Kaspersky Endpoint Security 10 for Windows

About policies

22 December 2022

ID 128160

You can use policies to apply identical Kaspersky Endpoint Security settings to all client computers within an administration group.

You can locally change the values of settings specified by a policy for individual computers in an administration group using Kaspersky Endpoint Security. You can locally change only those settings whose modification is not prohibited by the policy.

Whether an application setting on a client computer can be edited is determined by the "lock" status of the setting within a policy:

  • If a setting is "locked" (sc_changes locked), you cannot locally edit the value of this setting. The setting value specified by the policy is used for all client computers within the administration group.
  • When a setting is "unlocked" (sc_changes locked), you can edit the setting locally. A locally configured setting is applied to all client computers within the administration group. The policy-configured setting is not applied.

After the policy is applied for the first time, local application settings change in accordance with the policy settings.

The rights to access policy settings (read, write, execute) are specified for each user who has access to the Kaspersky Security Center Administration Server and separately for each functional scope of Kaspersky Endpoint Security. To configure the rights to access policy settings, go to the Security section of the properties window of the Kaspersky Security Center Administration Server.

The following functional scopes of Kaspersky Endpoint Security are singled out:

  • Anti-Virus protection. The functional scope includes File Anti-Virus, Mail Anti-Virus, Web Anti-Virus, IM Anti-Virus, Vulnerability Scan, and scan tasks.
  • Application Startup Control. The functional scope includes the Application Startup Control component.
  • Device Control. The functional scope includes the Device Control component.
  • Encryption. The functional scope includes the hard drive, file, and folder encryption components.
  • Trusted zone. The functional scope includes the Trusted Zone.
  • Web Control. The functional scope includes the Web Control component.
  • Intrusion prevention. This functional scope includes Application Activity Monitor, Vulnerability Monitor, Firewall, Network Attack Blocker, and Application Privilege Control.
  • Basic functionality. This functional scope includes general application settings that are not specified for other functional scopes, including: licensing, KSN settings, inventory tasks, application database and module update tasks, Self-Defense, advanced application settings, reports and storages, password protection settings, and application interface settings.

You can perform the following operations with a policy:

  • Create a policy.
  • Edit policy settings.

    If the user account under which you accessed the Administration Server does not have rights to edit settings of certain functional scopes, the settings of these functional scopes are not available for editing.

  • Delete a policy.
  • Change policy status.

For information on using policies that are not related to interaction with Kaspersky Endpoint Security, please refer to the Kaspersky Security Center Administrator's Guide.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.