Discovering networked devices

This section describes search and discovery of networked devices.

Kaspersky Security Center allows you to find devices on the basis of specified criteria. You can save search results to a text file.

The search and discovery feature allows you to find the following devices:

• Managed devices in administration groups of Kaspersky Security Center Administration Server and its secondary Administration Servers.
• Unassigned devices managed by Kaspersky Security Center Administration Server and its secondary Administration Servers.

Scenario: Discovering networked devices

You must perform device discovery before installation of the security applications. When all networked devices are discovered, you can receive information about them and manage them through policies. Regular network polls are needed to discover if there are any new devices and whether previously discovered devices are still on the network.

Discovery of networked devices proceeds in stages:

1. Initial device discovery

   The Quick Start Wizard guides you through initial device discovery, and helps you find networked devices such as computers, tablets, and mobile phones. You can also perform device discovery manually.

2. Configuring future polls

   Decide which type(s) of discovery you want to use regularly. Make sure that this type is enabled and that the poll schedule meets the needs of your organization. When configuring the poll schedule, use the recommendations for network polling frequency.

3. Setting up rules for adding discovered devices to administration groups (optional)

   If new devices appear on your network, they are discovered during regular polls and are automatically included in the Unassigned devices group. If you want, you can set up the rules for automatically moving these devices to the Managed devices group. You can also establish retention rules.

   If you skip this rule-setting stage, all the newly discovered devices go to the Unassigned devices group and stay there. If you want, you can move these devices to the Managed devices group manually. If you move the devices to the Managed devices group manually, you can analyze information about each device and decide whether you want to move it to an administration group, and, if so, to which group.

Results

Completion of the scenario yields the following:

• Kaspersky Security Center Administration Server discovers the devices that are on the network and provides you with information about them.
• Future polls are set up and are conducted according to the specified schedule.
• The newly discovered devices are arranged according to the configured rules. (Or, if no rules are configured, the devices stay in the Unassigned devices group).

Device discovery

This section describes the types of device discovery available in Kaspersky Security Center and provides information using each type.

The Administration Server receives information about the structure of the network and devices on this network through regular polling. The information is recorded to the Administration Server database. Administration Server can use the following types of polling:

• Windows network polling. The Administration Server can perform two kinds of Windows network poll: quick and full. During a quick poll, the Administration Server only retrieves information from the list of the NetBIOS names of devices in all network domains and workgroups. During a full poll, more information is requested from each client device, such as operating system name, IP address, DNS name, and NetBIOS name. By default, both quick poll and full poll are enabled. Windows network polling may fail to discover devices, for example, if the ports UDP 137, UDP 138, TCP 139 are closed on the router or by the firewall.
• Active Directory polling. The Administration Server retrieves information about the Active Directory unit structure and about DNS names of the devices from Active Directory groups. By default, this type of polling is enabled. We recommend that you use Active Directory polling if you use Active directory; otherwise, the Administration Server does not discover any devices. If you use Active Directory but some of the networked devices are not listed as members, these devices cannot be discovered by Active Directory polling.
• IP range polling. The Administration Server polls the specified IP ranges using ICMP packets or the NBNS protocol and compiles a complete set of data on devices within those IP ranges. By default, this type of polling is disabled. It is not recommended to use this type of polling if you use Windows network polling and/or Active Directory polling.

If you set up and enabled device moving rules, the newly discovered devices are automatically included in the Managed devices group. If no moving rules have been enabled, the newly discovered devices are automatically included in the Unassigned devices group.

You can modify device discovery settings for each type. For example, you may want to modify the polling schedule or to set whether to poll the entire Active Directory forest or only a specific domain.

Windows network polling

Expand all | Collapse all

About Windows network polling

During a quick poll, the Administration Server only retrieves information from the list of the NetBIOS names of devices in all network domains and workgroups. During a full poll, the following information is requested from each client device:

• Operating system name
• IP address
• DNS name
• NetBIOS name

Both quick polls and full polls require the following:

• Ports UDP 137/138, TCP 139, UDP 445, TCP 445 must be available in the network.
• The Microsoft Computer Browser service must be used, and the primary browser computer must be enabled on the Administration Server.
• The Microsoft Computer Browser service must be used, and the primary browser computer must be enabled on the client devices:
  • On at least one device, if the number of networked devices does not exceed 32.
  • On at least one device for each 32 networked devices.

