Creating a policy using the Administration Console
To create a policy in the Administration Console:
In the Administration Console tree, in the Managed devices folder, select the administration group containing the devices to which the policy should be applied.
You can view the list of devices that are part of an administration group on the Devices tab of the folder with the name of this administration group.
In the workspace, select the Policies tab.
Click the New policy button to start the New policy wizard.
You can also start the Wizard by clicking the Create → Policy item in the context menu in the list of policies.
In the first step of the Wizard, select Kaspersky Endpoint Security 12.1 for Linux from the list.
Proceed to the next step of the wizard.
Enter a name for the new policy.
To use the settings from the previous version of Kaspersky Endpoint Security policy in the policy being created, select the Use policy settings for the earlier application version check box.
Proceed to the next step of the wizard.
Decide whether you want to use Kaspersky Security Network. Carefully read the Kaspersky Security Network Statement and do one of the following:
If you agree with all the terms and conditions of the Statement and want the application to use Kaspersky Security Network, select I confirm that I have fully read, understand, and accept the terms and conditions of Kaspersky Security Network Statement.
If you do not want to use Kaspersky Security Network, select I do not accept the terms and conditions of the Kaspersky Security Network Statement and confirm your decision in the window that opens.
Refusal to use Kaspersky Security Network does not interrupt the policy creation process. At any time, you can enable or disable use of Kaspersky Security Network or change the KSN mode for managed devices in the policy settings.
Proceed to the next step of the wizard.
Specify the Kaspersky Endpoint Security usage mode:
Standard mode to protect workstations and servers – the application is used to protect devices running Linux operating systems.
Light Agent mode for protecting virtual environments – as part of the Kaspersky Security for Virtualization Light Agent solution, the application is used to protect virtual machines running Linux guest operating systems.
Proceed to the next step of the wizard.
If you are using the application in Light Agent mode to protect virtual environments, configure the SVM discovery settings:
Select the method that Light Agents use to discover SVMs available for connection.
If this option is selected, you can specify a list of SVMs that Light Agents managed by this policy can connect to. Light agents will only connect to SVMs specified in the list.
If you select the Use a custom list of SVM addresses option, the Light Agent is using the advanced SVM selection algorithm, and large infrastructure protection mode is enabled on an SVM (for more information, see the Kaspersky Security for Virtualization Light Agent Help), then connecting a Light Agent to this SVM is only possible if the SVM path is ignored. In the SVM selection algorithm section, you need to set the SVM path setting to Ignore SVM path. If any other value is set, Light Agents will not be able to connect to the SVM.
If you select Integration Server, the wizard displays the current settings for connecting Light Agents to the Integration Server: address and port for connecting. If necessary, specify new connection settings:
Click the Edit button and specify new connection settings in the window that opens:
IP address in IPv4 format or fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
If the device on which Kaspersky Security Center Administration Console is installed is part of a domain, the field indicates the domain name of this device by default.
If the device on which the Kaspersky Security Center Administration Console is installed is not part of a domain or the Integration Server is installed on another device, the field must be filled in manually.
If a NetBIOS name, "localhost", or 127.0.0.1 is specified as the address, the connection to the Integration Server fails with an error.
If the device hosting the Kaspersky Security Center Administration Console does not belong to a domain or your account does not belong to the KLAdmins local or domain group or to the local administrator group, the Integration Server administrator account is used for authentication on the Integration Server.
In the window that opens, enter the password of the Integration Server administrator (password of the admin account) and click the OK button.
The MMC plug-in checks the SSL certificate received from the Integration Server. If the certificate contains an error or is not trusted, the Verify Integration Server certificate window opens. You can click the link in the window to view the details of the received certificate.
If you encounter problems with an SSL certificate, we recommend to make sure that the data transmission channel you are using is secure.
To continue connecting to the Integration Server, click the Ignore button. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed.
If you select a manually defined list of SVM addresses, the window displays a list of SVMs that Light Agents managed by this policy can connect to. To add an SVM to the list, click the Add button and, in the window that opens, specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the SVM. You can enter multiple IP addresses or FQDNs of SVMs on a new line.
Specify only fully qualified domain names (FQDNs) that map to a single IP address. Using a fully qualified domain name that corresponds to multiple IP addresses can lead to errors in the application.
You can delete addresses selected in the list by clicking the Delete button.
The created policy is displayed in the list of policies of the administration group on the Policies tab and in the Policies folder of the console tree.
You can change the policy settings later. For general information about managing policies, refer to the Kaspersky Security Center Help system.