Kaspersky Security Center

Saving important policy events in the Administration Server database

8 April 2024

ID 181227

To avoid the Administration Server database overflow, we recommend that you save only important events to the database.

To configure registration of important events in the Administration Server database:

  1. In the main menu, go to Devices → Policies & profiles.
  2. Click the policy of Kaspersky Endpoint Security for Windows.

    The properties window of the selected policy opens.

  3. In the policy properties, open the Event configuration tab.
  4. In the Critical section, click Add event and select check boxes next to the following events only:
    • End User License Agreement violated
    • Application autorun is disabled
    • Activation error
    • Active threat detected. Advanced Disinfection should be started
    • Disinfection impossible
    • Previously opened dangerous link detected
    • Process terminated
    • Network activity blocked
    • Network attack detected
    • Application startup prohibited
    • Access denied (local bases)
    • Access denied (KSN)
    • Local update error
    • Cannot start two tasks at the same time
    • Error in interaction with Kaspersky Security Center
    • Not all components were updated
    • Error applying file encryption / decryption rules
    • Error enabling portable mode
    • Error disabling portable mode
    • Could not load encryption module
    • Policy cannot be applied
    • Error changing application components
  5. Click OK.
  6. In the Functional failure section, click Add event and select check box next to the event Invalid task settings. Settings not applied.
  7. Click OK.
  8. In the Warning section, click Add event and select check boxes next to the following events only:
    • Self-Defense is disabled
    • Protection components are disabled
    • Incorrect reserve key
    • Legitimate software that can be used by intruders to damage your computer or personal data was detected (local bases)
    • Legitimate software that can be used by intruders to damage your computer or personal data was detected (KSN)
    • Object deleted
    • Object disinfected
    • User has opted out of the encryption policy
    • File was restored from quarantine on the Kaspersky Anti Targeted Attack Platform server by the administrator
    • File was quarantined on the Kaspersky Anti Targeted Attack Platform server by administrator
    • Message to administrator about application startup prohibition
    • Message to administrator about device access prohibition
    • Message to administrator about web page access prohibition
  9. Click OK.
  10. In the Info section, click Add event and select check boxes next to the following events only:
    • A backup copy of the object was created
    • Application startup prohibited in test mode
  11. Click OK.

Registration of important events in the Administration Server database is configured.

See also:

Scenario: Configuring network protection

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.