Contacts
the main

Network screen Kaspersky Endpoint Security 10. Configure Kaspersky for a local network. You will like it

Advanced administration functions
Allow remotely centralize and automate vulnerabilities, dissemination of corrections and updates, keeping accounting and deploying programs, which not only saves administration time, but also improves the security of the organization.

Advanced system administration capabilities imply complete administrator control over controlled devices through a single management console. Thanks to this function, the administrator can at any time:

1. Learn about the appearance of a new device or application, including guest device. This feature Allows centrally to manage access to users and devices to corporate data and applications in accordance with the Company's policies.

2. Alone download, install, test, update applications. The administrator can configure the automatic download of updates and corrections from the Kaspersky Lab servers. Before installing the program, the administrator has the right to test the application to load the system performance.

3. Check the network for software and hardware. When checking the network, the administrator can get a full picture corporate network with all devices and determine outdated versions The software you want to update to improve the security of the system.

4. Identify vulnerabilities. Search for vulnerabilities can be executed not only automatically, but also on a schedule, which is specified by the administrator.

At the moment, the network infrastructure of the enterprise requires strengthened protection of each network element. One of the most vulnerable places for malware attack is a file server. To protect the server, a specialized solution is required, which is capable of providing its due level.

Possessed large quantity functions than. One of the main advantages of this program is that it is capable of protecting file servers from attack encrypters.

Function

Kaspersky Endpoint Security 10 for Windows

(for file Servers)

Kaspersky Security 10 for Windows Server

United console Kaspersky. Security Center. 10

Protection terminal servers

Terminal Services (Remote Desktop Services) Windows Server 2008 R2

Terminal Services Windows Server 2008 R2 / 2012/2012 R2 Citrix XenApp 6.0, 6.5, 7.0, 7.5, 7.6 Citrix XenDesktop 7.0, 7.1, 7.5, 7.6

Load distribution on server

Definition of high load servers

Cluster Mode configuration support

Core Mode Configuration Support

Local support operating system Refs used in Windows Server

Support network Protocol SNMP control devices in TCP / UDP networks

Individual setting Protective parameters for each protected area

Control launch applications

Network screen

Protection from encrypters

Table screen Kaspersky Internet Security, deal with default settings

Alexander Antipov.

The first step to a safe journey through the endless spaces of all sorts of networks is of course installing a reliable means of protection. One of the few such funds is the integrated product of Kaspersky Internet Security.


The first step to a safe journey through the endless spaces of all sorts of networks is of course installing a reliable means of protection. One of the few such funds is the integrated product of Kaspersky Internet Security. Despite the fact that the KIS product is quite complicated, he immediately after installation is ready to perform all the duties assigned to it. The need for additional tinctures arises extremely rare, and this is a very big plus developers. But it is necessary to understand that this feature is based on the sharp face of compromise solutions. What they conclude on the example of the network screen.

Network screen settings consist of two parts: rules for programs and batch rules. Using program rules, you can allow or prohibit certain programs or groups of programs to send or receive packets or install network connections. Using batch rules, it is allowed or prohibited to install incoming or outgoing connections, and transmit or receive packets.

Let's see what the rules for programs are.

All programs have four categories:

  1. Trusted - they are allowed everything without exception.
  2. Weak restrictions - set to the "Action Request" rule, allowing the user to independently decide on the feasibility of network communication of the programs of this group.
  3. Strong restrictions - in terms of permission to work with the network, the same as weak.
  4. Not trusted - by default, any network communication is prohibited by these programs (humanly very sorry for them).

The "Trusted" group, all programs from microsoft are placed by default, KIS itself and other programs of well-known manufacturers are placed. For default settings, the choice is good, but I personally would not have all the programs, even if the famous manufacturers, so unpolitly trust.

How do programs go to one or another group? Everything is not so simple here. The decision to place a specific program in one of four groups is made on the basis of several criteria:

  1. Availability of information about the program in KSN (Kaspersky Security Network).
  2. Availability from the program digital signature (already passed).
  3. Heuristic analysis for unknown programs (something like divination).
  4. Automatically put the program in a predetermined user group.

All these options are in the "Program Control" settings. By default, the first three options are installed, the use of which leads to large quantity "Trusted" programs. You can choose the fourth option alone as an alternative to the first three.

We will conduct an experiment. Let's place any program (for example, the "Opera" browser) in the list of programs with weak limitations and see how the "Request Action" rule works. For the enforcement of program rules, it is necessary to close and re-open the program, the rules for which were changed. If you now try to go to any site, then no action will occur, and the program will safely install network connection. As it turned out, the "Action Request" rule works only if the checkbox with the option "Select Action automatically" is removed in the basic protection parameters.

