kaspersky Security Center Help.

1. Open the window with the settings of the Add key task.
2. Select the Application activation section.
3. If necessary, add another key in one of the following ways:
   • To select a key or an activation code from among the activation codes added to the Kaspersky Security Center storage:
     1. Select the Key or activation code option.
     2. Click the Browse button.

        The Keys and activation codes in Kaspersky Security Center storage window opens.

     3. Select a key or activation code.
     4. Click the OK button.
   • To add a key file:
     1. Select the Key file option.
     2. Click the Add button.

        The file selection window opens.

     3. Select a key file.
     4. Click the Open button.

   Note: The current key is deleted when a different key is added.

4. To add the specified key as a reserve key, select the Add as reserve key checkbox.

   The reserve key becomes active when the current key expires.

   Note: The reserve key expiration date must be later than the current key expiration date.

5. Save the changes in one of the following ways:
   • Click the Apply button to remain in the Properties: <Task name> window after saving changes.
   • Click the OK button to close the Properties: <Task name> window after saving changes.

1. Open the window with the Virus Scan task settings.
2. Select the Virus Scan section.
3. To change the level of security on which Kaspersky Endpoint Security runs the Virus Scan task, do one of the following in the Security level section:
   • Select a preset security level by moving the slider up or down the scale.

     You can select one of the following security levels:

     • Maximum Protection. Kaspersky Endpoint Security performs the maximum monitoring of files that are opened, saved, or executed.
     • Recommended. Kaspersky Endpoint Security monitors files with the settings recommended by Kaspersky Lab.

       This is the default security level.

     • Maximum speed. Kaspersky Endpoint Security monitors a minimum set of files. You can choose this security level if you want to comfortably use other applications that require significant RAM resources.
   • Configure security settings manually:
     1. Click the Settings button.

        The Settings: Virus Scan window opens.

     2. On the General tab, in the File types section, select the types of files that should be scanned by Kaspersky Endpoint Security when running the Virus Scan task.
     3. On the General tab, in the Optimization section, configure the scan performance.
     4. On the General tab in the Compound files section, select which compound files you want Kaspersky Endpoint Security to analyze for detectable objects.
     5. On the Advanced tab, in the Advanced settings section, configure the use of iSwift technology and recording of information about detected objects in the application statistics.
     6. On the Advanced tab, in the Heuristic Analyzer section, configure the use of Heuristic Analyzer and select the protection level to be applied by Heuristic Analyzer during virus scans.
     7. Click OK to save changes and close the Settings: Virus Scan window.

        The security level changes to Custom.

   • To restore the default settings, click the Default button.

     The security level changes to Recommended.

4. If necessary, in the Action section, select the action that Kaspersky Endpoint Security should perform when an infected object is detected.
5. To specify a scan scope, in the Scan scope section, click the Settings button and do the following in the window that opens:
   1. Click the Settings button.

   The Scan scope window opens.

   1. If you want Kaspersky Endpoint Security to scan all removable drives, select the All removable drives checkbox.
   2. If you want Kaspersky Endpoint Security to scan all internal drives, select the All internal drives checkbox.
   3. If you want Kaspersky Endpoint Security to scan all network drives, select the All network drives checkbox.
   4. If you want Kaspersky Endpoint Security to scan the computer memory, select the Memory checkbox.
   5. If you want Kaspersky Endpoint Security to scan other files or folders, click the Add button and specify a file, folder, or name mask of a file or folder.
6. Save the changes in one of the following ways:
   • Click the Apply button to remain in the Properties: <Task name> window after saving changes.
   • Click the OK button to close the Properties: <Task name> window after saving changes.

1. Open the window with the Update task settings.
2. Select the Update section.
3. If you want Kaspersky Endpoint Security to update application modules along with application databases, select the Update application modules checkbox.
4. If you want Kaspersky Endpoint Security to copy the update files to a local or network folder, select the Copy update files to folder checkbox and enter the path to the relevant folder.
5. To choose an update source:
   1. Click the Settings button.

      The Settings: Update window opens.

   2. Specify the update source in one of the following ways:
      • If you want the application to download updates from Administration Server, select the Kaspersky Security Center checkbox.
      • If you want the application to download updates from Kaspersky Lab update servers, select the Kaspersky Lab update servers checkbox.
      • To add a different update source, click the Add button and in the window that opens type the path to the update source.

        By default, Kaspersky Endpoint Security downloads updates from Administration Server and Kaspersky Lab update servers.

