Concerning to Kaspersky Administration Kit 6.0 MP1
Any computer added to an administration group has its status in the logical network - OK/ Warning / Critical. Depending on the computer status the color of the icon next to the computer name changes. Except color the icon of a client computer can change its brightness.
The color of a computer icon may be the following;
- - the OK status.
- - the Warning status.
- - the Critical status.
On the Computer status tab of the group properties to which the computer is assigned conditions are defined on which the computer is granted the Warning or Critical status. If no condition is carried out the computer is granted the OK status.
The Inherit parameter is checked by default for nested groups. It means the conditions to grant statuses are inherited from a parent group. But the administrator can regulate the conditions by checking /uncheking checkboxes and values of some parameters at which these conditions are executed.
To configure or change the parameters, uncheck the Inherit box, highlight the necessary condition and from its context menu run the Change command. In the open window you can change the value of the parameter under which it will be executed.
Let's view the possible conditions for the Warning and Critical statuses. Some of them are configured by default:
The Critical status:
- Anti-virus application is not installed (enabled by default).
- Too many viruses detected – number of viruses detected on the client's device, when this number is exceeded then the computer status changes to Critical. The entered value may vary from 0 to 32767. The viruses are counted based on the events that get on the Administration Server. The setting to save the events in the Server database can be configured in the policy of the anti-virus application on the Events tab.
- Real-time protection level differs from that set by the administrator – this condition “works” if the real-time protection level set on the computer differs from running.
This condition should be used to grant the computer either Critical or Warning status only if the user has the right to change real-time protection settings. I.e. real-time protection settings are not locked and can be modified.
Pay attention for different versions of Kaspersky Anti-Virus for Windows Workstations/ File Servers real-time protection statuses are different. That is why when choosing the Real-time protection level differs from that set by the administrator parameter take into consideration the list of statuses which real-time protection can take.
If administrator wants to use Real-time protection level differs from that set by the administrator in work, then client computers with anti-virus applications of different versions (5.0 and 6.0) should be assigned to different groups.
The Warning status:
Anti-virus application is not installed (enabled by default).
Too many viruses detected (see above).
Real-time protection level differs from that set by the administrator (see above).
Full computer scan has not been performed for a very long time, days (enabled by default with the 7 days value).
Antivirus database is outdated (enabled by default with the 7 days value)
Host has not connected to Administration Server for a very long (enabled by default with the 7 days value)
If the following conditions are fulfilled:
- Real-time protection not running
- Application not running
- Real-time protection level differs from that set by the administrator
the color of the icon will change only after 3 synchronization periods (by default 15 minutes) with the interval not less than 3 minutes. To change the status quicker produce force synchronization of the Client and the Server – run the Synchronize command from the context menu of the client computer and click F5 to refresh the result in the Console.
Parameters for the Critical and Warning statuses are configured separately from each other. But the conditions of the Critical status have a higher priority. I.e. if for a client computer conditions of both levels are executed, then the Critical status will be granted to the computer. Also there is no need for the same conditions for the Warning status give more time then for the Critical status.
For example, if for the Critical status the value parameter Antivirus database has not been updated for a very long time, days number 1 is granted, and for the Warning status the same condition is with the default parameter – 7, then after the computer is given the Critical status, even if antivirus database is not updated during the next 5 days, computer will never get the Warning status.
Brightness of the computer icon shows if the computer connects with the Administration Server or not. If the icon is not bright, then the Agent did not connect to the Server during the set time period. The default period is 60 minutes. This parameter can be changed in Server > Properties >the Settings tab > the Host visibility timeout, min field.
If 13000 UDP-port is open on the Administration Server, as soon as the computer is switched off the icon color becomes not bright irrespective of the parameter defined in the Host visibility timeout, min field.