Concerning to Kaspersky Administration Kit 6.0 MP1
Kaspersky Administration Kit gives the possibility to control virus activity on client computers in the logical network with the help of the Virus outbreak event which is registered in the work of the logical network. This function is vital during the virus outbreak periods and allows reacting in time to the appearing threats of virus attacks.
The Virus outbreak event is formed based on the events Virus detected and Detection of viruses, worms, Trojans, hack tools in the work of the anti-virus applications. In order to recognize virus outbreak all information about these events should be saved on the Administration Server. In order to do it, the corresponding parameters should be set in the policy of all anti-virus applications: go to policy > the Events tab – choose the event Virus detected or Detection of viruses, worms, Trojans, hack tools > click the Properties button > in the open window check On Administration Server for (days).
Criteria on which the Virus outbreak events are registered are set in the Administration Server properties (or in the Administration Server policy) on the Virus outbreak tab.
An event can be registered for several application types. Forming this event for one application group does not influence forming this event for another group.
- Antivirus for workstations and file servers:
- Kaspersky Anti-Virus 5.0 for Windows Workstations
- Kaspersky Anti-Virus SOS 5.0
- Kaspersky Anti-Virus SOS 6.0
- Kaspersky Anti-Virus 5.0 for Windows File Servers
- Kaspersky Anti-Virus 6.0 for Windows Workstations
- Kaspersky Anti-Virus Mobile 6.0 Enterprise Edition
- Kaspersky Anti-Virus 6.0 for Windows Servers
- Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition
- Kaspersky Anti-Virus 5.7 for Novell NetWare
- Kaspersky Anti-Virus 5.7 for Linux Workstations and File Servers
- Perimeter defense antivirus
- Kaspersky Anti-Virus 5.6 for ISA Server 2000 Enterprise Edition
- Mail system antivirus
- Kaspersky Anti-Virus 5.5 for Microsoft Exchange Server 2000/2003
- Kaspersky Security 5.5 for Microsoft Exchange Server 2003
In order to enable the mechanism to detect a virus outbreak check the necessary application types and set the virus activity threshold whose excess will be recognized as the Virus outbreak event:
- in the Viruses field – set the number of viruses detected by the application in the logical network;
- in the In (min) field – set a time interval within a defined number of viruses is detected.
The generation frequency of the Virus outbreak event depends on the defined criteria to form this event – if the event should be generated when 5 events of virus detection within an hour are detected, correspondingly the event will be created not more often than once an hour.
Notification parameters of the Virus outbreak event can be set on the Administration Server in the event properties on the Events tab.
Automatic change of the current application policy can be set as a reaction to the virus outbreak event. For it in the policy settings > on the General tab > check Activate policy based on the event > in the drop-down menu select Virus outbreak.
When computing the events Virus detected and Detection of viruses, worms, Trojans, hack tools, information from client computers of the master Administration Server is considered only. For each slave Server the Virus outbreak event is set individually.