- About Kaspersky Security for Windows Server
- What's new
- Sources of information about Kaspersky Security for Windows Server
- Kaspersky Security for Windows Server
- Kaspersky Endpoint Agent
- Installing and removing the application
- Kaspersky Security for Windows Server software component codes for the Windows Installer service
- System changes after Kaspersky Security for Windows Server installation
- Kaspersky Security for Windows Server processes
- Installation and uninstallation settings and command line options for the Windows Installer service
- Kaspersky Security for Windows Server install and uninstall logs
- Installation planning
- Installing and uninstalling the application using a wizard
- Installing using the Setup Wizard
- Kaspersky Security for Windows Server installation
- Kaspersky Security for Windows Server Console installation
- Kaspersky Security Microsoft Outlook Add-in installation
- Advanced settings after installation of the Application Console on another device
- Actions to perform after Kaspersky Security for Windows Server installation
- Modifying the set of components and repairing Kaspersky Security for Windows Server
- Uninstalling using the Setup Wizard
- Installing using the Setup Wizard
- Installing and uninstalling the application from the command line
- About installing and uninstalling Kaspersky Security for Windows Server from command line
- Example commands for installing Kaspersky Security for Windows Server
- Actions to perform after Kaspersky Security for Windows Server installation
- Adding / removing components. Sample commands
- Kaspersky Security for Windows Server uninstallation. Sample commands
- Return codes
- Installing and uninstalling the application using Kaspersky Security Center
- General information about installing via Kaspersky Security Center
- Rights to install or uninstall Kaspersky Security for Windows Server
- Installing Kaspersky Security for Windows Server via Kaspersky Security Center
- Actions to perform after Kaspersky Security for Windows Server installation
- Installing the Application Console via Kaspersky Security Center
- Uninstalling Kaspersky Security for Windows Server via Kaspersky Security Center
- Installing and uninstalling via Active Directory group policies
- Checking Kaspersky Security for Windows Server functions. Using the EICAR test virus
- Application interface
- Application licensing
- About the End User License Agreement
- About the license
- About license certificate
- About the key
- About the key file
- About activation code
- About subscription
- About data provision
- About activating the application through Cloud Console
- Activating the application with a key file
- Activating the application with an activation code
- Viewing information about the current license
- Functional limitations when the license expires
- Renewing the license
- Deleting the key
- Working with the Administration Plug-in
- Managing Kaspersky Security for Windows Server from Kaspersky Security Center
- Managing application settings
- Creating and configuring policies
- Creating and configuring tasks using Kaspersky Security Center
- About task creation in Kaspersky Security Center
- Creating a task using Kaspersky Security Center
- Configuring local tasks in the Application settings window of the Kaspersky Security Center
- Configuring group tasks in Kaspersky Security Center
- Configuring crash diagnostics settings in Kaspersky Security Center
- Managing task schedules
- Reports in Kaspersky Security Center
- Working with the Kaspersky Security for Windows Server Console
- About the Kaspersky Security for Windows Server Console
- Kaspersky Security for Windows Server Console interface
- Managing Kaspersky Security for Windows Server via the Application Console on another device
- Configuring general application settings via the Application Console
- Managing Kaspersky Security for Windows Server tasks
- Viewing the protection status and Kaspersky Security for Windows Server information
- Working with the Web Plug-in from Web Console and Cloud Console
- Managing Kaspersky Security for Windows Server from Web Console and Cloud Console
- Web Plug-in limitations
- Managing application settings
- Creating and configuring policies
- Creating and configuring tasks using Kaspersky Security Center
- Reports in Kaspersky Security Center
- Compact Diagnostic Interface
- Updating Kaspersky Security for Windows Server databases and software modules
- About Update tasks
- About Software Modules Update
- About Databases Update
- Schemes for updating anti-virus application databases and modules used within an organization
- Configuring Update tasks
- Rolling back Kaspersky Security for Windows Server database updates
- Rolling back application module updates
- Update task statistics
- Isolating objects and copying backups
