Manual setup of the Kaspersky Endpoint Security policy

This section provides recommendations on how to configure the Kaspersky Endpoint Security policy. You can perform setup in the policy properties window. When you edit a setting, click the lock icon to the right of the relevant group of settings to apply the specified values to a workstation.

Configuring Kaspersky Security Network

Kaspersky Security Network (KSN) is the infrastructure of cloud services that contains information about the reputation of files, web resources, and software. Kaspersky Security Network enables Kaspersky Endpoint Security for Windows to respond faster to different kinds of threats, enhances the performance of the protection components, and decreases the likelihood of false positives. For more information about Kaspersky Security Network, see the Kaspersky Endpoint Security for Windows Help.

To specify recommended KSN settings:

1. In the main menu, go to Assets (Devices) → Policies & profiles.
2. Click the policy of Kaspersky Endpoint Security for Windows.

   The properties window of the selected policy opens.

3. In the policy properties, go to Application settings → Advanced Threat Protection → Kaspersky Security Network.
4. Make sure that the Use KSN Proxy option is enabled. Using this option helps to redistribute and optimize traffic on the network.

   If you use Managed Detection and Response, you must enable KSN Proxy option for the distribution point and enable extended KSN mode.

5. Enable use of KSN servers if the KSN proxy service is not available. KSN servers may be located either on the side of Kaspersky (when KSN is used) or on the side of third parties (when KPSN is used).
6. Click OK.

The recommended KSN settings are specified.

Checking the list of the networks protected by Firewall

Make sure that Kaspersky Endpoint Security for Windows Firewall protects all your networks. By default, Firewall protects networks with the following types of connection:

• Public network. Anti-virus applications, firewalls, or filters do not protect devices in such a network.
• Local network. Access to files and printers is restricted for devices in this network.
• Trusted network. Devices in such a network are protected from attacks and unauthorized access to files and data.

If you configured a custom network, make sure that Firewall protects it. For this purpose, check the list of the networks in the Kaspersky Endpoint Security for Windows policy properties. The list may not contain all the networks.

For more information about Firewall, see the Kaspersky Endpoint Security for Windows Help.

To check the list of networks:

1. In the main menu, go to Assets (Devices) → Policies & profiles.
2. Click the policy of Kaspersky Endpoint Security for Windows.

   The properties window of the selected policy opens.

3. In the policy properties, go to Application settings → Essential Threat Protection → Firewall.
4. Under Available networks, click the Network settings link.

   The Network connections window opens. This window displays the list of networks.

5. If the list has a missing network, add it.

Disabling the scan of network devices

When Kaspersky Endpoint Security for Windows scans network drives, this can place a significant load on them. It is more convenient to perform indirect scanning on file servers.

You can disable scanning of network drives in the Kaspersky Endpoint Security for Windows policy properties. For a description of these policy properties, see the Kaspersky Endpoint Security for Windows Help.

To disable scanning of network drives:

1. In the main menu, go to Assets (Devices) → Policies & profiles.
2. Click the policy of Kaspersky Endpoint Security for Windows.

   The properties window of the selected policy opens.

3. In the policy properties, go to Application settings → Essential Threat Protection → File Threat Protection.
4. Under Protection scope, disable the All network drives option.
5. Click OK.

Scanning of network drives is disabled.

Excluding software details from the Administration Server memory

We recommend that Administration Server does not save information about software modules that are started on the network devices. As a result, the Administration Server memory does not overrun.

You can disable saving this information in the Kaspersky Endpoint Security for Windows policy properties.

To disable saving information about installed software modules:

1. In the main menu, go to Assets (Devices) → Policies & profiles.
2. Click the policy of Kaspersky Endpoint Security for Windows.

   The properties window of the selected policy opens.

3. In the policy properties, go to Application settings → General Settings → Reports and Storage.
4. Under Data transfer to Administration Server, disable the About started applications check box if it is still enabled in the top-level policy.

   When this check box is selected, the Administration Server database saves information about all versions of all software modules on the networked devices. This information may require a significant amount of disk space in the Open Single Management Platform database (dozens of gigabytes).

The information about installed software modules is no longer saved to the Administration Server database.

Configuring access to the Kaspersky Endpoint Security for Windows interface on workstations

If the Anti-Virus protection on the organization's network must be managed in centralized mode through Open Single Management Platform, specify the interface settings in the Kaspersky Endpoint Security for Windows policy properties, as described below. As a result, you will prevent unauthorized access to Kaspersky Endpoint Security for Windows on workstations and the changing of Kaspersky Endpoint Security for Windows settings.

For a description of these policy properties, see the Kaspersky Endpoint Security for Windows Help.

To specify recommended interface settings:

1. In the main menu, go to Assets (Devices) → Policies & profiles.
2. Click the policy of Kaspersky Endpoint Security for Windows.

   The properties window of the selected policy opens.

3. In the policy properties, go to Application settings → General Settings → Interface.
4. Under Interaction with user, select the No interface option. This disables the display of the Kaspersky Endpoint Security for Windows user interface on workstations, so their users cannot change the settings of Kaspersky Endpoint Security for Windows.
5. Under Password protection, enable the toggle switch. This reduces the risk of unauthorized or unintended changes in the settings of Kaspersky Endpoint Security for Windows on workstations.

The recommended settings for the interface of Kaspersky Endpoint Security for Windows are specified.

Saving important policy events in the Administration Server database

To avoid the Administration Server database overflow, we recommend that you save only important events to the database.

To configure registration of important events in the Administration Server database:

1. In the main menu, go to Assets (Devices) → Policies & profiles.
2. Click the policy of Kaspersky Endpoint Security for Windows.

   The properties window of the selected policy opens.

3. In the policy properties, open the Event configuration tab.
4. In the Critical section, click Add event and select check boxes next to the following events only:
   • End User License Agreement violated
   • Application autorun is disabled
   • Activation error
   • Active threat detected. Advanced Disinfection should be started
   • Disinfection impossible
   • Previously opened dangerous link detected
   • Process terminated
   • Network activity blocked
   • Network attack detected
   • Application startup prohibited
   • Access denied (local bases)
   • Access denied (KSN)
   • Local update error
   • Cannot start two tasks at the same time
   • Error in interaction with Kaspersky Security Center
   • Not all components were updated
   • Error applying file encryption / decryption rules
   • Error enabling portable mode
   • Error disabling portable mode
   • Could not load encryption module
   • Policy cannot be applied
   • Error changing application components
5. Click OK.
6. In the Functional failure section, click Add event and select check box next to the event Invalid task settings. Settings not applied.
7. Click OK.
8. In the Warning section, click Add event and select check boxes next to the following events only:
   • Self-Defense is disabled
   • Protection components are disabled
   • Incorrect reserve key
   • Legitimate software that can be used by intruders to damage your computer or personal data was detected (local bases)
   • Legitimate software that can be used by intruders to damage your computer or personal data was detected (KSN)
   • Object deleted
   • Object disinfected
   • User has opted out of the encryption policy
   • File was restored from quarantine on the Kaspersky Anti Targeted Attack Platform server by the administrator
   • File was quarantined on the Kaspersky Anti Targeted Attack Platform server by administrator
   • Application startup blockage message to administrator
   • Device access blockage message to administrator
   • Web page access blockage message to administrator
9. Click OK.
10. In the Info section, click Add event and select check boxes next to the following events only:
    • A backup copy of the object was created
    • Application startup prohibited in test mode
11. Click OK.

Registration of important events in the Administration Server database is configured.