The full poll can run only if the quick poll has run at least once.

Viewing and modifying the settings for Windows network polling

To modify the properties of Windows network polling:

1. In the main menu, go to DISCOVERY & DEPLOYMENT → DISCOVERY → WINDOWS DOMAINS.
2. Click the Properties button.

   The Windows domain properties window opens.

3. Enable or disable Windows network polling by using the Enable Windows network polling toggle button.
4. Configure the poll schedule. By default, the quick polling runs every 15 minutes and the full polling runs every 60 minutes.

   Polling schedule options:

   • Every N days

     The polling runs regularly, with the specified interval in days, starting from the specified date and time.

     By default, the polling runs every day, starting from the current system date and time.

   • Every N minutes

     The polling runs regularly, with the specified interval in minutes, starting from the specified time.

   • By days of week

     The polling runs regularly, on the specified days of week, and at the specified time.

   • Every month on specified days of selected weeks

     The polling runs regularly, on the specified days of each month, and at the specified time.

   • Run missed tasks

     If the Administration Server is switched off or unavailable during the time for which the poll is scheduled, the Administration Server can either start the poll immediately after it is switched on, or wait for the next time for which the poll scheduled.

     If this option is enabled, the Administration Server starts polling immediately after it is switched on.

     If this option is disabled, the Administration Server waits for the next time for which the polling is scheduled.

     By default, this option is disabled.

5. Click the Save button.

The properties are saved and applied to all of the discovered Windows domains and workgroups.

Running the poll manually

To run the poll immediately,

Click Start quick poll or Start full poll.

When the polling is complete, you can view the list of discovered devices on the WINDOWS DOMAINS page by selecting the check box next to a domain name, and then clicking the Devices button.

Active Directory polling

Use Active Directory polling if you use Active Directory; otherwise, it is recommended to use other poll types. If you use Active Directory but some of the networked devices are not listed as members, these devices cannot be discovered by using Active Directory polling.

Kaspersky Security Center sends a request to the domain controller and receives the Active Directory device structure. Active Directory polling is performed hourly.

Viewing and modifying the settings for Active Directory polling

To view and modify the settings for Active Directory polling:

1. In the main menu, go to DISCOVERY & DEPLOYMENT → DISCOVERY → ACTIVE DIRECTORY.
2. Click the Properties button.

   The Active Directory properties window opens.

3. In the Active Directory properties window, you can define the following settings:
   1. Turn Active Directory polling on or off by using the toggle button.
   2. Change the polling schedule.

      The default period is one hour. The data received at the next polling completely replaces the old data.

   3. Configure advanced settings to select the polling scope:
      • Active Directory domain to which the Kaspersky Security Center belongs
      • Domain forest to which the Kaspersky Security Center belongs
      • Specified list of Active Directory domains

      To add a domain to the polling scope, select a domain option, click the Add button, and then specify the address of the domain controller and the name and password of the account for accessing it.

4. To apply the new settings, click the Save button.

The new settings are applied to the Active Directory polling.

Running the poll manually

To run the poll immediately,

click Start poll.

Viewing the results of Active Directory polling

To view the results of Active Directory polling:

1. In the main menu, go to DISCOVERY & DEPLOYMENT → DISCOVERY → ACTIVE DIRECTORY.

   The list of discovered organizational units is displayed.

2. If you want, select an organizational unit, and then click the Devices button.

   The list of devices in the organizational unit is displayed.

You can search the list and filter the results.

IP range polling

Expand all | Collapse all

Initially, Kaspersky Security Center gets IP ranges for polling from the network settings of the device on which it is installed. If the device address is 192.168.0.1 and the subnet mask is 255.255.255.0, Kaspersky Security Center includes the network 192.168.0.0/24 in the list of polling address automatically. Kaspersky Security Center polls all addresses from 192.168.0.1 to 192.168.0.254.

It is not recommended to use IP range polling if you use Windows network polling and/or Active Directory polling.

