Kaspersky Security Center 14 Windows
- Kaspersky Security Center 14 Help
- What's new
- Kaspersky Security Center 14
- Basic concepts
- Administration Server
- Hierarchy of Administration Servers
- Virtual Administration Server
- Mobile Device Server
- Web Server
- Network Agent
- Administration groups
- Managed device
- Unassigned device
- Administrator's workstation
- Management plug-in
- Management web plug-in
- Policies
- Policy profiles
- Tasks
- Task scope
- How local application settings relate to policies
- Distribution point
- Connection gateway
- About Kaspersky Security Center
- Hardware and software requirements
- Compatible Kaspersky applications and solutions
- Licenses and features of Kaspersky Security Center 14
- About compatibility of Administration Server and Kaspersky Security Center Web Console
- Comparison of Kaspersky Security Center: Windows-based vs. Linux-based
- About Kaspersky Security Center Cloud Console
- Architecture
- Main installation scenario
- Ports used by Kaspersky Security Center
- Certificates for work with Kaspersky Security Center
- About Kaspersky Security Center certificates
- About Administration Server certificate
- Requirements for custom certificates used in Kaspersky Security Center
- Scenario: Specifying the custom Administration Server certificate
- Replacing the Administration Server certificate by using the klsetsrvcert utility
- Connecting Network Agents to Administration Server by using the klmover utility
- Reissuing the Web Server certificate
- Schemas for data traffic and port usage
- Administration Server and managed devices on LAN
- Primary Administration Server on LAN and two secondary Administration Servers
- Administration Server on LAN, managed devices on internet, reverse proxy in use
- Administration Server on LAN, managed devices on internet, connection gateway in use
- Administration Server in DMZ, managed devices on internet
- Interaction of Kaspersky Security Center components and security applications: more information
- Conventions used in interaction schemas
- Administration Server and DBMS
- Administration Server and Administration Console
- Administration Server and client device: Managing the security application
- Upgrading software on a client device through a distribution point
- Hierarchy of Administration Servers: primary Administration Server and secondary Administration Server
- Hierarchy of Administration Servers with a secondary Administration Server in DMZ
- Administration Server, a connection gateway in a network segment, and a client device
- Administration Server and two devices in DMZ: a connection gateway and a client device
- Administration Server and Kaspersky Security Center Web Console
- Activating and managing the security application on a mobile device
- Deployment best practices
- Preparation for deployment
- Planning Kaspersky Security Center deployment
- Typical schemes of protection system deployment
- About planning Kaspersky Security Center deployment in an organization's network
- Selecting a structure for protection of an enterprise
- Standard configurations of Kaspersky Security Center
- How to select a DBMS for Administration Server
- Selecting a DBMS
- Managing mobile devices with Kaspersky Endpoint Security for Android
- Providing internet access to Administration Server
- About distribution points
- Increasing the limit of file descriptors for the klnagent service
- Calculating the number and configuration of distribution points
- Hierarchy of Administration Servers
- Virtual Administration Servers
- Information about limitations of Kaspersky Security Center
- Network load
- Preparing to mobile device management
- Information about Administration Server performance
- Network settings for interaction with external services
- Planning Kaspersky Security Center deployment
- Deploying Network Agent and the security application
- Initial deployment
- Configuring installers
- Installation packages
- MSI properties and transform files
- Deployment with third-party tools for remote installation of applications
- About remote installation tasks in Kaspersky Security Center
- Deployment by capturing and copying the hard drive image of a device
- Incorrect copying of a hard drive image
- Deployment using group policies of Microsoft Windows
- Forced deployment through the remote installation task of Kaspersky Security Center
- Running stand-alone packages created by Kaspersky Security Center
- Options for manual installation of applications
- Creating an MST file
- Remote installation of applications on devices with Network Agent installed
- Managing device restarts in the remote installation task
- Suitability of databases updating in an installation package of a security application
- Using tools for remote installation of applications in Kaspersky Security Center for running relevant executable files on managed devices
- Monitoring the deployment
- Configuring installers
- Virtual infrastructure
- Support of file system rollback for devices with Network Agent
- Local installation of applications
- Local installation of Network Agent
- Installing Network Agent in silent mode
- Installing Network Agent for Linux in silent mode (with an answer file)
- Installing Network Agent on Astra Linux in the closed software environment mode
- Installing Network Agent for Linux in interactive mode
- Local installation of the application management plug-in
- Installing applications in silent mode