Another surprise expects users of network utilities of type Ping, Tracert (if the "Action Request" rule is to extend to trusted programs), Putty (SSH client) and, possibly, to them like. For them, KIS persistently does not want to display the action request screen. Here, the output can only be one - set permissions for a specific program manually.

Before switching to batch rules, I will allow myself one advice: create your subgroups for each group of programs. For example: "Network utilities", " Office programs"," Programs for the Internet ", etc. First, you can always quickly find the necessary program, and secondly, it will be possible to set the rules to certain groups, instead of installing the rules for individual programs.

Batch rules.

Package rules define separate packages: protocol, direction, local or remote port, network address. Batch rules can act as "allowing", "prohibiting" and "according to the rules of programs." The rules are viewed from top to bottom until the permitting or prohibiting rule on the set of features will be found. If the rule for the package is not found, the default rule is applied (last). Usually, in the network screens, the last rule is established a ban on the reception and transmission of any packets, but for KIS is the resulting rule.

The action "By rule of programs" is by its nature "window" for the actual actions of the rules of programs. It is convenient because it is possible to define the priority of rules. For example, the program tries to send a package to the 53 DNS server port. If there is a batch rule with the action "according to the rules of programs", the direction "Outside", the remote port 53 (or not defined), and the program is set to the allowing rule to send a package to 53 port, the package will be sent if the program is forbidden to send packets to 53 port, then this package will not be sent.

The rules scope covers a specific area: "Any address" (all addresses), "subnet address" - You can select the type of "trusted" subnet, "local" or "public", and "addresses from the list" - to specify IP addresses or domain names manually. The attitude of a particular subnet to the "trusted", "local" or "public" is set in the general shortcuts of the network screen.

KIS batch rules, unlike most network screens, are overloaded with a large number of directions: "incoming", "incoming (stream)", "outgoing", "Outgoing (stream)", and "incoming / outgoing". Moreover, the rules with some combinations of the protocol and directions do not work. For example, the ICMP prohibition rule in combination with streaming directions will not work, i.e. Prohibited packages will pass. For UDP packages for some reason, streaming directions are used, although the UDP protocol is by nature as such "stream" does not create, unlike TCP.

Another, not quite a good moment is that there is no possibility in batch rules the ability to specify the reaction to the prohibition of the incoming package: to prohibit the reception of the package with the notification of the party sent it or simply discard the package. This is the so-called "invisibility" mode, which earlier in the network screen was present.

Now we turn to the rules actually.

1 and 2 rules allow by the rules of programs to send DNS requests for TCP and UDP protocols. Of course, both rules are useful, but mostly such network programs as postal and browsers request the addresses of sites through the DNS system service, which is responsible for system program "Svchost.exe". In turn, the service itself uses quite specific DNS servers addresses indicated by manually or via DHCP. DNS addresses Servers rarely change, so it would be enough for the permission to send DNS requests for the system service "svchost.exe" to fixed domain name servers.

3 Rule allows programs to send email via TCP protocol. Here, as well as for the first two rules, it would be enough to create a rule for a specific work program with email Indicates which port and server to send.

4 Rule allows any network activity for trusted networks. Be very careful when you enable this rule, do not confuse the random network type. This rule actually disables the network screen functions in trusted networks.

5 The rule allows any network activity according to the rules of programs for local networks. This rule, although does not turn off the fully network screen, but largely weakens its control functions. In logic 4 and 5, the rules would have to be placed at the very top to prevent the processing of packets by the rules 1 - 3 when the computer is in trusted or local network.

6 Rule prohibits remote control Computer via RDP protocol. Although the scope of the "All Addresses" rule, but in fact it is valid only in "public networks".

7 and 8 rule prohibits access from the network to network Services Computer using TCP and UDP protocols. In fact, the rule is valid only in "Public Networks".

9 and 10 Rules allow everyone to connect to a computer from any networks without exception, of course excluding services prohibited by rules 6 - 8. The rule only for programs with permitted network activity. But be very attentive, the default network activity is permitted by almost all programs with the exception of not trusted.

11 - 13 Rules allow the reception of incoming ICMP packets for all programs. The meaning in these rules is no more than in 1 - 3, because ICMP in the overwhelming majority uses the Ping and Tracert program.

14 The rule is prohibited from the reception of all types of ICMP packages, of course, with the exception of the rules allowed 11 to 13.

16 The rule prohibits the incoming ICMP V6 Echo request. ICMP V6 in the overwhelming majority of cases is not needed. It would be possible to ban it completely.

The 17 rule allows everything that is clearly not allowed or prohibited by previous rules. This rule is although not displayed on the screen, but it is certainly necessary to remember its existence.

The default network screen settings are certainly good and fit most of the users of home computers, in which, in fact, this product is oriented. But flexibility and undepair to additional settingsThat was mentioned at the beginning of the article, unfortunately achieved due to the security of the users themselves, making this very safety very much dependent on the human factor: knowledge and user-free use of the user itself.

