Kaspersky Antivirus

• Kaspersky Endpoint Security 12

• Kaspersky Endpoint Security 11

• Kaspersky Small Office Security

• Kaspersky Security Center

• Kaspersky Security for Virtualization 5.1

To ensure the agent operates correctly, add its system components to the antivirus exclusions and disable secure connection checking.

Kaspersky Endpoint Security 12

Exclusions

1. Click on the gear icon in the lower left corner to go to General Settings. Open the Exclusions and types of detected objects section.

   

2. In Exclusions and types of detected objects, open Manage Exclusions:

   

3. Click Add → New exclusion and add the following exclusions:

   Architecture	File Path
   х64	C:\Windows\agent.msi C:\Windows\auxiliaryservice.exe C:\Windows\Winexesvc.exe C:\Windows\installer\* C:\Windows\Temp\scrim2 C:\Windows\Temp\agent.msi C:\Windows\SysWOW64\TimeControlSvc\* C:\Windows\SysWOW64\TimeControlSvc\vmnetdrv32.exe C:\Windows\SysWOW64\TimeControlSvc\vmnetdrv64.exe C:\Windows\SysWOW64\TimeControlSvc\sysprotect64.exe
   x86	C:\Windows\agent.msi C:\Windows\auxiliaryservice.exe C:\Windows\Winexesvc.exe C:\Windows\installer\* C:\Windows\Temp\scrim2 C:\Windows\Temp\agent.msi C:\Windows\System32\TimeControlSvc\* C:\Windows\System32\TimeControlSvc\vmnetdrv32.exe C:\Windows\System32\TimeControlSvc\sysprotect.exe

   

Trusted Applications

1. Return to Exclusions and types of detected objects and in the Specify trusted applications section add:

   • C:WindowsSysWOW64TimeControlSvcvmnetdrv32.exe

   • C:WindowsSysWOW64TimeControlSvcvmnetdrv64.exe

   • C:WindowsSysWOW64TimeControlSvcsysprotect64.exe

     or

   • C:WindowsSystem32TimeControlSvcvmnetdrv32.exe

   • C:WindowsSystem32TimeControlSvcsysprotect.exe

   

2. In Exclusions for application, select:

   • Do not scan files before opening

   • Do not monitor application activity

   • Do not scan all traffic

   

Network Settings

1. Return to General settings and go to Network settings.

   

2. Configure as follows:

   • Monitored ports → Monitor selected ports only

   • Encrypted connections scan → Scan encrypted connections upon request from protection components

     

3. In the Monitor selected ports only section, click Select. The Network ports window will open.

   Activate the HTTP option, deactivate all other options:

   

4. Restart the computer to apply changes.

Audio Recording Permission

1. In the Settings section, go to Host Intrusion Prevention and select Manage applications.

   

2. Right-click the Low Restricted group and select Details and Rules.

   

3. In the Rights section, select Access sound recording devices and select Allow.

   

Kaspersky Endpoint Security 11

Exclusions

1. Go to Settings → Exclusions → Settings.

2. Click + Add → Select File or Folder.

Add the general exclusions:

Architecture	File Path
х64	C:\Windows\agent.msi C:\Windows\auxiliaryservice.exe C:\Windows\Winexesvc.exe C:\Windows\installer\* C:\Windows\Temp\scrim2 C:\Windows\Temp\agent.msi C:\Windows\SysWOW64\TimeControlSvc\* C:\Windows\SysWOW64\TimeControlSvc\vmnetdrv32.exe C:\Windows\SysWOW64\TimeControlSvc\vmnetdrv64.exe C:\Windows\SysWOW64\TimeControlSvc\sysprotect64.exe
x86	C:\Windows\agent.msi C:\Windows\auxiliaryservice.exe C:\Windows\Winexesvc.exe C:\Windows\installer\* C:\Windows\Temp\scrim2 C:\Windows\Temp\agent.msi C:\Windows\System32\TimeControlSvc\* C:\Windows\System32\TimeControlSvc\vmnetdrv32.exe C:\Windows\System32\TimeControlSvc\sysprotect.exe

3. Add additional file paths:

C:\Windows\SysWOW64\TimeControlSvc\
C:\Windows\system32\config\systemprofile\AppData\Roaming\TimeSVC3
C:\Windows\System32\TimeControlSvc\
C:\Windows\System32\TimeControlSvc\vmnetdrv32.exe
C:\Windows\System32\TimeControlSvc\sysprotect.exe

Trusted Applications

1. In the Trusted Applications tab, specify the applications:

C:\Windows\SysWOW64\TimeControlSvc\vmnetdrv64.exe
C:\Windows\SysWOW64\TimeControlSvc\vmnetdrv32.exe
C:\Windows\System32\TimeControlSvc\vmnetdrv32.exe

2. Set their permissions:

• Do not check opened files

• Do not monitor application activity

• Do not check all traffic

SSL Settings

1. Go to Network Settings:

2. Make sure the following are not selected:

• HTTPS

• SMTP SSL

• NMTP SLL

• IMAP SSL

• POP3 SSL

• Monitor all ports for programs, recommended by Kaspersky Lab.

4. Restart the computer or the agent.

Kaspersky Small Office Security

Go to Settings → Advanced → Network and select the Do not scan encrypted connections option.

Note

The settings path may differ depending on the program version.

Kaspersky Security Center

In Kaspersky Security Center, select the policy assigned to the agent and configure the settings according to the Kaspersky Endpoint Security 11 section.

Kaspersky Security for Virtualization 5.1

For Linux-based operating systems with Kaspersky Security for Virtualization 5.1 installed, add exclusions to the agent configuration:

Add the general exclusions:

Architecture	File Path
х64	C:\Windows\agent.msi C:\Windows\auxiliaryservice.exe C:\Windows\Winexesvc.exe C:\Windows\installer\* C:\Windows\Temp\scrim2 C:\Windows\Temp\agent.msi C:\Windows\SysWOW64\TimeControlSvc\* C:\Windows\SysWOW64\TimeControlSvc\vmnetdrv32.exe C:\Windows\SysWOW64\TimeControlSvc\vmnetdrv64.exe C:\Windows\SysWOW64\TimeControlSvc\sysprotect64.exe
x86	C:\Windows\agent.msi C:\Windows\auxiliaryservice.exe C:\Windows\Winexesvc.exe C:\Windows\installer\* C:\Windows\Temp\scrim2 C:\Windows\Temp\agent.msi C:\Windows\System32\TimeControlSvc\* C:\Windows\System32\TimeControlSvc\vmnetdrv32.exe C:\Windows\System32\TimeControlSvc\sysprotect.exe

Add additonal exclusions:

/var/opt/kaspersky/*
/usr/local/sbin/lightagent
/usr/lib/systemd/system/lightagent.service
/usr/bin/kaspersky/*
/sys/fs/cgroup/systemd/system.slice/lightagent.service
/run/kaspersky/*
/opt/kaspersky/*
/etc/systemd/system/multi-user.target.wants/lightagent.service
/etc/systemd/system/graphical.target.wants/lightagent.service
/etc/opt/kaspersky/*

Note

For correct email interception, it is recommended to enable avp.exe certificate substitution.

Last Updated: 18.07.25