WIXLIB

Kaspersky EndpointSecurity for WindowsUser Manual Rev. 1.05Application version: 11.0.0.6499

Table of contentsTable of contents . 2About Kaspersky Endpoint Security for Windows . 5Distribution kit . 5Hardware and software requirements . 5Environment and operation requirements . 6User and administrator roles in the application . 7Application functionality after license expiration . 8Managing the application on a client computer . 9Application functions in the Windows context menu . 9Application icon context menu . 10Simplified application interface . 11Main application window . 12Protection components window . 14Tasks window . 14Participation in Kaspersky Security Network . 15About participation in Kaspersky Security Network . 16Kaspersky Security Network is not available. . 16Behavior Detection . 18About Behavior Detection . 18Behavior Detection subsection . 18Exploit Prevention . 21About Exploit Prevention . 21Exploit Prevention subsection . 21Host Intrusion Prevention . 23About Host Intrusion Prevention . 23Host Intrusion Prevention subsection . 24Remediation Engine . 47About Remediation Engine . 47Remediation Engine subsection . 48File Threat Protection . 49About File Threat Protection . 49File Threat Protection subsection . 49Web Threat Protection . 61About Web Threat Protection . 61Web Threat Protection subsection . 61Mail Threat Protection. 66About Mail Threat Protection . 66Mail Threat Protection subsection . 66Table of contents2

BadUSB Attack Prevention subsection . 72Application Control. 74About Application Control . 74Application Control subsection . 74Device Control . 92About Device Control . 92Device Control subsection . 92Web Control . 108About Web Control . 108Web resource content categories . 109Web Control subsection . 114Managing Backup . 125About Backup . 125Configuring Backup settings . 125Restoring and deleting files from Backup . 126Tasks . 129Starting or stopping a scan task . 129Scan from context menu subsection . 130Removable drives scan subsection . 132Background scan subsection. 135General Settings . 136Application Settings subsection . 136Exclusions subsection . 140Reports and Storage subsection . 155Manage Settings subsection . 158Working with encrypted devices when there is no access to them . 158Obtaining access to encrypted devices through the application interface . 159Creating the executable file of Restore Utility . 160Restoring data on encrypted devices using the Restore Utility . 161Using Authentication Agent . 163Main window of Authentication Agent . 163Restoring Authentication Agent account credentials . 164Step 1. Entropy . 164Step 2. Challenge . 164Step 3. Response . 164Using Authentication Agent . 165Remote administration of the application through Kaspersky Security Center . 166About managing the application via Kaspersky Security Center . 166Managing policies . 166About policies . 167Table of contents3

Kaspersky Security Network is not available. . 169Behavior Detection section . 173Exploit Prevention section . 177Host Intrusion Prevention . 180Remediation Engine section . 203File Threat Protection section . 204Web Threat Protection section . 217Mail Threat Protection section . 222Application Control subsection . 230Device Control subsection . 238Web Control subsection . 257Data Encryption . 270Local tasks . 312General Settings . 320Task management . 361About tasks for Kaspersky Endpoint Security . 361Key addition group task settings section . 363Application components modification task settings section . 365Inventory task settings section . 366Update group task settings section . 368Virus scan group task settings section . 369Authentication Agent account management group task settings section . 371Managing the application from the command prompt . 378Commands . 378Error messages . 384Return codes . 387Using task profiles . 394Contacting Technical Support . 396How to obtain technical support . 396Technical support by phone . 396Technical Support via Kaspersky CompanyAccount . 396Collecting information for Technical Support . 397Creating a trace file . 398Contents and storage of trace files . 399Contents and storage of dump files . 400Enabling and disabling dump writing . 401Enabling and disabling protection of dump files and trace files . 401Table of contents4

About Kaspersky Endpoint Securityfor WindowsThis section describes the functions, components, and distribution kit of Kaspersky Endpoint Security for Windows(hereinafter referred to as Kaspersky Endpoint Security), and provides a list of hardware and software requirementsof Kaspersky Endpoint Security.In this section:Distribution kit . 5Hardware and software requirements . 5Environment and operation requirements . 6User and administrator roles in the application . 7Application functionality after license expiration . 8Distribution kitThe Kaspersky Endpoint Security distribution kit contains the following files: Files that are required for installing the application using any of the available methods: Update package files used during installation of the application. The klcfginst.msi file for installing the Kaspersky Endpoint Security administration plug-in via KasperskySecurity Center. The file ksn language ID .txt, in which you can read through the terms of participation in KasperskySecurity Network (see section "Participation in Kaspersky Security Network" on page 12). The license.txt file, which you can use to view the End User License Agreement and the Privacy Policy. The incompatible.txt file that contains a list of incompatible software. The installer.ini file that contains the internal settings of the distribution kit.It is not recommended to change the values of these settings. If you want to change installationoptions, use the setup.ini file.You must unpack the distribution kit to access the files.Hardware and software requirementsTo ensure proper operation of Kaspersky Endpoint Security, your computer must meet the following requirements:About Kaspersky Endpoint Security for Windows5

