Kaspersky Security Center 14 Windows
- Kaspersky Security Center 14 Help
- What's new
- Kaspersky Security Center 14
- Basic concepts
- Administration Server
- Hierarchy of Administration Servers
- Virtual Administration Server
- Mobile Device Server
- Web Server
- Network Agent
- Administration groups
- Managed device
- Unassigned device
- Administrator's workstation
- Management plug-in
- Management web plug-in
- Policies
- Policy profiles
- Tasks
- Task scope
- How local application settings relate to policies
- Distribution point
- Connection gateway
- About Kaspersky Security Center
- Hardware and software requirements
- Compatible Kaspersky applications and solutions
- Licenses and features of Kaspersky Security Center 14
- About compatibility of Administration Server and Kaspersky Security Center Web Console
- Comparison of Kaspersky Security Center: Windows-based vs. Linux-based
- About Kaspersky Security Center Cloud Console
- Architecture
- Main installation scenario
- Ports used by Kaspersky Security Center
- Certificates for work with Kaspersky Security Center
- About Kaspersky Security Center certificates
- About Administration Server certificate
- Requirements for custom certificates used in Kaspersky Security Center
- Scenario: Specifying the custom Administration Server certificate
- Replacing the Administration Server certificate by using the klsetsrvcert utility
- Connecting Network Agents to Administration Server by using the klmover utility
- Reissuing the Web Server certificate
- Schemas for data traffic and port usage
- Administration Server and managed devices on LAN
- Primary Administration Server on LAN and two secondary Administration Servers
- Administration Server on LAN, managed devices on internet, reverse proxy in use
- Administration Server on LAN, managed devices on internet, connection gateway in use
- Administration Server in DMZ, managed devices on internet
- Interaction of Kaspersky Security Center components and security applications: more information
- Conventions used in interaction schemas
- Administration Server and DBMS
- Administration Server and Administration Console
- Administration Server and client device: Managing the security application
- Upgrading software on a client device through a distribution point
- Hierarchy of Administration Servers: primary Administration Server and secondary Administration Server
- Hierarchy of Administration Servers with a secondary Administration Server in DMZ
- Administration Server, a connection gateway in a network segment, and a client device
- Administration Server and two devices in DMZ: a connection gateway and a client device
- Administration Server and Kaspersky Security Center Web Console
- Activating and managing the security application on a mobile device
- Deployment best practices
- Preparation for deployment
- Planning Kaspersky Security Center deployment
- Typical schemes of protection system deployment
- About planning Kaspersky Security Center deployment in an organization's network
- Selecting a structure for protection of an enterprise
- Standard configurations of Kaspersky Security Center
- How to select a DBMS for Administration Server
- Selecting a DBMS
- Managing mobile devices with Kaspersky Endpoint Security for Android
- Providing internet access to Administration Server
- About distribution points
- Increasing the limit of file descriptors for the klnagent service
- Calculating the number and configuration of distribution points
- Hierarchy of Administration Servers
- Virtual Administration Servers
- Information about limitations of Kaspersky Security Center
- Network load
- Preparing to mobile device management
- Information about Administration Server performance
- Network settings for interaction with external services
- Planning Kaspersky Security Center deployment
- Deploying Network Agent and the security application
- Initial deployment
- Configuring installers
- Installation packages
- MSI properties and transform files
- Deployment with third-party tools for remote installation of applications
- About remote installation tasks in Kaspersky Security Center
- Deployment by capturing and copying the hard drive image of a device
- Incorrect copying of a hard drive image
- Deployment using group policies of Microsoft Windows
- Forced deployment through the remote installation task of Kaspersky Security Center
- Running stand-alone packages created by Kaspersky Security Center
- Options for manual installation of applications
- Creating an MST file
- Remote installation of applications on devices with Network Agent installed
- Managing device restarts in the remote installation task
- Suitability of databases updating in an installation package of a security application
- Using tools for remote installation of applications in Kaspersky Security Center for running relevant executable files on managed devices
- Monitoring the deployment
- Configuring installers
- Virtual infrastructure
- Support of file system rollback for devices with Network Agent
- Local installation of applications
- Local installation of Network Agent
- Installing Network Agent in silent mode
- Installing Network Agent for Linux in silent mode (with an answer file)
- Installing Network Agent on Astra Linux in the closed software environment mode
- Installing Network Agent for Linux in interactive mode
- Local installation of the application management plug-in
- Installing applications in silent mode
- Installing applications by using stand-alone packages
- Network Agent installation package settings
- Viewing the Privacy Policy
- Initial deployment
- Deploying mobile device management systems
- Deploying a system for management via Exchange ActiveSync protocol
- Deploying a system for management using iOS MDM protocol
- Installing iOS MDM Server
- Installing iOS MDM Server in silent mode
- iOS MDM Server deployment scenarios
- Simplified deployment scheme
- Deployment scheme involving Kerberos constrained delegation (KCD)
- Receiving an APNs certificate
- Renewing an APNs certificate
- Configuring a reserve iOS MDM Server certificate
- Installing an APNs certificate on an iOS MDM Server
- Configuring access to Apple Push Notification service
- Issuing and installing a shared certificate on a mobile device
- Adding a KES device to the list of managed devices
- Connecting KES devices to the Administration Server
- Integration with Public Key Infrastructure
- Kaspersky Security Center Web Server
- Preparation for deployment
- Installation of Kaspersky Security Center
- Preparing for installation
- Accounts for working with the DBMS
- Scenario: Authenticating Microsoft SQL Server
- Recommendations on Administration Server installation
- Creating accounts for the Administration Server services on a failover cluster
- Defining a shared folder
- Remote installation with Administration Server tools through Active Directory group policies
- Remote installation through delivery of the UNC path to a stand-alone package
- Updating from the Administration Server shared folder
- Installing images of operating systems
- Specifying the address of the Administration Server
- Standard installation
- Step 1. Reviewing the License Agreement and Privacy Policy
- Step 2. Selecting an installation method
- Step 3. Installing Kaspersky Security Center Web Console
- Step 4. Selecting network size
- Step 5. Selecting a database
- Step 6. Configuring the SQL Server
- Step 7. Selecting an authentication mode
- Step 8. Unpacking and installing files on the hard drive
- Custom installation
- Step 1. Reviewing the License Agreement and Privacy Policy
- Step 2. Selecting an installation method
- Step 3. Selecting the components to be installed
- Step 4. Installing Kaspersky Security Center Web Console
- Step 5. Selecting network size
- Step 6. Selecting a database
- Step 7. Configuring the SQL Server
- Step 8. Selecting an authentication mode
- Step 9. Selecting the account to start Administration Server
- Step 10. Selecting the account for running the Kaspersky Security Center services
- Step 11. Selecting a shared folder
- Step 12. Configuring the connection to Administration Server
- Step 13. Defining the Administration Server address
- Step 14. Administration Server address for connection of mobile devices
- Step 15. Selecting application management plug-ins
- Step 16. Unpacking and installing files on the hard drive
- Deployment of the Kaspersky Security Center failover cluster
- Scenario: Deployment of a Kaspersky Security Center failover cluster
- About the Kaspersky Security Center failover cluster
- Preparing a file server for a Kaspersky Security Center failover cluster
- Preparing nodes for a Kaspersky Security Center failover cluster
- Installing Kaspersky Security Center on the Kaspersky Security Center failover cluster nodes
- Starting and stopping cluster nodes manually
- Installing Administration Server on a Windows Server failover cluster
- Step 1. Reviewing the License Agreement and Privacy Policy
- Step 2. Selecting the type of installation on a cluster
- Step 3. Specifying the name of the virtual Administration Server
- Step 4. Specifying the network details of the virtual Administration Server
- Step 5. Specifying a cluster group
- Step 6. Selecting a cluster data storage
- Step 7. Specifying an account for remote installation
- Step 8. Selecting the components to be installed
- Step 9. Selecting network size
- Step 10. Selecting a database
- Step 11. Configuring the SQL Server
- Step 12. Selecting an authentication mode
- Step 13. Selecting the account to start Administration Server
- Step 14. Selecting the account for running the Kaspersky Security Center services
- Step 15. Selecting a shared folder
- Step 16. Configuring the connection to Administration Server
- Step 17. Defining the Administration Server address
- Step 18. Administration Server address for connection of mobile devices
- Step 19. Unpacking and installing files on the hard drive
- Installing Administration Server in silent mode
- Installing Administration Console on the administrator's workstation
- Changes in the system after Kaspersky Security Center installation
- Removing the application
- About upgrading Kaspersky Security Center
- Initial setup of Kaspersky Security Center
- Administration Server Quick Start Wizard
