Removing duplicate virtual machines from the list of managed devices in Kaspersky Security Center

Deleting duplicate virtual machines from the list of managed devices in Kaspersky Security Center

In some VDI infrastructures, after a user session ends, the non-persistent virtual machine is powered off without shutting down the guest operating system or stopping applications. As a result, the Light Agent running on the virtual machine does not transmit information about the shutdown of that virtual machine to Kaspersky Security Center, and the virtual machine is not removed from the list of managed devices in Kaspersky Security Center. At the next startup, the non-persistent virtual machine is registered in Kaspersky Security Center, causing a duplicate to appear in the list of managed devices, representing the previous session for the virtual machine template. As a result, the list of managed devices contains duplicates of temporary virtual machines corresponding to each user session in the VDI infrastructure.

This problem exists, for example, for VDI infrastructures based on Termidesk and Basis.WorkPlace.

To solve this problem, you can configure automatic removal of duplicates of a virtual machine from the list of managed devices in Kaspersky Security Center after the virtual machine is powered off. If the duplicate of a temporary virtual machine could not be removed automatically, you can remove it manually.

Automatic removal of duplicate virtual machines

To have duplicates of virtual machines automatically removed from the list of managed devices in Kaspersky Security Center:

Configure the connection of the Integration Server to the Kaspersky Security Center Administration Server.
In the appsettings.json configuration file of the Integration Server, in the VdiMode section, set Enabled=true.
Depending on the version of the Integration Server, the file is located at one of the following paths:
- /var/opt/kaspersky/viis/common/appsettings.json – file for the Linux-based Integration Server
- %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA\appsettings.json – file for the Windows-based Integration Server

In Nutanix Acropolis and Microsoft Hyper-V virtual infrastructures, automatic deletion of duplicate virtual machines is performed correctly if for the connection of the Integration Server, you have specified the address of an object located at the top level of the virtual infrastructure hierarchy: Nutanix Prism Central for a Nutanix Acropolis infrastructure, or the hypervisor cluster or Microsoft SCVMM for a Microsoft Hyper-V infrastructure. If the Integration Server connects to an object at a lower level of the hierarchy, virtual machines may be deleted that are not duplicates.

Removing duplicate virtual machines manually

To manually remove a temporary virtual machine from the list of managed devices in Kaspersky Security Center, you can use one of the following methods.

Before powering off the non-persistent virtual machine, stop the Kaspersky Security Center Network Agent (the 'klnagent' service). To do this, run the following command:
- On a virtual machine with a 64-bit Linux operating system:
  systemctl stop klnagent64
- On a virtual machine with a 32-bit Linux operating system:
  systemctl stop klnagent
- On a virtual machine with a 32-bit Windows operating system:
  net stop klnagent
While shutting down, the Network Agent notifies Kaspersky Security Center about the non-persistent virtual machine shutting down, and the virtual machine is removed from the list of managed devices in Kaspersky Security Center.
After starting the virtual machine and the Network Agent (the 'klnagent' service):
1. Take note of the device ID assigned to the virtual machine. The device ID is in the Protection_HostId parameter in the protection information of the client device:
  - On a Linux virtual machine, it is in the text files in the "/var/opt/kaspersky/klnagent/1103/1.0.0.0/Statistics/AVState/" directory.
  - On a 32-bit Windows virtual machine, it is in the HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\Components\34\1103\1.0.0.0\Statistics\AVState registry key.
  - On a 64-bit Windows virtual machine, it is in the HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\Components\34\1103\1.0.0.0\Statistics\AVState registry key.
2. When the user is done working with the non-persistent virtual machine, delete the device by ID using the Kaspersky Security Center Open API: HostGroup::RemoveHost (wstring strHostName).

Page top