Kaspersky Security for Virtualization 5.2 Light Agent
5.2
English

Contents

Application Self-Defense

Kaspersky Security defends the protected virtual machine with the Light Agent for Windows component against malicious applications, including malware that attempts to block the operation of Kaspersky Security or remove it from the protected virtual machine.

The stability of the security system on the protected virtual machine with the Light Agent for Windows component is ensured by the Self-Defense and remote control defense mechanisms provided by Kaspersky Security.

The Self-Defense mechanism prevents alteration or deletion of application files on the hard drive, memory processes, and entries in the system registry.

Remote Control Defense blocks all attempts from a remote device to control application services.

In this section:

Enabling or disabling Self-Defense

Enabling or disabling Remote Control Defense

Supporting remote administration applications
Page top
[Topic 65927]

Enabling or disabling Self-Defense

The Kaspersky Security Self-Defense mechanism is enabled by default. You can disable Self-Defense, if necessary.

Disabling Self-Defense reduces the level of virtual machine protection against malware.

You can enable or disable Self-Defense mechanism in the Light Agent for Windows policy properties using the Administration Console, in the Light Agent for Windows local interface, and using the Web Console when creating or editing the Light Agent for Windows policy settings (Application settingsOther settingsAdvanced settings).

To enable or disable the Self-Defense mechanism in the Administration Console:

  1. Open Kaspersky Security Center Administration Console.
  2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
  3. In the workspace, select the Policies tab.
  4. Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
  5. In the policy properties window, select the Advanced settings section in the list on the left.
  6. In the right part of the window, in the Self-Defense settings section, do one of the following:
    • To enable the Self-Defense mechanism, select the Enable Self-Defense check box.
    • To disable the Self-Defense mechanism, clear the Enable Self-Defense check box.
  7. Click the Apply button.

To enable or disable the Self-Defense mechanism in the local interface:

  1. Open the application settings window.
  2. In the left part of the window, select the Other settings section.

    Advanced protection settings are displayed in the right part of the window.

  3. Do one of the following:
    • To enable the Self-Defense mechanism, select the Enable Self-Defense check box.
    • To disable the Self-Defense mechanism, clear the Enable Self-Defense check box.

    If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.

  4. To save changes, click the Save button.
Page top
[Topic 65924]

Enabling or disabling Remote Control Defense

The remote control defense mechanism is enabled by default. You can disable the remote control defense mechanism, if necessary.

You can enable or disable remote control defense mechanism in the Light Agent for Windows policy properties using the Administration Console, in the Light Agent for Windows local interface, and using the Web Console when creating or editing the Light Agent for Windows policy settings (Application settingsOther settingsAdvanced settings).

To enable or disable the remote control defense mechanism in the Administration Console:

  1. Open Kaspersky Security Center Administration Console.
  2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
  3. In the workspace, select the Policies tab.
  4. Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
  5. In the policy properties window, select the Advanced settings section in the list on the left.
  6. In the right part of the window, in the Self-Defense settings section, do one of the following:
    • To enable the remote control defense mechanism, select the Disable external management of the system service.
    • To disable the remote control defense mechanism, clear the Disable external management of the system service.
  7. Click the Apply button.

To enable or disable the remote control defense mechanism in the local interface:

  1. Open the application settings window.
  2. In the left part of the window, select the Other settings section.

    Advanced application settings are displayed in the right part of the window.

    If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.

  3. Do one of the following:
    • To enable the remote control defense mechanism, select the Disable external management of the system service check box.
    • To disable the remote control defense mechanism, clear the Disable external management of the system service check box.
  4. To save changes, click the Save button.
Page top
[Topic 65923]

Supporting remote administration applications

You may occasionally need to use a remote administration application while external control protection is enabled. In the local interface, you can configure the operation of a remote administration application on a protected virtual machine.

To configure the operation of remote administration applications:

  1. Open the application settings window.
  2. In the left part of the window, select the Anti-Virus protection section.

    The anti-virus protection settings are shown in the right part of the window.

    If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.

  3. In the Exclusions and trusted zone section, click the Settings button.

    The Trusted zone window opens.

  4. Select the Trusted applications tab.
  5. Open the context menu of the Add button and do one of the following:
    • To find the remote administration application in the list of applications that are installed on the protected virtual machine, select the Applications item. The Select application window opens.
    • To specify the path to the executable file of the remote administration application, select Browse. The Select file window opens.
  6. Select an application.

    The Exclusions for application window opens.

  7. Select the Do not monitor application activity check box.
  8. In the Exclusions for application window, click OK.

    The trusted application that you have added appears in the trusted applications list.

  9. In the Trusted zone window, click OK.
  10. To save changes, click the Save button.
Page top
[Topic 65926]