Configuring Kaspersky Sandbox device status display in KSC
Kaspersky Security Center displays devices for which integration is configured in managed device groups. Health status of these devices is displayed on the dashboard. If problems are encountered with these devices, Kaspersky Security Center displays the Critical or Warning status to alert the administrator.
To display the status of Kaspersky Sandbox devices in KSC correctly, place Kaspersky Sandbox servers into a separate managed device groups.
To configure Kaspersky Sandbox device status display in KSC:
Open the Kaspersky Security Center Administration Console.
In the console tree, select the Managed devices folder, and the subfolder with the new device group in which you have placed the Kaspersky Sandbox server.
In the upper right corner of the workspace, click Group properties to open the Kaspersky Sandbox device group property window.
Select the Device status section.
The status of all devices in the Kaspersky Sandbox device group that have no problems (Device status defined by the application, License expired, License expires soon, and Databases are outdated) changes to OK/Visible on the network.
Under Set to Critical if these are specified and Set to Warning if these are specified, clear the Inherit check box and и clear the following check boxes that are selected by default for standard workstations managed through the KSC (for details about devise statuses, see Kaspersky Security Center Help):
Security application is not installed. Network Agent is installed on the device but the security application is not installed.
Too many viruses detected. A virus scanning task, for example, the Virus scan task, has found viruses on the device, and the number of viruses is above the specified value.
Real-time protection level differs from the level set by the Administrator. The device is visible on the network, but the real-time protection level differs from the level set by the administrator in the status device condition.
Virus scan has not been performed in a long time. The device is visible on the network, and the security application is installed on the device, but the virus scan task has not been performed for more than the specified time. This condition applies only to devices that were added to the Administration Server database 7 or more days ago.
Active threats are detected. The number of unprocessed files objects in the Unprocessed files folder exceeds the specified value.
Restart is required. The device is visible on the network, but the application has been waiting for a device restart for more than the specified time because of one of selected reasons.
Incompatible applications are installed. The device is visible on the network, but an inventory of application software performed by the Network Agent has detected incompatible installed applications.
Software vulnerabilities have been detected. The device is visible on the network and the Network Agent is installed but the Find vulnerabilities and required updates task has scanned the device and detected software vulnerabilities with the specified severity level.
Check for Windows Update updates has not been performed in a long time. The Find vulnerabilities and required updates task has not been run for the specified time.
Specific status of data encryption. Network Agent is installed on the device and the encryption result of the device is equal to the value displayed.
Mobile device settings do not comply with the policy. Mobile device settings differ from settings specified in the policy of Kaspersky Endpoint Security for Androidâ„¢ when checked for adherence to compliance rules.
Unprocessed incidents detected. The device has unprocessed incidents. Incidents can be created either automatically by Kaspersky managed applications installed on the client device or manually by the administrator.
Protection is disabled. The device is visible on the network, but the security application on the device has been turned off for more than the specified time.
Security application is not running. The device is visible on the network and the security application is installed on the device but is not running.
Under Set to Critical if these are specified, select the check boxes:
Device status defined by the application. The device status is defined by the managed application. Kaspersky Sandbox servers that encounter a self diagnosis problem have the status "Critical": "Problems with the Kaspersky Sandbox server. Server does not receive objects for scanning".
License expired. The device is visible on the network, but its license has expired.
Under Set to Warning if these are specified, select the check boxes:
License expires soon. The device is visible on the network, but the license will expire in less than the specified number of days.
Databases are outdated. Double-click to open the status conditions window and enter 1 as the value. Kaspersky Sandbox servers that have not successfully run the database update task for over a day have the "Warning" status.
Click Apply and OK.
Kaspersky Sandbox device status display is configured.
The status of all devices in the Kaspersky Sandbox device group that have no problems (Device status defined by the application, License expired, License expires soon, and Databases are outdated) changes to OK/Visible on the network.
The status of devices that have problems (Device status defined by the application, License expired, License expires soon, or Databases are outdated) changes in accordance with the configured settings.