Kaspersky Endpoint Security 11.7.0 now includes the Kaspersky Sandbox component. The component enables interoperability with the Kaspersky Sandbox solution. The Kaspersky Sandbox solution detects and automatically blocks advanced threats on computers. Kaspersky Sandbox analyzes object behavior to detect malicious activity and activity characteristic of targeted attacks on the IT infrastructure of the organization. Kaspersky Sandbox analyzes and scans objects on special servers with deployed virtual images of Microsoft Windows operating systems (Kaspersky Sandbox servers). For details about the solution, refer to the Kaspersky Sandbox Help. |
When interacting with Kaspersky Sandbox, the application lets you:
Kaspersky Sandbox requires Kaspersky Security Center version 13.2. Earlier versions of Kaspersky Security Center do not allow the creation of standalone IOC Scan tasks for threat response.
The component can be managed only using the Web Console. You cannot manage this component using the Administration Console (MMC).
Integration with Kaspersky Sandbox
Integration with Kaspersky Sandbox involves the following steps:
You can select the Kaspersky Sandbox component during installation or upgrade, as well as using the Change application components task.
Following the Change application components task execution, the status of the task is displayed incorrectly. Instead of Completed successfully, the task has the Scheduled status. However, the task can still be completed successfully. Make sure that the new component is installed in the computer properties of the Kaspersky Security Center console (Applications → Kaspersky Endpoint Security for Windows → Components) or in the local application interface.
To configure a trusted connection with Kaspersky Sandbox servers, you must prepare a TLS certificate. Next you must add the certificate to Kaspersky Sandbox servers and the Kaspersky Endpoint Security policy. For details on preparing the certificate and adding the certificate to servers, refer to the Kaspersky Sandbox Help.
How to add a TLS certificate using Web Console
You can also add a TLS certificate to the computer locally using the command line.
You can enable or disable the component in Kaspersky Endpoint Security for Windows policy settings.
To use the component, the following conditions must be met:
How to enable or disable Kaspersky Sandbox using Web Console
You can also enable or disable Kaspersky Sandbox locally using the command line.
As a result, the Kaspersky Sandbox component is enabled. Check the operating status of the component by viewing the Application components status report. You can also view the operating status of a component in reports in the local interface of Kaspersky Endpoint Security. The Kaspersky Sandbox component is added to the list of Kaspersky Endpoint Security components.
To connect computers to Kaspersky Sandbox servers with virtual images of operating systems, you must enter a server address and a port. For details about deploying virtual images and configuring Kaspersky Sandbox servers, refer to the Kaspersky Sandbox Help.
How to connect computers to Kaspersky Sandbox servers using Web Console
For Kaspersky Sandbox to work with Administration Server via Kaspersky Security Center Web Console, you must establish a new secure connection, a background connection. For details about the integration of Kaspersky Security Center with other Kaspersky solutions, refer to the Kaspersky Security Center Help.
Establishing a background connection in Web Console
If a background connection between Kaspersky Security Center Web Console and Administration Server is not established, stand-alone IOC scan tasks cannot be created as part of Threat Response.
To use all the features of Kaspersky Sandbox, make sure quarantine file data transfer is enabled. The data are required to obtain information about files quarantined on a computer through Web Console. For example, you can download a file from quarantine for analysis in Web Console.
How to enable data transfer to the Administration Server in Web Console
Migration from Kaspersky Endpoint Agent to Kaspersky Endpoint Security for Windows
If you are using Kaspersky Endpoint Security 11.7.0 or newer with the Kaspersky Sandbox component installed, interoperability with the Kaspersky Sandbox solution is available immediately after installation. The Kaspersky Sandbox component is not compatible with Kaspersky Endpoint Agent. If Kaspersky Endpoint Agent is installed on the computer, when Kaspersky Endpoint Security is updated to version 11.7.0, Kaspersky Sandbox continues working with Kaspersky Endpoint Security. In addition, Kaspersky Endpoint Agent will be removed from the computer. To complete migration from Kaspersky Endpoint Agent to Kaspersky Endpoint Security for Windows, you need to transfer policy and task settings using the Migration Wizard.
If you are using Kaspersky Endpoint Security 11.4.0–11.6.0 for interoperability with Kaspersky Sandbox, the application includes Kaspersky Endpoint Agent. You can install Kaspersky Endpoint Agent side-by-side with Kaspersky Endpoint Security.
The Kaspersky Sandbox component that is part of Kaspersky Endpoint Security supports interoperability with Kaspersky Sandbox solution 2.0. Kaspersky Sandbox solution 1.0 is not supported.
Page top