Kaspersky Security Center can poll IP ranges by reverse DNS lookup or by using the NBNS protocol:

• Reverse DNS lookup

  Kaspersky Security Center attempts to perform reverse name resolution for every IP address from the specified range to a DNS name using standard DNS requests. If this operation succeeds, the server sends an ICMP ECHO REQUEST (the same as the ping command) to the received name. If the device responds, the information about it is added to the Kaspersky Security Center database. The reverse name resolution is necessary to exclude the network devices that can have an IP address but are not computers, for example, network printers or routers.

  This polling method relies upon a correctly configured local DNS service. It must have a reverse lookup zone. In the networks where Active Directory is used, such a zone is maintained automatically. But in these networks, IP subnet polling does not provide more information than Active Directory polling. Moreover, administrators of small networks often do not configure the reverse lookup zone because it is not necessary for the work of many network services. For these reasons, IP subnet polling is disabled by default.

• NBNS protocol

  If the reverse name resolution is not possible in your network for some reason, Kaspersky Security Center uses the NBNS protocol to poll the IP ranges. If a request to an IP address returns a NetBIOS name, the information about this device is added to the Kaspersky Security Center database.

Viewing and modifying the settings for IP range polling

To view and modify the properties of IP range polling:

1. In the main menu, go to DISCOVERY & DEPLOYMENT → DISCOVERY → IP RANGES.
2. Click the Properties button.

   The IP polling properties window opens.

3. Enable or disable IP polling by using the Allow polling toggle button.
4. Configure the poll schedule. By default, IP polling runs every 420 minutes (seven hours).

   When specifying the polling interval, make sure that this setting does not exceed the value of the IP address lifetime parameter. If an IP address is not verified by polling during the IP address lifetime, this IP address is automatically removed from the polling results. By default, the life span of the polling results is 24 hours, because dynamic IP addresses (assigned using Dynamic Host Configuration Protocol (DHCP)) change every 24 hours.

   Polling schedule options:

   • Every N days

     The polling runs regularly, with the specified interval in days, starting from the specified date and time.

     By default, the polling runs every day, starting from the current system date and time.

   • Every N minutes

     The polling runs regularly, with the specified interval in minutes, starting from the specified time.

   • By days of week

     The polling runs regularly, on the specified days of week, and at the specified time.

   • Every month on specified days of selected weeks

     The polling runs regularly, on the specified days of each month, and at the specified time.

   • Run missed tasks

     If the Administration Server is switched off or unavailable during the time for which the poll is scheduled, the Administration Server can either start the poll immediately after it is switched on, or wait for the next time for which the poll scheduled.

     If this option is enabled, the Administration Server starts polling immediately after it is switched on.

     If this option is disabled, the Administration Server waits for the next time for which the polling is scheduled.

     By default, this option is disabled.

5. Click the Save button.

The properties are saved and applied to all IP ranges.

Running the poll manually

To run the poll immediately,

click Start poll.

Adding and modifying an IP range

Expand all | Collapse all

Initially, Kaspersky Security Center gets IP ranges for polling from the network settings of the device on which it is installed. If the device address is 192.168.0.1 and the subnet mask is 255.255.255.0, Kaspersky Security Center includes the network 192.168.0.0/24 in the list of polling address automatically. Kaspersky Security Center polls all addresses from 192.168.0.1 to 192.168.0.254. You can modify the automatically defined IP ranges or add custom IP ranges.

You can create a range only for IPv4 addresses. If you enable Zeroconf polling, Kaspersky Security Center will poll the whole network.

To add a new IP range:

1. In the main menu, go to DISCOVERY & DEPLOYMENT → DISCOVERY → IP RANGES.
2. To add a new IP range, click the Add button.
3. In the window that opens, specify the following settings:
   • IP range name

     A name of the IP range. You might want to specify the IP range itself as its name, for example, "192.168.0.0/24".

   • IP interval or subnet address and mask

     Set the IP range by specifying either the start and end IP addresses or the subnet address and subnet mask. You can also select one of the already existing IP ranges by clicking the Browse button.

