Kaspersky Endpoint Security 10 Service Pack 2 for Windows
- Čeština (Česká republika)
- Deutsch
- Español (España)
- Español (México)
- Français
- Italiano
- Magyar (Magyarország)
- Nederlands (Nederland)
- Polski (Polska)
- Português (Brasil)
- Português (Portugal)
- Română (România)
- Tiếng Việt (Việt Nam)
- Türkçe (Türkiye)
- Русский
- العربية (الإمارات العربية المتحدة)
- 한국어 (대한민국)
- 简体中文
- 繁體中文
- 日本語(日本)
- Čeština (Česká republika)
- Deutsch
- Español (España)
- Español (México)
- Français
- Italiano
- Magyar (Magyarország)
- Nederlands (Nederland)
- Polski (Polska)
- Português (Brasil)
- Português (Portugal)
- Română (România)
- Tiếng Việt (Việt Nam)
- Türkçe (Türkiye)
- Русский
- العربية (الإمارات العربية المتحدة)
- 한국어 (대한민국)
- 简体中文
- 繁體中文
- 日本語(日本)
- About Kaspersky Endpoint Security 10 Service Pack 2 for Windows
- Installing and removing the application
- Installing the application
- About ways to install the application
- Installing the application by using the Setup Wizard
- Step 1. Making sure that the computer meets installation requirements
- Step 2. Welcome page of the installation procedure
- Step 3. Viewing the License Agreement
- Step 4. Selecting the installation type
- Step 5. Selecting application components to install
- Step 6. Selecting the destination folder
- Step 7. Adding exclusions from virus scanning
- Step 8. Preparing for application installation
- Step 9. Installing the application
- Installing the application from the command line
- Remotely installing the application using System Center Configuration Manager
- Description of setup.ini file installation settings
- Initial Configuration Wizard
- About ways to upgrade an old application version
- Removing the application
- Installing the application
- Application interface
- Application licensing
- About the End User License Agreement
- About the license
- About the license certificate
- About subscription
- About activation code
- About the key
- About the key file
- About data provision
- Viewing license information
- Purchasing a license
- Renewing a license
- Renewing subscription
- Visiting the website of the service provider
- About application activation methods
- Starting and stopping the application
- Protecting the computer file system. File Anti-Virus
- About File Anti-Virus
- Enabling and disabling File Anti-Virus
- Automatically pausing File Anti-Virus
- Configuring File Anti-Virus
- Changing the security level
- Changing the File Anti-Virus action to take on infected files
- Editing the protection scope of File Anti-Virus
- Using Heuristic Analyzer with File Anti-Virus
- Using scan technologies in the operation of File Anti-Virus
- Optimizing file scanning
- Scanning compound files
- Changing the scan mode
- Email protection. Mail Anti-Virus
- Computer protection on the Internet. Web Anti-Virus
- Protection of IM client traffic. IM Anti-Virus
- System Watcher
- Firewall
- Network Attack Blocker
- BadUSB Attack Prevention
- Application Startup Control
- About Application Startup Control
- Enabling and disabling Application Startup Control
- Application Startup Control functionality limitations
- About Application Startup Control rules
- Managing Application Startup Control rules
- Editing Application Startup Control message templates
- About Application Startup Control operation modes
- Selecting the Application Startup Control mode
- Managing Application Startup Control rules using Kaspersky Security Center
- Application Privilege Control
- About Application Privilege Control
- Limitations of audio and video device control
- Enabling and disabling Application Privilege Control
- Managing application trust groups
- Managing Application control rules
- Changing application control rules for trust groups and groups of applications
- Editing an application control rule
- Disabling downloads and updates of application control rules from the Kaspersky Security Network database
- Disabling the inheritance of restrictions from the parent process
- Excluding specific application actions from application control rules
- Removing outdated application control rules
- Protecting operating system resources and identity data
- Vulnerability Monitor
- Device Control
- About Device Control
- Enabling and disabling Device Control
- About rules of access to devices and connection buses
- About trusted devices
- Standard decisions on access to devices
- Editing a device access rule
- Adding or excluding records to or from the event log
- Adding a Wi-Fi network to the trusted list
- Editing a connection bus access rule
- Actions with trusted devices
- Editing templates of Device Control messages
- Obtaining access to a blocked device
- Creating a key for accessing a blocked device using Kaspersky Security Center
- Web Control
- About Web Control
- Enabling and disabling Web Control
- Web resource content categories
- About web resource access rules
- Actions with web resource access rules
- Migrating web resource access rules from previous versions of the application
- Exporting and importing the list of web resource addresses
- Editing masks for web resource addresses
- Editing templates of Web Control messages
- KATA Endpoint Sensor
- Data Encryption
- Enabling the display of encryption settings in the Kaspersky Security Center policy
- About data encryption
- Encryption functionality limitations
- Changing the encryption algorithm
- Enabling Single Sign-On (SSO) technology
- Special considerations for file encryption
- Encrypting files on local computer drives
- Encryption of removable drives
