Managing policies in the Administration Console

A policy is a set of Kaspersky Embedded Systems Security operation settings applied to an

Multiple policies with different values of the settings can be configured for a single application. However, there can be only one active policy at a time for an application within an administration group. When you create a new policy, all other policies within an administration group become inactive. You can change the policy status later.

Policies have a hierarchy, similarly to administration groups. By default, a child policy inherits the settings from the parent policy. A child policy is a policy of a nested hierarchy level, that is, a policy for nested administration groups and secondary Administration Servers. You can enable inheritance of the settings from the parent policy.

You can locally modify the values of the settings specified by the policy for individual devices within the administration group, if modification of these settings is not prohibited by the policy.

Each policy setting has a "lock" attribute that indicates whether child policy settings and local application settings can be modified. The "lock" status of a setting within a policy determines whether or not an application setting on a client device can be edited:

• When a setting is "locked" (), you cannot edit the setting. The setting value specified by the policy is used for all client devices within the administration group.
• When a setting is "unlocked" (), you can edit the setting. For all client devices in the administration group, the settings specified locally are used. The settings specified in the policy are not applied.

After the policy is applied for the first time, the application settings change in accordance with the policy settings.

You can perform the following operations with the policies:

• Create a policy.
• Edit policy settings.

  If the user account which is used to access the Administration Server does not have permissions to edit the settings of certain functional scopes, the settings of these functional scopes are not available for editing.

• Delete a policy.
• Change a policy status.
• Compare policy versions in the Revision history section of the policy properties window.

You can also create policy profiles. A policy profile may contain settings that differ from the "base" policy settings and apply to client devices when the configured conditions (activation rules) are met. Using policy profiles allows you to flexibly configure operation settings for different devices. You can create and configure profiles in the Policy profiles section of the policy properties.

For general information on working with policies and policy profiles, refer to Kaspersky Security Center documentation.

Creating a policy

To create a policy:

1. Open the Administration Console of Kaspersky Security Center.
2. Do one of the following:
   • Select the Managed devices folder to create a policy for all the devices managed by Kaspersky Security Center.
   • In the Managed devices folder, select the folder with the name of the administration group that contains the required devices.
3. In the workspace, select the Policies tab.
4. Start the New Policy Wizard in one of the following ways:
   • Click the New policy button.
   • In the context menu of the policy list select New → Policy.
5. In the drop-down list, select Kaspersky Embedded Systems Security 3.3 for Linux.

   Proceed to the next step.

6. Enter a name for the policy being created.

   Proceed to the next step.

7. To use the settings from the previous version of Kaspersky Embedded Systems Security policy in the policy being created, select the Use policy settings for the earlier application version check box.

   Proceed to the next step.

8. Decide whether you want to use Kaspersky Security Network. Carefully read the Kaspersky Security Network Statement and do one of the following:
   • If you agree with all the terms and conditions of the Statement and want the application to use Kaspersky Security Network, select I confirm that I have fully read, understand, and accept the terms and conditions of Kaspersky Security Network Statement.
   • If you do not want to use Kaspersky Security Network, select I do not accept the terms and conditions of the Kaspersky Security Network Statement and confirm your decision in the window that opens.

   If necessary, you can change the decision to use Kaspersky Security Network later.

   Proceed to the next step.

9. If necessary, configure the File Threat Protection settings.

   Proceed to the next step.

10. If necessary, modify the default scan settings.

    Proceed to the next step.

11. If necessary, configure exclusion areas.

    Proceed to the next step.

12. If necessary, modify the default actions for infected objects.

    Proceed to the next step.

13. Complete the New Policy Wizard.

Page top

Editing policy settings

To edit policy settings:

1. Open the Administration Console of Kaspersky Security Center.
2. In the Managed devices folder, open the folder with the name of the required administration group for which you want to edit the policy settings.
3. In the workspace, select the Policies tab.
4. Select the required policy and in the context menu of the policy, select Properties.

   The Properties: <Policy name> window will open.

5. Edit the policy settings.
6. In the Properties: <Policy name> window, click OK to save the changes.

If the user account which is used to access the Administration Server does not have permissions to edit the settings of certain functional scopes, the settings of these functional scopes are not available for editing.