   • IP address lifetime (hours)

     When specifying this parameter make sure that it exceeds the polling interval set in the polling schedule. If an IP address is not verified by polling during the IP address lifetime, this IP address is automatically removed from the polling results. By default, the life span of the polling results is 24 hours, because dynamic IP addresses (assigned using Dynamic Host Configuration Protocol (DHCP)) change every 24 hours.

4. Select Enable IP range polling if you want to poll the subnet or interval that you have added. Otherwise, the subnet or interval that you have added will not be polled.
5. Click the Save button.

The new IP range is added to the list of IP ranges.

You can run polling of each IP range separately by using the Start poll button. When the polling is complete, you can view the list of discovered devices by using the Devices button. By default, the life span of the polling results is 24 hours and it is equal to the IP address lifetime setting.

To add a subnet to an existing IP range:

1. In the main menu, go to DISCOVERY & DEPLOYMENT → DISCOVERY → IP RANGES.
2. Click the name of the IP range to which you want to add a subnet.
3. In the window that opens, click the Add button.
4. Specify a subnet by using either its address and mask, or by using the first and last IP address in the IP range. Or, add an existing subnet by clicking the Browse button.
5. Click the Save button.

   The new subnet is added to the IP range.

6. Click the Save button.

The new settings of the IP range are saved.

You can add as many subnets as you need. Named IP ranges are not allowed to overlap, but unnamed subnets inside an IP range have no such restrictions. You can enable and disable polling independently for every IP range.

Configuring retention rules for unassigned devices

Expand all | Collapse all

After Windows network polling is complete, the found devices are placed into subgroups of the Unassigned devices administration group. This administration group can be found at DISCOVERY & DEPLOYMENT → DISCOVERY → WINDOWS DOMAINS. The WINDOWS DOMAINS folder is the parent group. It contains child groups named after the corresponding domains and workgroups that have been found during the poll. The parent group may also contain the administration group of mobile devices. You can configure the retention rules of the unassigned devices for the parent group and for each of the child groups. The retention rules do not depend on the device discovery settings and work even if the device discovery is disabled.

The device retention rules do not affect the devices that have one or more drives encrypted with full disk encryption. Such devices are not deleted automatically—you can only delete them manually. If you need to delete a device with an encrypted drive, first decrypt the drive, and then delete the device.

To configure retention rules for unassigned devices:

1. In the main menu, go to DISCOVERY & DEPLOYMENT → DISCOVERY → WINDOWS DOMAINS.
2. Do one of the following:
   • To configure settings of the parent group, click the Properties button.

     The Windows domain properties window opens.

   • To configure settings of a child group, click its name.

     The child group properties window opens.

3. Define the following settings:
   • Remove the device from the group if it has been inactive for longer than (days)

     If this option is enabled, you can specify the time interval after which the device is automatically removed from the group. By default, this option is also distributed to the child groups. The default time interval is 7 days.

     By default, this option is enabled.

   • Inherit from parent group

     If this option is enabled, the retention period for the devices in the current group is inherited from the parent group and cannot be changed.

     This option is available only for child groups.

     By default, this option is enabled.

   • Force inheritance in child groups

     The setting values will be distributed to child groups but in the properties of the child groups these settings are locked.

     By default, this option is disabled.

4. Click the Accept button.

Your changes are saved and applied.

Device tags

This section describes device tags, and provides instructions for creating and modifying them as well as for tagging devices manually or automatically.

About device tags

Kaspersky Security Center allows you to tag devices. A tag is the label of a device and it can be used for grouping, describing, or finding devices. Tags assigned to devices can be used for creating selections, for finding devices, and for distributing devices among administration groups.

You can tag devices manually or automatically. You may use manual tagging when you want to tag an individual device. Auto-tagging is performed by Kaspersky Security Center in accordance with the specified tagging rules.

Devices are tagged automatically when specified rules are met. An individual rule corresponds to each tag. Rules are applied to the network properties of the device, operating system, applications installed on the device, and other device properties. For example, if you have a hybrid infrastructure of physical machines, Amazon EC2 instances, and Microsoft Azure virtual machines, you can set up a rule that will assign the [Azure] tag to all Microsoft Azure virtual machines. Then, you can use this tag when creating a device selection; and this will help you sort all Microsoft Azure virtual machines and assign them a task.