- Encryption of hard drives
- Managing Authentication Agent
- Using a token and smart card with Authentication Agent
- Editing Authentication Agent help messages
- Limited support for characters in Authentication Agent help messages
- Selecting the Authentication Agent trace level
- Managing Authentication Agent accounts
- Adding a command for creating an Authentication Agent account
- Adding an Authentication Agent account editing command
- Adding a command for deleting an Authentication Agent account
- Restoring Authentication Agent account credentials
- Responding to a user request to restore Authentication Agent account credentials
- Viewing data encryption details
- Managing encrypted files with limited file encryption functionality
- Working with encrypted devices when there is no access to them
- Obtaining access to encrypted devices through the application interface
- Granting user access to encrypted devices
- Providing a user with a recovery key for hard drives encrypted with BitLocker
- Creating the executable file of Restore Utility
- Restoring data on encrypted devices using the Restore Utility
- Responding to a user request to restore data on encrypted devices
- Restoring access to encrypted data after operating system failure
- Creating an operating system rescue disk
- Network Protection
- Updating databases and application software modules
- Scanning the computer
- About scan tasks
- Starting or stopping a scan task
- Configuring scan task settings
- Changing the security level
- Changing the action to take on infected files
- Generating a list of objects to scan
- Selecting the type of files to scan
- Optimizing file scanning
- Scanning compound files
- Using scan methods
- Using scan technologies
- Selecting the run mode for the scan task
- Starting a scan task under the account of a different user
- Scanning removable drives when they are connected to the computer
- Handling unprocessed files
- Vulnerability Scan
- Checking the integrity of application modules
- Managing reports
- Notification service
- Managing Quarantine and Backup
- Advanced application settings
- Creating and using a configuration file
- Trusted zone
- About the trusted zone
- Creating a scan exclusion
- Modifying a scan exclusion
- Deleting a scan exclusion
- Enabling and disabling a scan exclusion
- Editing the list of trusted applications
- Enabling and disabling trusted zone rules for an application in the list of trusted applications
- Using trusted system certificate storage
- Kaspersky Endpoint Security Self-Defense
- Performance of Kaspersky Endpoint Security and compatibility with other applications
- About the performance of Kaspersky Endpoint Security and compatibility with other applications
- Selecting types of detectable objects
- Enabling or disabling Advanced Disinfection technology for workstations
- Enabling or disabling Advanced Disinfection technology for file servers
- Enabling or disabling energy-saving mode
- Enabling or disabling conceding of resources to other applications
- Password protection
- About restricting access to Kaspersky Endpoint Security
- Enabling and disabling password protection
- Modifying the Kaspersky Endpoint Security access password
- About using a temporary password
- Creating a temporary password using the Kaspersky Security Center Administration Console
- Applying a temporary password in the Kaspersky Endpoint Security interface
- Remote administration of the application through Kaspersky Security Center
- Participating in Kaspersky Security Network
- Sources of information about the application
- Contacting Technical Support
- Glossary
- Active key
- Additional key
- Administration group
- Administration Server
- Anti-virus databases
- Application modules
- Application settings
- Archive
- Authentication Agent
- Backup
- Black list of addresses
- Certificate
- Certificate issuer
- Certificate subject
- Certificate thumbprint
- Database of malicious web addresses
- Database of phishing web addresses
- Disinfection
- Exploits
- False alarm
- File mask
- Heuristic Analysis
- Infectable file
- Infected file
- License certificate
- Moving files to Quarantine
- Network Agent
- Network Agent Connector
- Network service
- Normalized form of the address of a web resource
- OLE object
- Patch
- Phishing
- Portable File Manager
- Probably infected file
- Protection scope
- Quarantine
- Scan scope
- Signature Analysis
- Task
- Task settings
- Trusted Platform Module
- Update
- Information about third-party code
- Trademark notices
About encryption of hard drives
Before starting hard drive encryption, the application runs a number of checks to determine if the device can be encrypted, which includes checking the system hard drive for compatibility with Authentication Agent and with BitLocker encryption components. To check for compatibility, the computer must be restarted. After the computer has been rebooted, the application performs all the necessary checks automatically. If the compatibility check is successful, then hard drive encryption starts after the operating system has booted up and application has started. If the system hard drive is found to be incompatible with Authentication Agent or with BitLocker encryption components, the computer must be restarted by pressing the Reset hardware button. Kaspersky Endpoint Security logs information about the incompatibility. Based on this information, the application does not start encryption of hard drives at operating system startup. Information about this event is logged in Kaspersky Security Center reports.
