Adding Kaspersky Sandbox servers to the Kaspersky Endpoint Security list

If you have enabled the integration with Kaspersky Sandbox, you must add Kaspersky Sandbox servers to the Kaspersky Endpoint Security list. Servers added to the list receive objects for processing from Kaspersky Endpoint Security.

If you want objects sent for processing by Kaspersky Endpoint Security to be received by a cluster of Kaspersky Sandbox servers, you must add at least one Kaspersky Sandbox server from the cluster to the Kaspersky Endpoint Security list. It is recommended to add all servers of the cluster to the Kaspersky Endpoint Security list.

If Kaspersky Sandbox servers are combined into a cluster, within one policy the list should only include servers that are part of the same cluster. If servers belong to different clusters, the outcome is unpredictable.

All servers in the cluster are peers regardless of which server was used as the base for creating the cluster. When a server in the cluster processes an object, information about the result of processing is saved on all servers in the cluster.

The Kaspersky Sandbox application balances load among the servers. When integrating with Kaspersky Endpoint Security, objects that Kaspersky Endpoint Security sends for processing to Kaspersky Sandbox are processed on the least busy server.

Kaspersky Endpoint Security's list of Kaspersky Sandbox servers only displays the servers that you have added to the list. Nevertheless, objects can be processed by any server in the cluster thanks to load balancing. The current list of servers in the cluster is displayed in the web interface of Kaspersky Sandbox.

Kaspersky Endpoint Security can connect to a different Kaspersky Sandbox server in the list if one of the following errors occurs:

• Kaspersky Sandbox response timeout (connection timeout).
• Kaspersky Sandbox unavailable (error code 503 or 504).
• Self-diagnosis problem other than a license problem (error code 500).

When you delete a server from a cluster, the following object processing scenarios are possible:

• If there is still at least one server from the cluster with a current IP address or FQDN in the list of Kaspersky Sandbox servers in Kaspersky Endpoint Security, Kaspersky Sandbox continues to process objects from Kaspersky Endpoint Security.
• If no servers from the cluster remain in the list of Kaspersky Sandbox servers in Kaspersky Endpoint Security, or if IP addresses or FQDNs of cluster servers are not current, Kaspersky Sandbox cannot receive and process objects from Kaspersky Endpoint Security.

To add Kaspersky Sandbox servers to the Kaspersky Endpoint Security list:

1. In the main window of Web Console, select the Devices → Policies & profiles section.
2. Click the name of the Kaspersky Endpoint Security policy.

   This opens the policy properties window.

3. Select the Application settings tab.
4. Go to the Detection and Response → Kaspersky Sandbox section.
5. Under Kaspersky Sandbox servers, click Add.
6. This opens a window; in this window, enter the address of the Kaspersky Sandbox server (IPv4, IPv6, DNS) and the port to be used for connecting to the server.
7. Save your changes.
8. Repeat the steps to add each Kaspersky Sandbox server to the list.

Kaspersky Sandbox servers are added to the Kaspersky Endpoint Security list.