- Kaspersky Secure Mobility Management help
- What's new
- Working in Kaspersky Security Center Web Console
- About Kaspersky Secure Mobility Management
- Getting started
- Solution architecture
- Deployment scenarios
- Deploying a mobile device management solution in Kaspersky Security Center Web Console
- Deploying Kaspersky Security Center Linux and Kaspersky Security Center Web Console
- Deploying mobile management plug-ins
- Configuring Administration Server settings for connecting mobile devices
- Scenario: Configuring a connection gateway to connect mobile devices to Kaspersky Security Center Web Console
- Adding installation packages to Administration Server repository
- Adding a license key to the Administration Server repository
- Installing Network Agent Linux
- Configuring Kaspersky Security Center Linux Web Server settings
- Deploying an iOS device management system
- About iOS device operating modes
- About device management profiles
- Deploying Kaspersky Security for iOS
- Deploying a management system using the iOS MDM protocol
- Deploying iOS MDM Server
- Configuring an iOS MDM Server installation package
- Installing iOS MDM Server using a remote installation task
- Local installation of iOS MDM Server on a device via an installation package
- Updating iOS MDM Server using a remote installation task or locally
- Deleting iOS MDM Server using a remote uninstallation task
- Viewing the list of installed iOS MDM Servers and configuring their settings
- Configuring an iOS MDM Server certificate
- Configuring a reserve iOS MDM Server certificate
- Receiving or renewing an APNs certificate
- Installing an APNs certificate on iOS MDM Server
- Configuring access to Apple Push Notification service
- iOS MDM Server events
- Obtaining iOS MDM Server diagnostic data
- Deploying iOS MDM Server
- Deploying an Android device management system
- About Android device operating modes
- Using Firebase Cloud Messaging
- Deploying Kaspersky Endpoint Security for Android
- Permissions for Kaspersky Endpoint Security for Android
- Starting and stopping Kaspersky Endpoint Security for Android
- Activating Kaspersky Endpoint Security for Android
- Updating Kaspersky Endpoint Security for Android
- Removing Kaspersky Endpoint Security for Android
- Managing mobile devices in Kaspersky Security Center Web Console
- Creating administration groups
- Configuring policies
- Creating a policy
- Modifying a policy
- Copying a policy
- Moving a policy to another administration group
- Viewing the list of policies
- Viewing the policy distribution results
- Managing revisions to policies
- Restricting permissions to configure policies
- Configuring role-based access control
- Configuring policy profiles
- Deleting a policy
- Connecting mobile devices to Kaspersky Security Center Web Console
- Configuring synchronization settings
- Managing certificates of mobile devices
- Configuration and management
- Control
- Protection
- Configuring anti-malware protection on Android devices
- Protecting Android devices on the internet
- Protection of data on a stolen or lost device
- Configuring the device unlock password strength
- Configuring a virtual private network (VPN)
- Configuring Firewall on Android devices (only Samsung)
- Protecting Kaspersky Endpoint Security for Android against removal
- Detecting hacked devices
- Configuring a global HTTP proxy on iOS MDM devices
- Adding security certificates to iOS MDM devices
- Adding a SCEP profile to iOS MDM devices
- Restricting SD card usage (only Samsung)
- Management of mobile devices
- Managing Android devices
- Managing iOS MDM devices
- Adding a configuration profile
- Installing a configuration profile on a device
- Removing a configuration profile from a device
- Configuring managed apps
- Installing an app on a mobile device
- Removing an app from a device
- Configuring roaming on an iOS MDM mobile device
- Viewing information about an iOS MDM device
- Disconnecting an iOS MDM device from management
- Configuring kiosk mode for iOS MDM devices
- Management of mobile device settings
- Configuring connection to a Wi-Fi network
- Configuring email
- Configuring protection levels in Kaspersky Security Center
- Managing app configurations
- Managing app permissions
- Creating a report on installed mobile apps
- Installing root certificates on Android devices
- Configuring notifications for Kaspersky Endpoint Security for Android
- Connecting iOS MDM devices to AirPlay
- Connecting iOS MDM devices to AirPrint
- Configuring the Access Point Name (APN)
- Corporate container
- Adding an LDAP account
- Adding a contacts account
- Adding a calendar account
- Configuring a calendar subscription
- Configuring SSO
- Managing Web Clips
- Setting a wallpaper
- Adding fonts
- Working with commands for mobile devices
- Managing the app by using third-party EMM systems (Android only)
- Participating in Kaspersky Security Network
- Samsung Knox
- Using the Kaspersky Endpoint Security for Android app
- App features
- Main window at a glance
- Status bar icon
- Device scan
- Running a scheduled scan
- Changing the Protection mode
- Anti-malware database updates
- Scheduled database update
- Things to do if your device gets lost or stolen
- Web Protection
- Get Certificate
- Synchronizing with Kaspersky Security Center
- Activating the Kaspersky Endpoint Security for Android app without Kaspersky Security Center
- Installing the app on corporate devices
- Installing root certificates on the device
- Installing and using mail and VPN certificates on the device
- Enabling accessibility on Android 13 or later
- Updating the app
- Removing the app
- Applications with a briefcase icon
- Knox app
- Using the Kaspersky Security for iOS app
- Application licensing
- Comparison of solution features by management tool
- Contact Technical Support
- Sources of information about the application
- Glossary
- Activating the application
- Activation code
- Administration group
- Administration Server
- Administrator's workstation
- Anti-malware databases
- Apple Push Notification service (APNs) certificate
- Application management plug-in
- Basic control
- Basic protection
- Certificate Signing Request
- Compliance Control
- Corporate container
- Corporate device
- Device administrator
- Device management profile
- End User License Agreement
- Group task
- IMAP
- Installation package
- iOS MDM device
- iOS MDM profile
- iOS MDM Server
- Kaspersky categories
- Kaspersky Private Security Network (KPSN)
- Kaspersky Security Center Administrator
- Kaspersky Security Center Web Server
- Kaspersky Security Network (KSN)
- Kaspersky update servers
- Key file
- License
- License term
- Malware
- Manifest file
- Network Agent
- Personal device
- Phishing
- Policy
- POP3
- Proxy server
- Quarantine
- SSL
- Standalone installation package
- Subscription
- Supervised device
- Unlock code
- Virtual Administration Server
- Information about third-party code
- Trademark notices
Configuring protection levels in Kaspersky Security Center
These settings apply to Android devices.
