Scanning applications for vulnerabilities
Expand all | Collapse all
If you have configured the application through the quick start wizard, the Vulnerability scan task is created automatically. You can view the task in the Managed devices folder, on the Tasks tab.
To create a task for vulnerability scanning in applications installed on client devices:
- In the console tree, select Advanced → Application management, and then select the Software vulnerabilities subfolder.
- In the workspace, select Additional actions → Configure vulnerability scan.
If a task for vulnerability scanning already exists, the Tasks tab of the Managed devices folder is displayed, with the existing task selected. Otherwise, the Find vulnerabilities and required updates task creation wizard starts. Follow the steps of the wizard.
- In the Select the task type window, select Find vulnerabilities and required updates.
- On the Settings page of the wizard, specify the task settings as follows:
- Search for vulnerabilities and updates listed by Microsoft
When searching for vulnerabilities and updates, Kaspersky Security Center uses the information about applicable Microsoft updates from the source of Microsoft updates, which are available at the present moment.
For example, you may want to disable this option if you have different tasks with different settings for Microsoft updates and updates of third-party applications.
By default, this option is enabled.
- Connect to the update server to update data
Windows Update Agent on a managed device connects to the source of Microsoft updates. The following servers can act as a source of Microsoft updates:
- Kaspersky Security Center Administration Server (see the settings of Network Agent policy)
- Windows Server with Microsoft Windows Server Update Services (WSUS) deployed in your organization's network
- Microsoft Updates servers
If this option is enabled, Windows Update Agent on a managed device connects to the source of Microsoft updates to refresh the information about applicable Microsoft Windows updates.
If this option is disabled, Windows Update Agent on a managed device uses the information about applicable Microsoft Windows updates that was received from the source of Microsoft updates earlier.
Connecting to the source of Microsoft updates can be resource-consuming. You might want to disable this option if you set regular connection to this source of updates in another task or in the properties of Network Agent policy, in the section Software updates and vulnerabilities. If you do not want to disable this option, then, to reduce the Server overload, you can configure the task schedule to randomize delay for task starts within 360 minutes.
By default, this option is enabled.
Combination of the following options of the settings of Network Agent policy defines the mode of getting updates:
- Windows Update Agent on a managed device connects to the Update Server to get updates only if the Connect to the update server to update data option is enabled in the properties of the Find vulnerabilities and required updates task and the Windows Update search mode option is set to Active in the settings of Network Agent policy.
- If you do not need Network Agent to initiate a connection to the Microsoft Windows update source and download updates when performing the Vulnerability scan task, you can set the Windows Update search mode option to Passive, while the Connect to the update server to update data option must remain enabled. This allows for you to save resources and use previously received Windows updates to scan for vulnerabilities. You can use the passive mode if you configure receiving Microsoft Windows updates in a different way. If receiving Microsoft Windows updates is not configured in another way, do not set the Windows Update search mode option to Passive, because in this case, information about updates will never be received.
- Irrespective of the Connect to the update server to update data option's status (enabled or disabled), if the Windows Update search mode option is set to Disabled, Kaspersky Security Center does not request any information about updates.
- Search for third-party vulnerabilities and updates listed by Kaspersky
If this option is enabled, Kaspersky Security Center searches for vulnerabilities and required updates for third-party applications (applications made by software vendors other than Kaspersky and Microsoft) in Windows Registry and in the folders specified under Specify paths for advanced search of applications in file system. The full list of supported third-party applications is managed by Kaspersky.
If this option is disabled, Kaspersky Security Center does not search for vulnerabilities and required updates for third-party applications. For example, you may want to disable this option if you have different tasks with different settings for Microsoft Windows updates and updates of third-party applications.
By default, this option is enabled.
- Specify paths for advanced search of applications in file system
The folders in which Kaspersky Security Center searches for third-party applications that require vulnerability fix and update installation. You can use system variables.
Specify the folders to which applications are installed. By default, the list contains system folders to which most of the applications are installed.
- Enable advanced diagnostics
If this feature is enabled, Network Agent writes traces even if tracing is disabled for Network Agent in Kaspersky Security Center Remote Diagnostics Utility. Traces are written to two files in turn; the total size of both files is determined by the Maximum size, in MB, of advanced diagnostics files value. When both files are full, Network Agent starts writing to them again. The files with traces are stored in the %WINDIR%\Temp folder. These files are accessible in the remote diagnostics utility, you can download or delete them there.
If this feature is disabled, Network Agent writes traces according to the settings in Kaspersky Security Center Remote Diagnostics Utility. No additional traces are written.
When creating a task, you do not have to enable advanced diagnostics. You may want to use this feature later if, for example, a task run fails on some of the devices and you want to get additional information during another task run.
By default, this option is disabled.
- Maximum size, in MB, of advanced diagnostics files
The default value is 100 MB, and available values are between 1 MB and 2048 MB. You may be asked to change the default value by Kaspersky Technical Support specialists when information in the advanced diagnostics files sent by you is not enough to troubleshoot the problem.
- On the Configure task schedule page of the wizard, you can create a schedule for task start. If necessary, specify the following settings:
- Scheduled start:
Select the schedule according to which the task runs, and configure the selected schedule.
- Every N hours
The task runs regularly, with the specified interval in hours, starting from the specified date and time.
By default, the task runs every 6 hours, starting from the current system date and time.
