Network Agent policy settings

Expand all | Collapse all

To configure the Network Agent policy:

  1. In the main menu, go to Assets (Devices)Policies & profiles.
  2. Click the name of the Network Agent policy.

    The properties window of the Network Agent policy opens. The properties window contains the tabs and settings described below.

Consider that for Linux and Windows-based devices, various settings are available.

General

On this tab, you can modify the policy name, policy status, and specify the inheritance of policy settings:

Event configuration

On this tab, you can configure event logging and event notification. Events are distributed according to importance level in the following sections:

In each section, the list shows the types of events and the default event storage period on the Administration Server (in days). After you click the event type, you can specify the settings of event logging and notifications about events selected in the list. By default, common notification settings specified for the entire Administration Server are used for all event types. However, you can change specific settings for the required event types.

For example, in the Warning section, you can configure the Security issue has occurred event type. Such events may happen, for instance, when the free disk space of a distribution point is less than 2 GB (at least 4 GB are required to install applications and download updates remotely). To configure the Security issue has occurred event, click it and specify where to store the occurred events and how to notify about them.

If the Network Agent detects a security issue, you can manage this issue by using the settings of a managed device.

Application settings

Settings

In the Settings section, you can configure the Network Agent policy:

Repositories

In the Repositories section, you can select the types of objects whose details will be sent from Network Agent to Administration Server. If modification of some settings in this section is prohibited by the Network Agent policy, you cannot modify these settings. The settings in the Repositories section are available only on devices running Windows:

Software updates and vulnerabilities

In the Software updates and vulnerabilities section, you can enable scanning of executable files for vulnerabilities:

Restart management

In the Restart management section, you can specify the action to be performed if the operating system of a managed device has to be restarted for correct use, installation, or uninstallation of an application. The settings in the Restart management section are available only on devices running Windows:

Manage patches and updates

In the Manage patches and updates section, you can configure the download and distribution of updates, as well as the installation of patches, on managed devices:

Connectivity

The Connectivity section includes three subsections:

In the Network subsection, you can configure the connection to Administration Server, enable the use of a UDP port, and specify the UDP port number.

In the Connection profiles subsection, you can specify the network location settings and enable out-of-office mode when Administration Server is not available. The settings in the Connection profiles section are available only on devices running Windows:

In the Connection schedule subsection, you can specify the time intervals during which Network Agent sends data to the Administration Server:

Network polling by distribution points

In the Network polling by distribution points section, you can configure automatic polling of the network. You can use the following options to enable the polling and set its frequency:

Network settings for distribution points

In the Network settings for distribution points section, you can specify the internet access settings:

KSN Proxy (distribution points)

In the KSN Proxy (distribution points) section, you can configure the application to use the distribution point to forward Kaspersky Security Network (KSN) requests from the managed devices:

Updates (distribution points)

In the Updates (distribution points) section, you can enable the downloading diff files feature, so distribution points take updates in the form of diff files from Kaspersky update servers.

Local account management (Linux only)

The Local account management (Linux only) section includes three subsections:

In the User certificates management subsection, you can specify which root certificates to install. These certificates can be used, for example, to verify the authenticity of websites or web servers.

In the Add or edit applicable local administrator groups subsection, you can manage local administrator groups. These groups are used, for example, when revoking local administrator rights. You can also check the list of privileged user accounts using the Report on privileged device users (Linux only).

In the Upload a reference file to protect the sudoers file on the user's device from changes subsection, you can configure control of the sudoers file. Privileged groups and device users are defined by the sudoers file on the device. The sudoers file is located at /etc/sudoers. You can upload a reference sudoers file to protect the sudoers file from changes. This will prevent unwanted changes to the sudoers file.

An invalid reference sudoers file may cause the user's device to malfunction.

Revision history

On the Revision history tab, you can:

See also:

Scenario: Regular updating Kaspersky databases and applications

Comparison of Network Agent settings by operating systems

Page top