6. Save the changes in one of the following ways:
   • Click the Apply button to remain in the Properties: <Task name> window after saving changes.
   • Click the OK button to close the Properties: <Task name> window after saving changes.

1. Open the list of local tasks for a client computer.
2. In the list of local tasks, select the File Anti-Virus task and open its properties in one of the following ways:
   • Double-click the task name.
   • Right-click to display the shortcut menu of the task and select Properties.
   • Click the Properties button.
3. Select the File Anti-Virus section.
4. If necessary, configure the following settings in the File Anti-Virus section:
   • Enable or disable File Anti-Virus on the client computer.
   • To select one of the preset security levels, use the slider in the Security level section.
   • To configure the security settings manually, click the Settings button and do the following:
     1. On the General tab, in the File types section, select the types of files that Kaspersky Endpoint Security should scan when they are opened, executed, or saved.
     2. On the General tab, in the Optimization section, configure the scan performance and select the scan technology.
     3. On the General tab, in the Compound files section, select which compound files should be scanned for detectable objects and set a restriction on scanning large-sized objects.
     4. On the Protection scope tab, specify files or folders that should be scanned by File Anti-Virus.

        By default, scanning of all objects located on removable, internal, and network drives connected to the client computer is enabled. You can add an object to the protection scope, modify an object on the list, temporarily disable scanning of an object on the list, or remove an object from the list.

     5. Select File Anti-Virus operation mode in the Scan mode section of the Advanced tab.
     6. On the Advanced tab, in the Pause task section, enable or disable scheduled pausing of File Anti-Virus and configure automatic pausing of tasks according to a schedule.
     7. On the Advanced tab, in the Heuristic Analyzer section, configure the use of Heuristic Analyzer by File Anti-Virus.
   • In the If a malicious object is detected section, select the action that File Anti-Virus performs upon detecting an infected object.
5. Save the changes in one of the following ways:
   • Click the Apply button to remain in the Properties: File Anti-Virus window after saving changes.
   • Click the OK button to close the Properties: File Anti-Virus window after saving changes.

1. Open the list of local tasks for a client computer.
2. In the list of local tasks, select the Web Anti-Virus task and open its properties in one of the following ways:
   • Double-click the task name.
   • Right-click to display the shortcut menu of the task and select Properties.
   • Click the Properties button.
3. Select the Web Anti-Virus section.
4. If necessary, configure the following settings in the Web Anti-Virus section:
   • Enable or disable Web Anti-Virus on the client computer.
   • To select one of the preset security levels, use the slider in the Security level section.
   • To configure the security settings manually, click the Settings button and do the following:
     1. In the Scan mode section, enable or disable checking of web addresses against the database of malicious web addresses.
     2. In the Anti-Phishing settings section, enable or disable checking of web addresses against the database of phishing web addresses.
     3. In the Anti-Phishing settings section, enable or disable the use of Heuristic Analyzer for detecting phishing links.
5. In the If a malicious object is detected section, select the action that Web Anti-Virus performs upon detecting a dangerous object in web traffic.
6. Save the changes in one of the following ways:
   • Click the Apply button to remain in the Properties: Web Anti-Virus window after saving changes.
   • Click the OK button to close the Properties: Web Anti-Virus window after saving changes.

1. Open the list of local tasks for a client computer.
2. In the list of local tasks, select the Quick Scan task and open its properties in one of the following ways:
   • Double-click the task name.
   • Right-click to display the shortcut menu of the task and select Properties.
   • Click the Properties button.
3. Select the Virus Scan section.
4. If necessary, configure the following settings in the Virus Scan section:
   • To select one of the preset security levels, use the slider in the Security level section.
   • To configure the security settings manually, click the Settings button and do the following:
     1. On the General tab, in the File types section, select the types of files that should be scanned by Kaspersky Endpoint Security.
     2. On the General tab, in the Optimization section, configure the scan performance.
     3. On the General tab, in the Compound files section, select which compound files you want Kaspersky Endpoint Security to scan.
     4. On the Advanced tab, in the Advanced settings section, configure the use of iSwift technology and the saving of information about detected objects in the application statistics.
     5. On the Advanced tab, in the Heuristic Analyzer section, configure the use of Heuristic Analyzer and select the protection level to be applied by Heuristic Analyzer.
   • In the Action section, select the action that Kaspersky Endpoint Security should perform upon detecting an infected object.
   • To specify a scan scope, in the Scan scope section, click the Settings button and do the following in the window that opens:
     • If you want Kaspersky Endpoint Security to scan objects in the default list, select the checkbox next to the relevant object.
     • If you want Kaspersky Endpoint Security to scan other files or folders, click the Add button and specify a file, folder, or name mask of a file or folder.
5. Save the changes in one of the following ways:
   • Click the Apply button to remain in the Properties: Quick Scan window after saving changes
   • Click the OK button to close the Properties: Quick Scan window after saving changes.