- Isolating probably infected objects. Quarantine
- Making backup copies of objects. Backup
- Blocking access to network resources. Blocked Hosts
- Event registration. Kaspersky Security for Windows Server logs
- Notification settings
- Starting and stopping Kaspersky Security for Windows Server
- Kaspersky Security for Windows Server self-defense
- About Kaspersky Security for Windows Server self-defense
- Protection from changes to folders with installed Kaspersky Security for Windows Server components
- Protection from changes to Kaspersky Security for Windows Server registry keys
- Registering the Kaspersky Security Service as a protected service
- Managing access permissions for Kaspersky Security for Windows Server functions
- About permissions to manage Kaspersky Security for Windows Server
- About permissions to manage registered services
- About access permissions for the Kaspersky Security Management Service
- About permissions to manage the Kaspersky Security Service
- Managing access permissions via the Administration Plug-in
- Managing access permissions via the Application Console
- Managing access permissions via the Web Plug-in
- Real-Time File Protection
- About the Real-Time File Protection task
- About the task protection scope and security settings
- About virtual protection scopes
- Predefined protection scopes
- About predefined security levels
- File extensions scanned by default in the Real-Time File Protection task
- Default Real-Time File Protection task settings
- Managing the Real-Time File Protection task via the Administration Plug-in
- Managing Real-Time File Protection task via the Application Console
- Managing Real-Time File Protection task via the Web Plug-in
- Script Monitoring
- KSN Usage
- Network Threat Protection
- About the Network Threat Protection task
- Default Network Threat Protection task settings
- Configuring the Network Threat Protection task via the Application Console
- Configuring the Network Threat Protection task via the Administration Plug-in
- Configuring the Network Threat Protection task via the Web Plug-in
- Traffic Security
- About the Traffic Security task
- About Traffic Security rules
- Mail threat protection
- List of categories
- Predefined protection level settings
- Default Traffic Security task settings
- Managing Traffic Security via the Administration Plug-in
- Managing Traffic Security via the Application Console
- Managing Traffic Security via the Web Plug-in
- Anti-Cryptor
- Applications Launch Control
- About the Applications Launch Control task
- About Applications Launch Control rules
- About Software Distribution Control
- About KSN usage for the Applications Launch Control task
- About Applications Launch Control rules generation
- Default Applications Launch Control task settings
- Managing Applications Launch Control via the Administration Plug-in
- Navigation
- Configuring Applications Launch Control task settings
- Configuring Software Distribution Control
- Configuring the Rule Generator for Applications Launch Control task
- Configuring Applications Launch Control rules via the Kaspersky Security Center
- Adding an Applications Launch Control rule
- Enabling the Default Allow mode
- Creating allowing rules from Kaspersky Security Center events
- Importing rules from a Kaspersky Security Center report on blocked applications
- Importing Applications Launch Control rules from an XML file
- Checking application launches
- Creating a Rule Generator for Applications Launch Control task
- Managing Applications Launch Control via the Application Console
- Managing Applications Launch Control via the Web Plug-in
- Device Control
- About Device Control task
- About Device Control rules
- About Device Control rules generation
- About Rule Generator for Device Control task
- Device Control default task settings
- Managing Device Control via the Administration Plug-in
- Navigation
- Configuring Device Control task
- Configuring the Rule Generator for Device Control task
- Configuring Device Control rules via the Kaspersky Security Center
- Creating allowing rules based on system data in a Kaspersky Security Center policy
- Generating rules for connected devices
- Importing rules from the Kaspersky Security Center report on blocked devices
- Creating rules using the Rule Generator for Device Control task
- Adding generated rules to the Device Control rules list
- Managing Device Control via the Application Console
- Navigation
- Configuring Device Control task settings
- Configuring Device Control rules
- Importing Device Control rules from XML file
- Filling rules list basing on Device Control task events
- Adding an allowing rule for one or several external devices
- Removing Device Control rules
- Exporting Device Control rules
- Activating and deactivating of Device Control rules
