Creating Kaspersky Security Center installation package with custom OVAL rules

This Help provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

To create Kaspersky Security Center installation package as a signed archive with OVAL rules:

  1. On the device, run a command line interpreter (for example, Command Prompt cmd.exe) with the permissions of the local administrator.
  2. Using the cd command, navigate to the folder where the ovaldbmgr.exe file is located.

    For example, you can type the following command cd "C:\Program Files (x86)\Kaspersky Lab\Endpoint Agent\Tools" and press Enter.

  3. Depending on the location of the certificate, run one of the following commands and press Enter:
    • If the signing certificate is located in System Storage Local Machine:

      ovaldbmgr.exe --make-package --command={replace|merge} --subject=<certificate name> --output=<full path> --source=<XML_folder> <full path to the file with OVAL rules>

    • If the signing certificate is located in the PFX container:

    ovaldbmgr.exe --make-package --command={replace|merge} --pfx=<full path to the PFX container> --pwd=<password to access the PFX container> --output=<full path> --source=<XML_folder> <full path to the file with OVAL rules>

    Command parameters for running and configuring Standard Security audit tasks

    Parameters

    Description

    --make-package

    Required parameter.

    Creates an archive with files.

    --command={replace|merge}

    Required parameter.

    The parameter defines the package deployment mode in Kaspersky Security Center.

    Available values:

    • replace – replace the repository
    • merge – merge with the existing repository

      If the parameter value is not specified, an error message is displayed.

    --pfx=<full path to the PFX container>

    Required parameter.

    The parameter defines the full path to the PFX container that contains the signing certificate.

    --pwd=<password to access the PFX container>

    Required parameter.

    The parameter defines the password to access the PFX container.

    --subject=<certificate name>

    Required parameter.

    The parameter defines the signing certificate. The parameter value is the unique name of the signing certificate. If a certificate that does not exist is specified, an error message is displayed.

    --output=<full path>

    Required parameter.

    The parameter defines the full path to the folder where a ZIP file with OVAL rules and a signing certificate must be created.

    --source=<XML_folder>

    Optional parameter.

    The parameter defines the full path to the folder with OVAL rules and contains the list of files with OVAL rules in the XML format. These rules must be used in Kaspersky Security Center package.

    To specify files with OVAL rules, do one of the following:

    • Specify only the value of the --source=<XML_folder> parameter.
    • Specify one or more <full path to the file with OVAL rules> values separated by a space.
    • Simultaneously specify the value of the --source=<XML_folder> parameter and one or more <full path to the file with OVAL rules> values separated by a space.

      If the --source=<XML_folder> parameter is not specified and no <full path to the file with OVAL rules> values are specified, the task will fail.

    <full path to the file with OVAL rules>

    The parameter defines the full path to the file with OVAL rules in the XML format. This file must be used in Kaspersky Security Center package. You can specify several file names separated by a space.

    To specify files with OVAL rules, do one of the following:

    • Specify only the value of the --source=<XML_folder> parameter.
    • Specify one or more <full path to the file with OVAL rules> values separated by a space.
    • Simultaneously specify the value of the --source=<XML_folder> parameter and one or more <full path to the file with OVAL rules> values separated by a space.

      If the --source=<XML_folder> parameter is not specified and no <full path to the file with OVAL rules> values are specified, the task will fail.

The command execution result is an archive named package.zip in the folder specified by the value of the --output=<full path> parameter. The archive contains the following files:

If the ZIP file is generated successfully, Kaspersky Endpoint Agent returns the thumbprint of the certificate used for signing the file with OVAL rules. The thumbprint must be specified in the Security audit task using Kaspersky Security Center web plug-in.

Page top