Creating a Kaspersky Security Center installation package with custom OVAL or XCCDF rules

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

To create a Kaspersky Security Center installation package with OVAL or XCCDF rules as a signed archive:

On the device, run a command line interpreter (for example, Command Prompt cmd.exe) with the permissions of the local administrator.
Using the cd command, navigate to the folder where the ovaldbmgr.exe file is located.
For example: cd "C:\Program Files (x86)\Kaspersky Lab\Endpoint Agent\Tools"
Press Enter.
Depending on the location of the certificate, run one of the following commands and press Enter:
- If the signing certificate is located in System Storage Local Machine:
  ovaldbmgr.exe --make-package --command={replace|merge} --subject=<certificate name> --output=<full path> --source=<full path> <full path to the file with OVAL or XCCDF rules>
- If the signing certificate is located in the PFX container:
  ovaldbmgr.exe --make-package --command={replace|merge} --pfx=<full path to the PFX container> --pwd=<password to access the PFX container> --output=<full path> --source=<full path> <full path to the file with OVAL or XCCDF rules>

Press Enter.

Command parameters for creating a Kaspersky Security Center installation package

Parameters	Description
`--make-package`	Required parameter. Creates an archive with files.
`--command={replace\|merge}`	Required parameter. This parameter defines the package deployment mode in Kaspersky Security Center. Available values: `replace` – replace the installation package in Kaspersky Security Center repository with the one being created. `merge` – merge the installation package being created with the one that already exists in the Kaspersky Security Center repository. If the parameter value is not specified, the task ends with an error.
`--pfx=<full path to the PFX container>`	Required parameter. This parameter defines the full path to the PFX container that contains the signature certificate.
`--pwd=<password to access the PFX container>`	Required parameter. This parameter defines the password to access the PFX container.
`--subject=<certificate name>`	Required parameter. This parameter passes the name of the certificate for signing. If the name of a non-existent certificate for signing is specified, the command ends with an error.
`--output=<full path>`	Required parameter. This parameter specifies the full path to the folder where the installation package will be created as a result of running the command.
`--source=<full path>`	This parameter specifies the full path to the folder that contains the folder with OVAL and XCCDF rules that you want to include in the Kaspersky Security Center package.
`<full path to the file with OVAL or XCCDF rules>`	This parameter defines the full path to the files with OVAL or XCCDF rules in XML format that you want to include in the Kaspersky Security Center package. OVAL and XCCDF rules must be saved in UTF-8 without BOM. The file with OVAL or XCCDF rules must be located in a folder inside another folder. For example: C:\Users\UserName\Desktop\folder\subfolder\OvalRules.xml You can specify several parameter values separated by spaces. To specify files with OVAL or XCCDF rules, select one of the following options: Specify only the value of the `--source=<full path>` parameter. Specify one or more `<full path to OVAL or XCCDF rules>` values separated by spaces. Simultaneously specify the value of the `--source=<full path>` parameter and one or more `<full path to the file with OVAL or XCCDF rules>` values separated by spaces. If no `<full path to the file with OVAL or XCCDF rules>` value is specified and the `--source=<full path>` parameter is omitted, the task ends with an error.

As a result of running the command, Kaspersky Endpoint Agent creates:

An archive named package.zip in the folder specified by the value of --output=<full path> parameter. The archive contains the following files:
- One or more ZIP files for each of the custom files with OVAL or XCCDF rules. Each archive contains one XML file with rules as well as the signature file for that XML file.
- The ovaldbmgr.kud file for deploying the Kaspersky Security Center package.
- The ovaldbmgr.exe deployment utility.
Signature thumbprint used to sign the package.zip archive.
You can specify the thumbprint in the Security Audit task settings using the custom rule database from the Kaspersky Security Center repository as the rule source.