A tag is automatically removed from a device in the following cases:

• When the device stops meeting conditions of the rule that assigns the tag.
• When the rule that assigns the tag is disabled or deleted.

The list of tags and the list of rules on each Administration Server are independent of all other Administration Servers, including a primary Administration Server or subordinate virtual Administration Servers. A rule is applied only to devices from the same Administration Server on which the rule is created.

Creating a device tag

To create a device tag:

1. In the main menu, go to DEVICES → TAGS → DEVICE TAGS.
2. Click Add.

   A new tag window opens.

3. In the Tag field, enter the tag name.
4. Click Save to save the changes.

The new tag appears in the list of device tags.

Renaming a device tag

To rename a device tag:

1. In the main menu, go to DEVICES → TAGS → DEVICE TAGS.
2. Click the name of the tag that you want to rename.

   A tag properties window opens.

3. In the Tag field, change the tag name.
4. Click Save to save the changes.

The updated tag appears in the list of device tags.

Deleting a device tag

To delete a device tag:

1. In the main menu, go to DEVICES → TAGS → DEVICE TAGS.
2. In the list, select the device tag that you want to delete.
3. Click the Delete button.
4. In the window that opens, click Yes.

The device tag is deleted. The deleted tag is automatically removed from all of the devices to which it was assigned.

The tag that you have deleted is not removed automatically from auto-tagging rules. After the tag is deleted, it will be assigned to a new device only when the device first meets the conditions of a rule that assigns the tag.

The deleted tag is not removed automatically from the device if this tag is assigned to the device by an application or Network Agent. To remove the tag from your device, use the klscflag utility.

Viewing devices to which a tag is assigned

To view devices to which a tag is assigned:

1. In the main menu, go to DEVICES → TAGS → DEVICE TAGS.
2. Click the View devices link next to the tag for which you want to view assigned devices.

The list of devices that appears shows only those devices to which the tag is assigned.

To return to the list of device tags, click the Back button of your browser.

Viewing tags assigned to a device

To view tags assigned to a device:

1. In the main menu, go to DEVICES → MANAGED DEVICES.
2. Click the name of the device whose tags you want to view.
3. In the device properties window that opens, select the Tags tab.

The list of tags assigned to the selected device is displayed.

You can assign another tag to the device or remove an already assigned tag. You can also see all device tags that exist on the Administration Server.

Tagging a device manually

To assign a tag to a device manually:

1. View tags assigned to the device to which you want to assign another tag.
2. Click Add.
3. In the window that opens, do one of the following:
   • To create and assign a new tag, select Create new tag, and then specify the name of the new tag.
   • To select an existing tag, select Assign existing tag, and then select the necessary tag in the drop-down list.
4. Click OK to apply the changes.
5. Click Save to save the changes.

The selected tag is assigned to the device.

Removing an assigned tag from a device

To remove a tag from a device:

1. In the main menu, go to DEVICES → MANAGED DEVICES.
2. Click the name of the device whose tags you want to view.
3. In the device properties window that opens, select the Tags tab.
4. Select the check box next to the tag that you want to remove.
5. At the top of the list, click the Unassign tag button.
6. In the window that opens, click Yes.

The tag is removed from the device.

The unassigned device tag is not deleted. If you want, you can delete it manually.

You cannot manually remove tags assigned to the device by applications or Network Agent. To remove these tags, use the klscflag utility.

Viewing rules for tagging devices automatically

To view rules for tagging devices automatically,

Do any of the following:

• In the main menu, go to DEVICES → TAGS → AUTO-TAGGING RULES.
• In the main menu, go to DEVICES → TAGS, and then click the Set up auto-tagging rules link.
• View tags assigned to a device and then click the Settings button.

The list of rules for auto-tagging devices appears.

Editing a rule for tagging devices automatically

To edit a rule for tagging devices automatically:

1. View rules for tagging devices automatically.
2. Click the name of the rule that you want to edit.

   A rule settings window opens.

3. Edit the general properties of the rule:
   1. In the Rule name field, change the rule name.

      The name cannot be more than 256 characters long.