1. Open the list of local tasks for a client computer.
2. Open the properties of the Full Scan task in one of the following ways:
   • Double-click the task name.
   • Right-click to display the shortcut menu of the task and select Properties.
3. Select the Virus Scan section.
4. If necessary, configure the following settings in the Virus Scan section:
   • To select one of the preset security levels, use the slider in the Security level section.
   • To configure the security settings manually, click the Settings button and do the following
     1. On the General tab, in the File types section, select the types of files that should be scanned by Kaspersky Endpoint Security.
     2. On the General tab, in the Optimization section, configure the scan performance.
     3. On the General tab, in the Compound files section, select which compound files you want Kaspersky Endpoint Security to scan.
     4. On the Advanced tab, in the Advanced settings section, configure the use of iSwift technology and the saving of information about detected objects in the application statistics.
     5. On the Advanced tab, in the Heuristic Analyzer section, configure the use of Heuristic Analyzer and select the protection level to be applied by Heuristic Analyzer.
   • In the Action section, select the action that Kaspersky Endpoint Security should perform upon detecting an infected object.
   • To specify a scan scope, in the Scan scope section, click the Settings button and do the following in the window that opens:
     • If you want Kaspersky Endpoint Security to scan objects in the default list, select the checkbox next to the relevant object
     • If you want Kaspersky Endpoint Security to scan other files or folders, click the Add button and specify a file, folder, or name mask of a file or folder.
5. Save the changes in one of the following ways:
   • Click the Apply button to remain in the Properties: Full Scan window after saving changes.
   • Click the OK button to close the Properties: Full Scan window after saving changes.

1. Open the list of local tasks for a client computer.
2. In the list of local tasks, select the Network Attack Blocker task and open its properties in one of the following ways:
   • Double-click the task name.
   • Right-click to display the shortcut menu of the task and select Properties.
   • Click the Properties button.
3. Select the Network Attack Blocker section.
4. If necessary, configure the following settings in the Network Attack Blocker section:
   • Enable or disable Network Attack Blocker on the client computer.
   • In the Network Attack Blocker settings section, select or clear the Block attacking computers for <value> min checkbox and specify the value.
   • You can also specify the IP addresses of computers whose network activity will not be blocked. To do this, perform the following steps:
     • Click the Exclusions button.

       The Exclusions window opens.

     • Click the Add button.

       The IP address window opens.

     • Specify the IP address of the computer whose network activity will not be blocked.
5. Save the changes in one of the following ways:
   • Click the Apply button to remain in the Properties: Network Attack Blocker window after saving changes.
   • Click the OK button to close the Properties: Network Attack Blocker window after saving changes.

1. Start Administration Console of Kaspersky Security Center.
2. Expand the Administration Server <Server name> node.
3. In the console tree, select the Managed devices node.
4. Select the administration group that contains the required client computer.
5. In the workspace, select the Policies tab and click the Create a policy button.

   The New Policy Wizard opens.

6. Follow the steps of the New Policy Wizard to create a policy.

1. Start Administration Console of Kaspersky Security Center.
2. Expand the Administration Server <Server name> node.
3. In the console tree, select the Policies folder and click the Create a policy button.

   The New Policy Wizard opens.

4. Follow the steps of the New Policy Wizard to create a policy.

In the Select the application for which you want to create a group policy window, in the list of applications, select Kaspersky Endpoint Security 10 Service Pack 2 Maintenance Release 1 for Mac.

1. In the Enter a group policy name window, in the Name field, specify the name of the policy that you are creating. The name can't contain the following symbols: “ * < : > ? \ |.
2. Select the Use settings from policy for previous version of application checkbox if you want to import the settings from an existing Kaspersky Endpoint Security policy to a new policy.

In the Protection window, configure the following settings if necessary:

• Configure protection settings for the operating system on the client computer.
• Configure Trusted Zone.
• Select types of objects to be detected.
• Disable or enable the start of scheduled tasks when the computer is running on battery power.