Pursued goals - security and once again safety

Let's imagine a very common situation: you have many servers on your network that provide some services. It is very likely that some of them have an external interface that looks at WAN, i.e. in global Network. Usually it is a proxy server, web server, postal, etc. It's no secret to anyone that this fact makes you think to think about how competent system administrator On the security of your network infrastructure. It makes no sense to tell what the hacker penetration can be fraught with your network. There are many options to secure the attacks of the malice. Among them - building the so-called demilitarized zone or publish the server through your proxy, which is certainly (after all?) You have very tough and seriously. The first option (DMZ) is not "raised" due to any reasons. Let it be a lack of time and equipment from the system administrator. The second (publish through another server) is very controversial, it is still lowered. In the meantime, let's set up a network screen, he is a firewall, he is a firewall. The main function of any firewall is to secure access to our computer from the outside. I specifically wrote the word "computer", in view of the fact that home computers and workstations can also be secured using the screen. Naturally, there are no 100% protection with software firewall, but better so nothing. In addition, I have a feeling that after today's manipulations, the server will not be at risk.

Laboratory stand

There is a Windows Server 2008 R2 server that provides vPN service Using the Microsoft RAS service. Windows Firewall is configured by default. In it, I did not dig, although it would be worth it. But because There is a corporate license Kaspersky Enterprise Space Security, why not use and not install Kaspersky Endpoint Security 8, which includes a software network screen.

Kaspersky Network Screen Setup

Network screen Kaspersky Endpoint Security 8 is identical to many screens of this manufacturer, including home version of Kaspersky Internet Security 2013, so if someone has another version of antivirus, then most likely this article will also help him. Now let's start.

Setup - Antivirus Protection - Network Screen. Click the "Network Batch Rules" button. We receive a list of rules that are currently working. Something prohibited any of them, others are allowed. At the moment, everything looks like this:

If you notice, the screenshot is awkward. I took it from another product - KIS2013, but believe me on the word - everything was also in Kes8. And this is a server where protection must be on summit! As we see, there is a lot of things and everything is about understandable: DNS queries (TCP / UDP), sending messages, any activity with trusted networks is fully resolved, from local - partially, the port is disabled for the remote desktop, various TCP ports are disabled. UDP, but the activity is outside - partially, at the end of the 5 ICMP protocol rules. Yes, half of the rules are incomprehensible, half extra. Let's create a sheet from scratch and create your own rules.

The first thing I did, created my favorite rule - DENY ALL (ban everything)

and placed it down. Then, using the search on the Internet, I found out which ports use VPN technology. it Protocol 47.who still has a name Gre.:

Rule with GRE I placed the above prohibiting rule. Another port to be discovered for VPN - 1723 . Therefore, I created a rule VPN_IN:

The rule with the port of 1723 I placed on the very top. The rest of the rules I modified a little, some left. Firewall List turned out:

I will comment on each.

Immediately make a reservation that I should not fully rely on this article. Perhaps something I missed sights. In security issues, I am not a guru, so I apologize in advance if you made any errors. Criticism, wishes and praise are welcome, Write comments below.

You will also like it:

Monitor Server Load with Munin

27.02.2015 12:45:58

Anti-virus protection tool is one of the key computer protection components from malicious programs. Anti-virus protection must be installed on a computer and updated regularly.

1. Recommendations for configuring Kaspersky Endpoint Security 10 for Windows

1.1. Workplace control

1.1.1. Monitoring program startup

This component allows you to track the attempts to start program programs and adjust the launch of programs using the rules. To enable the program start control, you must perform the following steps:

2. In block Workplace control Choose a section Program launch control;

Enable program start control;

Save.

1.1.2. Control of program activity

This component registers the activity performed by the program in the system, and regulates the activities of the program depending on their status. To enable control activity control, you must perform the following steps:

1. Open the program settings window;

2. In block Workplace control Choose a section Control of the activity of programs;

3. Check the box in front of the point Include program activity control;

4. Save the changes made by pressing the button. Save.

1.1.3. Monitoring vulnerabilities

This component checks on the vulnerability of programs when they are started and already running programs. To include monitoring vulnerabilities, it is necessary:

1. Open the program settings window;

2. In block Workplace control Choose a section Monitoring vulnerabilities;

3. Check the box in front of the point Include monitoring vulnerabilities;

4. Save the changes made by pressing the button. Save.

1.1.4. Control device control

This component allows you to control the connection of removable devices. To enable control devices and select devices, you must perform the following steps:

1. Open the program settings window;

2. In block Workplace control Choose a section Device control;

3. Check the box in front of the point Enable devices control;

4. In the list of devices, mark the devices that need to be monitored;

Save.