- Expanding Device Control rules usage scope
- Configuring Rule Generator for Device Control task
- Managing Device Control via the Application Console Web Plug-in
- Firewall Management
- File Integrity Monitor
- Log Inspection
- On-Demand Scan
- About On-Demand Scan tasks
- About the task scan scope and security settings
- Predefined scan scopes
- Online storage file scanning
- About predefined security levels
- About the Removable Drives Scan
- About the Baseline File Integrity Monitor task
- Enabling start of On-Demand Scan task from context menu
- Default On-Demand Scan tasks settings
- Managing On-Demand Scan tasks via the Administration Plug-in
- Managing On-Demand Scan tasks via the Application Console
- Managing On-Demand Scan tasks via the Web Plug-in
- Trusted Zone
- Exploit Prevention
- Hierarchical storage management
- Network Attached Storage Protection
- Integrating Kaspersky Security for Windows Server with network attached storages
- Working with the Kaspersky Security for Windows Server Console
- About the Kaspersky Security for Windows Server Console
- Starting the Kaspersky Security for Windows Server Console from the Start menu
- Kaspersky Security for Windows Server Console window
- Viewing status information for Network Attached Storage Protection
- Managing Network Attached Storage Protection tasks
- Protecting EMC network attached storages of the Celerra / VNX group
- RPC Network Storage Protection
- About the RPC Network Storage Protection
- About scanning symbolic links
- About scanning snapshots and other read-only volumes and folders
- Configuring a connection between an RPC network storage and Kaspersky Security for Windows Server
- Configuring the RPC Network Storage Protection task
- Security levels in the RPC Network Storage Protection task
- About security levels in the RPC Network Storage Protection task
- Applying a preset security level in the RPC Network Storage Protection task
- Manually configuring the security level settings in the RPC Network Storage Protection task
- Using security level settings templates in the RPC Network Storage Protection task
- Viewing statistics of the RPC Network Storage Protection task
- ICAP Network Storage Protection
- About the ICAP Network Storage Protection
- Configuring a connection between an ICAP network storage and Kaspersky Security for Windows Server
- Configuring the ICAP Network Storage Protection task
- Security levels in the ICAP Network Storage Protection task
- Viewing statistics of the ICAP Network Storage Protection task
- Anti-Cryptor for NetApp
- Managing Network Attached Storage Protection tasks from Kaspersky Security Center
- Configuring Network Attached Storage Protection settings using policies
- Configuring Network Attached Storage Protection settings for one server in Kaspersky Security Center
- Manually configuring the security level settings in the RPC Network Storage Protection task
- Manually configuring the security level settings in the ICAP Network Storage Protection task
- Integrating with third-party systems
- Performance counters for System Monitor
- About Kaspersky Security for Windows Server performance counters
- Total number of requests denied
- Total number of requests skipped
- Number of requests not processed because of lack of system resources
- Number of requests sent to be processed
- Average number of file interception dispatcher streams
- Maximum number of file interception dispatcher streams
- Number of elements in the infected objects queue
- Number of objects processed per second
- Kaspersky Security for Windows Server SNMP counters and traps
- Integrating with WMI
- Performance counters for System Monitor
- Working with Kaspersky Security for Windows Server from the command line
- Commands
- Displaying Kaspersky Security for Windows Server command help: KAVSHELL HELP
- Starting and stopping the Kaspersky Security Service KAVSHELL START: KAVSHELL STOP
- Scanning a selected area: KAVSHELL SCAN
- Starting the Critical Areas Scan task: KAVSHELL SCANCRITICAL
- Managing tasks asynchronously: KAVSHELL TASK
- Removing the PPL attribute: KAVSHELL CONFIG
- Starting and stopping Real-Time Server Protection tasks: KAVSHELL RTP
- Managing the Applications Launch Control task: KAVSHELL APPCONTROL /CONFIG
- Rule Generator for Applications Launch Control: KAVSHELL APPCONTROL /GENERATE
- Filling the list of Applications Launch Control rules: KAVSHELL APPCONTROL
- Filling the list of Device Control rules: KAVSHELL DEVCONTROL
- Starting the Database Update task: KAVSHELL UPDATE
- Rolling back Kaspersky Security for Windows Server database updates: KAVSHELL ROLLBACK
- Managing log inspection: KAVSHELL TASK LOG-INSPECTOR
- Activating the application: KAVSHELL LICENSE
- Enabling, configuring and disabling trace logs: KAVSHELL TRACE
- Defragmenting Kaspersky Security for Windows Server log files: KAVSHELL VACUUM
