How to configure a Kaspersky Security Center 9.0 policy for Kaspersky Endpoint Security 8 for Linux

Back to "Remote Administration"

After creating a policy for Kaspersky Endpoint Security 8 for Linux, it might be necessary to configure its settings. To do it, go to the console node Managed computers, open the tab Policies, right-click a  Kaspersky Endpoint Security 8 for Linux policy and select Properties:



There are several tabs.

General

This tab allows viewing general information about the policy and number of hosts applying it.

Events

This tab allows configuring notifications and Administration server storage settings for different events.

Protection areas

This tab allows configuring Kaspersky Endpoint Security 8 for Linux Real-time protection settings. Click Add to configure a new protection area, or select an existing one and click the button Edit:



Here you can configure Real-Time protection settings. They are split into several tabs:

1. Area
   
   Allows configuring protection area settings:
   
   
   
   
• area name;
• file system type and path (for Local, Mounted and Shared types);
• object masks to be scanned by Real-Time protection (click Add). Using this setting makes the Real-Time protection scan only the objects defined here;
  
  
2. Access rights
   
   Allows configuring permissions required to run the Real-time protection task:
   
   
   
   By default, only two users, root and kluser, are allowed to run the Real-time protection task. If you want some other users (groups) to be able to access it, check the box Scan only when accessed under the following accounts, click the corresponding button Add, enter user(group) name and click OK.
   
   
3. Settings
   
   Allows configuring Real-time protection general settings:
   
   
   
   
• protection mode (smart check, when opened, when opened and modified), 
• compound objects (archives, mail databases) scan,
• scan optimization (maximum allowed size and time to scan an object),
• heuristic analyzer (button Additional);
  
  
4. Actions 
   
   Actions applied to infected/suspicious objects:
   
   
   Each action consists of two subsequent steps: the second one (Delete, e.g.) is used if the first one fails (Disinfect, e.g.).
   
   You can also make actions apply depending on threat type. Check the box Actions by threat type and click the button Select actions:
   
   
   Select a threat in the drop-down menu, check the box Specify actions, and select actions from the list. Click OK when the configuration is complete.
   
   
5. Exclusion area
   
   This tab allows configuring a list of objects excluded from scan by Real-time protection:
   
   
   
   
• Exclude objects by name or regular expression. Enabling this option and clicking Add allows to enter names of objects to be skipped by Real-time protection scan using Shell masks or extended regular POSIX expressions;
• Exclude objects by threat name. Enabling this option and clicking Add allows to enter a threat name.
  

Excluded areas

This tab allows configuring exclusion areas for the Real-time protection task (will be used globally by all scan areas. Click Add (or select an existing one and click Edit):



You can then specify exclusion area settings:

• Exclusion area name;
• file system type and path (for Local, Mounted and Shared types);
• object masks to be skipped by Real-Time protection (click Add).

Advanced > Activity and inheritance

This tab allows changing the policy status (Active, Inactive, Mobile), and inheritance settings.



Click OK to complete configuration of the policy.

Back to "Remote Administration"