1.1.5. Web control

This component allows you to control access to web resources depending on their content and location. To enable access control to web resources, you must perform the following steps:

1. Open the program settings window;

2. In block Workplace control Choose a section Web control;

3. Check the box in front of the point Enable web control;

4. Save the changes made by pressing the button. Save.

1.2. Antivirus defense

1.2.1. File Antivirus

File antivirus allows you to select one of the preset file security levels or configure them yourself, set the actions that the file antivirus must execute when an infected file is detected, select the technologies and file verification modes.

To enable file antivirus, you must perform the following steps:

1. Open the program settings window;

2. In block Antivirus defense Choose a section File Antivirus;

3. Check the box Enable file antivirus.

4. Save the changes made by pressing the button. Save.

Security level

  • tall;
  • recommended;
  • low.

1. Open the program settings window;

2. In block Antivirus defense Choose a section File Antivirus;

3. In block Security level

  • Security level
  • Setting

In the opened window File Antivirus

4. Save the changes made by pressing the button. Save.

To change the actions of a file anti-virus when an infected file is detected, you must perform the following steps:

1. Open the program settings window;

2. In block Antivirus defense Choose a section File Antivirus;

3. In the block, select one of the following parameters:

  • Treat

4. Save the changes made by pressing the button. Save.

1.2.2. Postal antivirus

Mail Anti-Virus checks incoming and outgoing mailing for the presence of any files of the computer.

To enable mail antivirus, you must perform the following steps:

1. Open the program settings window;

2. In block Antivirus defense Choose a section File Antivirus;

3. Check the box Enable postal antivirus;

4. Save the changes made by pressing the button. Save.

Security level

Safety levels are different sets of parameters used to protect file System. In the Kaspersky Endpoint Security 10 anti-virus agent for Windows, three levels of safety are preinstalled:

  • tall;
  • recommended;
  • low.

To change the security level, you must perform the following steps:

1. Open the program settings window;

2. In block Antivirus defense Choose a section Postal antivirus;

3. In block Security level Select one of the following parameters:

  • Security level

Using the slider, select one of the 3 preset security levels.

  • Setting

In the opened window Postal antivirus Set up the security level of the files yourself and save the changes made.

4. Save the changes made by pressing the button. Save.

Actions when detecting threats

1. Open the program settings window;

2. In block Antivirus defense Choose a section Postal antivirus;

3. In block Actions when a threat is detectedselect one of the following parameters:

  • Select action automatically
  • Perform action: Treat. Delete if treatment is impossible.
  • Treat
  • Remove if treatment is impossible

4. Save the changes made by pressing the button. Save.

1.2.3. Web antivirus

Web antivirus allows you to protect your computer when working on the Internet.

In order to enable web antivirus, you must perform the following steps:

1. Open the program settings window;

2. In block Antivirus defense Choose a section Web antivirus;

3. Check the box Enable web antivirus.

4. Save the changes made by pressing the button. Save.

Security level

Safety levels are different sets of parameters used to protect the file system. In the Kaspersky Endpoint Security 10 anti-virus agent for Windows, three levels of safety are preinstalled:

  • tall;
  • recommended;
  • low.

To change the security level of web traffic, you must perform the following steps:

1. Open the program settings window;

2. In block Antivirus defense Choose a section Web antivirus;

3. In block Security level Select one of the following parameters:

  • Security level

Using the slider, select one of the 3 preset security levels.

  • Setting

In the opened window Postal antivirus Set up the security level of the files yourself and save the changes made.

4. Save the changes made by pressing the button. Save.

Actions when detecting threats

To change the actions of the mail antivirus when the infected message is detected, the following steps must be performed:

1. Open the program settings window;

2. In block Antivirus defense Choose a section Web antivirus;

3. In block Actions when a threat is detectedselect one of the following parameters:

  • Select action automatically
  • Prohibit loading.
  • Allow download

4. Save the changes made by pressing the button. Save.

1.2.4. IM antivirus

Im-antivirus allows you to check traffic transmitted to the program to quickly exchange messages. In order to enable IM antivirus, you must perform the following steps:

1. Open the program settings window;

2. In block Antivirus defense Choose a section IM antivirus;

3. Check the box Include Im-astivroom.

4. Save the changes made by pressing the button. Save.

Protection area

Under the protection area, it is implied objects verified by IM antivirus during operation. By default, IM antivirus checks incoming and outgoing messages. In order to form a security area, you must perform the following steps:

1. Open the program settings window;

2. In block Antivirus defense Choose a section IM antivirus;

3. In block Protection area Select one of the following items:

  • Incoming and outgoing messages

If this parameter is selected, the IM antivirus will check all incoming and outgoing messages of quick messaging;

  • Only incoming messages

If this parameter is selected, the IM antivirus will check only the incoming messages of quick messaging programs;

4. Save the changes made by pressing the button. Save.

Verification methods

Setting up use heuristic analysis

To configure IM-antivirus verification methods, you must perform the following steps:

1. Open the program settings window;

2. In block Antivirus defense Choose a section IM antivirus;

3. In block Verification methods

- superficial;
- Middle;
- Deep.

