Kaspersky Antivirus

To ensure the agent operates correctly, add its system components to the antivirus exclusions and disable secure connection checking.

Kaspersky Endpoint Security 12

Exclusions

  1. Click on the gear icon in the lower left corner to go to General Settings. Open the Exclusions and types of detected objects section.

    ../../_images/kaspersky-1.png
  2. In Exclusions and types of detected objects, open Manage Exclusions:

    ../../_images/kaspersky-2.png
  3. Click AddNew exclusion and add the following exclusions:

    Architecture

    File Path

    х64

    C:\Windows\agent.msi
    C:\Windows\auxiliaryservice.exe
    C:\Windows\Winexesvc.exe
    C:\Windows\installer\*
    C:\Windows\Temp\scrim2
    C:\Windows\Temp\agent.msi
    C:\Windows\SysWOW64\TimeControlSvc\*
    C:\Windows\SysWOW64\TimeControlSvc\vmnetdrv32.exe
    C:\Windows\SysWOW64\TimeControlSvc\vmnetdrv64.exe
    C:\Windows\SysWOW64\TimeControlSvc\sysprotect64.exe

    x86

    C:\Windows\agent.msi
    C:\Windows\auxiliaryservice.exe
    C:\Windows\Winexesvc.exe
    C:\Windows\installer\*
    C:\Windows\Temp\scrim2
    C:\Windows\Temp\agent.msi
    C:\Windows\System32\TimeControlSvc\*
    C:\Windows\System32\TimeControlSvc\vmnetdrv32.exe
    C:\Windows\System32\TimeControlSvc\sysprotect.exe

    ../../_images/kaspersky-3.png ../../_images/kaspersky-4.png ../../_images/kaspersky-5.png

Trusted Applications

  1. Return to Exclusions and types of detected objects and in the Specify trusted applications section add:

    • C:WindowsSysWOW64TimeControlSvcvmnetdrv32.exe

    • C:WindowsSysWOW64TimeControlSvcvmnetdrv64.exe

    • C:WindowsSysWOW64TimeControlSvcsysprotect64.exe

      or

    • C:WindowsSystem32TimeControlSvcvmnetdrv32.exe

    • C:WindowsSystem32TimeControlSvcsysprotect.exe

    ../../_images/kaspersky-6.png ../../_images/kaspersky-7.png
  2. In Exclusions for application, select:

    • Do not scan files before opening

    • Do not monitor application activity

    • Do not scan all traffic

    ../../_images/kaspersky-8.png

Network Settings

  1. Return to General settings and go to Network settings.

    ../../_images/kaspersky-9.png
  2. Configure as follows:

    • Monitored portsMonitor selected ports only

    • Encrypted connections scanScan encrypted connections upon request from protection components

      ../../_images/kaspersky-10.png
  3. In the Monitor selected ports only section, click Select. The Network ports window will open.

    Activate the HTTP option, deactivate all other options:

    ../../_images/kaspersky-11.png
  4. Restart the computer to apply changes.

Audio Recording Permission

  1. In the Settings section, go to Host Intrusion Prevention and select Manage applications.

    ../../_images/kaspersky-12.png ../../_images/kaspersky-13.png
  2. Right-click the Low Restricted group and select Details and Rules.

    ../../_images/kaspersky-14.png
  3. In the Rights section, select Access sound recording devices and select Allow.

    ../../_images/kaspersky-15.png

Kaspersky Endpoint Security 11

Exclusions

  1. Go to SettingsExclusionsSettings.

../../_images/kaspersky_endpiont_1.png
  1. Click + AddSelect File or Folder.

