Network Agent installation package settings

Expand all | Collapse all

To configure a Network Agent installation package:

Do one of the following:
- In the main menu, go to Discovery & deployment → Deployment & assignment → Installation packages.
- In the main menu, go to Operations → Repositories → Installation packages.
A list of installation packages available on the Administration Server is displayed.
Click the name of the Network Agent installation package.

The Network Agent installation package properties window opens.

The settings of a Network Agent installation package are grouped on the following tabs:

General tab
This tab displays the following information about the installation package:
- Installation package name
- Name and version of the application for which the installation package has been created
- Installation package size
- Installation package creation date
- Path to the installation package folder
Settings tab
This tab presents the settings required to ensure proper functioning of Network Agent immediately after it is installed.
- Settings section
  - Install in default folder
    If this option is selected, Network Agent will be installed in the <Drive>:\Program Files\Kaspersky Lab\NetworkAgent folder. If this folder does not exist, it will be created automatically.
    
    By default, this option is selected.
  - Install in specified folder
    If this option is selected, Network Agent will be installed in the folder specified in the entry field.
  - Use uninstallation password
    If this option is enabled, you can enter the uninstall password (only available for Network Agent on devices running Windows operating systems).
    
    By default, this option is disabled.
  - Protect Network Agent service against unauthorized removal or termination, and prevent changes to the settings
    When this option is enabled, after Network Agent is installed on a managed device, the component cannot be removed or reconfigured without required privileges. The Network Agent service cannot be stopped. This option has no effect on domain controllers.
    
    Enable this option to protect Network Agent on workstations operated with local administrator rights.
    
    By default, this option is disabled.
  - Automatically install applicable updates and patches for components that have the Undefined status
    If this option is enabled, all downloaded updates and patches for Administration Server, Network Agent, Kaspersky Security Center Web Console, and iOS MDM Server will be installed automatically.
    
    If this option is disabled, all downloaded updates and patches will only be installed after you change their status to Approved. Updates and patches with Undefined status will not be installed.
    
    By default, this option is enabled.
- Connection section
  In this section, you can configure connection of Network Agent to the Administration Server. To establish a connection, you can use the SSL or UDP protocol. For configuring the connection, specify the following settings:
  - Administration Server address
    Address of the device with Administration Server installed.
  - Port number
    Port number that is used for connection.
  - SSL port
    Port number that is used for connection over the SSL protocol.
  - Use Server certificate
    If this option is enabled, authentication of Network Agent access to the Administration Server will use the certificate file that you can specify by clicking the Select certificate file button.
    
    If this option is disabled, the certificate file will be received from the Administration Server at the first connection of Network Agent to the address specified in the Administration Server address field.
    
    We do not recommend to disable this option, because automatic receipt of an Administration Server certificate by Network Agent upon connection to the Administration Server is considered insecure.
    
    By default, this option is disabled.
  - Use SSL connection
    If this option is enabled, connection to the Administration Server is established through a secure port via SSL.
    
    By default, this option is disabled. We recommend that you do not disable this option so your connection remains secured.
  - Use UDP port
    If this option is enabled, the Network Agent is connected to Administration Server through a UDP port. This allows to manage client devices and receive information about them.
    
    The UDP port must be open on managed devices where Network Agent is installed. Therefore, we recommend that you do not disable this option.
    
    By default, this option is enabled.
  - UDP port
    In this field you can specify the port to connect Administration Server to Network Agent using UDP protocol.
    
    The default UDP port is 15000.
  - Do not use proxy server
    If this option is enabled, direct connection is used to connect the device to the Administration server.
  - Use proxy server
    If this option is enabled, specify the proxy server parameters:
    - Proxy server address
    - Proxy server port
    If your proxy server requires authentication, enable the Proxy server authentication option and specify the User name and Password of the account under which connection to the proxy server is established. We recommend that you specify the credentials of an account that has minimum privileges required only for the proxy server authentication.
  - Open Network Agent ports in Microsoft Windows Firewall
    If this option is enabled, the ports used by Network Agent are added to the Microsoft Windows Firewall exclusion list.
    
    By default, this option is enabled.
    
    This option is available only for Network Agent installation packages intended for devices running Windows.
- Advanced section
  In this section, you can configure how to use the connection gateway.
  
  In the Connection gateway group of settings, you can configure the connection method between a device and Administration Server:
  - Use Network Agent as a connection gateway in DMZ
    If this option is enabled, Network Agent is used as a connection gateway in the demilitarized zone (DMZ) to connect to Administration Server, communicate with it, and keep data on the Network Agent safe during data transmission.
  - Connect to Administration Server by using a connection gateway
    If this option is enabled, connection to Administration Server is established by using a connection gateway to reduce the number of connections to the Administration Server. In this case, enter the address of the device that will act as the connection gateway in the Connection gateway address field.
  In the Virtual machine group of settings, you can configure the connection for Virtual Desktop Infrastructure (VDI) if your network includes virtual machines:
  - Enable dynamic mode for VDI
    If this option is enabled, dynamic mode for Virtual Desktop Infrastructure (VDI) will be enabled for Network Agent installed on a virtual machine.
    
    By default, this option is disabled.
  - Optimize settings for VM
    If this option is enabled, the following features are disabled in the Network Agent settings:
    - Retrieving information about software installed
    - Retrieving information about hardware
    - Retrieving information about vulnerabilities detected
    - Retrieving information about updates required
    By default, this option is disabled.
  If you want to automatically prompt users to register as device owners after installing Network Agent on Linux devices, enable the Allow running the user registration utility after Network Agent installation option.
  
  If this option is enabled, the user registration as a device owner utility will run after Network Agent installation. By default, this option is disabled.
- Tags section
  The Tags section displays a list of keywords (tags) that can be added to client devices after Network Agent installation. You can add and remove tags from the list, as well as rename them.
  
  If the check box is selected next to a tag, this tag is automatically added to managed devices during Network Agent installation.
  
  If the check box is cleared next to a tag, the tag will not automatically be added to managed devices during Network Agent installation. You can manually add this tag to devices.
  
  When removing a tag from the list, it is automatically removed from all devices to which it was added.
  
  Automatic tagging rules are not applicable to Network Agent installation packages intended for devices running Linux and macOS.
Stand-alone packages tab
On this tab, you can do the following:
- View the list of available stand-alone installation packages.
- Publish a stand-alone installation package on the Web Server by clicking the Publish button. Published stand-alone installation package is available for downloading for users whom you sent the link to the stand-alone installation package.
- Cancel publication of a stand-alone installation package on the Web Server by clicking the Unpublish button. Unpublished stand-alone installation package is available for downloading only for you and other administrators.
- Download a stand-alone installation package to your device by clicking the Download button.
- Send email with the link to a stand-alone installation package by clicking the Send by email button.
- Remove a stand-alone installation package by clicking the Remove button.
Revision history tab
On this tab, you can view the history of the installation package revisions. You can compare revisions, view revisions, save revisions to a file, and add and edit revision descriptions.

Page top