- About Quick Start Wizard
- Starting Administration Server Quick Start Wizard
- Step 1. Configuring a proxy server
- Step 2. Selecting the application activation method
- Step 3. Selecting the protection scopes and platforms
- Step 4. Selecting plug-ins for managed applications
- Step 5. Downloading distribution packages and creating installation packages
- Step 6. Configuring Kaspersky Security Network usage
- Step 7. Configuring email notifications
- Step 8. Configuring update management
- Step 9. Creating an initial protection configuration
- Step 10. Connecting mobile devices
- Step 11. Downloading updates
- Step 12. Device discovery
- Step 13. Closing the Quick Start Wizard
- Configuring the connection of Administration Console to Administration Server
- Connecting out-of-office devices
- Scenario: Connecting out-of-office devices through a connection gateway
- Scenario: Connecting out-of-office devices through a secondary Administration Server in DMZ
- About connecting out-of-office devices
- Connecting external desktop computers to Administration Server
- About connection profiles for out-of-office users
- Creating a connection profile for out-of-office users
- About switching Network Agent to other Administration Servers
- Creating a Network Agent switching rule by network location
- Encrypt communication with TLS
- Notifications of events
- Configuring the interface
- Administration Server Quick Start Wizard
- Discovering networked devices
- Scenario: Discovering networked devices
- Unassigned devices
- Device discovery
- Working with Windows domains. Viewing and changing the domain settings
- Configuring retention rules for unassigned devices
- Working with IP ranges
- Working with the Active Directory groups. Viewing and modifying group settings
- Creating rules for moving devices to administration groups automatically
- Using VDI dynamic mode on client devices
- Equipment inventory
- Licensing
- Kaspersky applications. Centralized deployment
- Replacing third-party security applications
- Installing applications using a remote installation task
- Installing applications using Remote Installation Wizard
- Working with the management plug-ins
- Viewing a protection deployment report
- Remote removal of applications
- Working with installation packages
- Creating an installation package
- Creating stand-alone installation packages
- Creating custom installation packages
- Viewing and editing properties of custom installation packages
- Obtaining the Network Agent installation package from the Kaspersky Security Center distribution kit
- Distributing installation packages to secondary Administration Servers
- Distributing installation packages through distribution points
- Transferring application installation results to Kaspersky Security Center
- Defining the KSN proxy server address for installation packages
- Receiving up-to-date versions of applications
- Preparing a Windows device for remote installation
- Preparing a Linux device for remote installation of Network Agent
- Preparing a macOS device for remote installation of Network Agent
- Kaspersky applications: licensing and activation
- Licensing of managed applications
- Viewing information about license keys in use
- Adding a license key to the Administration Server repository
- Deleting an Administration Server license key
- Deploying a license key to client devices
- Automatic distribution of a license key
- Creating and viewing a license key usage report
- Viewing information about the application license keys
- Exporting a license key file
- Configuring network protection
- Scenario: Configuring network protection
- Policy setup and propagation: Device-centric approach
- About device-centric and user-centric security management approaches
- Manual setup of Kaspersky Endpoint Security policy
- Manual setup of the group update task for Kaspersky Endpoint Security
- Manual setup of the group task for scanning a device with Kaspersky Endpoint Security
- Scheduling the Find vulnerabilities and required updates task
- Manual setup of the group task for updates installation and vulnerabilities fix
- Setting the maximum number of events in the event repository
- Setting the maximum storage period for the information about fixed vulnerabilities
- Managing tasks
- Creating a task
- Creating the Administration Server task
- Creating a task for specific devices
- Creating a local task
- Displaying an inherited group task in the workspace of a nested group
- Automatically turning on devices before starting a task
- Automatically turning off a device after a task is completed
- Limiting task run time
- Exporting a task
- Importing a task
- Converting tasks
- Starting and stopping a task manually
- Pausing and resuming a task manually
- Monitoring task execution
- Viewing task run results stored on the Administration Server
- Configuring filtering of information about task run results
- Modifying a task. Rolling back changes
- Comparing tasks
- Accounts to start tasks
- Change Tasks Password Wizard
- Creating a hierarchy of administration groups subordinate to a virtual Administration Server
- Policies and policy profiles
- Hierarchy of policies, using policy profiles
- Managing policies
- Creating a policy
- Displaying inherited policy in a subgroup
- Activating a policy
- Activating a policy automatically at the Virus outbreak event
- Applying an out-of-office policy
- Modifying a policy. Rolling back changes
- Comparing policies
- Deleting a policy
- Copying a policy
- Exporting a policy
- Importing a policy
- Converting policies
- Managing policy profiles
- Device moving rules
- Cloning device moving rules
- Software categorization
- Prerequisites for installing applications on devices of a client organization
- Viewing and editing local application settings
- Updating Kaspersky Security Center and managed applications
- Scenario: Regular updating Kaspersky databases and applications
- About updating Kaspersky databases, software modules, and applications
- About using diff files for updating Kaspersky databases and software modules
- Enabling the Downloading diff files feature
- Creating the task for downloading updates to the repository of the Administration Server
- Creating the Download updates to the repositories of distribution points task
- Configuring the Download updates to the repository of the Administration Server task
- Verifying downloaded updates
- Configuring test policies and auxiliary tasks
- Viewing downloaded updates
- Automatic installation of Kaspersky Endpoint Security updates on devices
- Offline model of update download
- Enabling and disabling the offline model of update download
- Automatic updating and patching for Kaspersky Security Center components
- Enabling and disabling automatic updating and patching for Kaspersky Security Center components
- Automatic distribution of updates
- Distributing updates to client devices automatically
- Distributing updates to secondary Administration Servers automatically
- Assigning distribution points automatically
- Assigning a device a distribution point manually
- Removing a device from the list of distribution points
- Downloading updates by distribution points
- Deleting software updates from the repository
- Patch installation for a Kaspersky application in cluster mode
- Managing third-party applications on client devices
- Installing third-party software updates
- Scenario: Updating third-party software
- Viewing information about available updates for third-party applications
- Approving and declining software updates
- Synchronizing updates from Windows Update with Administration Server
- Installing updates on devices manually
- Configuring Windows updates in a Network Agent policy
- Fixing third-party software vulnerabilities
- Scenario: Finding and fixing third-party software vulnerabilities
- About finding and fixing software vulnerabilities
- Viewing information about software vulnerabilities
- Viewing statistics of vulnerabilities on managed devices
- Scanning applications for vulnerabilities
- Fixing vulnerabilities in applications
- Fixing vulnerabilities in an isolated network
- Scenario: Fixing third-party software vulnerabilities in an isolated network
- About fixing third-party software vulnerabilities in an isolated network
- Configuring the Administration Server with internet access to fix vulnerabilities in an isolated network
- Configuring isolated Administration Servers to fix vulnerabilities in an isolated network
- Transmitting patches and installing updates in an isolated network
- Disabling the option to transmit patches and install updates in an isolated network
- Ignoring software vulnerabilities
- Selecting user fixes for vulnerabilities in third-party software
- Rules for update installation
- Groups of applications
- Using Application Control to manage executable files
- Creating application categories for Kaspersky Endpoint Security for Windows policies
- Creating an application category with content added manually
- Creating an application category that includes executable files from selected devices
- Creating an application category that includes executable files from a specific folder
- Adding event-related executable files to the application category
- Configuring application startup management on client devices
- Viewing the results of static analysis of startup rules applied to executable files
- Viewing the applications registry
- Changing the software inventory start time
- About license key management of third-party applications
- Creating licensed applications groups
- Managing license keys for licensed applications groups
- Inventory of executable files
- Viewing information about executable files
- Installing third-party software updates
- Monitoring and reporting
- Scenario: Monitoring and reporting
- Monitoring traffic lights and logged events in Administration Console
- Working with reports, statistics, and notifications
- Working with reports
- Managing statistics
- Configuring event notification
- Creating a certificate for an SMTP server
- Event selections
- Device selections
- Monitoring of applications installation and uninstallation
- Event types
- Blocking frequent events
- Controlling changes in the status of virtual machines
- Monitoring the anti-virus protection status using information from the system registry
