Manual setup of the Kaspersky Endpoint Security policy
This section provides recommendations on how to configure the Kaspersky Endpoint Security policy. You can perform setup in the policy properties window. When you edit a setting, click the lock icon to the right of the relevant group of settings to apply the specified values to a workstation.
Configuring Kaspersky Security Network
Kaspersky Security Network (KSN) is the infrastructure of cloud services that has information about the reputation of files, web resources, and software. Kaspersky Security Network enables Kaspersky Endpoint Security for Windows to respond faster to different kinds of threats, enhances the performance of the protection components, and decreases the likelihood of false positives. For more information about Kaspersky Security Network, see the Kaspersky Endpoint Security for Windows Help.
You can configure the Kaspersky Security Network work in the policy properties window of Kaspersky Endpoint Security for Windows, in the Application settings → Advanced Threat Protection section.
To specify recommended KSN settings:
- In the main menu, go to Assets (Devices) → Policies & profiles.
- Click the policy of Kaspersky Endpoint Security for Windows.
The properties window of the selected policy opens.
- In the policy properties, go to Application settings → Advanced Threat Protection → Kaspersky Security Network.
- Make sure that the Use Administration Server as a KSN proxy server option is enabled. Using this option helps to redistribute and optimize traffic on the network.
If you use Managed Detection and Response, you must enable Kaspersky Security Network option for the distribution point and enable extended KSN mode.
- Enable use of KSN servers if the KSN proxy service is not available. To do this, enable the Use Kaspersky Security Network servers if the KSN proxy server is unavailable option.
KSN servers may be located either on the side of Kaspersky (when KSN is used) or on the side of third parties (when KPSN is used).
- Click OK.
The recommended KSN settings are specified.
Checking the list of the networks protected by Firewall
Make sure that Kaspersky Endpoint Security for Windows Firewall protects all your networks. By default, Firewall protects networks with the following types of connection:
- Public network. Security applications, firewalls, or filters do not protect devices in such a network.
- Local network. Access to files and printers is restricted for devices in this network.
- Trusted network. Devices in such a network are protected from attacks and unauthorized access to files and data.
If you configured a custom network, make sure that Firewall protects it. For this purpose, check the list of the networks in the Kaspersky Endpoint Security for Windows policy properties. The list may not contain all the networks.
For more information about Firewall, see the Kaspersky Endpoint Security for Windows Help.
To check the list of networks:
- In the main menu, go to Assets (Devices) → Policies & profiles.
- Click the policy of Kaspersky Endpoint Security for Windows.
The properties window of the selected policy opens.
- In the policy properties, go to Application settings → Essential Threat Protection → Firewall.
- Under Available networks, click the Network settings link.
The Network connections window opens. This window displays the list of networks.
- If the list has a missing network, add it.
Excluding software details from the Administration Server memory
We recommend that Administration Server does not save information about software modules that are started on the network devices. As a result, the Administration Server memory does not overrun.
You can disable saving this information in the Kaspersky Endpoint Security for Windows policy properties.
To disable saving information about installed software modules:
- In the main menu, go to Assets (Devices) → Policies & profiles.
- Click the policy of Kaspersky Endpoint Security for Windows.
The properties window of the selected policy opens.
- In the policy properties, go to Application settings → General Settings → Reports and Storage.
- Under Data transfer to Administration Server, disable the About started applications check box if it is still enabled in the top-level policy.
When this check box is selected, the Administration Server database saves information about all versions of all software modules on the networked devices. This information may require a significant amount of disk space in the Kaspersky Security Center Cloud Console database (dozens of gigabytes).
The information about installed software modules is no longer saved to the Administration Server database.
Configuring the registration of important policy events in the Administration Server database
To avoid the Administration Server database overflow, we recommend that you save only important events to the database. For the events that you consider unimportant, you can reduce the storage period or disable the storing.
To configure the event storage settings:
- In the main menu, go to Assets (Devices) → Policies & profiles.
- Click the name of the required policy.
The properties window of the selected policy opens.
- Go to the Event configuration tab, and then click the name of the event type for which you want to configure the registration in the database.
- In the right pane that opens, do one of the following:
- If you want to change the storage period for the event type, make sure that the Store in the Administration Server database for (days) toggle button is turned on, and then enter the required number of days for the event type to be stored.
- If you do not want to store the event type in the in the Administration Server database, turn off the Store in the Administration Server database for (days) toggle button.
- Click OK, and then after the right pane is closed, click the Save button.
The policy properties window is closed, and setting that you configured is applied.