ElvinE5

Могу ошибаться ... но по моему в облачной версии Security Cloud, не поддерживается установка интервалов работы правил. не могу к сожалению проверить нет нужной лицензии ...

В Версии для Linux консоль MMC по умолчанию НЕ поддерживается ... для сервера KSC 14.2 Linux ее можно включить ... и использовать как обычно - https://support.kaspersky.com/help/KSCLinux/14.2/ru-RU/230088.htm для 15 ... ММС не работает (пока что) ...

SP 1 Установлен ? я думаю вы находили эти статьи но на всякий случай https://support.kaspersky.ru/kes11/troubleshooting/install/15378#block3 https://support.kaspersky.ru/common/error/installation/14829 посмотрите ...если ни чего не поможет ... обратитесь в тех подержу через свой кабинет https://companyaccount.kaspersky.com/account/login

На какой ОС возникает проблема ? попробуйте рекомендации из этой статьи ... https://support.kaspersky.ru/kess3/diagnostics/13727 // Позволю себе поправить, ссылка выше для KSWS, KESS, Nodes. Для KES: https://support.kaspersky.ru/11004 / @Demiad

probably the server does not have permission to read from the active directory... Try the following... In the AD pooling properties, manually specify the IP address of your domain controller and domain user credentials (login, password). When you run a poll, the system will use this data to obtain information. In the same way, you can specify several domains to poll them https://support.kaspersky.com/KSC/14.2/en-US/166185.htm

Well, here I can only advise you to contact technical support... so that you can analyze this issue in more detail... if it interests you https://companyaccount.kaspersky.com/account/login

this is a little different from what you think... This item allows you to change these device settings in your child groups. let's go in order... 1. The managed group is the main parent group, all others in relation to it will be children 2. By default, all policies are created for the Managed Devices group, and are also the parent of all other policies - WHICH YOU MUST CREATE in your child groups. on your slide, I will assume that you went to your child group and opened the POLICIES section .. you saw the policies there - BUT these are the policies of the Parent group, which is why you cannot edit it here... at the top you should see a “switch” to show or not parent policies applied to the group, select hide and you will see that it is empty, there are no child policies... if you need a separate policy for a group, open this section and click the create button... after going through all the steps of the wizard... you will have your own policy EXACTLY FOR THIS group... All of them can be viewed in the main console tree, the Policies section, and there is a column showing which group it belongs to. after that, opening the policy, you can disable inheritance here... after which you can configure the policy for this group as you need... without receiving settings from the parent... and make sure that forced application of settings is not enabled in the parental policy... this item will forcefully change all settings to parental ones PS https://support.kaspersky.com/KSC/14.2/en-US/3313.htm

в принципе если есть данные о исполняемом файле на сервере KSC, то можно с помощью Предотвращения вторжения запретить этому приложению "общаться" с "Публичными сетями" PS: данные о программе можно собрать задачей "Инвентаризация"

The question is not entirely clear. Can you describe in more detail what you want to achieve and how you do it... what do you want to get in the end?

to send “commands” to the user’s devices, the KSC server generates a UDP packet on port 15000. Sending is one-way from KSC to the client (something like “hey, connect to me, I have news”). The agent listens to this port; if it “hears,” it establishes a connection with the server according to the standard scheme (from agent to server on TCP 13000), after which information is exchanged. In your case, the server seems unable to “speak out” to the clients, they don’t hear it... it looks like TCP 13000 works on your network, since clients still receive information and policies, judging by your words, clients themselves connect to the server (even if they don’t hear commands) once every 15 minutes (by default) Check that you have the ability to send similar packets between the KSC server and clients from a neighboring domain. I also want to clarify that there is no way to control the start/stop of the agent from the KSC server through the device properties... this is something like a “foolproof” mechanism

Unfortunately, this is an old problem and apparently has not been resolved yet. if the user has sufficient rights on the local device, instead of disabling the protection, he will pause it (just pause, and not by time or until a reboot). then you can also resume the operation of components (disable pauses) only from the local client. You will need to manually launch protection locally on all such devices. There is no other solution yet.

In your case, this behavior is most likely connected not with the version of Office, but with its bit capacity. This add-on to Outlook is not officially supported when running in the x64 version of Office. You can disable the use of this add-on in the KES policy in the "Mail Protection" section So in the Office Add-ins of the Outlook component

As with everything... create allowing rules for the required services and place them above your "deny all" rule...

Если нужно ЗАБЛОКИРОВАТЬ доступ к ресурсу ... нужно воспользоваться компонентом Веб-Контроль https://support.kaspersky.com/KESWin/12.4/ru-RU/176743.htm

I can't tell you about the registry key... can be found in the "Programs and Features" list or in the properties of the installed solution... in my case I have RU localization installed and Lite encryption ... AES256 for the Strong encryption