- Viewing and configuring the actions when devices show inactivity
- Disabling Kaspersky announcements
- Adjustment of distribution points and connection gateways
- Standard configuration of distribution points: Single office
- Standard configuration of distribution points: Multiple small remote offices
- Assigning a managed device to act as a distribution point
- Connecting a Linux device as a gateway in the demilitarized zone
- Connecting a Linux device to the Administration Server via a connection gateway
- Adding a connection gateway in the DMZ as a distribution point
- Assigning distribution points automatically
- About local installation of Network Agent on a device selected as distribution point
- About using a distribution point as connection gateway
- Adding IP ranges to the list of ranges polled by a distribution point
- Using a distribution point as a push server
- Other routine work
- Managing Administration Servers
- Creating a hierarchy of Administration Servers: adding a secondary Administration Server
- Connecting to an Administration Server and switching between Administration Servers
- Access rights to Administration Server and its objects
- Conditions of connection to an Administration Server over the internet
- Encrypted connection to an Administration Server
- Configuring an allowlist of IP addresses to connect to Administration Server
- Using the klscflag utility to close port 13291
- Disconnecting from an Administration Server
- Adding an Administration Server to the console tree
- Removing an Administration Server from the console tree
- Adding a virtual Administration Server to the console tree
- Changing an Administration Server service account. Utility tool klsrvswch
- Changing DBMS credentials
- Resolving issues with Administration Server nodes
- Viewing and modifying the settings of an Administration Server
- Adjusting the general settings of Administration Server
- Administration Console interface settings
- Event processing and storage on the Administration Server
- Viewing log of connections to the Administration Server
- Control of virus outbreaks
- Limiting traffic
- Configuring Web Server
- Working with internal users
- Backup and restoration of Administration Server settings
- Backup copying and restoration of Administration Server data
- Backup of Administration Server data task
- Data backup and recovery utility (klbackup)
- Data backup and recovery in interactive mode
- Data backup and recovery in silent mode
- Using the klbackup utility to switch managed devices under management of another Administration Server
- Backup and restoring Administration Server data when using MySQL or MariaDB
- Migration to Kaspersky Security Center Linux by using Administration Server data backup
- Moving Administration Server and a database server to another device
- Avoiding conflicts between multiple Administration Servers
- Two-step verification
- About two-step verification
- Scenario: configuring two-step verification for all users
- Enabling two-step verification for your own account
- Enabling two-step verification for all users
- Disabling two-step verification for a user account
- Disabling required two-step verification for all users
- Excluding accounts from two-step verification
- Editing the name of a security code issuer
- Changing the Administration Server shared folder
- Managing administration groups
- Managing client devices
- Connecting client devices to the Administration Server
- Manually connecting a client device to the Administration Server. Klmover utility
- Tunneling the connection between a client device and the Administration Server
- Remotely connecting to the desktop of a client device
- Connecting to devices through Windows Desktop Sharing
- Configuring the restart of a client device
- Auditing actions on a remote client device
- Checking the connection between a client device and the Administration Server
- Identifying client devices on the Administration Server
- Moving devices to an administration group
- Changing the Administration Server for client devices
- Moving devices connected to Administration Server through connection gateways to another Administration Server
- Clusters and server arrays
- Turning on, turning off, and restarting client devices remotely
- About the usage of the continuous connection between a managed device and the Administration Server
- About forced synchronization
- About connection schedule
- Sending messages to device users
- Managing Kaspersky Security for Virtualization
- Configuring the switching of device statuses
- Tagging devices and viewing assigned tags
- Remote diagnostics of client devices. Kaspersky Security Center remote diagnostics utility
- Connecting the remote diagnostics utility to a client device
- Enabling and disabling tracing, downloading the trace file
- Downloading application settings
- Downloading event logs
- Downloading multiple diagnostic information items
- Starting diagnostics and downloading the results
- Starting, stopping, and restarting applications
- UEFI protection devices
- Settings of a managed device
- General policy settings
- Network Agent policy settings
- Managing user accounts
- Working with user accounts
- Adding an account of an internal user
- Editing an account of an internal user
- Changing the number of allowed password entry attempts
- Configuring the check of the name of an internal user for uniqueness
- Adding a security group
- Adding a user to a group
- Configuring access rights to application features. Role-based access control
- Assigning the user as a device owner
- Delivering messages to users
- Viewing the list of user mobile devices
- Installing a certificate for a user
- Viewing the list of certificates issued to a user
- About the administrator of a virtual Administration Server
- Remote installation of operating systems and applications
- Creating images of operating systems
- Installing images of operating systems
- Configuring the KSN proxy server address
- Adding drivers for Windows Preinstallation Environment (WinPE)
- Adding drivers to an installation package with an operating system image
- Configuring sysprep.exe utility
- Deploying operating systems on new networked devices
- Deploying operating systems on client devices
- Creating installation packages of applications
- Issuing a certificate for installation packages of applications
- Installing applications on client devices
- Managing object revisions
- Deletion of objects
- Mobile Device Management
- Scenario: Mobile Device Management deployment
- About group policy for managing EAS and iOS MDM devices
- Enabling Mobile Device Management
- Modifying the Mobile Device Management settings
- Disabling Mobile Device Management
- Working with commands for mobile devices
- Working with certificates of mobile devices
- Starting the Certificate Installation Wizard
- Step 1. Selecting certificate type
- Step 2. Selecting device type
- Step 3. Selecting a user
- Step 4. Selecting certificate source
- Step 5. Assigning a tag to the certificate
- Step 6. Specifying certificate publishing settings
- Step 7. Selecting user notification method
- Step 8. Generating the certificate
- Configuring certificate issuance rules
- Integration with public key infrastructure
- Enabling support of Kerberos Constrained Delegation
- Adding iOS mobile devices to the list of managed devices
- Adding Android mobile devices to the list of managed devices
- Managing Exchange ActiveSync mobile devices
- Managing iOS MDM devices
- Signing an iOS MDM profile by a certificate
- Adding a configuration profile
- Installing a configuration profile on a device
- Removing the configuration profile from a device
- Adding a new device by publishing a link to a profile
- Adding a new device through profile installation by the administrator
- Adding a provisioning profile
- Installing a provisioning profile to a device
- Removing a provisioning profile from a device
- Adding a managed application
- Installing an app on a mobile device
- Removing an app from a device
- Configuring roaming on an iOS MDM mobile device
- Viewing information about an iOS MDM device
- Disconnecting an iOS MDM device from management
- Sending commands to a device
- Checking the execution status of commands sent
- Managing KES devices
- Data encryption and protection
- Data repositories
- Kaspersky Security Network (KSN)
- About KSN
- Setting up access to Kaspersky Security Network
- Enabling and disabling KSN
- Viewing the accepted KSN Statement
- Viewing the KSN proxy server statistics
- Accepting an updated KSN Statement
- Enhanced protection with Kaspersky Security Network
- Checking whether the distribution point works as KSN proxy server
- Switching between Online Help and Offline Help
- Managing Administration Servers
- Export of events to SIEM systems
- Scenario: Configuring event export to SIEM systems
- Before you begin
- About events in Kaspersky Security Center
- About event export
- About configuring event export in a SIEM system
- Marking of events for export to SIEM systems in Syslog format
- About exporting events using Syslog format
- About exporting events using CEF and LEEF formats
- Configuring Kaspersky Security Center for export of events to a SIEM system
- Exporting events directly from the database
- Viewing export results
- Using SNMP for sending statistics to third-party applications
- Working in a cloud environment
- About work in a cloud environment
- Scenario: Deployment for cloud environment
- Prerequisites for deploying Kaspersky Security Center in a cloud environment
- Hardware requirements for the Administration Server in a cloud environment
- Licensing options in a cloud environment
- Database options for work in a cloud environment
- Working in Amazon Web Services cloud environment
- About work in Amazon Web Services cloud environment
- Creating IAM roles and IAM user accounts for Amazon EC2 instances
- Ensuring that the Kaspersky Security Center Administration Server has the permissions to work with AWS
- Creating an IAM role for the Administration Server
- Creating an IAM user account for work with Kaspersky Security Center
- Creating an IAM role for installation of applications on Amazon EC2 instances
- Working with Amazon RDS
- Working in Microsoft Azure cloud environment