In the File Anti-Virus window, do the following if necessary:

• Enable or disable File Anti-Virus.

  By default, File Anti-Virus is enabled.

• Select a security level.

  By default, the security level recommended by Kaspersky Lab is selected.

• Select actions to be performed upon detecting a malicious object.

In the Web Anti-Virus window, do the following if necessary:

• Enable or disable Web Anti-Virus.

  By default, Web Anti-Virus is enabled.

• Select a security level.

  By default, the security level recommended by Kaspersky Lab is selected.

• Select the action to be performed upon detecting a malicious object in web traffic.
• Enable or disable scanning of inbound and outbound HTTPS traffic.

In the Network Attack Blocker window, do the following if necessary:

• Enable or disable Network Attack Blocker.

  By default, Network Attack Blocker is enabled.

• Configure Network Attack Blocker settings.

1. In the FileVault Disk Encryption window, enable or disable FileVault encryption management for a user's startup disk.
2. Choose the Encrypt disk option, if you want to encrypt user's startup disk when the policy is applied to a client computer.

By default, the FileVault encryption is disabled.

If the Enable FileVault disk encryption management checkbox is unselected, users with administrator rights can encrypt and decrypt their Mac startup disks from System Preferences.

If the Enable FileVault disk encryption management checkbox and the Encrypt disk option are selected, users with administrator rights can't decrypt the startup disk of their Mac from System Preferences.

If the Enable FileVault disk encryption management checkbox and the Decrypt disk option are selected, users with administrator rights can't encrypt the startup disk of their Mac from System Preferences.

In the Update window, do the following if necessary:

• Enable or disable updating application modules.
• Enable or disable copying of update files to a specific folder.
• Specify the folder to which the application will copy update files.
• Specify update sources.

In the KSN window, do the following if necessary:

• Read the full text of the Kaspersky Security Network Statement by clicking the KSN Statement button.
• Enable or disable the use of Kaspersky Security Network.
• Enable or disable extended KSN mode.
• Enable or disable the use of KSN proxy.

When you choose to participate in Kaspersky Security Network in a policy settings, Kaspersky Endpoint Security statistics from client computers to which the policy is applied are automatically sent to Kaspersky Lab to enhance protection of these computers.

Note: Kaspersky Lab doesn't collect, process, or store any personal data without your explicit consent.

After the policy is deleted or made inactive, KSN settings on a client computer return to the original state.

In the User Interaction window, configure the settings of Kaspersky Endpoint Security interaction with the user of the client computer if necessary.

In the Network window, configure the connection to a proxy server if necessary.

In the Reports window, do the following if necessary:

• Configure settings for generating and storing reports.
• Configure settings for storing objects in Backup.

In the Create the group policy for the application window, do the following:

1. Select the status that will be assigned to the policy:
   • Active policy: the policy is applied to the selected administration group.
   • Inactive policy: the policy is not applied.
   • Out-of-office policy: the policy is applied to the selected administration group when the computers are disconnected from the corporate network.

   Note: You can create multiple policies for an application in an administration group, but only one of them can be active.

   For detailed information about policy statuses, see Kaspersky Security Center Help.

2. Select the Open policy properties immediately after they are created checkbox if you want to review the policy settings after the policy is created.
3. Click Finish to close the New Policy Wizard.

   The policy that you have created appears on the Policies tab in the workspace of the relevant administration group. The policy is applied to client computers after their first synchronization with Administration Server.

1. Start Administration Console of Kaspersky Security Center.
2. Expand the Administration Server <Server name> node.
3. In the console tree, select the Managed devices node.
4. Select the administration group that contains the required client computer.
5. In the workspace, select the Policies tab.

   The list of policies is displayed.

1. Start Administration Console of Kaspersky Security Center.
2. Expand the Administration Server <Server name> node.
3. In the console tree, select the Managed devices node.
4. Select the administration group that contains the required client computer.
5. In the workspace, select the Policies tab.
6. Right-click the policy whose state you want to change and choose Properties from the context menu.
7. In the Properties: <Policy name> window, select the General section.
8. In the Policy status section, select one of the following policy statuses:
   • Active policy. The policy is always applied to the selected administration group.
   • Out-of-office policy. The policy is applied to the selected administration group when client computers are disconnected from the corporate network.
   • Inactive policy. The policy is not applied to the selected administration group.
9. Click OK to save changes and close the Properties: <Policy name> window.