To configure rules for assigning protection levels in Kaspersky Security Center:
- In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
- In the policy properties window, select Application settings.
- Select Android and go to the KES for Android settings section.
- On the Severity settings for device protection level card, click Settings.
The Severity settings for device protection level window opens.
- Enable the settings using the Severity settings for device protection level toggle switch.
- Select the OK, Warning, or Critical protection level for each of the following conditions:
- Real-time protection is not running
Drop-down list where you can select the protection level of a mobile device on which real-time protection is not running.
Real-time protection lets you detect threats in files being opened, as well as scan new apps and stop device infections in real time.
Real-time protection may fail to run for the following reasons:
- The user declined to use Kaspersky Security Network on the mobile device in the Anti-Malware settings of Kaspersky Endpoint Security for Android.
- The user did not grant the app access to manage all files.
If real-time protection is not running, you can also configure restrictions on operation of the mobile device in the Compliance Control settings of the policy.
- Web Protection and Web Control are not running
Drop-down list where you can select the protection level of a mobile device on which Web Protection and Web Control are not running.
Web Protection lets you scan websites and block malicious and phishing websites.
Web Control lets you configure user access to specific websites and categories of websites.
Web Protection and Web Control may fail to run for the following reasons:
- The user disabled Web Protection on the mobile device in the Kaspersky Endpoint Security for Android settings.
- The user did not enable Kaspersky Endpoint Security for Android as an Accessibility feature.
- The Ignore battery optimization permission has not been granted.
- The Web Protection Statement has not been accepted.
If Web Protection and Web Control are not running, you can also configure restrictions on the operation of the mobile device in the Compliance Control settings of the policy.
- App Control is not running
Drop-down list where you can select the protection level of a mobile device on which App Control is not running.
App Control lets you block apps from running on mobile devices if those apps do not meet the corporate security requirements.
App Control may not run if the user did not enable the app as an Accessibility feature on devices running Android 5 or later.
If App Control is not running, you can also configure restrictions on the operation of the mobile device in the Compliance Control settings of the policy.
- Device lock is not available
Drop-down list where you can select the protection level of a mobile device on which device lock is not available.
The device may be locked in the following cases:
- The Anti-Theft command is received.
- The SIM card is replaced or the device is turned on without a SIM card.
- An attempt is made to remove Kaspersky Endpoint Security for Android while app removal protection is enabled.
Device lock may be unavailable for the following reasons:
- The user did not set the app as a device administrator.
- The user did not enable the app as an Accessibility service on devices running Android 7 or later.
- The user did not enable the app to overlay other windows on devices running Android 7 or later.
- Device location is not available
Drop-down list where you can select the protection level of a mobile device whose location cannot be determined.
The location is determined after the Locate device command is received.
Locating the device may be unavailable for the following reasons:
- The user did not grant the device locate permission to the app.
- The user turned off the GPS module in the device settings.
- Versions of the Kaspersky Security Network Statement do not match
Drop-down list where you can select the protection level of a mobile device if the version of the Kaspersky Security Network Statement accepted by the administrator does not match the version accepted by the device user. Statistics not listed in the version of the Statement accepted by the user are not sent to Kaspersky Security Network.
- Versions of the Marketing Statement do not match
Drop-down list where you can select the protection level of a mobile device if the version of the Statement regarding data processing for marketing purposes accepted by the administrator does not match the version accepted by the device user. Data is not transferred to third-party services.
The list of third-party services can be found in the Statement regarding data processing for marketing purposes.
- Real-time protection is not running
- Click OK.
- Click Save to save the changes you have made.
Mobile device settings are changed after the next device synchronization with Kaspersky Security Center.
For more information about default values, reasons, and conditions for assigning protection levels, please refer to the Mobile device protection levels section.