- Cleaning iSwift base: KAVSHELL FBRESET
- Enabling and disabling dump file creation: KAVSHELL DUMP
- Importing settings: KAVSHELL IMPORT
- Exporting settings: KAVSHELL EXPORT
- Integration with Microsoft Operations Management Suite: KAVSHELL OMSINFO
- Managing the Baseline File Integrity Monitor task: KAVSHELL FIM /BASELINE
- Command return codes
- Return code for the KAVSHELL START and KAVSHELL STOP commands
- Return code for KAVSHELL SCAN and KAVSHELL SCANCRITICAL commands
- Return codes for the KAVSHELL TASK LOG-INSPECTOR command
- Return codes for the KAVSHELL TASK command
- Return codes for the KAVSHELL RTP command
- Return codes for the KAVSHELL UPDATE command
- Return codes for the KAVSHELL ROLLBACK command
- Return codes for the KAVSHELL LICENSE command
- Return codes for the KAVSHELL TRACE command
- Return codes for the KAVSHELL FBRESET command
- Return codes for the KAVSHELL DUMP command
- Return codes for the KAVSHELL IMPORT command
- Return codes for the KAVSHELL EXPORT command
- Return codes for the KAVSHELL FIM /BASELINE command
- Commands
- Contacting Technical Support
- Glossary
- Active key
- Administration Server
- Anti-virus databases
- Archive
- Backup
- Disinfection
- Event severity
- False positive
- File mask
- Heuristic analyzer
- Infectable file
- Infected object
- Kaspersky Security Network (KSN)
- License term
- Local task
- OLE object
- Policy
- Protection status
- Quarantine
- Real-time protection
- Security level
- SIEM
- Startup objects
- Task
- Task settings
- Update
- Vulnerability
- Information about third-party code
- Trademark notices
Configuring general application settings via the Application Console
General settings and malfunction diagnostics settings of Kaspersky Security for Windows Server establish the general operating conditions for the application. These settings allow you to control the number of working processes used by Kaspersky Security for Windows Server, enable recovery of Kaspersky Security for Windows Server tasks after an abnormal termination, maintain the log, enable creation of dump files of Kaspersky Security for Windows Server processes after abnormal termination, and configure other general settings.
Application settings cannot be configured in the Application Console if the active Kaspersky Security Center policy blocks changes to these settings.
To configure Kaspersky Security for Windows Server settings:
- In the Application Console tree, select the Kaspersky Security node and do one of the following:
- Click the Application properties link in the details pane of the node.
- Select Properties in the node's context menu.
The Application settings window opens.
- In the window that opens, configure Kaspersky Security for Windows Server general settings according to your preferences:
- The following settings can be configured on the Scalability and interface tab:
- In the Scalability settings section:
- Maximum number of working processes that Kaspersky Security for Windows Server can run
Maximum number of active processes
Setting
Maximum number of active processes
Description
This setting belongs to the Scalability settings group in Kaspersky Security for Windows Server. It sets the maximum number of active processes that the application can run simultaneously.
Increasing the number of processes running in parallel increases file scanning speed and improves the fail-safety of Kaspersky Security for Windows Server. However, if the value of this setting is too high, it may reduce general protected device performance and increase RAM usage.
In the Administration Console of Kaspersky Security Center, you can change the Maximum number of active processes setting only for Kaspersky Security for Windows Server installed on a stand-alone protected device (using the Application settings dialog box); however, you cannot modify this setting in the policy settings for a group of protected devices.
Possible values
1 – 8
Default value
The application handles scalability automatically depending on the number of processors on the protected device:
Number of processors
Maximum number of active processes
1
1
1< number of processors < 4
2
4 or more
4
- Number of processes for Real-Time Server Protection
Number of processes for Real-Time Protection
Setting
Number of processes for real-time protection
Description
This setting belongs to the Scalability settings group in Kaspersky Security for Windows Server.
Using this setting you can specify a fixed number of processes in which Kaspersky Security for Windows Server will execute Real-Time Server Protection tasks.
A higher value will increase the scan speed in Real-Time Server Protection tasks. However, the more processes Kaspersky Security for Windows Server uses, the greater its impact on the general performance of the protected device and RAM usage.
