- About Kaspersky Security 9.0 for Microsoft Exchange Servers
- Application architecture
- Common application deployment procedures and scenarios
- Upgrading the application
- Installing, restoring, and removing the application
- Installing the application using the Setup Wizard
- Step 1. Checking for required software
- Step 2. Viewing information about the start of installation. Reading the End User License Agreement and the Privacy Policy
- Step 3. Selecting the installation type
- Step 4. Selecting application components and modules
- Step 5. Creating a database and configuring the application connection to the SQL server
- Step 6. Selecting an account for launching the Kaspersky Security service
- Step 7. Completing installation
- Initial setup of the application
- Step 1. Activating the application
- Step 2. Configuring the Microsoft Exchange server protection
- Step 3. Enabling the KSN service
- Step 4. Configuring the proxy server settings
- Step 5. Configuring notification delivery
- Step 6. Completing the configuration
- Application Activation window
- Protection settings window
- Use Kaspersky Security Network services window
- Proxy server settings window
- Notification settings window
- Configuration node
- Restoring the application
- Removing the application
- Installing the application using the Setup Wizard
- To administrator
- Role-based user access control for the application features and services
- Working with personal data of users
- Application licensing
- Licensing models. License restrictions
- About the End User License Agreement
- About the license certificate
- About the license
- About the key
- About the key file
- About the activation code
- About the subscription
- Special considerations of activating the application when using profiles
- Activating the application with a key for a Security Server
- Activating the application using an activation code
- About notifications related to the license
- Configuring the license expiry term notification
- Viewing information about installed keys
- Replacing a key
- Removing a key
- Licensing node
- Add License window
- Viewing the number of mailboxes
- Starting and stopping the application
- Default Microsoft Exchange Server protection
- <Microsoft Exchange Server name> node
- Viewing Microsoft Exchange Server protection status details
- Viewing information about the protection status of Microsoft Exchange servers of a single profile
- Server protection node
- Protection for the Mailbox role tab
- Protection for the Hub Transport role tab
- Advanced Anti-Virus settings tab
- About Kaspersky Security Network
- Participating in Kaspersky Security Network
- About Kaspersky Private Security Network
- Configuring the settings for connecting to Kaspersky Private Security Network
- Enabling and disabling the use of Kaspersky Security Network and Kaspersky Private Security Network in Anti-Spam
- Enabling and disabling the use of Kaspersky Security Network and Kaspersky Private Security Network in Anti-Virus
- Anti-virus protection
- Enabling and disabling anti-virus server protection
- Configuring anti-virus object processing: Anti-Virus for the Hub Transport role
- Configuring anti-virus processing of objects: Anti-Virus for the Mailbox role
- Configuring anti-virus scan exclusions
- Editing of the message regarding removal of an attachment by the Anti-Virus module
- How to prevent detainment when sending messages through the Anti-Virus module
- Types of attachment files window
- Names of attachment files window
- Protection against spam and phishing
- Enabling and disabling anti-spam protection of a server
- About anti-phishing scans
- Enabling and disabling message scanning for phishing
- Configuring spam and phishing scan settings
- Configuring additional settings of spam and phishing scans
- Configuring an increase in the spam rating of messages
- About additional services, features, and anti-spam technologies
- Using external anti-spam message scanning services
- About the white and black lists of email addresses
- Creating the white list of Anti-Spam addresses
- Creating the black list of Anti-Spam addresses
- White list record settings window
- Black list record settings window
- Informing Kaspersky of false alerts returned by Anti-Spam
- Improving the accuracy of spam detection on Microsoft Exchange 2013 servers
- About scanning outgoing mail for spam and phishing content
- Enabling and disabling the scanning of outgoing messages for spam and phishing content
- Configuring mailbox and public folder protection settings
- Background scan and on-demand scan
- Filtering of attachments
- Filtering messages of the same type
- Managing profiles
- Creating a profile
- Configuring Security Servers in a profile
- Specifics of managing profiles in a Microsoft Exchange database availability group
- Adding Security Servers to a profile
- Removing a Security Server from a profile
