Adding Kaspersky Sandbox servers to Kaspersky Endpoint Agent list

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

If you use Nginx as a proxy server between a device with Kaspersky Endpoint Agent installed and Kaspersky Sandbox server, configure the client_max_body_size setting. The value of the client_max_body_size setting must be equal to the maximum size of the object sent by Kaspersky Endpoint Agent to Kaspersky Sandbox for processing. Otherwise, Nginx will not send objects whose size exceeds the specified value. The default value is 1 MB.

If you enabled the integration with Kaspersky Sandbox, you can add Kaspersky Sandbox servers to Kaspersky Endpoint Agent's list. You can add several Kaspersky Sandbox servers.

It is recommended to add servers that are part of the same cluster to the same policy. If servers belong to different clusters, the results will be unpredictable.

All servers in the cluster are peers regardless of which server was used as the base for creating the cluster. Processing the same object on any server in the cluster will yield the same result.

Kaspersky Sandbox balances the load across the servers. Objects that Kaspersky Endpoint Agent sends for processing to Kaspersky Sandbox are processed on the least busy server.

To make the Kaspersky Sandbox cluster process objects from Kaspersky Endpoint Agent, add to Kaspersky Endpoint Agent at least one server that is part of the cluster while integrating Kaspersky Endpoint Agent with Kaspersky Sandbox.

The list of Kaspersky Sandbox servers of Kaspersky Endpoint Agent displays only the servers that you added to this list. Nevertheless, objects can be processed by any server in the cluster thanks to load balancing. The current list of servers in the cluster is displayed in the web interface of Kaspersky Sandbox.

It is recommended to add all servers of the cluster to Kaspersky Endpoint Agent.

Kaspersky Endpoint Agent can connect to a different Kaspersky Sandbox server in the list if one of the following errors occurs:

• Kaspersky Sandbox response timeout (connection timeout).
• Kaspersky Sandbox unavailable (error code 503 or 504).
• Self-diagnosis problem other than a license problem (error code 500).

When removing a server from the cluster, the following object processing scenarios are possible:

• If there is at least one server from this cluster with a valid IP address or fully qualified domain name (FQDN) in the list of Kaspersky Sandbox servers of Kaspersky Endpoint Agent, Kaspersky Sandbox continues to process objects from Kaspersky Endpoint Agent.
• If no servers from this cluster remain in the list of Kaspersky Sandbox servers of Kaspersky Endpoint Agent, or if IP addresses or fully qualified domain names of cluster servers are not valid, Kaspersky Sandbox cannot receive and process objects from Kaspersky Endpoint Agent.

  For the correct processing of objects, at least one server from Kaspersky Sandbox cluster must be added to Kaspersky Endpoint Agent.

To add Kaspersky Sandbox servers to the Kaspersky Endpoint Agent list:

1. Open Kaspersky Security Center Administration Console.
2. In the console tree, open the Policies folder.
3. Select Kaspersky Endpoint Agent policy and open its properties window in one of the following ways:
   • Double-click the policy name.
   • Select Properties in the policy context menu.
   • Select the Configure policy settings item in the right part of the window.
4. In the Kaspersky Sandbox integration section select the Kaspersky Sandbox integration settings subsection.
5. In the Kaspersky Sandbox integration settings group of settings, enable the Enable Kaspersky Sandbox integration setting.
6. In the Kaspersky Sandbox integration settings group of settings, enable or disable the Connect through a proxy server if specified in the general settings option.

   This option is disabled by default. The application only connects to Kaspersky Sandbox directly and does not use the general proxy server connection settings. You can enable this option if you want the application to use the general proxy server connection settings when connecting to Kaspersky Sandbox server.

7. In the List of Kaspersky Sandbox servers group of settings, click Add.

   The Server properties window will open.

8. Enter the IP address or fully qualified domain name of the Kaspersky Sandbox server and the port used to connect to the server.
9. Click Add.

   The added server will be listed in the server table.

10. Repeat the steps to add each Kaspersky Sandbox server to the list.
11. In the upper right corner of the settings group, change the switch from Policy not enforced to Under policy.
12. Click OK.

Kaspersky Sandbox servers have been added to the Kaspersky Endpoint Agent list.

See also Enabling and disabling integration with Kaspersky Sandbox Configuring trusted connection between Kaspersky Sandbox and Kaspersky Endpoint Agent Configuring the response timeout of Kaspersky Sandbox and request queue settings Configuring Threat Response actions of Kaspersky Endpoint Agent to respond to threats detected by Kaspersky Sandbox

Page top