- Installing applications by using stand-alone packages
- Network Agent installation package settings
- Viewing the Privacy Policy
- Initial deployment
- Deploying mobile device management systems
- Deploying a system for management via Exchange ActiveSync protocol
- Deploying a system for management using iOS MDM protocol
- Installing iOS MDM Server
- Installing iOS MDM Server in silent mode
- iOS MDM Server deployment scenarios
- Simplified deployment scheme
- Deployment scheme involving Kerberos constrained delegation (KCD)
- Receiving an APNs certificate
- Renewing an APNs certificate
- Configuring a reserve iOS MDM Server certificate
- Installing an APNs certificate on an iOS MDM Server
- Configuring access to Apple Push Notification service
- Issuing and installing a shared certificate on a mobile device
- Adding a KES device to the list of managed devices
- Connecting KES devices to the Administration Server
- Integration with Public Key Infrastructure
- Kaspersky Security Center Web Server
- Preparation for deployment
- Installation of Kaspersky Security Center
- Preparing for installation
- Accounts for working with the DBMS
- Scenario: Authenticating Microsoft SQL Server
- Recommendations on Administration Server installation
- Creating accounts for the Administration Server services on a failover cluster
- Defining a shared folder
- Remote installation with Administration Server tools through Active Directory group policies
- Remote installation through delivery of the UNC path to a stand-alone package
- Updating from the Administration Server shared folder
- Installing images of operating systems
- Specifying the address of the Administration Server
- Standard installation
- Step 1. Reviewing the License Agreement and Privacy Policy
- Step 2. Selecting an installation method
- Step 3. Installing Kaspersky Security Center Web Console
- Step 4. Selecting network size
- Step 5. Selecting a database
- Step 6. Configuring the SQL Server
- Step 7. Selecting an authentication mode
- Step 8. Unpacking and installing files on the hard drive
- Custom installation
- Step 1. Reviewing the License Agreement and Privacy Policy
- Step 2. Selecting an installation method
- Step 3. Selecting the components to be installed
- Step 4. Installing Kaspersky Security Center Web Console
- Step 5. Selecting network size
- Step 6. Selecting a database
- Step 7. Configuring the SQL Server
- Step 8. Selecting an authentication mode
- Step 9. Selecting the account to start Administration Server
- Step 10. Selecting the account for running the Kaspersky Security Center services
- Step 11. Selecting a shared folder
- Step 12. Configuring the connection to Administration Server
- Step 13. Defining the Administration Server address
- Step 14. Administration Server address for connection of mobile devices
- Step 15. Selecting application management plug-ins
- Step 16. Unpacking and installing files on the hard drive
- Deployment of the Kaspersky Security Center failover cluster
- Scenario: Deployment of a Kaspersky Security Center failover cluster
- About the Kaspersky Security Center failover cluster
- Preparing a file server for a Kaspersky Security Center failover cluster
- Preparing nodes for a Kaspersky Security Center failover cluster
- Installing Kaspersky Security Center on the Kaspersky Security Center failover cluster nodes
- Starting and stopping cluster nodes manually
- Installing Administration Server on a Windows Server failover cluster
- Step 1. Reviewing the License Agreement and Privacy Policy
- Step 2. Selecting the type of installation on a cluster
- Step 3. Specifying the name of the virtual Administration Server
- Step 4. Specifying the network details of the virtual Administration Server
- Step 5. Specifying a cluster group
- Step 6. Selecting a cluster data storage
- Step 7. Specifying an account for remote installation
- Step 8. Selecting the components to be installed
- Step 9. Selecting network size
- Step 10. Selecting a database
- Step 11. Configuring the SQL Server
- Step 12. Selecting an authentication mode
- Step 13. Selecting the account to start Administration Server
- Step 14. Selecting the account for running the Kaspersky Security Center services
- Step 15. Selecting a shared folder
- Step 16. Configuring the connection to Administration Server
- Step 17. Defining the Administration Server address
- Step 18. Administration Server address for connection of mobile devices
- Step 19. Unpacking and installing files on the hard drive
- Installing Administration Server in silent mode
- Installing Administration Console on the administrator's workstation
- Changes in the system after Kaspersky Security Center installation
- Removing the application
- About upgrading Kaspersky Security Center
- Initial setup of Kaspersky Security Center
- Administration Server Quick Start Wizard
- About Quick Start Wizard
- Starting Administration Server Quick Start Wizard
- Step 1. Configuring a proxy server
- Step 2. Selecting the application activation method
- Step 3. Selecting the protection scopes and platforms
- Step 4. Selecting plug-ins for managed applications
- Step 5. Downloading distribution packages and creating installation packages
- Step 6. Configuring Kaspersky Security Network usage
- Step 7. Configuring email notifications
- Step 8. Configuring update management
- Step 9. Creating an initial protection configuration
- Step 10. Connecting mobile devices