- Removing a profile
- Profiles node
- <Profile name> node
- Servers node
- <DAG name> node
- Create new profile window
- Add server to <Profile name> profile window (Step 1)
- Add server to <Profile name> profile window (Step 2)
- Rename existing profile window
- Updates
- About update centers
- About database updates in configurations with a DAG of Microsoft Exchange servers
- Updating databases manually
- Configuring scheduled application database updates
- Select update source
- Configuring the connection to the update source
- Configuring the proxy server settings
- Designating a server as an update center and configuring its settings
- Updates node
- Notifications
- Backup
- Viewing Backup objects
- Viewing the properties of objects in Backup
- Filtering the list of Backup objects
- Saving objects from Backup to disk
- Forwarding objects from Backup to their original recipients
- Forwarding of objects from Backup to other email addresses
- Deleting objects from Backup
- Configuring Backup settings
- Selecting Backup database for viewing its contents from the profile
- Database window
- Send object to Kaspersky window
- Backup node
- Reports
- Anti-Virus activity report for the Mailbox role
- Anti-Virus activity report for the Hub Transport role
- Report of Anti-Spam activity
- Generating a report manually
- Creating a report generation task
- Viewing the list of report generation tasks
- Editing the settings of a report generation task
- Starting a report generation task
- Deleting a report generation task
- Viewing a report
- Saving a report to disk
- Deleting a report
- Report generation settings window
- Task settings window
- Reports node
- Application logs
- Using Kaspersky Security in Windows PowerShell
- About Windows PowerShell commands
- Connecting the Kse.Powershell library
- Viewing the protection status of a Microsoft Exchange server
- Viewing the statistics of Anti-Virus and Attachment Filtering modules
- Viewing the statistics of the Anti-Spam module
- Viewing the white list of Anti-Spam addresses
- Viewing the black list of Anti-Spam addresses
- Adding addresses to the white list of Anti-Spam addresses
- Adding addresses to the black list of Anti-Spam addresses
- Deleting addresses from the white list of Anti-Spam addresses
- Deleting addresses from the black list of Anti-Spam addresses
- Synchronizing black / white lists of Anti-Spam addresses
- Working with a message signature decryption key
- Exporting and importing the application configuration
- Managing the application using the Kaspersky Security Center
- Installing the Kaspersky Security administration plug-in
- About application activation via Kaspersky Security Center
- Updating application databases via Kaspersky Security Center
- Kaspersky Security events in Kaspersky Security Center
- Viewing Microsoft Exchange Server protection status details
- Application operation statistics in Kaspersky Security Center
- Monitor the application's operation via System Center - Operations Manager
- Appendix. Script for sending spam for analysis
- Appendix. Network settings for interaction with external services
- Contacting the Technical Support Service
- Sources of information about the application
- Glossary
- Active key
- Additional key
- Anti-virus databases
- Background scan
- Backup
- Black list of key files
- Container object
- Disinfection
- Domain Name System Block List (DNSBL).
- Enforced Anti-Spam Updates Service
- File mask
- Formal message
- Infected object
- Kaspersky CompanyAccount
- Kaspersky Private Security Network
- Kaspersky Security Network (KSN).
- Kaspersky update servers
- License certificate
- License term
- Malicious URLs
- Managed device
- Management Console
- Mass mail
- Message deletion
- Object removal
- PCL rating
- Personal data
- Phishing
- Potential spam
- Probably infected object
- Profile
- Proxy server
- SCL rating
- Security Server
- Simple object
- Spam
- Spam URI Realtime Block Lists (SURBL)
- Storage scan
- Unknown virus
- Update
- Virus
- Information about third-party code
- Trademark notice
Role-based user access control for the application features and services
Kaspersky Security lets you use the following roles to restrict user access to application features and services:
- Roles of application users
Kaspersky Security 9.0 for Microsoft Exchange Servers lets you apply application user roles to manage shared user access to the application. Each role is assigned a set of available application functions, and a set of available nodes displayed in the Management Console tree.
A role is assigned to a user by adding the user account to an Active Directory group. A user can combine multiple roles. In this case, the user account must be added to the Active Directory groups that correspond to these roles. The user will be granted access rights in accordance with the roles assigned.
Applying changes made to Active Directory groups may take up to 10 minutes.
