If this option is selected, Network Agent will be installed in the <Drive>:\Program Files\Kaspersky Lab\NetworkAgent folder. If this folder does not exist, it will be created automatically.
When this option is enabled, after Network Agent is installed on a managed device, the component cannot be removed or reconfigured without required privileges. The Network Agent service cannot be stopped. This option has no effect on domain controllers.
Enable this option to protect Network Agent on workstations operated with local administrator rights.
If this option is enabled, all downloaded updates and patches for Administration Server, Network Agent, Kaspersky Security Center Web Console, and iOS MDM Server will be installed automatically.
If this option is disabled, all downloaded updates and patches will only be installed after you change their status to Approved. Updates and patches with Undefined status will not be installed.
By default, this option is enabled.
Connection section
In this section, you can configure connection of Network Agent to the Administration Server. To establish a connection, you can use the SSL or UDP protocol. For configuring the connection, specify the following settings:
If this option is enabled, authentication of Network Agent access to the Administration Server will use the certificate file that you can specify by clicking the Select certificate file button.
If this option is disabled, the certificate file will be received from the Administration Server at the first connection of Network Agent to the address specified in the Administration Server address field.
We do not recommend to disable this option, because automatic receipt of an Administration Server certificate by Network Agent upon connection to the Administration Server is considered insecure.
If this option is enabled, the Network Agent is connected to Administration Server through a UDP port. This allows to manage client devices and receive information about them.
The UDP port must be open on managed devices where Network Agent is installed. Therefore, we recommend that you do not disable this option.
If this option is enabled, specify the proxy server parameters:
Proxy server address
Proxy server port
If your proxy server requires authentication, enable the Proxy server authentication option and specify the User name and Password of the account under which connection to the proxy server is established. We recommend that you specify the credentials of an account that has minimum privileges required only for the proxy server authentication.
If this option is enabled, Network Agent is used as a connection gateway in the demilitarized zone (DMZ) to connect to Administration Server, communicate with it, and keep data on the Network Agent safe during data transmission.
If this option is enabled, connection to Administration Server is established by using a connection gateway to reduce the number of connections to the Administration Server. In this case, enter the address of the device that will act as the connection gateway in the Connection gateway address field.
In the Virtual machine group of settings, you can configure the connection for Virtual Desktop Infrastructure (VDI) if your network includes virtual machines:
The Tags section displays a list of keywords (tags) that can be added to client devices after Network Agent installation. You can add and remove tags from the list, as well as rename them.
If the check box is selected next to a tag, this tag is automatically added to managed devices during Network Agent installation.
If the check box is cleared next to a tag, the tag will not automatically be added to managed devices during Network Agent installation. You can manually add this tag to devices.
When removing a tag from the list, it is automatically removed from all devices to which it was added.
Automatic tagging rules are not applicable to Network Agent installation packages intended for devices running Linux and macOS.
Stand-alone packages tab
On this tab, you can do the following:
View the list of available stand-alone installation packages.
Publish a stand-alone installation package on the Web Server by clicking the Publish button. Published stand-alone installation package is available for downloading for users whom you sent the link to the stand-alone installation package.
Cancel publication of a stand-alone installation package on the Web Server by clicking the Unpublish button. Unpublished stand-alone installation package is available for downloading only for you and other administrators.
Download a stand-alone installation package to your device by clicking the Download button.
Send email with the link to a stand-alone installation package by clicking the Send by email button.
Remove a stand-alone installation package by clicking the Remove button.
Revision history tab
On this tab, you can view the history of the installation package revisions. You can compare revisions, view revisions, save revisions to a file, and add and edit revision descriptions.