Initial configuration settings in the Web Console

In Kaspersky Security Center Web Console, you can specify the initial configuration settings for Kaspersky Endpoint Security in the installation package properties on the Settings tab. The created installation packages are available in the main window of the Web Console in one of the following sections:

Device discovery and deployment → Deployment and assignment → Installation packages.
Operations → Repositories → Installation packages.

You can also specify initial configuration settings of the application in the configuration file that is included in the installation package.

Initial configuration settings

Setting	Description
Language of events in KSC	Select the localization language for application events sent to Kaspersky Security Center: System (default) to use the operating system locale. If the application cannot detect the locale of the operating system or this locale is not supported, English is used to localize events. One of the languages supported by Kaspersky Endpoint Security. The application uses the UTF-8 encoding. The locale of the graphical interface and the application command line is taken from the `LANG` environment variable. If the application does not support this localization, it defaults to the English localization.
Activate the application	Select this check box if you want to activate the application during installation. In the displayed field, enter the activation code. This check box is cleared by default. You can also activate the application after installation. This setting applies only if the application is used in Standard mode.
Update source	Select the update source for databases and application modules: Kaspersky update servers (default). Kaspersky Security Center. Other source in the local or global network. If you select this option, enter the address of the update source in the field that opens. Applicable only if the application is being used in standalone mode or in Endpoint Detection and Response Agent mode.
Run database update task after installation	If this check box is selected, after the application is installed, the databases and application modules update task starts. The check box is selected by default. Applicable only if the application is being used in standalone mode or in Endpoint Detection and Response Agent mode.
Specify the proxy server settings	Select this check box if you use a proxy server for internet access. In the displayed field, enter the proxy server address in one of the following formats: `<connection protocol>://<IP address of the proxy server>:<port number>` if the proxy server connection does not require authentication `<connection protocol>://<user name>:<password>@<IP address of the proxy server>:<port number>` if the proxy server connection requires authentication Connecting to a proxy server over HTTPS is not supported. Applicable only if the application is being used in standalone mode or in Endpoint Detection and Response Agent mode.
Install kernel source	If this check box is selected, starting File Threat Protection automatically starts the compilation of the kernel module on operating systems that do not support fanotify. The check box is selected by default.
Use the graphical user interface	Select this check box if you plan to install and use the application graphical interface. Files for installing the graphical interface must be added to the installation package. This check box is cleared by default. Applicable only if the application is being used in standalone mode or in Endpoint Detection and Response Agent mode.
Specify a user with the admin role	Select this check box to specify the user to which you want to assign the admin role. The Administrator role allows managing application settings and task settings in the graphical interface of the application and on the command line without using the `sudo` command. In the displayed field, enter the user name.
Configure SELinux automatically	If this check box is selected SELinux is automatically configured to work with Kaspersky Endpoint Security. The check box is selected by default.
Remove users from privileged groups	Select this check box to automatically remove users from the 'kesladmin' and 'keslaudit' privileged groups before installing the application. This check box is cleared by default. If the check box is selected and the 'nogroup' group does not exist, the installation fails and you are prompted to manually remove users from privileged groups.
Disable protection components and scan tasks when the application is started for the first time after installation	Select this check box if, after completing the installation process, you want to run the application with protection components and scan tasks disabled. An installation with protection components disabled can be convenient, for example, in order to reproduce a problem in the operation of the application and create a trace file. If you enable the necessary components and tasks, the enabled components and tasks will continue to work after the application is restarted.
Enable tracing when the application is started for the first time after installation	Select the check box if you want to create a trace file when the application is started for the first time after installation. To create a trace, a kesl_startup.log file is automatically created in the /var/log/kaspersky/kesl/ directory. The size limit for regular application trace files does not apply to this file. Tracing stops after five minutes or after the File Threat Protection task is started.
Application mode	Select a mode for the application. Standard mode to protect workstations and servers (default). If this option is selected, the application is used as a stand-alone application for protecting Linux workstations and servers. Endpoint Detection and Response Agent. If this option is selected, the application is used to support Kaspersky Detection and Response solutions working together with third-party anti-virus solutions on protected devices. Light Agent for protecting virtual environments. If this option is selected, the application is used in Light Agent mode for protecting virtual environments (as part of the Kaspersky Security for Virtualization Light Agent solution).
Enable VDI protection mode	Select this check box to enable VDI protection mode. This is recommended if you are installing the application on a virtual machine template that will be used to create temporary virtual machines. This check box is cleared by default. The setting is applied only if the application is used in Light Agent mode.
The protected virtual machine is used as a server	The role of the virtual machine on which the application will be installed: server or workstation. By default, this check box is selected (the virtual machine is used in the virtual infrastructure as a server). The setting is applied only if the application is used in Light Agent mode.
Interception mechanism	Select the system event interception mechanism to be used by the application: Fanotify technology (default). If this option is selected, the application uses fanotify to intercept system events. Updatable kernel module. If this option is selected, an updatable kernel module is installed during application installation. The application uses this module to intercept system events. This setting is applied only on devices running an operating system that supports the fanotify technology.
If the updatable kernel module fails to start	Select the action the application performs if the updatable kernel module fails to start: Use fanotify (default). If this option is selected, the application switches to fanotify for system event interception. Disable system event interception If the application does not use system event interception, real-time file scanning is not performed, and the protection level of the device is reduced. This option is available if the Updatable kernel module interception mechanism is selected. This setting is applied only on devices running an operating system that supports the fanotify technology.

Page top