Administration Server connection protection

Connecting the computer to the Administration Server is achieved using the Network Agent component of Kaspersky Security Center. If an intruder has sufficient rights to modify server connection settings, a risk exists of connecting the computer to an untrusted server. This would allow the intruder to apply their own group policies and, for example, disable self-defense of the application. Kaspersky Endpoint Security can prevent unauthorized reconnection of a computer to a different server. To protect the server connection, the application suggests setting a password and using the Password-Based Key Derivation Function (PBKDF2). As a result, access to the application without a password is impossible.

To ensure comprehensive protection of Kaspersky Endpoint Security and Network Agent from unauthorized access, we recommend enabling additional protection. For Kaspersky Endpoint Security, we recommend enabling Password protection. To protect Network Agent, we recommend setting an uninstall password. For details about protecting Network Agent from removal, please refer to the Kaspersky Security Center Help.

Managing the connection of the computer to the Administration Server is achieved using the Administration Server connection protection task. The task lets you perform the following actions:

Authentication of the computer when connecting to the Administration Server

After setting a password, the application creates a data array using PBKDF2 transformation of the password. The application then encrypts this data array using the Network Agent key. The application uses the encrypted data array to check rights and privileges of the Administration Server for subsequent connections.

Subsequently, whenever an attempt is made to reconnect the computer to the Administration Server, the application decrypts the data array with the Network Agent key and compares it with the local copy. If they do not match, access to the application is restricted.

Administration Server connection protection

How to set a password for server connection protection in Administration Console (MMC)

How to set a password for server connection protection in Web Console and Cloud Console

Reconnecting the computer to a different Administration Server

Reconnecting the computer to a different Administration Server involves the following steps:

  1. In the console of the current [KSC1] server, run the Change Administration Server task for Network Agent.

    After running the task, the computer is reconnected to the new [KSC2] server.

    The computer will be displayed in the [KSC1] server console with the Critical Computer icon with a red screen. status. Configuring the application using policies or remotely running tasks on the computer is impossible.

  2. In the console of the new [KSC2] server, create a new Administration Server connection protection task for Kaspersky Endpoint Security. In task properties, enter the password of the previous server and set a password for the new server.

    How to set a new password for reconnecting to a new server in Administration Console (MMC)

    How to set a new password for reconnecting to a new server in Web Console and Cloud Console

    After completing the task, make sure that in the console of the new [KSC2] server, the computer has the OK Computer icon with a green screen. status. Test if you can run tasks remotely and configure the application using policies.

Resetting the Administration Server connection password

If you forgot your Administration Server connection password or the password is compromised, you can reset the password in task properties. You can also reset the password and set a new password for a group of computers with different Administration Server connection protection statuses. That is, if some computers have the protection enabled and some have it disabled, the task sets a password for all computers.

You can only reset the Administration Server connection password in the console of the trusted server to which the computer is connected.

How to reset the Administration Server connection password using the Administration Console (MMC)

How to reset the Administration Server connection password in Web Console and Cloud Console

As a result, the Administration Server connection password is reset after the task finishes.

Disabling Administration Server connection protection

You can only remotely disable Administration Server connection protection in the console of the trusted server to which the computer is connected. You can also disable the protection locally on the command line.

How to disable the server connection protection in Administration Console (MMC)

How to disable the server connection protection in Web Console and Cloud Console

How to disable the server connection protection on the command line

Page top