- Every N days
The task runs regularly, with the specified interval in days. Additionally, you can specify a date and time of the first task run. These additional options become available, if they are supported by the application for which you create the task.
By default, the task runs every day, starting from the current system date and time.
- Every N weeks
The task runs regularly, with the specified interval in weeks, on the specified day of week and at the specified time.
By default, the task runs every Monday at the current system time.
- Every N minutes
The task runs regularly, with the specified interval in minutes, starting from the specified time on the day that the task is created.
By default, the task runs every 30 minutes, starting from the current system time.
- Daily (daylight saving time is not supported)
The task runs regularly, with the specified interval in days. This schedule does not support observance of daylight saving time (DST). It means that when clocks jump one hour forward or backward at the beginning or ending of DST, the actual task start time does not change.
We do not recommend that you use this schedule. It is needed for backward compatibility of Kaspersky Security Center.
By default, the task starts every day at the current system time.
- Weekly
The task runs every week on the specified day and at the specified time.
- By days of week
The task runs regularly, on the specified days of the week, at the specified time.
By default, the task runs every Friday at 6:00:00 PM.
- Monthly
The task runs regularly, on the specified day of the month, at the specified time.
In months that lack the specified day, the task runs on the last day.
By default, the task runs on the first day of each month, at the current system time.
- Manually
The task does not run automatically. You can only start it manually.
By default, this option is selected.
- Every month on specified days of selected weeks
The task runs regularly, on the specified days of each month, at the specified time.
By default, no days of month are selected. The default start time is 18:00.
- When new updates are downloaded to the repository
The task runs after updates are downloaded to the repository. For example, you may want to use this schedule for the find vulnerabilities and required updates task.
- On virus outbreak
The task runs after a Virus outbreak event occurs. Select application types that will monitor virus outbreaks. The following application types are available:
- Anti-virus for workstations and file servers
- Anti-virus for perimeter defense
- Anti-virus for mail systems
By default, all application types are selected.
You may want to run different tasks depending on the security application type that reports a virus outbreak. In this case, remove the selection of the application types that you do not need.
- On completing another task
The current task starts after another task completes. You can select how the previous task must complete (successfully or with error) to trigger the start of the current task. For example, you may want to run the Manage devices task with the Turn on the device option and, after it completes, run the Virus scan task. This parameter only works if both tasks are assigned to the same devices.
- Run missed tasks
This option determines the behavior of a task if a client device is not visible on the network when the task is about to start.
If this option is enabled, the system attempts to start the task the next time the Kaspersky application is run on the client device. If the task schedule is Manually, Once or Immediately, the task is started immediately after the device becomes visible on the network or immediately after the device is included in the task scope.
If this option is disabled, only scheduled tasks run on client devices. For Manually, Once and Immediately schedule, tasks run only on those client devices that are visible on the network. For example, you may want to disable this option for a resource-consuming task that you want to run only outside of business hours.
By default, this option is disabled.
- Use automatically randomized delay for task starts
If this option is enabled, the task is started on client devices randomly within a specified time interval, that is, distributed task start. A distributed task start helps to avoid a large number of simultaneous requests by client devices to the Administration Server when a scheduled task is running.
The distributed start time is calculated automatically when a task is created, depending on the number of client devices to which the task is assigned. Later, the task is always started on the calculated start time. However, when task settings are edited or the task is started manually, the calculated value of the task start time changes.
If this option is disabled, the task starts on client devices according to the schedule.
- Use randomized delay for task starts within an interval of (min)
If this option is enabled, the task is started on client devices randomly within the specified time interval. A distributed task start helps to avoid a large number of simultaneous requests by client devices to the Administration Server when a scheduled task is running.
If this option is disabled, the task starts on client devices according to the schedule.
By default, this option is disabled. The default time interval is one minute.
- On the Define the task name page of the wizard, specify the name for the task that you are creating. A task name cannot be more than 100 characters long and cannot include any special characters ("*<>?\:|).
- On the Finish task creation page of the wizard, click the Finish button to close the wizard.
If you want the task to start as soon as the wizard finishes, select the Run the task after the wizard finishes check box.
After the wizard completes its operation, the Find vulnerabilities and required updates task appears in the list of tasks in the Managed devices folder, on the Tasks tab.
In addition to the settings that you specify during task creation, you can change other properties of a created task.
When the Find vulnerabilities and required updates task is complete, Administration Server displays a list of vulnerabilities found in applications installed on the device; it also displays all software updates required to fix the vulnerabilities detected.
If you encounter the 0x80240033 "Windows Update Agent error 80240033 ("License terms could not be downloaded.")", you can resolve this issue through the Windows Registry.
Administration Server does not display the list of required software updates when you sequentially run two tasks—the Perform Windows Update synchronization task that has the Download express installation files option disabled, and then the Find vulnerabilities and required updates task. In order to view the list of required software updates, you must run the Find vulnerabilities and required updates task again.
Network Agent receives information about any available Windows updates and other Microsoft product updates from Windows Update or the Administration Server, if the Administration Server acts as the WSUS server. Information is transmitted when applications are started (if this is provided for by the policy) and at each routine run of the Find vulnerabilities and required updates task on client devices.
You can find the details of third-party software that can be updated through Kaspersky Security Center by visiting the Technical Support website, on the Kaspersky Security Center page, in the Server Management section.
Page top