../../_images/kaspersky_endpiont_2.png

Add the general exclusions:

Architecture

File Path

х64

C:\Windows\agent.msi
C:\Windows\auxiliaryservice.exe
C:\Windows\Winexesvc.exe
C:\Windows\installer\*
C:\Windows\Temp\scrim2
C:\Windows\Temp\agent.msi
C:\Windows\SysWOW64\TimeControlSvc\*
C:\Windows\SysWOW64\TimeControlSvc\vmnetdrv32.exe
C:\Windows\SysWOW64\TimeControlSvc\vmnetdrv64.exe
C:\Windows\SysWOW64\TimeControlSvc\sysprotect64.exe

x86

C:\Windows\agent.msi
C:\Windows\auxiliaryservice.exe
C:\Windows\Winexesvc.exe
C:\Windows\installer\*
C:\Windows\Temp\scrim2
C:\Windows\Temp\agent.msi
C:\Windows\System32\TimeControlSvc\*
C:\Windows\System32\TimeControlSvc\vmnetdrv32.exe
C:\Windows\System32\TimeControlSvc\sysprotect.exe

  1. Add additional file paths:

C:\Windows\SysWOW64\TimeControlSvc\
C:\Windows\system32\config\systemprofile\AppData\Roaming\TimeSVC3
C:\Windows\System32\TimeControlSvc\
C:\Windows\System32\TimeControlSvc\vmnetdrv32.exe
C:\Windows\System32\TimeControlSvc\sysprotect.exe
../../_images/kaspersky_endpiont_3.png

Trusted Applications

  1. In the Trusted Applications tab, specify the applications:

C:\Windows\SysWOW64\TimeControlSvc\vmnetdrv64.exe
C:\Windows\SysWOW64\TimeControlSvc\vmnetdrv32.exe
C:\Windows\System32\TimeControlSvc\vmnetdrv32.exe
  1. Set their permissions:

  • Do not check opened files

  • Do not monitor application activity

  • Do not check all traffic

../../_images/kaspersky_endpiont_5.png

SSL Settings

  1. Go to Network Settings:

../../_images/kaspersky_endpiont_6.png
  1. Make sure the following are not selected:

  • HTTPS

  • SMTP SSL

  • NMTP SLL

  • IMAP SSL

  • POP3 SSL

  • Monitor all ports for programs, recommended by Kaspersky Lab.

../../_images/kaspersky_endpiont_7.png
  1. Restart the computer or the agent.

Kaspersky Small Office Security

Go to SettingsAdvancedNetwork and select the Do not scan encrypted connections option.

../../_images/exclusions_2.png

Note

The settings path may differ depending on the program version.

Kaspersky Security Center

In Kaspersky Security Center, select the policy assigned to the agent and configure the settings according to the Kaspersky Endpoint Security 11 section.

../../_images/kaspersky_endpiont_8.png

Kaspersky Security for Virtualization 5.1

For Linux-based operating systems with Kaspersky Security for Virtualization 5.1 installed, add exclusions to the agent configuration:

../../_images/kaspersky_linux_1.png

Add the general exclusions:

Architecture

File Path

х64

C:\Windows\agent.msi
C:\Windows\auxiliaryservice.exe
C:\Windows\Winexesvc.exe
C:\Windows\installer\*
C:\Windows\Temp\scrim2
C:\Windows\Temp\agent.msi
C:\Windows\SysWOW64\TimeControlSvc\*
C:\Windows\SysWOW64\TimeControlSvc\vmnetdrv32.exe
C:\Windows\SysWOW64\TimeControlSvc\vmnetdrv64.exe
C:\Windows\SysWOW64\TimeControlSvc\sysprotect64.exe

x86

C:\Windows\agent.msi
C:\Windows\auxiliaryservice.exe
C:\Windows\Winexesvc.exe
C:\Windows\installer\*
C:\Windows\Temp\scrim2
C:\Windows\Temp\agent.msi
C:\Windows\System32\TimeControlSvc\*
C:\Windows\System32\TimeControlSvc\vmnetdrv32.exe
C:\Windows\System32\TimeControlSvc\sysprotect.exe

Add additonal exclusions:

/var/opt/kaspersky/*
/usr/local/sbin/lightagent
/usr/lib/systemd/system/lightagent.service
/usr/bin/kaspersky/*
/sys/fs/cgroup/systemd/system.slice/lightagent.service
/run/kaspersky/*
/opt/kaspersky/*
/etc/systemd/system/multi-user.target.wants/lightagent.service
/etc/systemd/system/graphical.target.wants/lightagent.service
/etc/opt/kaspersky/*

Note

For correct email interception, it is recommended to enable avp.exe certificate substitution.

../../_images/kaspersky_cert.png

Last Updated: 18.07.25