- Working in Google Cloud
- Prerequisites for client devices in a cloud environment necessary for work with Kaspersky Security Center
- Creating installation packages required for Cloud Environment Configuration Wizard
- Cloud Environment Configuration Wizard
- About the Cloud Environment Configuration Wizard
- Step 1. Selecting the application activation method
- Step 2. Selecting the cloud environment
- Step 3. Authorization in the cloud environment
- Step 4. Configuring synchronization with Cloud and choosing further actions
- Step 5. Configuring Kaspersky Security Network in the cloud environment
- Step 6. Configuring email notifications in the cloud environment
- Step 7. Creating an initial configuration of the protection of the cloud environment
- Step 8. Selecting the action when the operating system must be restarted during installation (for the cloud environment)
- Step 9. Receiving updates by the Administration Server
- Checking configuration
- Cloud device group
- Network segment polling
- Installing applications on devices in a cloud environment
- Viewing the properties of cloud devices
- Synchronization with cloud
- Using deployment scripts for deploying security applications
- Deployment of Kaspersky Security Center in Yandex.Cloud
- Appendices
- Advanced features
- Kaspersky Security Center operation automation. klakaut utility
- Custom tools
- Network Agent disk cloning mode
- Preparing a reference device with Network Agent installed for creating an image of operating system
- Configuring receipt of messages from File Integrity Monitor
- Administration Server maintenance
- User notification method window
- General section
- Device selection window
- Define the name of the new object window
- Application categories section
- Features of using the management interface
- Reference information
- Searching and exporting data
- Settings of tasks
- Global list of subnets
- Usage of Network Agent for Windows, for macOS and for Linux: Comparison
- Advanced features
- Basic concepts
- Kaspersky Security Center Web Console
- About Kaspersky Security Center Web Console
- Hardware and software requirements for Kaspersky Security Center Web Console
- Deployment diagram of Kaspersky Security Center Administration Server and Kaspersky Security Center Web Console
- Ports used by Kaspersky Security Center Web Console
- Scenario: Installation and initial setup of Kaspersky Security Center Web Console
- Installation
- Configuring the MariaDB x64 server for working with Kaspersky Security Center 14
- Configuring the MySQL x64 server for working with Kaspersky Security Center 14
- Installing Kaspersky Security Center Web Console
- Installation of Kaspersky Security Center Web Console on Linux platforms
- Installing Kaspersky Security Center Web Console connected to Administration Server installed on failover cluster nodes
- Upgrading Kaspersky Security Center Web Console
- Certificates for work with Kaspersky Security Center Web Console
- About migration to Kaspersky Security Center Cloud Console
- Signing in to Kaspersky Security Center Web Console and signing out
- Identity and Access Manager in Kaspersky Security Center Web Console
- About Identity and Access Manager
- Enabling Identity and Access Manager: scenario
- Configuring Identity and Access Manager in Kaspersky Security Center Web Console
- Registering Kaspersky Industrial CyberSecurity for Networks application in Kaspersky Security Center Web Console
- Lifetime of tokens and authorization timeout for Identity and Access Manager
- Downloading and distributing the IAM certificates
- Disabling Identity and Access Manager
- Configuring domain authentication by using the NTLM and Kerberos protocols
- Initial setup of Kaspersky Security Center Web Console
- Quick Start Wizard (Kaspersky Security Center Web Console)
- Step 1. Specifying the internet connection settings
- Step 2. Downloading required updates
- Step 3. Selecting the assets to secure
- Step 4. Selecting encryption in solutions
- Step 5. Configuring installation of plug-ins for managed applications
- Step 6. Downloading distribution packages and creating installation packages
- Step 7. Configuring Kaspersky Security Network
- Step 8. Selecting the application activation method
- Step 9. Specifying the third-party update management settings
- Step 10. Creating a basic network protection configuration
- Step 11. Configuring email notifications
- Step 12. Performing a network poll
- Step 13. Closing the Quick Start Wizard
- Connecting out-of-office devices
- Scenario: Connecting out-of-office devices through a connection gateway
- Scenario: Connecting out-of-office devices through a secondary Administration Server in DMZ
- About connecting out-of-office devices
- Connecting external desktop computers to Administration Server
- About connection profiles for out-of-office users
- Creating a connection profile for out-of-office users
- About switching Network Agent to other Administration Servers
- Creating a Network Agent switching rule by network location
- Quick Start Wizard (Kaspersky Security Center Web Console)
- Protection Deployment Wizard
- Starting Protection Deployment Wizard
- Selecting the installation package
- Selecting a method for distribution of key file or activation code
- Selecting Network Agent version
- Selecting devices
- Step 5. Specifying the remote installation task settings
- Step 6. Restart management
- Step 7. Removing incompatible applications before installation
- Step 8. Moving devices to Managed devices
- Step 9. Selecting accounts to access devices
- Step 10. Starting installation
- Configuring Administration Server
- Configuring the connection of Kaspersky Security Center Web Console to Administration Server
- Configuring Administration Server connection events logging
- Setting the maximum number of events in the event repository
- Connection settings of UEFI protection devices
- Creating a hierarchy of Administration Servers: adding a secondary Administration Server
- Viewing the list of secondary Administration Servers
- Deleting a hierarchy of Administration Servers
- Administration Server maintenance
- Configuring the interface
- Managing virtual Administration Servers
- Enabling account protection from unauthorized modification
- Two-step verification
- About two-step verification
- Scenario: Configuring two-step verification for all users
- Enabling two-step verification for your own account
- Enabling required two-step verification for all users
- Disabling two-step verification for a user account
- Disabling required two-step verification for all users
- Excluding accounts from two-step verification
- Generating a new secret key
- Editing the name of a security code issuer
- Backup copying and restoration of Administration Server data
- Creating a data backup task
- Moving Administration Server to another device
- Kaspersky applications deployment through Kaspersky Security Center Web Console
- Scenario: Kaspersky applications deployment through Kaspersky Security Center Web Console
- Getting plug-ins for Kaspersky applications
- Updating plug-ins for Kaspersky applications
- Downloading and creating installation packages for Kaspersky applications
- Changing the limit on the size of custom installation package data
- Downloading distribution packages for Kaspersky applications
- Checking that Kaspersky Endpoint Security is deployed successfully
- Creating stand-alone installation packages
- Viewing the list of stand-alone installation packages
- Creating custom installation packages
- Distributing installation packages to secondary Administration Servers
- Installing applications using a remote installation task
- Specifying settings for remote installation on Unix devices
- Starting and stopping Kaspersky applications
- Mobile Device Management
- Replacing third-party security applications
- Discovering networked devices
- Kaspersky applications: licensing and activation
- Licensing of managed applications
- Adding a license key to the Administration Server repository
- Deploying a license key to client devices
- Automatic distribution of a license key
- Viewing information about license keys in use
- Deleting a license key from the repository
- Revoking consent with an End User License Agreement
- Renewing licenses for Kaspersky applications
- Using Kaspersky Marketplace to choose Kaspersky business solutions
- Configuring network protection
- Scenario: Configuring network protection
- About device-centric and user-centric security management approaches
- Policy setup and propagation: Device-centric approach
- Policy setup and propagation: User-centric approach
- Network Agent policy settings
- Manual setup of Kaspersky Endpoint Security policy
- Manual setup of the group update task for Kaspersky Endpoint Security
- Granting offline access to the external device blocked by Device Control
- Removing applications or software updates remotely
- Rolling back an object to a previous revision
- Tasks
- Managing client devices
- Settings of a managed device
- Creating administration groups
- Adding devices to an administration group manually
- Moving devices to an administration group manually
- Creating device moving rules
- Copying device moving rules
- Conditions for a device moving rule
- Viewing and configuring the actions when devices show inactivity
- About device statuses
- Configuring the switching of device statuses
- Remotely connecting to the desktop of a client device
- Connecting to devices through Windows Desktop Sharing
- Device selections
- Device tags
- Device tags
- Creating a device tag
- Renaming a device tag
- Deleting a device tag
- Viewing devices to which a tag is assigned
- Viewing tags assigned to a device
- Tagging a device manually
- Removing an assigned tag from a device
- Viewing rules for tagging devices automatically
- Editing a rule for tagging devices automatically
- Creating a rule for tagging devices automatically
- Running rules for auto-tagging devices
- Deleting a rule for tagging devices automatically
- Managing device tags by using the klscflag utility
- Policies and policy profiles
- Data encryption and protection
- Users and user roles
- About user roles
- Configuring access rights to application features. Role-based access control
- Adding an account of an internal user
