Concerning to Kaspersky Administration Kit 6.0
A policy is a set of application parameters shared by all computers in a group.
Each application has its own policy. Several policies can be defined for one application in a group. But only one policy can be active: it's the policy whose settings are running at present.
You can "lock" most policy settings from modifying. You can lock a policy in the policy's properties by clicking for the settings of a specific group. After the image has changed to it is impossible to change this group of settings in the policies of nested groups, task settings or on client computers. Mandatory or “locked” settings are always enforced on client computers.
To create a policy, go to > the Policy subfolder > click the Add a policy link in the details panel. During the work of the New Policy Wizard define the name of the policy, the application it is created for and configure the maximum necessary number of application parameters.
Policies can be imported and exported.
All Kaspersky Network Agent settings are grouped on its Policies tabs:
The General tab
The General tab displays policy name, application for which it is created, creation and modification time and date. On this tab the name of the policy can be changed or the policy can activated based on the event after which it becomes active. In the current Kaspersky Administration Kit version the administrator can configure activation of the selected policy only if the Virus outbreak event occurs. I.e. the policy activates when a certain number of malicious programs is detected on the computers in the logical network during a restricted period of time. Parameters of virus outbreak can be configured in the Administration Server > Properties > the Virus outbreak tab.
The policy working mode can be selected and set in the Policy status drop-down list: active or inactive policy.
When some other policy is activated, the prior deployed policy is not active any more.
If in the Policy status you select Inactive policy in all policies for one application then no policy is deployed.
Back to tabs list
The Settings tab
On the tab:
- size of the Windows Event Log can be restricted – in the Maximum size of event log, Mb parameter
- display of information about objects quarantined and backed up on client computers can be enabled. Lists of objects are available in the nodes of the Console tree > Storages > Quarantine or Backup correspondingly.
Via the Administration Console objects can be re-scanned for viruses or restored to their initial location.
Back to tabs list
The Enforcement tab
The tab gives reference information about results of the policy application on client computers in the group: for how many computers the policy was applied (the list of Clients on which the policy was applied or is going to be applied can be viewed if you click the Details button) - this information can be helpful to know why the settings/ policy have (has) not been applied on some client computers.
Each anti-virus application has its own settings – they are called local settings. When a policy is applied to the application, the application stops using its local settings and starts functioning the following way:
- “locked” parameters (mandatory parameters), are taken from the policy.
- other parameters (i.e. parameters which are not “locked” in the policy) are taken from its local settings.
According to the default settings the policy does not change the application local settings and when the policy is no longer applied to the application, it gets back to its “old” settings (those which were used before the first policy application).
If necessary the administrator can change the application local settings when the policy is applied, only mandatory parameters (“locked”) or all policy parameters (of both locked and not locked ones) can be changed. If local parameters have been changed then when the policy is not applied to the application any more the application will go on working with the parameters from the policy.
You can modify local parameters in the Advanced window (policy > the Enforcement tab > the Advanced link).
Remember local settings can be changed when the policy is enforced for the first time! In order to force the set variant after the first policy application use the Change now button – local parameters will be changed according to the choice made during the next synchronization of a client computer with the server.
Once the local settings are changed, the initial settings, which the application used before the policy application, cannot be reset. If you have selected the third variant and all local settings have been changed then there is no point in choosing either the first or the second variant – local settings cannot be reset.
It is strongly recommended not to change local settings if not necessary - as the process to change them back increases load on the CPU, network traffic and on the network in general and causes lots of problems – settings cannot be rollbacked, local settings are not defined (administrator cannot always remember what local settings should be applied on a computer), etc.
In order to change the “working’ application settings “lock” the settings necessary to be applied to the application!
Back to tabs list
The Network tab
Administration Agent settings are described on the tab:
- time period when the Network Agent installed on a client computer tries to connect to the Administration Server – can be set in the Synchronization period box. The default period is 15 minutes.
- the parameter which determines whether secure connection is used when connecting the Agent and the Server – the Use SSL connection parameter.
- To reduce the volume of the network traffic between a client computer and the Administration Server the zlib algorithm can be used. The algorithm reduces the volume to ten times. By default the algorithm usage is enabled. To disable the function, uncheck Compress network traffic.
- If Use UDP port is unchecked, the Administration Server cannot initiate the connection with a client computer. I.e. information between the Server and the Client can be exchanged only when the Agent initiates the connection. If the Server fails to establish connection with the Agent then the information (policies enforcement, viewing the tasks execution, etc) is exchanged not in real-time. Number of the UDP port in use is set in the UDP port number box.
Back to tabs list