In the Administration Console of the Kaspersky Security Center, you can change the Number of processes for real-time protection setting only for Kaspersky Security for Windows Server installed on a stand-alone protected device (using the Application settings window); however, you cannot modify this setting in the policy settings for a group of protected devices.
Possible values
Possible values: 1-N where N is the value specified using the Maximum number of active processes setting.
If you set the value of the Number of processes for real-time protection setting as equal to the maximum number of active processes, you will reduce the impact of Kaspersky Security for Windows Server on the data exchange rate between the devices and the protected device, thus further improving its performance during Real-Time Server Protection. However, update tasks and On-Demand Scan tasks with Medium (Normal) priority will be executed in Kaspersky Security for Windows Server processes that are already running. On-Demand Scan tasks will be executed more slowly. If the execution of a task causes an abnormal termination of a process, it will take more time to restart it.
On-Demand Scan tasks with Low priority are always executed in a separate process or processes.
Default value
Kaspersky Security for Windows Server handles scalability automatically depending on the number of processors on the protected device:
Number of processors
Number of processes for real-time protection
=1
1
>1
2
- Number of working processes for background On-Demand Scan tasks
Number of processes for background On-Demand Scan tasks
Setting
Number of processes for background on-demand scan tasks
Description
This setting belongs to the Scalability settings group in Kaspersky Security for Windows Server.
You can use this setting to specify the maximum number of processes which the application will use to run On-Demand Scan tasks in the background mode.
The number of processes specified by this setting is not included in the total number of Kaspersky Security for Windows Server processes specified by the Maximum number of active processes setting.
For example, if you specify the following values:
- Maximum number of active processes – 3;
- Number of processes for Real-Time Server Protection tasks – 3;
- Number of processes for background On-Demand Scan tasks – 1;
and then start Real-Time Server Protection tasks and one On-Demand Scan task in background mode, the total number of kavfswp.exe processes of Kaspersky Security for Windows Server will be 4.
Several On-Demand Scan tasks can be running in one process with low priority.
You can increase the number of processes, for example, if you run several tasks in background mode in order to allocate a separate process for each task. Allocating separate processes for tasks increases the reliability and speed of task execution.
Possible values
1-4
Default Value
1
- In the Scalability settings section:
- In the Interaction with user section select if the System Tray Icon will be displayed in the taskbar after each application start.
- The following settings can be configured on the Security and reliability tab:
- In the Reliability settings section, specify the number of attempts to recover an On-Demand Scan taskif it crashes.
Task recovery
Setting
Perform task recovery
Description
This setting belongs to the Reliability settings group in Kaspersky Security for Windows Server. It enables recovery of tasks if they terminate abnormally and defines the number of attempts to recover On-Demand Scan tasks.
When a task crashes, the kavfs.exe process of Kaspersky Security for Windows Server attempts to restart the process in which that task was running at the time of the crash.
If task recovery is disabled, the application does not restore the Real-Time Server Protection and On-Demand Scan tasks.
If task recovery is enabled, the application attempts to restore the Real-Time Server Protection tasks until they are started successfully and tries to restore On-Demand Scan tasks using the number of attempts specified in the setting.
Possible values
Enabled / disabled.
The number of attempts to recover On-Demand Scan tasks: 1–10.
Default value
Task recovery is enabled. The number of attempts to recover On-Demand Scan tasks: 2.
- In the Reliability settings section, specify the
- In the Actions when switching to UPS backup power section, specify actions that Kaspersky Security for Windows Server performs after switching to UPS power:
Use of an uninterruptible power supply
Setting
Actions when switching to UPS backup power
Description
This setting determines the actions that Kaspersky Security for Windows Server performs when the protected device switches to an uninterruptible power supply.
Possible values
Run or do not run On-Demand Scan tasks to be started according to a schedule.
Perform or stop all active On-Demand Scan tasks.
Default value
By default, if an uninterruptible power supply is used to power the protected device, Kaspersky Security for Windows Server:
- Does not run On-Demand Scan tasks that run according to a schedule.
- Automatically stops all active On-Demand Scan tasks.
