Adding Kaspersky Sandbox servers to Kaspersky Endpoint Agent list

This Help provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

If you use Nginx as a proxy server between a device with Kaspersky Endpoint Agent installed and Kaspersky Sandbox server, configure the client_max_body_size setting. The value of the client_max_body_size setting must be equal to the maximum size of the object sent by Kaspersky Endpoint Agent to Kaspersky Sandbox for processing. Otherwise, Nginx will not send the objects whose size exceeds the specified value. The default value is 1 MB.

If you enabled the integration with Kaspersky Sandbox, you can add Kaspersky Sandbox servers to Kaspersky Endpoint Agent list. You can add several Kaspersky Sandbox servers.

Within the same policy, it is recommended to add servers that are part of the same cluster. If servers belong to different clusters, the outcome is unpredictable.

All servers in the cluster are peers regardless of which server was used as the base for creating the cluster. Processing the same object on any server in the cluster will yield the same result.

Kaspersky Sandbox balances load among the servers. Objects that Kaspersky Endpoint Agent sends for processing to Kaspersky Sandbox are processed on the least busy server.

To make Kaspersky Sandbox cluster process objects from Kaspersky Endpoint Agent, add to Kaspersky Endpoint Agent at least one server that is part of the cluster during the integration of Kaspersky Endpoint Agent with Kaspersky Sandbox.

The list of Kaspersky Sandbox servers of Kaspersky Endpoint Agent displays only the servers that you added to this list. Nevertheless, objects can be processed by any server in the cluster thanks to load balancing. The current list of servers in the cluster is displayed in the web interface of Kaspersky Sandbox.

It is recommended to add all servers of the cluster to Kaspersky Endpoint Agent.

Kaspersky Endpoint Agent can connect to a different Kaspersky Sandbox server in the list if one of the following errors occurs:

• Kaspersky Sandbox response timeout (connection timeout).
• Kaspersky Sandbox unavailable (error code 503 or 504).
• Self-diagnosis problem other than a license problem (error code 500).

When removing a server from the cluster, the following object processing scenarios are possible:

• If there is at least one server from this cluster with a valid IP address or fully qualified domain name (FQDN) in the list of Kaspersky Sandbox servers of Kaspersky Endpoint Agent, Kaspersky Sandbox continues to process objects from Kaspersky Endpoint Agent.
• If no servers from this cluster remain in the list of Kaspersky Sandbox servers of Kaspersky Endpoint Agent, or if IP addresses or fully qualified domain name of cluster servers are not valid, Kaspersky Sandbox cannot receive and process objects from Kaspersky Endpoint Agent.

  For correct processing of objects, at least one server from Kaspersky Sandbox cluster must be added to Kaspersky Endpoint Agent.

To add Kaspersky Sandbox servers to Kaspersky Endpoint Agent list:

1. Open Kaspersky Security Center Administration Console.
2. In the console tree, open the Policies folder.
3. Select Kaspersky Endpoint Agent policy and open its properties window in one of the following ways:
   • Double-click the policy name.
   • Select Properties in the policy context menu.
   • Select the Configure policy settings item in the right part of the window.
4. In the Kaspersky Sandbox integration section select the Kaspersky Sandbox integration settings subsection.
5. In the Kaspersky Sandbox integration settings group of settings, enable the Enable Kaspersky Sandbox integration setting.
6. In the Kaspersky Sandbox integration settings group of settings, enable or disable the Connect using the proxy server if specified in the general settings option.

   This option is disabled by default. The application connects to Kaspersky Sandbox only directly and does not use the general proxy server connection settings. You can enable this option if you want the application to use the general proxy server connection settings when connecting to Kaspersky Sandbox server.

7. In the List of Kaspersky Sandbox servers group of settings, click Add.

   The Server properties window opens.

8. Enter the IP address or fully qualified domain name of Kaspersky Sandbox server and the port used for connecting to the server.
9. Click Add.

   The added server is listed in the server table.

10. Repeat the steps to add each Kaspersky Sandbox server to the list.
11. In the upper right corner of the settings group, change the switch from Unaffected by policy to Under policy.
12. Click OK.

Kaspersky Sandbox servers are added to Kaspersky Endpoint Agent list.

See also Enabling and disabling integration with Kaspersky Sandbox Configuring trusted connection between Kaspersky Sandbox and Kaspersky Endpoint Agent Configuring the response timeout of Kaspersky Sandbox and request queue settings Configuring Threat Response actions of Kaspersky Endpoint Agent to respond to threats detected by Kaspersky Sandbox

Page top