- Step 11. Downloading updates
- Step 12. Device discovery
- Step 13. Closing the Quick Start Wizard
- Configuring the connection of Administration Console to Administration Server
- Connecting out-of-office devices
- Scenario: Connecting out-of-office devices through a connection gateway
- Scenario: Connecting out-of-office devices through a secondary Administration Server in DMZ
- About connecting out-of-office devices
- Connecting external desktop computers to Administration Server
- About connection profiles for out-of-office users
- Creating a connection profile for out-of-office users
- About switching Network Agent to other Administration Servers
- Creating a Network Agent switching rule by network location
- Encrypt communication with TLS
- Notifications of events
- Configuring the interface
- Administration Server Quick Start Wizard
- Discovering networked devices
- Scenario: Discovering networked devices
- Unassigned devices
- Device discovery
- Working with Windows domains. Viewing and changing the domain settings
- Configuring retention rules for unassigned devices
- Working with IP ranges
- Working with the Active Directory groups. Viewing and modifying group settings
- Creating rules for moving devices to administration groups automatically
- Using VDI dynamic mode on client devices
- Equipment inventory
- Licensing
- Kaspersky applications. Centralized deployment
- Replacing third-party security applications
- Installing applications using a remote installation task
- Installing applications using Remote Installation Wizard
- Working with the management plug-ins
- Viewing a protection deployment report
- Remote removal of applications
- Working with installation packages
- Creating an installation package
- Creating stand-alone installation packages
- Creating custom installation packages
- Viewing and editing properties of custom installation packages
- Obtaining the Network Agent installation package from the Kaspersky Security Center distribution kit
- Distributing installation packages to secondary Administration Servers
- Distributing installation packages through distribution points
- Transferring application installation results to Kaspersky Security Center
- Defining the KSN proxy server address for installation packages
- Receiving up-to-date versions of applications
- Preparing a Windows device for remote installation
- Preparing a Linux device for remote installation of Network Agent
- Preparing a macOS device for remote installation of Network Agent
- Kaspersky applications: licensing and activation
- Licensing of managed applications
- Viewing information about license keys in use
- Adding a license key to the Administration Server repository
- Deleting an Administration Server license key
- Deploying a license key to client devices
- Automatic distribution of a license key
- Creating and viewing a license key usage report
- Viewing information about the application license keys
- Exporting a license key file
- Configuring network protection
- Scenario: Configuring network protection
- Policy setup and propagation: Device-centric approach
- About device-centric and user-centric security management approaches
- Manual setup of Kaspersky Endpoint Security policy
- Manual setup of the group update task for Kaspersky Endpoint Security
- Manual setup of the group task for scanning a device with Kaspersky Endpoint Security
- Scheduling the Find vulnerabilities and required updates task
- Manual setup of the group task for updates installation and vulnerabilities fix
- Setting the maximum number of events in the event repository
- Setting the maximum storage period for the information about fixed vulnerabilities
- Managing tasks
- Creating a task
- Creating the Administration Server task
- Creating a task for specific devices
- Creating a local task
- Displaying an inherited group task in the workspace of a nested group
- Automatically turning on devices before starting a task
- Automatically turning off a device after a task is completed
- Limiting task run time
- Exporting a task
- Importing a task
- Converting tasks
- Starting and stopping a task manually
- Pausing and resuming a task manually
- Monitoring task execution
- Viewing task run results stored on the Administration Server
- Configuring filtering of information about task run results
- Modifying a task. Rolling back changes
- Comparing tasks
- Accounts to start tasks
- Change Tasks Password Wizard
- Creating a hierarchy of administration groups subordinate to a virtual Administration Server
- Policies and policy profiles
- Hierarchy of policies, using policy profiles
- Managing policies
- Creating a policy
- Displaying inherited policy in a subgroup
- Activating a policy
- Activating a policy automatically at the Virus outbreak event
- Applying an out-of-office policy
- Modifying a policy. Rolling back changes
- Comparing policies
- Deleting a policy
- Copying a policy
- Exporting a policy
- Importing a policy
- Converting policies
- Managing policy profiles
- Device moving rules
- Cloning device moving rules
- Software categorization
- Prerequisites for installing applications on devices of a client organization
- Viewing and editing local application settings
- Updating Kaspersky Security Center and managed applications
- Scenario: Regular updating Kaspersky databases and applications
- About updating Kaspersky databases, software modules, and applications
- About using diff files for updating Kaspersky databases and software modules