   2. Do any of the following:
      • Enable the rule by switching the toggle button to Rule enabled.
      • Disable the rule by switching the toggle button to Rule disabled.
4. Do any of the following:
   • If you want to add a new condition, click the Add button, and specify the settings of the new condition in the window that opens.
   • If you want to edit an existing condition, click the name of the condition that you want to edit, and then edit the condition settings.
   • If you want to delete a condition, select the check box next to the name of the condition that you want to delete, and then click Delete.
5. Click OK in the conditions settings window.
6. Click Save to save the changes.

The edited rule is shown in the list.

Creating a rule for tagging devices automatically

To create a rule for tagging devices automatically:

1. View rules for tagging devices automatically.
2. Click Add.

   A new rule settings window opens.

3. Configure the general properties of the rule:
   1. In the Rule name field, enter the rule name.

      The name cannot be more than 256 characters long.

   2. Do one of the following:
      • Enable the rule by switching the toggle button to Rule enabled.
      • Disable the rule by switching the toggle button to Rule disabled.
   3. In the Tag field, enter the new device tag name or select one of the existing device tags from the list.

      The name cannot be more than 256 characters long.

4. In the conditions section, click the Add button to add a new condition.

   A new condition settings window open.

5. Enter the condition name.

   The name cannot be more than 256 characters long. The name must be unique within a rule.

6. Set up the triggering of the rule according to the following conditions. You can select multiple conditions.
   • Network—Network properties of the device, such as the device name on the Windows network, or device inclusion in a domain or an IP subnet.

     If case sensitive collation is set for the database that you use for Kaspersky Security Center, keep case when you specify a device DNS name. Otherwise, the auto-tagging rule will not work.

   • Applications—Presence of Network Agent on the device, operating system type, version, and architecture.
   • Virtual machines—Device belongs to a specific type of virtual machine.
   • Active Directory—Presence of the device in an Active Directory organizational unit and membership of the device in an Active Directory group.
   • Applications registry—Presence of applications of different vendors on the device.
7. Click OK to save the changes.

   If necessary, you can set multiple conditions for a single rule. In this case, the tag will be assigned to a device if it meets at least one condition.

8. Click Save to save the changes.

The newly created rule is enforced on devices managed by the selected Administration Server. If the settings of a device meet the rule conditions, the device is assigned the tag.

Later, the rule is applied in the following cases:

• Automatically and periodically, depending on the server workload
• After you edit the rule
• When you run the rule manually
• After the Administration Server detects a change in the settings of a device that meets the rule conditions or the settings of a group that contains such device

You can create multiple tagging rules. A single device can be assigned multiple tags if you have created multiple tagging rules and if the respective conditions of these rules are met simultaneously. You can view the list of all assigned tags in the device properties.

Running rules for auto-tagging devices

When a rule is run, the tag specified in properties of this rule is assigned to devices that meet conditions specified in properties of the same rule. You can run only active rules.

To run rules for auto-tagging devices:

1. View rules for tagging devices automatically.
2. Select check boxes next to active rules that you want to run.
3. Click the Run rule button.

The selected rules are run.

Deleting a rule for tagging devices automatically

To delete a rule for tagging devices automatically:

1. View rules for tagging devices automatically.
2. Select the check box next to the rule that you want to delete.
3. Click Delete.
4. In the window that opens, click Delete again.

The selected rule is deleted. The tag that was specified in properties of this rule is unassigned from all of the devices that it was assigned to.

The unassigned device tag is not deleted. If you want, you can delete it manually.

Managing device tags by using the klscflag utility

This section provides information on how to assign or remove device tags by using the klscflag utility.

Assigning a device tag

Note that you must run the klscflag utility on the client device to which you want to assign a tag.