If the hardware configuration of the computer has changed, the incompatibility information logged by the application during the previous check should be deleted in order to check the system hard drive for compatibility with Authentication Agent and BitLocker encryption components. To do so, before hard drive encryption type avp pbatestreset in the command line. If the operating system fails to load after the system hard drive has been checked for compatibility with Authentication Agent, you must remove the objects and data remaining after test operation of Authentication Agent by using the Restore Utility and then start Kaspersky Endpoint Security and execute the avp pbatestreset command again.
After hard drive encryption has started, Kaspersky Endpoint Security encrypts all data that is written to hard drives.
If the user shuts down or restarts the computer during hard drive decryption, Authentication Agent loads before the next startup of the operating system. Kaspersky Endpoint Security resumes encryption of hard drives after successful authentication in the authentication agent and the operating system startup.
If the operating system switches to hibernation mode while encrypting hard drives, Authentication Agent loads when the operating system switches back from hibernation mode. Kaspersky Endpoint Security resumes encryption of hard drives after successful authentication in the authentication agent and the operating system startup.
If the operating system goes into sleep mode during hard drive encryption, Kaspersky Endpoint Security resumes encryption of hard drives when the operating system comes out of sleep mode without loading Authentication Agent.
User authentication in the Authentication Agent can be performed in two ways:
- Enter the name and password of the Authentication Agent account created by the LAN administrator using Kaspersky Security Center tools.
- Enter the password of a token or smart card connected to the computer.
The authentication agent supports keyboard layouts for the following languages:
- English (UK)
- English (USA)
- Arabic (Algeria, Morocco, Tunis; AZERTY layout)
- Spanish (Latin America)
- Italian
- German (Germany and Austria)
- German (Switzerland)
- Portuguese (Brazil, ABNT2 layout)
- Russian (for 105-key IBM / Windows keyboards with the QWERTY layout)
- Turkish (QWERTY layout)
- French (France)
- French (Switzerland)
- French (Belgium, AZERTY layout)
- Japanese (for 106-key keyboards with the QWERTY layout)
A keyboard layout becomes available in the Authentication Agent if this layout has been added in the language and regional standards settings of the operating system and has become available on the welcome screen of Microsoft Windows.
If the Authentication Agent account name contains symbols that cannot be entered using keyboard layouts available in the Authentication Agent, encrypted hard drives can be accessed only after they are restored using the Restore Utility or after the Authentication Agent account name and password are restored.
Kaspersky Endpoint Security supports the following tokens, smart card readers, and smart cards:
- SafeNet eToken PRO 64K (4.2b) (USB)
- SafeNet eToken PRO 72K Java (USB)
- SafeNet eToken PRO 72K Java (Smart Card)
- SafeNet eToken 4100 72K Java (Smart Card)
- SafeNet eToken 5100 (USB)
- SafeNet eToken 5105 (USB)
- SafeNet eToken 7300 (USB)
- EMC RSA SecurID 800 (USB).
- Rutoken EDS (USB)
- Rutoken EDS (Flash)
- Aladdin-RD JaCarta PKI (USB)
- Aladdin-RD JaCarta PKI (Smart Card)
- Athena IDProtect Laser (USB)
- Gemalto IDBridge CT40 (Reader)
- Gemalto IDPrime .NET 511