Integration of the built-in agent with KATA Sandbox

Adding the Sandbox component is required for integration with KATA Sandbox. You can select the Sandbox component during installation or upgrade, as well as using the Change application components task.

To send files for scanning, you must enable the integration with KATA Sandbox and add a Central Node server that are deployed inside the solution. The component can be managed only using the Kaspersky Security Center Web Console. You cannot manage this component using the Administration Console (MMC).

To enable or disable the integration with KATA Sandbox:

  1. In the main window of the Web Console, select DevicesPolicies & profiles.
  2. Click the name of the Kaspersky Endpoint Security policy.

    The policy properties window opens.

  3. Select the Application settings tab.
  4. Go to Detection and ResponseSandbox.
  5. Use the Integration with Sandbox ENABLED toggle to enable or disable the component.
  6. In the Integration mode block, select the component operating mode: KATA Sandbox (manual file submission for scanning).
  7. Click the Server connection settings link.
  8. Configure the Sandbox server connection:
    • Timeout. Connection timeout for the Central Node server. After the configured timeout elapses, Kaspersky Endpoint Security sends a request to the next server. You can increase the connection timeout for the server if your connection speed is low or if the connection is unstable. The recommended request timeout is 0.5 seconds or less.
    • Request queue. Size of the request queue folder. When sending multiple objects for scanning in Sandbox, Kaspersky Endpoint Security creates a request queue. By default, the size of the request queue folder is limited to 100 MB. After the maximum size is reached, Sandbox stops adding new requests to the queue and sends the corresponding event to Kaspersky Security Center. You can configure the size of the request queue folder depending on your server configuration.
    • Server TLS certificate. To configure a trusted connection with the Central Node server, you must prepare a TLS certificate. You must then add the certificate to the computer using a policy. You also need to add the certificate to the Central Node server.
    • Use two-way authentication. Two-way authentication when establishing a secure connection between Kaspersky Endpoint Security and the Central Node server. To use two-way authentication, you need to enable two-way authentication in the Central Node server settings, then get a crypto-container and set a password to protect the crypto-container. A crypto-container is a PFX archive with a certificate and a private key. You can get a crypto-container in the Kaspersky Anti Targeted Attack Platform console (see instructions in the Kaspersky Anti Targeted Attack Platform Help). After configuring Sandbox server settings, you need to also enable two-way authentication in Kaspersky Endpoint Security settings and load a password-protected crypto-container.
  9. In the Servers block, click the Add button.
  10. This opens a window; in that window, enter the Sandbox server address (IPv4, IPv6, DNS) and port.

    For details about deploying virtual images and configuring Sandbox servers, refer to the Kaspersky Anti Targeted Attack Platform Help.

  11. Save your changes.

As a result, the Sandbox component is enabled. Check the operating status of the component by viewing the Report on status of application components. You can also view the operating status of a component in reports in the local interface of Kaspersky Endpoint Security. The Sandbox component will be added to the list of Kaspersky Endpoint Security components.

Page top