Configuring permissions in the AppArmor system

To update the AppArmor profiles required to run Kaspersky Endpoint Security:

  1. Make sure that the AppArmor module is loaded by using one of the following methods:
    • systemctl status apparmor
    • /etc/init.d/apparmor status
  2. Create a Kaspersky Endpoint Security profile:
    1. In the first console, execute the following commands:

      cd /etc/apparmor.d

      aa-genprof /opt/kaspersky/kesl/libexec/kesl

    2. In the second console, run the following tasks:
      • real-time protection task:

        kesl-control --start-t 1

      • process memory scan task:

        kesl-control --start-t 4 -W

      • boot sector scan task:

        kesl-control --start-t 5 -W

      • update task:

        kesl-control --start-t 6 -W

    3. In the first console, press S. After event scanning completes, press F.
  3. Switch the created Kaspersky Endpoint Security profile to message display mode:

    aa-complain opt.kaspersky.kesl.libexec.kesl

  4. After the application has run for several days, update the profile by running the following command:

    aa-logprof

    Specify the Allow or Glob permissions for all files that Kaspersky Endpoint Security used during this period.

  5. Switch the Kaspersky Endpoint Security profile to blocking mode:

    aa-enforce opt.kaspersky.kesl.libexec.kesl

If new audit messages related to Kaspersky Endpoint Security appear, the rules module file needs to be updated.

For additional information, please refer to the documentation on the relevant operating system.

Page top