- Creating a security group
- Editing an account of an internal user
- Editing a security group
- Adding user accounts to an internal group
- Assigning a user as a device owner
- Deleting a user or a security group
- Creating a user role
- Editing a user role
- Editing the scope of a user role
- Deleting a user role
- Associating policy profiles with roles
- Managing objects in Kaspersky Security Center Web Console
- Adding a revision description
- Deleting an object
- Kaspersky Security Network (KSN)
- Scenario: Upgrading Kaspersky Security Center and managed security applications
- Updating Kaspersky databases and applications
- Scenario: Regular updating Kaspersky databases and applications
- About updating Kaspersky databases, software modules, and applications
- Creating the Download updates to the Administration Server repository task
- Viewing downloaded updates
- Verifying downloaded updates
- Creating the task for downloading updates to the repositories of distribution points
- Enabling and disabling automatic updating and patching for Kaspersky Security Center components
- Automatic installation of updates for Kaspersky Endpoint Security for Windows
- Approving and declining software updates
- Updating Administration Server
- Enabling and disabling the offline model of update download
- Updating Kaspersky databases and software modules on offline devices
- Backing up and restoring web plug-ins
- Adjustment of distribution points and connection gateways
- Standard configuration of distribution points: Single office
- Standard configuration of distribution points: Multiple small remote offices
- About assigning distribution points
- Assigning distribution points automatically
- Assigning distribution points manually
- Modifying the list of distribution points for an administration group
- Forced synchronization
- Enabling a push server
- Managing third-party applications on client devices
- About third-party applications
- Installing third-party software updates
- Scenario: Updating third-party software
- About third-party software updates
- Installing third-party software updates
- Creating the Find vulnerabilities and required updates task
- Find vulnerabilities and required updates task settings
- Creating the Install required updates and fix vulnerabilities task
- Adding rules for update installation
- Creating the Install Windows Update updates task
- Viewing information about available third-party software updates
- Exporting the list of available software updates to a file
- Approving and declining third-party software updates
- Creating the Perform Windows Update synchronization task
- Updating third-party applications automatically
- Fixing third-party software vulnerabilities
- Scenario: Finding and fixing third-party software vulnerabilities
- About finding and fixing software vulnerabilities
- Fixing third-party software vulnerabilities
- Creating the Fix vulnerabilities task
- Creating the Install required updates and fix vulnerabilities task
- Adding rules for update installation
- Selecting user fixes for vulnerabilities in third-party software
- Viewing information about software vulnerabilities detected on all managed devices
- Viewing information about software vulnerabilities detected on the selected managed device
- Viewing statistics of vulnerabilities on managed devices
- Exporting the list of software vulnerabilities to a file
- Ignoring software vulnerabilities
- Managing applications run on client devices
- Using Application Control to manage executable files
- Application Control modes and categories
- Obtaining and viewing a list of applications installed on client devices
- Obtaining and viewing a list of executable files stored on client devices
- Creating application category with content added manually
- Creating application category that includes executable files from selected devices
- Creating application category that includes executable files from selected folder
- Viewing the list of application categories
- Configuring Application Control in the Kaspersky Endpoint Security for Windows policy
- Adding event-related executable files to the application category
- Creating an installation package of a third-party application from the Kaspersky database
- Viewing and modifying the settings of an installation package of a third-party application from the Kaspersky database
- Settings of an installation package of a third-party application from the Kaspersky database
- Application tags
- Monitoring and reporting
- Scenario: Monitoring and reporting
- About types of monitoring and reporting
- Dashboard and widgets
- Reports
- Events and event selections
- Using event selections
- Creating an event selection
- Editing an event selection
- Viewing a list of an event selection
- Viewing details of an event
- Exporting events to a file
- Viewing an object history from an event
- Deleting events
- Deleting event selections
- Setting the storage term for an event
- Event types
- Blocking frequent events
- Receiving events from Kaspersky Security for Microsoft Exchange Servers
- Notifications and device statuses
- Kaspersky announcements
- Viewing information about the detects of threats
- Downloading and deleting files from Quarantine and Backup
- Kaspersky Security Center Web Console activity logging
- Integration between Kaspersky Security Center and other solutions
- Configuring access to KATA/KEDR Web Console
- Establishing a background connection
- Exporting events to SIEM systems
- Scenario: Configuring event export to SIEM systems
- Before you begin
- About events in Kaspersky Security Center
- About event export
- About configuring event export in a SIEM system
- Marking of events for export to SIEM systems in Syslog format
- About exporting events using CEF and LEEF formats
- About exporting events using Syslog format
- Configuring Kaspersky Security Center for export of events to a SIEM system
- Exporting events directly from the database
- Viewing export results
- Working with Kaspersky Security Center Web Console in a cloud environment
- Cloud Environment Configuration Wizard in Kaspersky Security Center Web Console
- Step 1. Licensing the application
- Step 2. Selecting the cloud environment and authorization
- Step 3. Segment polling, configuring synchronization with Cloud and choosing further actions
- Step 4. Configuring Kaspersky Security Network for Kaspersky Security Center
- Step 5. Creating an initial configuration of protection
- Network segment polling via Kaspersky Security Center Web Console
- Adding connections for cloud segment polling
- Deleting a connection for cloud segment polling
- Configuring the polling schedule via Kaspersky Security Center Web Console
- Viewing the results of cloud segment polling via Kaspersky Security Center Web Console
- Viewing the properties of cloud devices via Kaspersky Security Center Web Console
- Synchronization with Cloud: Configuring the moving rule
- Creating Backup of the Administration Server data task by using a cloud DBMS
- Cloud Environment Configuration Wizard in Kaspersky Security Center Web Console
- Remote diagnostics of client devices
- Opening the remote diagnostics window
- Enabling and disabling tracing for applications
- Downloading trace files of an application
- Deleting trace files
- Downloading application settings
- Downloading event logs
- Starting, stopping, restarting the application
- Running the remote diagnostics of Kaspersky Security Center Network Agent and downloading the results
- Running an application on a client device
- Generating a dump file for an application
- Changing the language of the Kaspersky Security Center Web Console interface
- API Reference Guide
- Best Practices for Service Providers
- Planning Kaspersky Security Center deployment
- Deployment and initial setup
- Recommendations on Administration Server installation
- Configuring protection on a client organization's network
- Manual setup of Kaspersky Endpoint Security policy
- Manual setup of the group update task for Kaspersky Endpoint Security
- Manual setup of the group task for scanning a device with Kaspersky Endpoint Security
- Scheduling the Find vulnerabilities and required updates task
- Manual setup of the group task for updates installation and vulnerabilities fix
- Building a structure of administration groups and assigning distribution points
- Hierarchy of policies, using policy profiles
- Tasks
- Device moving rules
- Software categorization
- About multi-tenant applications
- Backup and restoration of Administration Server settings
- Deploying Network Agent and the security application
- Initial deployment
- Configuring installers
- Installation packages
- MSI properties and transform files
- Deployment with third-party tools for remote installation of applications
- General information about the remote installation tasks in Kaspersky Security Center
- Deployment using group policies of Microsoft Windows
- Forced deployment through the remote installation task of Kaspersky Security Center
- Running stand-alone packages created by Kaspersky Security Center
- Options for manual installation of applications
- Creating an MST file
- Remote installation of applications on devices with Network Agent installed
- Managing device restarts in the remote installation task
- Suitability of databases updating in an installation package of an anti-virus application
- Removing incompatible third-party security applications
- Removing password-protected Network Agent using the command prompt
- Using tools for remote installation of applications in Kaspersky Security Center for running relevant executable files on managed devices
- Monitoring the deployment
- Configuring installers
- Virtual infrastructure
- Support of file system rollback for devices with Network Agent
- Initial deployment
- About connection profiles for out-of-office users
- Deploying the Mobile Device Management feature
- Other routine work
- Sizing Guide
- About this Guide
- Information about limitations of Kaspersky Security Center
- Calculations for Administration Servers
- Calculations for distribution points and connection gateways
- Logging of information about events for tasks and policies
- Specific considerations and optimal settings of certain tasks
- Details of network load spread among Administration Server and protected devices