4. Save the changes made by pressing the button. Save.

Configuring IM antivirus checks for malicious and phishing web addresses

In order to configure IM antivirus checks for malware and phishing web addresses, you must perform the following steps:

1. Open the program settings window;

2. In block Antivirus defense Choose a section IM antivirus;

3. In block Verification methods Follow these steps:

  • Check links based on malicious web addresses

Selecting this option allows you to verify links in fast messaging programs for their affiliation to the database of malicious web addresses;

  • Check links based on phishing web addresses

The selection of this option allows you to check links in the quick messaging programs for their affiliation to the database of phishing web addresses.

4. Save the changes made by pressing the button. Save.

1.2.5. Network screen

The network screen allows you to protect the data stored on a computer connected to a local network and Internet. The network screen allows you to detect all network connections on the computer and block all possible for the risk.

The default network screen is turned on. It is not recommended to turn it off. In order to enable or disable the network screen, you must perform the following steps:

1. Open the program settings window;

2. In block Antivirus defense Choose a section Network screen.

3. Perform one of the following:

  • Check the box Enable network screen. When installing the checkbox in front of this item, the network screen will be enabled.
  • Remove the checkbox Enable network screen. When removing the checkbox in front of this item, the network screen will be turned off.

4. Save the changes made by pressing the button. Save.

1.2.6. Protection against network attacks

Protection against network attacks, finding an attack attempt to a computer, blocks any network activity of the attacking computer in relation to the computer on which the anti-virus protection means is installed. To enable protection against network attacks, you must perform the following steps:

1. Open the program settings window;

2. In block Antivirus defense Choose a section Protection against network attacks;

3. Check the box in front of the point Include protection against network attacks;

4. Check the box in front of the paragraph Add an attacking computer to the blocking list on.

Save.

1.2.7. Monitoring system

The monitoring of the system collects data on the actions of programs running on the computer. In the future, the collected information can be used in the treatment of programs (rollback of actions produced by malware in OS), room of the executable file in quarantine in case the activity of the program coincides with the pattern of hazardous behavior.

By default, monitoring is enabled and running. It is possible to turn off it only at extreme necessity and is not recommended.

To enable and turn off the monitoring, you must perform the following steps:

1. Open the program settings window;

2. In block Antivirus defense Choose a section Monitoring system;

3. Select one of the following:

  • Enable system monitoring.

You must check the checkbox to enable monitoring

  • Turn off the system monitoring.

You must read the checkbox to turn off monitoring.

4. Save the changes made by pressing the button. Save.

Setting the system monitoring

1. Open the program settings window;

2. In block Antivirus defense Choose a section Monitoring system;

3. Mark the necessary steps:

4. Save the changes made by pressing the button. Save.

Use of dangerous behavior patterns

To use templates, you must perform the following steps:

1. Open the program settings window;

2. In block Antivirus defense Choose a section Monitoring system;

3. In block Proactive defense Check the box Use updated dangerous behavior templates (BSS).

4. In the drop-down list When the malicious activity is detected Select the necessary action:

  • Select action automatically.

When this item is selected, the default actions are performed. By default, the executable malware file is placed in quarantine.

  • Move the file to quarantine.

When this item is selected, the detected malware will be moved to quarantine.

  • Complete the work of a malicious program.

When choosing this item, in case of malware detection, the antivirus will complete its operation.

  • Miss.

When this item is selected, when a malicious file is detected, the antivirus does not produce any action with it.

Rollback of the actions of malicious programs in the treatment

To enable or disable the rollback of malware under treatment, you must perform the following steps:

1. Open the program settings window;

2. In block Antivirus defense Choose a section Monitoring system;

3. Select one of the following:

When installing a tick opposite this item, there will be a rollback of actions committed by these programs in the OS, when treating malicious programs.

When removing a tick opposite this item, in the treatment of malicious programs will not be performed a rollback of actions committed by these programs in the OS.

  • Perform a rollback of the actions of malicious programs in the treatment.

4. Save the changes made by pressing the button. Save.

1.3. Tasks on schedule

Setting tasks on a schedule allows any actions to set timeWhat guarantees the regularity of checking and updates.

1.3.1. Update

To set up update time, you must perform the following steps:

1. Open the program settings window;

2. In block Tasks on schedule Choose a section Update;

3. In block Startup mode and source of updates Press the button Run mode ...

4. In the window that opens, go to the tab Startup mode. Select one of the following update options:

If this item is selected, you must configure Periodicityinstallation of updates.

