Kaspersky Administration Kit 6.0

 
 
 

What does color of a client computer icon mean to Kaspersky Administration Kit 6.0?

Back to "Maintenance" section
ID: 987
Complexity
2012 Jan 23
 
 
 
 

Concerning to Kaspersky Administration Kit 6.0 MP1

Any computer added to an administration group has its status in the logical network - OK/ Warning / Critical. Depending on the computer status the color of the icon next to the computer name changes. Except color the icon of a client computer can change its brightness

The color of a computer icon may be the following; 

    • - the OK status. 
    • - the Warning status. 
    • - the Critical status. 

On the Computer status tab of the group properties to which the computer is assigned conditions are defined on which the computer is granted the Warning or Critical status. If no condition is carried out the computer is granted the OK status. 

The Inherit parameter is checked by default for nested groups. It means the conditions to grant statuses are inherited from a parent group. But the administrator can regulate the conditions by checking /uncheking checkboxes and values of some parameters at which these conditions are executed. 

To configure or change the parameters, uncheck the Inherit box, highlight the necessary condition and from its context menu run the Change command. In the open window you can change the value of the parameter under which it will be executed. 

Let's view the possible conditions for the Warning and Critical statuses. Some of them are configured by default: 

The Critical status: 

    • Anti-virus application is not installed (enabled by default). 

 

    • Too many viruses detected – number of viruses detected on the client's device, when this number is exceeded then the computer status changes to Critical. The entered value may vary from 0 to 32767. The viruses are counted based on the events that get on the Administration Server. The setting to save the events in the Server database can be configured in the policy of the anti-virus application on the Events tab.

 

    • Real-time protection level differs from that set by the administrator – this condition “works” if the real-time protection level set on the computer differs from running. 

AttentionThis condition should be used to grant the computer either Critical or Warning status only if the user has the right to change real-time protection settings. I.e. real-time protection settings are not locked and can be modified. 

WarningPay attention for different versions of Kaspersky Anti-Virus for Windows Workstations/ File Servers real-time protection statuses are different. That is why when choosing the Real-time protection level differs from that set by the administrator parameter take into consideration the list of statuses which real-time protection can take. 

Example 1: a computer with Kaspersky Anti-Virus 5.0 for Windows Workstations is added to the group. Administrator sets the Recommended level in the policy for all real-time protection components and it is necessary that the computer status should change to Critical if the user changes real-time protection settings. 

To configure the task, right-click the group to which the necessary computer is assigned > Properties > on the Computer status tab check Real-time protection level differs from that set by the administrator and change its value to Running (recommended) 

Example 2: a computer with Kaspersky Anti-Virus 6.0 for Windows Workstations installed is assigned to the group. Administrator wants the computer status would change to Critical, if the user pauses/stops all real-time protection components. 

To configure the task, right-click the group to which the necessary computer is assigned > Properties > on the Computer status tab check Real-time protection level differs from that set by the administrator and change its value to Running.

 

AttentionIf administrator wants to use Real-time protection level differs from that set by the administrator in work, then client computers with anti-virus applications of different versions (5.0 and 6.0) should be assigned to different groups. 

    • Your computer has not been scanned for a very long time (enabled by default with the 14 days value) – the entered value is specified in days and might range from 1 to 32767. 

 

    • Antivirus database is outdated (enabled by default with the 14 days value) – the entered value is set in days, and can be from 1 to 32767. 

 

    • Host has not connected to Administration Server for a very long time (enabled by default with the 14 days value) – entered value is set in days and can vary from 1 to 32767. 

 

    • Host is out of control (enabled by default) – a client computer fails to connect to the Administration Agent, but the computer responds the ping command. This message may mean the Administration agent was deleted on the remote computer. 

 

    • Real-time protection is not active (enabled by default) – all real-time rotection components are stopped. 

 

    • Anti-virus application is not running (enabled by default). 

The Warning status: 

    • Anti-virus application is not installed (enabled by default). 
    • Too many viruses detected (see above). 
    • Real-time protection level differs from that set by the administrator (see above). 
    • Full computer scan has not been performed for a very long time, days (enabled by default with the 7 days value). 
    • Antivirus database is outdated (enabled by default with the 7 days value
    • Host has not connected to Administration Server for a very long (enabled by default with the 7 days value

AttentionIf the following conditions are fulfilled: 

    • Real-time protection not running 
    • Application not running 
    • Real-time protection level differs from that set by the administrator 

the color of the icon will change only after 3 synchronization periods (by default 15 minutes) with the interval not less than 3 minutes. To change the status quicker produce force synchronization of the Client and the Server – run the Synchronize command from the context menu of the client computer and click F5 to refresh the result in the Console. 

Parameters for the Critical and Warning statuses are configured separately from each other. But the conditions of the Critical status have a higher priority. I.e. if for a client computer conditions of both levels are executed, then the Critical status will be granted to the computer. Also there is no need for the same conditions for the Warning status give more time then for the Critical status. 

For example, if for the Critical status the value parameter Antivirus database has not been updated for a very long time, days number 1 is granted, and for the Warning status the same condition is with the default parameter – 7, then after the computer is given the Critical status, even if antivirus database is not updated during the next 5 days, computer will never get the Warning status. 

Brightness of the computer icon shows if the computer connects with the Administration Server or not. If the icon is not bright, then the Agent did not connect to the Server during the set time period. The default period is 60 minutes. This parameter can be changed in Server > Properties >the Settings tab > the Host visibility timeout, min field. 

AttentionIf 13000 UDP-port is open on the Administration Server, as soon as the computer is switched off the icon color becomes not bright irrespective of the parameter defined in the Host visibility timeout, min field. 

 
 
 
 
Did the provided info help you?
Yes No
 
 
 

Useful references

Why does the Administration Agent fail to connect the Administration Server?

Back to "Maintenance" section