Minimum general requirements: 2 GB of free disk space on the hard drive Microsoft Internet Explorer 7.0 An Internet connection for activating the application and updating databases and application modules Intel Pentium 1 GHz processor (or compatible equivalent) RAM: For a 32-bit operating system - 1 GB For a 64-bit operating system - 2 GBSupported operating systems for workstations: Microsoft Windows 7 Professional / Enterprise / Ultimate x86 Edition SP1, Microsoft Windows 7Professional / Enterprise / Ultimate x64 Edition SP1 Microsoft Windows 8 Professional / Enterprise x86 Edition, Microsoft Windows 8 Professional / Enterprisex64 Edition, Microsoft Windows 8.1 Enterprise x86 Edition, Microsoft Windows 8.1 Enterprise x64 Edition Microsoft Windows 10 Pro / Enterprise x86 Edition, Microsoft Windows 10 Pro / Enterprise x64 Edition.For details about support for the Microsoft Windows 10 operating system, please refer to article 13036 in theTechnical Support Knowledge Base: http://support.kaspersky.com/kes11 http://support.kaspersky.com/kes11.Supported operating systems for file servers: Microsoft Windows Server 2008 R2 Standard / Enterprise x64 Edition SP1, Microsoft Windows Server 2008Standard / Enterprise x86 Edition SP2, Microsoft Windows Server 2008 Standard / Enterprise x64 EditionSP2 Microsoft Windows Small Business Server 2011 Essentials / Standard x64 Edition Microsoft Windows Server 2012 Standard / Foundation / Essentials x64 Edition, Microsoft Windows Server2012 R2 Standard / Foundation / Essentials x64 Edition, Microsoft Windows MultiPoint Server 2012 x64Edition Microsoft Windows Server 2016For details about support for the Microsoft Windows Server 2016 operating system, please refer to ersky.com/kes11.Environment and operation requirementsTo ensure user data security and maximize protection efficiency that is provided by Kaspersky Endpoint Securityseveral other requirements had to be observed.About Kaspersky Endpoint Security for Windows6

Attacker access protectionThe device secured by the TOE should not fall under temporary and undetected physical control of an attacker whenthe device is booted. Potential attacker must not have physical or logical access to the device secured by the TOEbefore and during the TOE installation. Appropriate physical security measures and physical security policies haveto be in place.Correct behavior of authorized usersAuthorized users shall not actively compromise the security of the device secured by the TOE and the TOE itselfand should be instructed not to leave a device secured by the TOE while it is switched on and running.TOE secure operationNon-trusted software (especially with ability to perform direct access to the hard disk) is not installed and will not beinstalled on the device secured by the TOE. The users are instructed not to install or use utility programs likepartition managers or disk copy programs.Password protectionAll authorized individuals (users, administrators) protect their passwords and/or PINs for Token to avoid disclosure.They are instructed to keep their password secret and not to write down their password, neither manually norelectronically. Unauthorized individuals shall not get the password of an authorized individual. The correspondingsecurity measures sufficiently protect against password/PIN eaves dropping and recording using software tools oradditional hardware devices. In particular, the devices and the environment shall be protected against installing anysoftware programs or hardware devices, which enable capturing user password inputs on the keyboard.Trusted administrationThe administrators responsible for the device and KSC server administration have to be trustworthy. They performall tasks correctly regarding the TOE security.User and administrator roles in the applicationKaspersky Endpoint Security supports two user roles: User and Administrator.User is associated with Administrator role when he enters valid username and password when performingoperations in GUI or Command Line interface. Additionally all actions done through Kaspersky Security Center arealso attributed to Administrator role.Username and password are defined via Kaspersky Security Center Policy (see section "Password protectionwindow" on page 357).The administrator performs installation, configuration and administration of Kaspersky Endpoint Security locally orremotely using the Kaspersky Security Center Administration Server and the Kaspersky Endpoint Securityadministration plug-in.A user can perform the following actions in the local interface of Kaspersky Endpoint Security: Run a custom scan task. Send the administrator requests for access provision in case devices, applications or web resourcesnecessary for work are being blocked, or to obtain access to encrypted files. Configure application settings if their modification is allowed by the Kaspersky Security Center policy or ifthe user's computer is not running under a policy.If a client computer with Kaspersky Endpoint Security installed is running under a Kaspersky Security Center policy,About Kaspersky Endpoint Security for Windows7