- Contact Technical Support
- Sources of information about the application
- Glossary
- Active key
- Additional (or reserve) license key
- Administration Console
- Administration group
- Administration Server
- Administration Server certificate
- Administration Server client (Client device)
- Administration Server data backup
- Administrator rights
- Administrator's workstation
- Amazon EC2 instance
- Amazon Machine Image (AMI)
- Android device
- Anti-virus databases
- Anti-virus protection service provider
- Application Shop
- Authentication Agent
- Available update
- AWS Application Program Interface (AWS API)
- AWS IAM access key
- AWS Management Console
- Backup folder
- Broadcast domain
- Centralized application management
- Client administrator
- Cloud environment
- Configuration profile
- Connection gateway
- Demilitarized zone (DMZ)
- Device owner
- Direct application management
- Distribution point
- EAS device
- Event repository
- Event severity
- Exchange Mobile Device Server
- Forced installation
- Group task
- Home Administration Server
- HTTPS
- IAM role
- IAM user
- Identity and Access Management (IAM)
- Incompatible application
- Installation package
- Internal users
- iOS MDM device
- iOS MDM profile
- iOS MDM Server
- JavaScript
- Kaspersky Private Security Network (KPSN)
- Kaspersky Security Center Administrator
- Kaspersky Security Center Operator
- Kaspersky Security Center System Health Validator (SHV)
- Kaspersky Security Center Web Server
- Kaspersky Security Network (KSN)
- Kaspersky update servers
- KES device
- Key file
- License term
- Licensed applications group
- Local installation
- Local task
- Managed devices
- Management plug-in
- Manual installation
- MITM attack
- Mobile Device Server
- Network Agent
- Network anti-virus protection
- Network protection status
- Patch importance level
- Policy
- Profile
- Program settings
- Protection status
- Provisioning profile
- Remote installation
- Restoration
- Restoration of Administration Server data
- Role group
- Service provider's administrator
- Shared certificate
- SSL
- Task
- Task for specific devices
- Task settings
- UEFI protection device
- Update
- Virtual Administration Server
- Virus activity threshold
- Virus outbreak
- Vulnerability
- Windows Server Update Services (WSUS)
- Information about third-party code
- Trademark notices
- Known issues
Network Agent policy settings
To configure the Network Agent policy:
- In the main menu, go to DEVICES → POLICIES & PROFILES.
- Click the name of the Network Agent policy.
The properties window of the Network Agent policy opens.
General
On this tab, you can modify the policy status and specify the inheritance of policy settings:
- Under Policy status, you can select one of the policy modes:
- In the Settings inheritance settings group, you can configure the policy inheritance:
- Inherit settings from parent policy
If this option is enabled, the policy setting values are inherited from the upper-level group policy and, therefore, are locked.
By default, this option is enabled.
- Force inheritance of settings in child policies
If this option is enabled, after policy changes are applied, the following actions will be performed:
- The values of the policy settings will be propagated to the policies of administration subgroups, that is, to the child policies.
- In the Settings inheritance block of the General section in the properties window of each child policy, the Inherit settings from parent policy option will be automatically enabled.
If this option is enabled, the child policies settings are locked.
By default, this option is disabled.
- Inherit settings from parent policy
Event configuration
On this tab, you can configure event logging and event notification. Events are distributed according to importance level in the following sections on the Event configuration tab:
- Functional failure
- Warning
- Info
In each section, the event type list shows the types of events and the default event storage term on the Administration Server (in days). After you click the event type, you can specify the settings of event logging and notifications about events selected in the list. By default, common notification settings specified for the entire Administration Server are used for all event types. However, you can change specific settings for required event types.
For example, in the Warning section, you can configure the Incident has occurred event type. Such events may happen, for instance, when the free disk space of a distribution point is less than 2 GB (at least 4 GB are required to install applications and download updates remotely). To configure the Incident has occurred event, click it and specify where to store the occurred events and how to notify about them.
If Network Agent detected an incident, you can manage this incident by using the settings of a managed device.
Application settings
Settings
In the Settings section, you can configure the Network Agent policy:
- Distribute files through distribution points only
If this option is enabled, Network Agents on managed devices retrieve updates from distribution points only.
If this option is disabled, Network Agents on managed devices retrieve updates from distribution points or from Administration Server.
Note that the security applications on managed devices retrieve updates from the source set in the update task for each security application. If you enable the Distribute files through distribution points only option, make sure that Kaspersky Security Center is set as an update source in the update tasks.
By default, this option is disabled.
- Maximum size of event queue, in MB
In this field you can specify the maximum space on the drive that an event queue can occupy.
The default value is 2 megabytes (MB).
- Application is allowed to retrieve policy's extended data on device
Network Agent installed on a managed device transfers information about the applied security application policy to the security application (for example, Kaspersky Endpoint Security for Windows). You can view the transferred information in the security application interface.
Network Agent transfers the following information:
- Time of the policy delivery to the managed device
- Name of the active or out-of-office policy at the moment of the policy delivery to the managed device
- Name and full path to the administration group that contained the managed device at the moment of the policy delivery to the managed device
- List of active policy profiles
You can use the information to ensure the correct policy is applied to the device and for troubleshooting purposes. By default, this option is disabled.
- Protect the Network Agent service against unauthorized removal or termination, and prevent changes to the settings
When this option is enabled, after Network Agent is installed on a managed device, the component cannot be removed or reconfigured without required privileges. The Network Agent service cannot be stopped. This option has no effect on domain controllers.
Enable this option to protect Network Agent on workstations operated with local administrator rights.
By default, this option is disabled.
- Use uninstallation password
If this option is enabled, by clicking the Modify button you can specify the password for the klmover utility and Network Agent remote uninstallation.
By default, this option is disabled.
Repositories
In the Repositories section, you can select the types of objects whose details will be sent from Network Agent to Administration Server. If modification of some settings in this section is prohibited by the Network Agent policy, you cannot modify these settings.
- Details of installed applications
If this option is enabled, information about applications installed on client devices is sent to the Administration Server.
By default, this option is enabled.
- Include information about patches
Information about patches of applications installed on client devices is sent to the Administration Server. Enabling this option may increase the load on the Administration Server and DBMS, as well as cause increased volume of the database.
By default, this option is enabled. It is available only for Windows.
- Details of Windows Update updates
If this option is enabled, information about Microsoft Windows Update updates that must be installed on client devices is sent to the Administration Server.
Sometimes, even if the option is disabled, updates are displayed in the device properties in the Available updates section. This might happen if, for example, the devices of the organization had vulnerabilities that could be fixed by these updates.
By default, this option is enabled. It is available only for Windows.
- Details of software vulnerabilities and corresponding updates
If this option is enabled, information about vulnerabilities in third-party software (including Microsoft software), detected on managed devices, and about software updates to fix third-party vulnerabilities (not including Microsoft software) is sent to the Administration Server.
Selecting this option (Details of software vulnerabilities and corresponding updates) increases the network load, Administration Server disk load, and Network Agent resource consumption.
By default, this option is enabled. It is available only for Windows.
To manage software updates of Microsoft software, use the Details of Windows Update updates option.
- Hardware registry details
Network Agent installed on a device sends information about the device hardware to the Administration Server. You can view the hardware details in the device properties.
Ensure that the lshw utility is installed on Linux devices from which you want to fetch hardware details. Hardware details fetched from virtual machines may be incomplete depending on the hypervisor used.
Software updates and vulnerabilities
In the Software updates and vulnerabilities section, you can configure search and distribution of Windows updates, as well as enable scanning of executable files for vulnerabilities:
- Use Administration Server as a WSUS server
If this option is enabled, Windows updates are downloaded to the Administration Server. The Administration Server provides downloaded updates to Windows Update on client devices in centralized mode through Network Agents.