The table below shows the names and descriptions of roles, names of Active Directory groups corresponding to those roles, and a list of nodes, which are displayed in the Management Console for each role.
All available profiles for all user roles are displayed in the Management Console.
Roles of application users
Role
Description
Active Directory group
Nodes displayed in Management Console
Administrator
A specialist who performs general application administration tasks, such as configuring Anti-Virus and Anti-Spam settings, generating Anti-Virus and Anti-Spam operation reports, creating/deleting profiles, adding/deleting Security Servers from profiles, and configuring access to profiles. The To administrator section describes the administrator tasks and instructions on how to perform them.
Kse Administrators
Profiles
<Security Server name>
Server protection
Updates
Notifications
Backup
Reports
Settings
Licensing
Anti-Virus Security Officer
A specialist who has the rights to access the following application features: viewing the details of the protection status of Microsoft Exchange servers, retrieving reports on the operation of Anti-Virus, Anti-Spam, and Attachment Filtering, restricted access rights to features for management of Backup objects (except for object deletion), and access rights to all of the application settings but without the capability to edit them.
Kse AV Security Officers
Profiles
<Security Server name>
Server protection
Updates
Notifications
Backup
Reports
Settings
Licensing
Anti-Virus Security Operator
Specialist who has access rights to view the details of the protection status of Microsoft Exchange servers and to retrieve reports on the operation of Anti-Virus, Anti-Spam, and Content Filtering.
Kse AV Operators
Profiles
<Security Server name>
Reports
User groups in Active Directory are created automatically when the application is installed or upgraded to Kaspersky Security 9.0 for Microsoft Exchange Servers. Those groups can also be created manually before the application installation using standard Active Directory data management tools. Groups can be created in any domain of the organization. The type of groups is "Universal".
When Management Console is launched, the application checks which group includes the user account under which Management Console has been launched, and the user's role in the application is determined on the basis of this information.
The names of user account groups must remain unique within the Active Directory forest.
- Profile roles
A set of profile roles lets you manage user access to individual profiles. Each role is assigned a set of available application functions, and a set of available nodes displayed in the Management Console tree for the profile.
A role is assigned to users when configuring access to a specific profile. A user can have multiple roles and have access to multiple profiles.
The table below shows the profile roles and their descriptions, and a list of nodes that are displayed in the Management Console for each role within a profile.
Profile roles
Role
Description
Profile nodes displayed in the Management Console
Profile administrator
A specialist who performs general application administration tasks for a profile, such as configuring Anti-Virus and Anti-Spam settings or generating Anti-Virus and Anti-Spam operation reports.
Server protection
Updates
Notifications
Backup
Reports
Settings
Licensing
Servers
Profile Anti-Virus Security Officer
A specialist who has the rights to access the following application features within a profile: viewing the details of the protection status of Microsoft Exchange servers, retrieving reports on the operation of Anti-Virus, Anti-Spam, and Attachment Filtering, restricted access rights to features for management of Backup objects (except for object deletion), and access rights to all application settings but without the capability to modify them.
Server protection
Updates
Notifications
Backup
Reports
Settings
Licensing
Servers
Profile Anti-Virus Security Operator
A specialist who has access rights to view the details of the protection status of Microsoft Exchange servers and to retrieve reports on the operation of Anti-Virus, Anti-Spam, and Content Filtering within a profile.
Reports
Servers
When the Management Console is started, the application checks which profile role is assigned to the user account whose permissions were used to start the Management Console, and based on this information the application determines the user's rights to access profiles.
For correct operation of role-based restriction of user access to profiles, you must make sure that the users have not been added to the Kse Administrators, Kse AV Security Officers or Kse AV Operators groups in Active Directory. Otherwise, the users will have access to all existing profiles.
- System role
A system role will be held by the account on behalf of which the Kaspersky Security 9.0 for Microsoft Exchange Servers application service will be launched
The system role is assigned to the account that you selected during installation of the application. If you want to specify another account for starting the application service after the application has already been installed, you must assign the system role to it. The system role is assigned by adding a user account to the Kse Watchdog Service group in Active Directory.
Applying changes made to Active Directory groups may take up to 10 minutes.