1. Start Administration Console of Kaspersky Security Center.
2. Expand the Administration Server <Server name> node.
3. In the console tree, select the Managed devices node.
4. Select the administration group that contains the required client computer.
5. In the workspace, select the Policies tab.
6. Right-click the policy to display its context menu and choose Export.

   The Save As window opens.

7. Select the folder in which you want to save the KLP file of the policy.
8. Specify the file name.
9. Click Save to save the file in the selected folder.

1. Start Administration Console of Kaspersky Security Center.
2. Expand the Administration Server <Server name> node.
3. In the console tree, select the Managed devices node.
4. Select the administration group that contains the required client computer.
5. In the workspace, select the Policies tab.
6. Open the file selection window in one of the following ways:
   • By clicking the Import policy from file button.
   • By right-clicking an empty area in the workspace to open the context menu and selecting the Import item.
7. Select a KLP file with a policy and click the Open button.

The imported policy is added to the list of policies in the workspace.

1. In the console tree, select the administration group for which you want to create a policy profile.
2. In the workspace of the group, open the Policies tab.
3. Do one of the following to open the properties of the policy for which you want to create a profile:
   • Double-click the name of the policy.
   • Right-click the policy name to display the context menu and choose Properties.
4. Open the Policy profiles section of the Properties: <Policy name> window.
5. Click the Add button.
6. In the Assign policy profiles window, read the information about policies and click the Next button.

   If you don't want this window to display when you create new policy profiles, select the Do not show this window again checkbox before clicking the Next button.

7. In the Policy profile name window, configure the policy profile:
   • Enter the name of the new policy profile.
8. The name of a profile cannot include more than 100 characters.
   • In the Policy profile state section, select whether the policy profile is enabled or disabled.
   • In the drop-down list in the Policy profile state section, select whether editing of the policy profile is locked or allowed.
   • If you want to configure activation rules for the policy profile, select the After closing the New Policy Profile Wizard, proceed to configuring the policy profile activation rule checkbox.
9. Click the Finish button.
10. Configure the profile settings in the relevant sections as appropriate.
11. After you have configured the profile and created the activation rules, click OK to save the changes.

The policy profile that you created appears in the Policy profiles section of the policy properties.

1. In the console tree, select the administration group for which you want to modify a policy profile.
2. In the workspace of the group, open the Policies tab.
3. Do one of the following to open the properties of the policy for which you want to modify a profile:
   • Double-click the name of the policy.
   • Right-click the policy name to display the context menu and choose Properties.
4. Open the Policy profiles section of the Properties: <Policy name> window.
5. Select the profile that you want to modify and click Properties.
6. Configure the profile in the properties window:
   • If necessary, in the General section, rename the profile or enable/disable the profile by selecting/deselecting the Enable profile checkbox.
   • In the Activation rules section, edit the activation rules.
   • In the Devices section, choose the devices to which the policy profile is applied.
   • Edit the policy settings in the relevant sections.
7. Click OK.

If the policy profile is active, the modified settings will be applied after the client computer is synchronized with Administration Server. If the policy profile is inactive, they will be applied after the activation rule is triggered.

1. In the console tree, select the administration group for which you want to change the priority of a policy profile.
2. In the workspace of the group, open the Policies tab.
3. Do one of the following to open the properties of the policy for which you want to change the priority of a policy profile:
   • Double-click the name of the policy.
   • Right-click the policy name to display the context menu and choose Properties.
4. Open the Policy profiles section of the Properties: <Policy name> window.
5. Select the policy profile whose priority you want to change.
6. Raise/lower the priority of the selected profile by clicking the / buttons.

1. In the console tree, select the administration group for which you want to delete a policy profile.
2. In the workspace of the group, open the Policies tab.
3. Do one of the following to open the properties of the policy for which you want to delete a profile:
   • Double-click the name of the policy.
   • Right-click the policy name to display the context menu and choose Properties.
4. Open the Policy profiles section of the Properties: <Policy name> window.
5. Select the profile that you want to delete and click the Delete button.

1. Start Administration Console of Kaspersky Security Center.
2. Expand the Administration Server <Server name> node.
3. In the console tree, select the Managed devices node.
4. Select the administration group that contains the required client computer.
5. Select the Devices tab.
6. Select the computer from the list of client computers.
7. Open the Properties: <Computer name> window in one of the following ways:
   • Double-click the name of the client computer.
   • Right-click the client computer and choose Properties from the context menu.
8. Select the Protection section.
9. Generate a report by clicking the View threats report link in the workspace.

The generated report opens in a browser window.