If this option is disabled, the Administration Server is not used for downloading Windows updates. In this case, client devices receive Windows updates on their own.
By default, this option is disabled.
- You can limit Windows updates that users can install on their devices manually by using Windows Update.
On devices running Windows 10, if Windows Update has already found updates for the device, the new option that you select under Allow users to manage installation of Windows Update updates will be applied only after the updates found are installed.
Select an item in the drop-down list:
- Allow users to install all applicable Windows Update updates
Users can install all of the Microsoft Windows Update updates that are applicable to their devices.
Select this option if you do not want to interfere in the installation of updates.
When the user installs Microsoft Windows Update updates manually, the updates may be downloaded from Microsoft servers rather than from Administration Server. This is possible if Administration Server has not yet downloaded these updates. Downloading updates from Microsoft servers results in extra traffic.
- Allow users to install only approved Windows Update updates
Users can install all of the Microsoft Windows Update updates that are applicable to their devices and that are approved by you.
For example, you may want to first check the installation of updates in a test environment and make sure that they do not interfere with the operation of devices, and only then allow the installation of these approved updates on client devices.
When the user installs Microsoft Windows Update updates manually, the updates may be downloaded from Microsoft servers rather than from Administration Server. This is possible if Administration Server has not yet downloaded these updates. Downloading updates from Microsoft servers results in extra traffic.
- Do not allow users to install Windows Update updates
Users cannot install Microsoft Windows Update updates on their devices manually. All of the applicable updates are installed as configured by you.
Select this option if you want to manage the installation of updates centrally.
For example, you may want to optimize the update schedule so that the network does not become overloaded. You can schedule after-hours updates, so that they do not interfere with user productivity.
- Allow users to install all applicable Windows Update updates
- In the Windows Update search mode settings group, you can select the update search mode:
- Active
If this option is selected, Administration Server with support from Network Agent initiates a request from Windows Update Agent on the client device to the update source: Windows Update Servers or WSUS. Next, Network Agent passes information received from Windows Update Agent to Administration Server.
The option takes effect only if Connect to the update server to update data option of the Find vulnerabilities and required updates task is selected.
By default, this option is selected.
- Passive
If you select this option, Network Agent periodically passes Administration Server information about updates retrieved at the last synchronization of Windows Update Agent with the update source. If no synchronization of Windows Update Agent with an update source is performed, information about updates on Administration Server becomes out-of-date.
Select this option if you want to get updates from the memory cache of the update source.
- Disabled
If this option is selected, Administration Server does not request any information about updates.
Select this option if, for example, you want to test the updates on your local device first.
- Active
- Scan executable files for vulnerabilities when running them
If this option is enabled, executable files are scanned for vulnerabilities when they are run.
By default, this option is enabled.
Restart management
In the Restart management section, you can specify the action to be performed if the operating system of a managed device has to be restarted for correct use, installation, or uninstallation of an application:
- Do not restart the operating system
Client devices are not restarted automatically after the operation. To complete the operation, you must restart a device (for example, manually or through a device management task). Information about the required restart is saved in the task results and in the device status. This option is suitable for tasks on servers and other devices where continuous operation is critical.
- Restart the operating system automatically if necessary
Client devices are always restarted automatically if a restart is required for completion of the operation. This option is useful for tasks on devices that provide for regular pauses in their operation (shutdown or restart).
- Prompt user for action
The restart reminder is displayed on the screen of the client device, prompting the user to restart it manually. Some advanced settings can be defined for this option: text of the message for the user, the message display frequency, and the time interval after which a restart will be forced (without the user's confirmation). This option is most suitable for workstations where users must be able to select the most convenient time for a restart.
By default, this option is selected.
- Repeat the prompt every (min)
If this option is enabled, the application prompts the user to restart the operating system with the specified frequency.
By default, this option is enabled. The default interval is 5 minutes. Available values are between 1 and 1440 minutes.
If this option is disabled, the prompt is displayed only once.
- Force restart after (min)
After prompting the user, the application forces restart of the operating system upon expiration of the specified time interval.
By default, this option is enabled. The default delay is 30 minutes. Available values are between 1 and 1440 minutes.
- Force closure of applications in blocked sessions
Running applications may prevent a restart of the client device. For example, if a document is being edited in a word processing application and is not saved, the application does not allow the device to restart.
If this option is enabled, such applications on a locked device are forced to close before the device restart. As a result, users may lose their unsaved changes.
If this option is disabled, a locked device is not restarted. The task status on this device states that a device restart is required. Users have to manually close all applications running on locked devices and restart these devices.
By default, this option is disabled.
- Repeat the prompt every (min)
Windows Desktop Sharing
In the Windows Desktop Sharing section, you can enable and configure the audit of the administrator's actions performed on a remote device when desktop access is shared:
- Enable audit
If this option is enabled, audit of the administrator's actions is enabled on the remote device. Records of the administrator's actions on the remote device are logged:
- In the event log on the remote device
- In a file with the syslog extension located in the Network Agent installation folder on the remote device
- In the event database of Kaspersky Security Center
Audit of the administrator's actions is available when the following conditions are met:
- The Vulnerability and Patch Management license is in use
- The administrator has the right to start shared access to the desktop of the remote device
If this option is disabled, the audit of the administrator's actions is disabled on the remote device.
By default, this option is disabled.
- Masks of files to monitor when read
The list contains file masks. When the audit is enabled, the application monitors the administrator's reading files that match the masks and saves information about files read. The list is available if the Enable audit check box is selected. You can edit file masks and add new ones to the list. Each new file mask should be specified in the list on a new line.
By default, the following file masks are specified:*.txt, *.rtf, *.doc, *.xls, *.docx, *.xlsx, *.odt, *.pdf.
- Masks of files to monitor when modified
The list contains masks of files on the remote device. When audit is enabled, the application monitors changes made by the administrator in files that match masks, and saves information about those modifications. The list is available if the Enable audit check box is selected. You can edit file masks and add new ones to the list. Each new file mask should be specified in the list on a new line.
By default, the following file masks are specified:*.txt, *.rtf, *.doc, *.xls, *.docx, *.xlsx, *.odt, *.pdf.
Manage patches and updates
In the Manage patches and updates section, you can configure download and distribution of updates, as well as installation of patches, on managed devices:
- Automatically install applicable updates and patches for components that have the Undefined status
If this option is enabled, Kaspersky patches that have the Undefined approval status are automatically installed on managed devices immediately after they are downloaded from update servers.
If this option is disabled, Kaspersky patches that have been downloaded and tagged with the Undefined status will be installed only after you change their status to Approved.
By default, this option is enabled.
- Download updates and anti-virus databases from Administration Server in advance (recommended)
If this option is enabled, the offline model of update download is used. When the Administration Server receives updates, it notifies Network Agent (on devices where it is installed) of the updates that will be required for managed applications. When Network Agent receives information about these updates, it downloads the relevant files from the Administration Server in advance. At the first connection with Network Agent, the Administration Server initiates an update download. After Network Agent downloads all the updates to a client device, the updates become available for applications on that device.
When a managed application on a client device attempts to access Network Agent for updates, Network Agent checks whether it has all required updates. If the updates are received from the Administration Server not more than 25 hours before they were requested by the managed application, Network Agent does not connect to the Administration Server but supplies the managed application with updates from the local cache instead. Connection with the Administration Server may not be established when Network Agent provides updates to applications on client devices, but connection is not required for updating.
If this option is disabled, the offline model of update download is not used. Updates are distributed according to the schedule of the update download task.
By default, this option is enabled.
Connectivity
The Connectivity section includes three subsections:
- Network
- Connection profiles
- Connection schedule
In the Network subsection, you can configure the connection to Administration Server, enable the use of a UDP port, and specify the UDP port number.
- In the Connect to Administration Server settings group, you can configure connection to the Administration Server and specify the time interval for synchronization between client devices and the Administration Server:
- Synchronization interval (min)
Network Agent synchronizes the managed device with the Administration Server. We recommend that you set the synchronization interval (also referred to as the heartbeat) to 15 minutes per 10,000 managed devices.
If the synchronization interval is set to less than 15 minutes, synchronization is performed every 15 minutes. If synchronization interval is set to 15 minutes or more, synchronization is performed at the specified synchronization interval.