- In the Password protection settings section, configure the settings for password-protection of the application's functions.
- On the Connection settings tab:
- In the Proxy server settings section, specify the proxy server settings.
- In the Proxy server authentication settings section, specify the authentication type and details required for authentication on the proxy server.
- In the Licensing section, indicate whether Kaspersky Security Center will be used as a proxy-server for application activation.
- On the Malfunction diagnosis tab:
- If you want the application to write debug information to a file, select the Write debug information to trace file check box.
- In the field below specify the folder in which Kaspersky Security for Windows Server will save trace files.
- Configure the level of detail of debug information.
This drop-down list lets you select the level of detail of debug information that Kaspersky Security for Windows Server saves to the trace file.
You can select one of the following detail levels:
- Critical events – Kaspersky Security for Windows Server saves information only about critical events to the trace file.
- Errors – Kaspersky Security for Windows Server saves information about critical events and errors to the trace file.
- Important events – Kaspersky Security for Windows Server saves information about critical events, errors, and important events to the trace file.
- Informational events – Kaspersky Security for Windows Server saves information about critical events, errors, important events, and informational events to the trace file.
- All debug information – Kaspersky Security for Windows Server saves all debug information to the trace file.
A Technical Support representative determines the detail level required to resolve any issues that arise.
The default level of detail is set to All debug information.
The drop-down list is available if the Write debug information to trace file check box is selected.
- Specify the maximum size of trace files.
- Specify the maximum number of files for one trace log. Kaspersky Security for Windows Server will create up to the maximum number of trace files for each component to be debugged.
- Specify the components to be debugged.
A list of codes indicating Kaspersky Security for Windows Server components for which the application saves debug information in the trace file. Component codes must be separated by a semicolon. The codes are case sensitive (see the table below).
Kaspersky Security for Windows Server subsystem codes
Component Code
Name of component
*
All components.
gui
User interface subsystem, Kaspersky Security for Windows Server snap-in in Microsoft Management Console.
ak_conn
Subsystem for integrating Network Agent and Kaspersky Security Center.
bl
Control process, implements Kaspersky Security for Windows Server control tasks.
wp
Work process, handles anti-virus protection tasks.
blgate
Kaspersky Security for Windows Server remote management process.
ods
On-Demand Scan subsystem.
oas
Real-Time File Protection subsystem.
qb
Quarantine and Backup subsystem.
scandll
Auxiliary module for virus scans.
core
Subsystem for basic anti-virus functionality.
avscan
Anti-virus processing subsystem.
avserv
Subsystem for controlling the anti-virus kernel.
prague
Subsystem for basic functionality.
updater
Subsystem for updating databases and software modules.
snmp
SNMP protocol support subsystem.
perfcount
Performance counter subsystem.
The trace settings of the Kaspersky Security for Windows Server snap-in (gui) and the Kaspersky Security for Windows Server Administration Plug-in for Kaspersky Security Center (ak_conn) are applied after these components are restarted. The trace settings of the SNMP protocol support subsystem (snmp) are applied after the SNMP service is restarted. The trace settings of the performance counters subsystem (perfcount) are applied after all processes that use performance counters are restarted. Trace settings for other Kaspersky Security for Windows Server subsystems are applied as soon as the crash diagnostics settings are saved.
By default, Kaspersky Security for Windows Server logs debug information for all Kaspersky Security for Windows Server components.
The entry field is available if the Write debug information to trace file check box is selected.
- If you want the application to create a dump file, select the Create crash dump file check box.
- In the field below, specify the folder in which Kaspersky Security for Windows Server will save the memory dump file.
Kaspersky Security for Windows Server does not send any trace or dump files automatically. Diagnostics data can only be sent by a user with the corresponding permissions.
Kaspersky Security for Windows Server writes information to trace files and the dump files in unencrypted form. The folder where files are saved is selected by the user and is managed by the operating system configuration and Kaspersky Security for Windows Server settings. You can configure access permissions and allow only required users to access logs, trace files, and dump files.
- If you want the application to write debug information to a file, select the Write debug information to trace file check box.
- The following settings can be configured on the Scalability and interface tab:
- Click OK.
Kaspersky Security for Windows Server settings are saved.