5. Save the changes made by clicking the button. Save.

1.3.2. Full check

Security level

To configure the security level, you must perform the following steps:

1. Open the program settings window;

2. In block Tasks on schedule Choose a section Full check;

3. In block Security level

4. Save the changes made by pressing the button. Save.

Actions when detecting threats

1. Open the program settings window;

2. In block Tasks on schedule Choose a section Full check;

3. In block

  • Select action automatically
  • Perform action
  • Treat
  • Delete if treatment is impossible.

4. Save the changes made by pressing the button. Save.

1. Open the program settings window;

2. In block Tasks on schedule Choose a section Full check;

3. In block Startup mode and check objects

  • Startup mode
- manually
- Scheduled.
  • Objects for checking

4. Save the changes made by pressing the button. Save.

1.3.3. Check important areas

To configure the security level of important areas, the following steps must be performed:

1. Open the program settings window;

2. In block Tasks on schedule Choose a section Check important areas;

3. In block Security level Using the slider, select the security level. Provided 3 levels:

  • Low
  • Recommended
  • Tall

4. Save the changes made by pressing the button. Save.

Actions when detecting threats

1. Open the program settings window;

2. In block Tasks on schedule Choose a section Check important areas;

3. In block Action when a threat is detected You must select one of the following:

  • Select action automatically
  • Perform action

When you select the item, you can select the following actions:

- Treat

4. Save the changes made by pressing the button. Save.

Startup mode and check objects

1. Open the program settings window;

2. In block Tasks on schedule Choose a section Check important areas;

3. In block Startup mode and check objects You need to configure the following parameters:

  • Startup mode

When you press this button, the Setup window opens. You must select one of the start modes:

- manually
- Scheduled.
  • Objects for checking

When you press this button, the Setup window opens. It is necessary to mark objects to verify, and you can also add new objects.

4. Save the changes made by pressing the button. Save.

1.3.4. Custom scan

To configure the sampling level, you must perform the following steps:

1. Open the program settings window;

2. In block Tasks on schedule Choose a section Custom scan;

3. In block Security level Using the slider, select the security level. Provided 3 levels:

4. Save the changes made by pressing the button. Save.

Actions when detecting threats

1. Open the program settings window;

2. In block Tasks on schedule Choose a section Custom scan;

3. In block Action when a threat is detected You must select one of the following:

  • Select action automatically
  • Perform action

When this item is selected, you can select the following actions:

- Treat
- Delete if treatment is impossible.

4. Save the changes made by pressing the button. Save.

Check start mode

1. Open the program settings window;

2. In block Tasks on schedule Choose a section Check important areas;

  • In block Startup mode and check objects You need to configure Startup mode

When you press this button, the Setup window opens. You must select one of the start modes:

- manually
- Scheduled.

Save.

1.3.5. Search for vulnerabilities

The search for vulnerabilities allows regular checks of the installed software on vulnerabilities, then allowing you to promptly find out about possible problems And in a timely manifold them.

Objects for checking

To configure objects to search for vulnerabilities, you must perform the following sequence of actions:

1. Open the program settings window;

2. In block Tasks on schedule Choose a section Search for vulnerabilities;

3. In block Objects for checking It should be noted by the manufacturers checkbox, in whose products it is necessary to search for vulnerabilities:

  • Microsoft.
  • Other manufacturers

4. Save the changes made by pressing the button. Save.

To configure the search for vulnerabilities search mode, you must perform the following steps:

1. Open the program settings window;

2. In block Tasks on schedule Choose a section Search for vulnerabilities;

3. In block Vulnerability search start mode You must select one of the following vulnerability search modes:

  • Manually;
  • Scheduled.
  • Save the changes made by clicking the button. Save.

4. Save the changes made by pressing the button. Save.

2. Recommendations for configuring Dr.Web Desktop Security Suite (for Windows Workstations), version 6.0

2.1. Notifications

Notifications allow the user to quickly receive information about important events in Dr.Web. To configure notifications, you must perform the following steps:

1. Open the program settings window;

2. In the tab Maintenance Select Notifications.

3. Check the box in front of the point Use notifications and click Notification Settings ...

4. In the window that appears, check the notifications you need. When choosing the checkbox, you can install in one of the columns:

  • Screen.

When installing the checkbox in front of this item, screen notifications will be displayed.

  • post office.

When installing the checkbox in front of this item, the alerts will come by mail.

5. Set extra options Display screen notifications:

  • Do not show notifications in full screen mode.

Selecting this item allows you to not receive notifications when working with applications in full screen mode.

  • Display Firewall Notifications on a separate screen in full screen mode.