- Compress network traffic
If this option is enabled, the speed of data transfer by Network Agent is increased by means of a decrease in the amount of information being transferred and a consequent decreased load on the Administration Server.
The workload on the CPU of the client computer may increase.
By default, this check box is enabled.
- Open Network Agent ports in Microsoft Windows Firewall
If this option is enabled, the ports, necessary for the work of Network Agent and Administration Server, are added to the Microsoft Windows Firewall exclusion list.
By default, this option is enabled.
- Use SSL connection
If this option is enabled, connection to the Administration Server is established through a secure port via SSL.
By default, this option is enabled.
- Use connection gateway on distribution point (if available) under default connection settings
If this option is enabled, the connection gateway on the distribution point is used under the settings specified in the administration group properties.
By default, this option is enabled.
- Synchronization interval (min)
- Use UDP port
If you need Network Agent to connect to Administration Server through a UDP port, enable the Use UDP port option and specify a UDP port number. By default, this option is enabled. The default UDP port to connect to Administration Server is 15000.
- UDP port number
In this field you can enter the UDP port number. The default port number is 15000.
The decimal system is used for records.
If the client device runs Windows XP Service Pack 2, the integrated firewall blocks UDP port 15000. This port should be opened manually.
- Use distribution point to force connection to Administration Server
Select this option if you selected the Use this distribution point as a push server option in the distribution point settings window. Otherwise, the distribution point will not act as a push server.
In the Connection profiles subsection, you can specify the network location settings and enable out-of-office mode when Administration Server is not available:
- Network location settings
Network location settings define the characteristics of the network to which the client device is connected and specify rules for Network Agent switching from one Administration Server connection profile to another when those network characteristics are altered.
- Administration Server connection profiles
In this section, you can view and add profiles for Network Agent connection to the Administration Server. In this section, you can also create rules for switching Network Agent to different Administration Servers when the following events occur:
- When the client device connects to a different local network
- When the device loses connection with the local network of the organization
- When the connection gateway address is changed or the DNS server address is modified
Connection profiles are supported only for devices running Windows and macOS.
- Enable out-of-office mode when Administration Server is not available
If this option is enabled, in case of connection through this profile, applications installed on the client device use policy profiles for devices in out-of-office mode, as well as out-of-office policies. If no out-of-office policy has been defined for the application, the active policy will be used.
If this option is disabled, applications will use active policies.
By default, this option is disabled.
In the Connection schedule subsection, you can specify the time intervals during which Network Agent sends data to the Administration Server:
- Connect when necessary
If this option is selected, the connection is established when Network Agent has to send data to the Administration Server.
By default, this option is selected.
- Connect at specified time intervals
If this option is selected, Network Agent connects to the Administration Server at a specified time. You can add several connection time periods.
Network polling by distribution points
In the Network polling by distribution points section, you can configure automatic polling of the network. You can use the following options to enable the polling and set its frequency:
- Windows network
If the option is enabled, the Administration Server automatically polls the network according to the schedule that you configured by clicking the Set quick polling schedule and Set full polling schedule links.
If this option is disabled, the Administration Server polls the network with the interval specified in the Frequency of network polls (min) field.
The device discovery interval for Network Agent versions prior to 10.2 can be configured in the Frequency of polls from Windows domains (min) (for quick Windows network poll) and Frequency of network polls (min) (for full Windows network poll) fields.
By default, this option is disabled.
- Zeroconf
If this option is enabled, the distribution point automatically polls the network with IPv6 devices by using zero-configuration networking (also referred to as Zeroconf). In this case, the enabled IP range polling is ignored, because the distribution point polls the whole network.
To start to use Zeroconf, the following conditions must be fulfilled:
- The distribution point must run Linux.
- You must install the avahi-browse utility on the distribution point.
If this option is disabled, the distribution point does not poll networks with IPv6 devices.
By default, this option is disabled.
- IP ranges
If the option is enabled, the distribution point automatically polls IP ranges according to the schedule that you configured by clicking the Set polling schedule button.
If this option is disabled, the distribution point does not poll IP ranges.
The frequency of IP range polling for Network Agent versions prior to 10.2 can be configured in the Poll interval (min) field. The field is available if the option is enabled.
By default, this option is disabled.
- Active Directory
If the option is enabled, the distribution point automatically polls Active Directory according to the schedule that you configured by clicking the Set polling schedule link.
If this option is disabled, the Administration Server does not poll Active Directory.
The frequency of Active Directory polling for Network Agent versions prior to 10.2 can be configured in the Poll interval (min) field. The field is available if this option is enabled.
By default, this option is disabled.
Network settings for distribution points
In the Network settings for distribution points section, you can specify the internet access settings:
- Use proxy server
- Address
- Port number
- Bypass proxy server for local addresses
If this option is enabled, no proxy server is used to connect to devices on the local network.
By default, this option is disabled.
- Proxy server authentication
If this check box is selected, in the entry fields you can specify the credentials for proxy server authentication.
By default, this check box is cleared.
- User name
- Password
KSN Proxy (distribution points)
In the KSN Proxy (distribution points) section, you can configure the application to use the distribution point to forward KSN requests from the managed devices:
- Enable KSN Proxy on distribution point side
The KSN proxy service is run on the device that is used as a distribution point. Use this feature to redistribute and optimize traffic on the network.
The distribution point sends the KSN statistics, which are listed in the Kaspersky Security Network statement, to Kaspersky. By default, the KSN statement is located in %ProgramFiles%\Kaspersky Lab\Kaspersky Security Center\ksneula.
By default, this option is disabled. Enabling this option takes effect only if the Use Administration Server as a proxy server and I agree to use Kaspersky Security Network options are enabled in the Administration Server properties window.
You can assign a node of an active-passive cluster to a distribution point and enable KSN proxy server on this node.
- Forward KSN requests to Administration Server
The distribution point forwards KSN requests from the managed devices to the Administration Server.
By default, this option is enabled.
- Access KSN Cloud/Private KSN directly over the internet
The distribution point forwards KSN requests from managed devices to the KSN Cloud or Private KSN. The KSN requests generated on the distribution point itself are also sent directly to the KSN Cloud or Private KSN.
The distribution points that have Network Agent version 11 (or earlier) installed cannot access Private KSN directly. If you want to reconfigure the distribution points to send KSN requests to Private KSN, enable the Forward KSN requests to Administration Server option for each distribution point.
The distribution points that have Network Agent version 12 (or later) installed can access Private KSN directly.
- Port
The number of the TCP port that the managed devices will use to connect to KSN proxy server. The default port number is 13111.
- UDP port
If you need Network Agent to connect to Administration Server through a UDP port, enable the Use UDP port option and specify a UDP port number. By default, this option is enabled. The default UDP port to connect to Administration Server is 15000.
Updates (distribution points)
In the Updates (distribution points) section, you can enable the downloading diff files feature, so distribution points take updates in the form of diff files from Kaspersky update servers.
Revision history
On this tab, you can view the list of the policy revisions and roll back changes made to the policy, if necessary.
Feature comparison by the Network Agent operating systems
The table below shows which Network Agent policy settings you can use to configure Network Agent with a specific operating system.
Network Agent policy settings: comparison by operating systems
Policy section |
Windows |
Mac |
Linux |
---|---|---|---|
General |
|||
Event configuration |
|||
Settings |
Only the Maximum size of event queue, in MB and Application is allowed to retrieve policy's extended data on device options are available. |
||
Repositories |
Only the Details of installed applications and Hardware registry details options are available. |
||
Software updates and vulnerabilities |
|||
Restart management |
|||
Windows Desktop Sharing |
|||
Manage patches and updates |
|||
Network → Connectivity |
Except the Open Network Agent ports in Microsoft Windows Firewall option. |
||
Network → Connection profiles |
|||
Network → Connection schedule |
|||
Network polling by distribution points |
Only the Windows network, IP ranges, and Active Directory options are available. |
Only the Zeroconf and IP ranges options are available. |
|
Network settings for distribution points |
|||
KSN Proxy (distribution points) |
|||
Updates (distribution points) |
|||
Revision history |
See also: Scenario: Kaspersky applications deployment through Kaspersky Security Center Web Console |