To assign a tag to your device by using the klscflag utility:

1. Run the Windows command prompt by using administrator rights, and then change your current directory to the directory with the klscflag utility. The klscflag utility is located in the folder where Administration Server is installed. The default installation path is <Disk>:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Center.
2. Enter the following command:

   klscflag -ssvset -pv 1103/1.0.0.0 -s KLNAG_SECTION_TAGS_INFO -n KLCONN_HOST_TAGS -sv "[\"TAG NAME\"]" -svt ARRAY_T -ss "|ss_type = \"SS_PRODINFO\";"

   where TAG NAME is the name of the tag you want to assign to your device, for example:

   klscflag -ssvset -pv 1103/1.0.0.0 -s KLNAG_SECTION_TAGS_INFO -n KLCONN_HOST_TAGS -sv "[\"ENTERPRISE\"]" -svt ARRAY_T -ss "|ss_type = \"SS_PRODINFO\";"

3. Restart the Network Agent service.

The specified tag is assigned to your device. To make sure that the tag is assigned successfully, view tags assigned to the device.

Alternatively, you can assign device tags manually.

Removing a device tag

If a tag has been assigned to your device by an application or Network Agent, you cannot remove this tag manually. In this case, use the klscflag utility to remove the assigned tag from the device.

Note that you must run the klscflag utility on the client device from which you want to remove a tag.

To remove a tag from the device by using the klscflag utility:

1. Run the Windows command prompt by using administrator rights, and then change your current directory to the directory with the klscflag utility. The klscflag utility is located in the folder where Administration Server is installed. The default installation path is <Disk>:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Center.
2. Enter the following command:

   klscflag -ssvset -pv 1103/1.0.0.0 -s KLNAG_SECTION_TAGS_INFO -n KLCONN_HOST_TAGS -sv "[]" -svt ARRAY_T -ss "|ss_type = \"SS_PRODINFO\";"

3. Restart the Network Agent service.

The tag is removed from the device.

Application tags

This section describes application tags, and provides instructions for creating and modifying them as well as for tagging third-party applications.

About application tags

Kaspersky Security Center enables you to tag third-party applications (applications made by software vendors other than Kaspersky). A tag is the label of an application that can be used for grouping or finding applications. A tag assigned to applications can serve as a condition in device selections.

For example, you can create the [Browsers] tag and assign it to all browsers such as Microsoft Internet Explorer, Google Chrome, Mozilla Firefox.

Creating an application tag

To create an application tag:

1. In the main menu, go to OPERATIONS → THIRD-PARTY APPLICATIONS → APPLICATION TAGS.
2. Click Add.

   A new tag window opens.

3. Enter the tag name.
4. Click OK to save the changes.

The new tag appears in the list of application tags.

Renaming an application tag

To rename an application tag:

1. In the main menu, go to OPERATIONS → THIRD-PARTY APPLICATIONS → APPLICATION TAGS.
2. Select the check box next to the tag that you want to rename, and then click Edit.

   A tag properties window opens.

3. Change the tag name.
4. Click OK to save the changes.

The updated tag appears in the list of application tags.

Assigning tags to an application

To assign one or several tags to an application:

1. In the main menu, go to OPERATIONS → THIRD-PARTY APPLICATIONS → APPLICATIONS REGISTRY.
2. Click the name of the application to which you want to assign tags.
3. Select the Tags tab.

   The tab displays all application tags that exist on the Administration Server. For tags assigned to the selected application, the check box in the Tag assigned column is selected.

4. For tags that you want to assign, select check boxes in the Tag assigned column.
5. Click Save to save the changes.

The tags are assigned to the application.

Removing assigned tags from an application

To remove one or several tags from an application:

1. In the main menu, go to OPERATIONS → THIRD-PARTY APPLICATIONS → APPLICATIONS REGISTRY.
2. Click the name of the application from which you want to remove tags.
3. Select the Tags tab.

   The tab displays all application tags that exist on the Administration Server. For tags assigned to the selected application, the check box in the Tag assigned column is selected.

4. For tags that you want to remove, clear check boxes in the Tag assigned column.
5. Click Save to save the changes.

The tags are removed from the application.

The removed application tags are not deleted. If you want, you can delete them manually.

Deleting an application tag

To delete an application tag:

1. In the main menu, go to OPERATIONS → THIRD-PARTY APPLICATIONS → APPLICATION TAGS.
2. In the list, select the application tag that you want to delete.
3. Click the Delete button.
4. In the window that opens, click OK.

The application tag is deleted. The deleted tag is automatically removed from all of the applications to which it was assigned.