Selecting this item allows you to display notifications from the firewall on a separate desktop while the applications are running in full screen mode.

6. Save the changes made by clicking the button. OK.

2.2. Updates

To configure updates, you must perform the following steps:

1. Open the program settings window;

2. In the tab Maintenance Select Update.

3. Select updated components:

  • All (recommended);
  • Only base.

4. Install Frequency of updates.

5. Configure the source of updates by clicking the button Change ...

In the window that appears, select one of the update sources:

  • Internet (recommended).

When you select this item, updates are installed from the developer's website.

  • Local or network folder.

When this item is selected, updates are installed from the local or network folder to which the updates are copied.

  • Anti-virus network.

When this item is selected, updates are installed via the local network from the computer on which the antivirus is installed and the update mirror is created,

6. Save the changes made by clicking the button. OK.

7. Select a proxy server by pressing the button Change ...

In the window that appears, you must specify the settings for connecting to the proxy server:

  • Address
  • User
  • Password
  • Type of authorization

8. Save the changes made by clicking the button. OK.

9. Select the update mirror by pressing the button. Change ...

In the window that appears, specify the path to the folder to which the updates will be copied.

10. Save the changes made by clicking the button. OK.

11. Save all the changes made by clicking the button. OK.

2.3. Anti-virus network

Function Anti-virus networkallows remote control of the installed means anti-virus protection From other computers within one local network on which the same means of anti-virus protection are installed.

To enable this parameter, you must perform the following actions:

1. Open the program settings window;

2. In the tab Maintenance Select Anti-virus network.

3. Check the box in front of the point Allow remote control.

4. Save the changes made by pressing the button. OK.

2.4. Preventive defense

Setting up preventive protection allows you to set the reaction of anti-virus protection to the actions third-party applicationswhich can lead to a computer infection.

Level of preventive protection

To configure the level of preventive protection, you must perform the following steps:

1. Open the program settings window;

2. In the tab Maintenance Select Preventive defense.

3. Set the lock level of suspicious actions by pressing the button Change ....

  • Minimum (recommended)

The default level. Such a level prohibits the automatic change in system objects, the modification of which uniquely indicates an attempt to malicious effects on the OS. Also prohibited low-level access to the disk and modification of the HOSTS file.

  • Middle

This level additionally prohibits access to those critical objects that can potentially be used by malicious programs.

  • Paranoid

If this level selects, interactive control over the loading of drivers, automatic launch of programs and system services will be access.

4. Save the changes made by pressing the button. OK.

Data Loss Protection

Data loss protection Allows you to create copies of the contents of the selected folders, thereby protecting important files from changes with malicious programs.

To configure data protection protection, you must perform the following steps:

1. Open the program settings window;

2. In the tab Maintenance Select Preventive defense.

3. To configure data protection protection, press the button. Change ...

4. In the window that opens, select the option Turn off data loss protection

5. To add files to be copied, click Add

6. Specify the place of storage of copies and frequency with which these copies will be created.

7. Save the changes made by clicking the button. OK.

To recover data in case of loss, follow these steps:

1. Open the program settings window;

2. In the tab Maintenance Select Preventive defense.

3. Press the button Restore…

4. In the window that opens, select the date for which all specified copies of the files will be restored to the specified folder.

5. To start recovery, click OK.

2.5. Self-defense

The self-defense function allows to protect the means of anti-virus protection against unauthorized exposure.

To include self-defense required:

1. Open the program settings window;

2. In the tab Maintenance Select Self-defense.

3. Check the box in front of the item Include self-defense.

4. If necessary, place flags on the following items:

  • Prohibit user action emulation

This option prohibits any changes in the operation of anti-virus protection tools, except for the user-produced manually.

  • Prohibit the change in the date and time of the system

This option prohibits manual and automatically change the system time settings.

  • Password password settings Dr.Web

This option allows you to set the password to access the anti-virus protection settings.

5. Save the changes made by clicking the button. OK.

2.6. Email Protection

2.7. Excluded applications

By default, the postal traffic interception of all user applications on the computer occurs. In order to set an exception - applications, the mail traffic will not be intercepting, the following steps must be performed:

1. Open the program settings window;

2. In the tab Spider Mail Select Excluded applications.

3. To add an application to an exception, you must enter the necessary name in the input field and click the button. Add

4. Save the changes made by pressing the button. OK.

2.8. Firewall

Firewall allows you to protect your computer from unauthorized access and prevent leakage of important data over the network. It is not recommended to turn it off.

In order to enable or disable the firewall, you must perform the following steps:

1. Open the program settings window;

2. In the tab Firewallselect Enableor Run.

3. Save the changes made by clicking the button. OK.

To configure the firewall, follow these steps:

1. Open the program settings window;

2. In the tab Firewallgo to the tab Applications

3. For each application, you can:

  • Form a set of filtering rules. For this you need:

Press the button Create

Change

Copy.

