Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 00:00:08 - 00:04:49 You have created a workspace, connected devices to it, assigned owners to devices, and distributed the licenses. Everything is working with default settings. The connected devices have received security profiles from the server and are using their settings for protection. What should the administrator do next? Monitor protection. Respond to threats. Fine tune settings to improve protection and make the user experience more comfortable. The default security profile provides optimal settings. Do not edit it without understanding what result you want to achieve. We will also tell you which settings should remain unchanged. The default profile does not allow users to change security settings, but it does not prohibit exiting Kaspersky Endpoint Security for windows. Also, users who have administrator permissions can uninstall Kaspersky Endpoint Security. To prevent this, configure password protection in the security profile. You can find security profiles in security management. At first, only the default profile is available there. You cannot delete it, and it applies to all devices for which no other profile is selected. For a small company of 10 to 20 devices. A single profile may be enough. If one profile is insufficient, create others. Click add and then create. Enter the profile name and click create. In Kaspersky Endpoint Security Cloud, each security profile contains security settings for all devices windows, Mac, Android, and iOS. Each operating system has a separate section in the settings. The password for Kaspersky Endpoint Security for windows is configured in the interface settings located in the advanced section. Password protection is disabled by default. Open the password protection settings and specify the username and password that you will use when managing the application on a device. Click save to apply a profile to a user. Click assign to users in groups and select one or more users whose devices will use this profile. You can also change the security profile assigned to a user on the user's page. After the new security profile settings are applied to a device. The user will need to know the password to be able to exit Kaspersky Endpoint Security for windows. Scanning removable drives helps prevent the spread of malicious files. When a user launches a malicious file or copies it to a hard disk, file, Threat Protection intercepts the operation and deletes the malicious file. However, if a file is simply stored on a removable drive and the user does not try to do anything with it, protection against file threats will not process that file, and it will remain there. If the user passes the drive to a customer or partner, they can infect their computers. As a result, the company's reputation can be compromised even if its computers do not get infected. That is why we recommend that you configure automatic scanning for removable drives whenever they are connected to computers. Removable drive scanning is disabled by default. Scanning is configured in the Security settings section. You can choose between full and quick scanning. Full scanning will scan all files on the drives, including archives. This way more dangerous files can be detected, but the user will have to wait a little longer. Quick scanning checks only files and does not process archives. Removable drives can have a volume of hundreds of gigabytes and full scanning of such drives, especially if they are connected to slow interfaces like USB 2.0, can take a long time to save users time. You can limit the volume of drives to be scanned or allow the users to terminate scanning. File threat protection, behavior detection, and other protection components intercept all operations on the computer and block any infection attempts. However, if a file is simply stored in a folder or archive and is not run, it will remain unnoticed. Real time protection reacts only to actions. It is not designed to deal with passive threats. To reduce the risk from passive threats, you should regularly scan computers for malware. Such scanning not only checks all files and archives, but also scans memory for rootkits. Sometimes it is difficult to choose a proper schedule for scanning. In this case, you can use idle scanning. This option is located in the Advanced Performance section. Just enable it and save the settings. Scheduled scanning is configured in the workspace options, not in the security profile, meaning the same schedule will be used on all connected devices. By default, the schedule is set to manually. This means the user is supposed to start scanning manually. Unfortunately, in reality this results in scanning being performed extremely rarely. Switch the scan task start mode to by schedule and select the frequency day of the week and launch time. Additionally, you can choose a security level. The low level skips too many files and make scanning less efficient.4932