  • Delete all rules for the program. For this you need:

Delete.

4. Save the changes made by pressing the button. OK.

2.9. Interfaces

In order to set a set of filtering rules for packets transmitted through a specific network interface, you must perform the following steps:

1. Open the program settings window;

2. In the tab Firewallgo to the tab Interfaces

3. Select the required interface from the list and compare the required rule from the drop-down list.

4. Save the changes made by pressing the button. OK.

2.10. Batch filter

To specify the packet filter parameters, you must perform the following steps:

1. Open the program settings window;

2. In the tab Firewallgo to the tab Interfacesand click Tune

3. In the Firewall Settings window, you can perform the following steps:

Form filtering rules sets. To do this, you must perform the following actions:

  • Create a set of rules for new program. For this you need:

Press the button Create

  • Edit an existing set of rules. For this you need:

Select an existing set of rules in the list and click the button. Change

  • Add a copy of the existing set of rules. For this you need:

Select an existing set of rules and click Copy.

  • Delete the selected set of rules. For this you need:

Select the appropriate set of rules and click Delete.

4. Save the changes made by pressing the button. OK.

2.11. Scanner Dr.Web.

3. Conclusion

The anti-virus protection means is undoubtedly one of the important components when ensuring the security of the computer, however, do not forget that the anti-virus protection means is not a panacea from all threats.

Don't forget about basic settings PC security (""). It is also necessary to remember about the security on the Internet ("").

It often happens that Kaspersky Anti-Virus, which should ensure the security of a local network, on the contrary, vice versa in every way interferes with access to network resources.

Therefore, here we will analyze what to do if Kaspersky blocks the local network, and which settings are needed if access to the computer is limited.

Before proceeding to the diagnosis of the problem, make sure that

  • - You have a fresh version of the antivirus;
  • - The computer updated the driver to the network card.

What if Kaspersky blocks the local network?

To check, you should temporarily disable protection. To do this, right-click on the antivirus icon in the system tray and select "Suspend Protection".

You must also disable Windows Firewall - Kaspersky himself will execute the task of the network screen, assign statuses and will control the network connection. If you leave the firewall enabled, the antivirus will periodically disable the network.

It is necessary to immediately remember the name of the network and.

To do this, go "Start" - "Control Panel" - "Network and Internet" - "Network Management Center and common access"-" Changing the Adapter Settings "-" Connection over Local Network "(Local Network Name Default - Model of the Network Card: Realtek RTL8102E ..., Atheros and others).

Kaspersky Setting for LAN:

1) Open the main antivirus window;
2) At the bottom of the left, click the setting sign (gear);
3) in the left column, press "Protection";
4) Next in the right window - "Network Screen";

5) downstairs - the "network" button;
6) Choose your network (whose name you remember earlier)

Double-click the network properties and select the Type of Trusted Network Network.
Next, if necessary, you can turn off the NDIS Filter driver (the exchange rate over the network will increase significantly). It turns off in the settings of the local network and is not subject to configuration.

Enable and restart the computer is necessary with the local network enabled and connected to network card computer cable, because Kaspersky begins to conflict with the "Computer Observer" service.

You can also prohibit or restrict certain programs to the location network. To do this, run the items from the first to the fourth and select "Configure program rules".

There are four groups here: trusted, weak limitations, strong restrictions and untrusted. Using the right mouse button, select the appropriate priority for programs, then add new groups and programs. To do this, select:

1) details and rules
2) network rules
3) Restrictions
4) reset parameters
5) Remove from the list
6) Open the program folder

The default rules are "inherited" from installed programBut they can be changed on the necessary. To do this, right-click the desired program (or subgroup) and select the appropriate item in the menu.



Did you like the article? Share it
Recommended articles on the topic
Magnetometry in the simplest version The ferrozond consists of a ferromagnetic core and two coils on itMagnetometry in the simplest version The ferrozond consists of a ferromagnetic core and two coils on it
Effective job search course searchEffective job search course search
The main characteristics and parameters of the photodiodeThe main characteristics and parameters of the photodiode
Visitors are now discussing
How to edit PDF (five applications to change PDF files) How to delete individual pages from PDFHow to edit PDF (five applications to change PDF files) How to delete individual pages from PDF Wireless
Why the fired program window is long unfolded?Why the fired program window is long unfolded? iPhone / iPad.
DXF2TXT - export and translation of the text from AutoCAD to display a dwg traffic point in TXTDXF2TXT - export and translation of the text from AutoCAD to display a dwg traffic point in TXT Problems
What to do if the mouse cursor disappearsWhat to do if the mouse cursor disappears Setting