- Enabling the Downloading diff files feature
- Creating the task for downloading updates to the repository of the Administration Server
- Creating the Download updates to the repositories of distribution points task
- Configuring the Download updates to the repository of the Administration Server task
- Verifying downloaded updates
- Configuring test policies and auxiliary tasks
- Viewing downloaded updates
- Automatic installation of Kaspersky Endpoint Security updates on devices
- Offline model of update download
- Enabling and disabling the offline model of update download
- Automatic updating and patching for Kaspersky Security Center components
- Enabling and disabling automatic updating and patching for Kaspersky Security Center components
- Automatic distribution of updates
- Distributing updates to client devices automatically
- Distributing updates to secondary Administration Servers automatically
- Assigning distribution points automatically
- Assigning a device a distribution point manually
- Removing a device from the list of distribution points
- Downloading updates by distribution points
- Deleting software updates from the repository
- Patch installation for a Kaspersky application in cluster mode
- Managing third-party applications on client devices
- Installing third-party software updates
- Scenario: Updating third-party software
- Viewing information about available updates for third-party applications
- Approving and declining software updates
- Synchronizing updates from Windows Update with Administration Server
- Installing updates on devices manually
- Configuring Windows updates in a Network Agent policy
- Fixing third-party software vulnerabilities
- Scenario: Finding and fixing third-party software vulnerabilities
- About finding and fixing software vulnerabilities
- Viewing information about software vulnerabilities
- Viewing statistics of vulnerabilities on managed devices
- Scanning applications for vulnerabilities
- Fixing vulnerabilities in applications
- Fixing vulnerabilities in an isolated network
- Scenario: Fixing third-party software vulnerabilities in an isolated network
- About fixing third-party software vulnerabilities in an isolated network
- Configuring the Administration Server with internet access to fix vulnerabilities in an isolated network
- Configuring isolated Administration Servers to fix vulnerabilities in an isolated network
- Transmitting patches and installing updates in an isolated network
- Disabling the option to transmit patches and install updates in an isolated network
- Ignoring software vulnerabilities
- Selecting user fixes for vulnerabilities in third-party software
- Rules for update installation
- Groups of applications
- Using Application Control to manage executable files
- Creating application categories for Kaspersky Endpoint Security for Windows policies
- Creating an application category with content added manually
- Creating an application category that includes executable files from selected devices
- Creating an application category that includes executable files from a specific folder
- Adding event-related executable files to the application category
- Configuring application startup management on client devices
- Viewing the results of static analysis of startup rules applied to executable files
- Viewing the applications registry
- Changing the software inventory start time
- About license key management of third-party applications
- Creating licensed applications groups
- Managing license keys for licensed applications groups
- Inventory of executable files
- Viewing information about executable files
- Installing third-party software updates
- Monitoring and reporting
- Scenario: Monitoring and reporting
- Monitoring traffic lights and logged events in Administration Console
- Working with reports, statistics, and notifications
- Working with reports
- Managing statistics
- Configuring event notification
- Creating a certificate for an SMTP server
- Event selections
- Device selections
- Monitoring of applications installation and uninstallation
- Event types
- Blocking frequent events
- Controlling changes in the status of virtual machines
- Monitoring the anti-virus protection status using information from the system registry
- Viewing and configuring the actions when devices show inactivity
- Disabling Kaspersky announcements
- Adjustment of distribution points and connection gateways
- Standard configuration of distribution points: Single office
- Standard configuration of distribution points: Multiple small remote offices
- Assigning a managed device to act as a distribution point
- Connecting a Linux device as a gateway in the demilitarized zone
- Connecting a Linux device to the Administration Server via a connection gateway
- Adding a connection gateway in the DMZ as a distribution point
- Assigning distribution points automatically
- About local installation of Network Agent on a device selected as distribution point
- About using a distribution point as connection gateway
- Adding IP ranges to the list of ranges polled by a distribution point
- Using a distribution point as a push server
- Other routine work
- Managing Administration Servers
- Creating a hierarchy of Administration Servers: adding a secondary Administration Server
- Connecting to an Administration Server and switching between Administration Servers
- Access rights to Administration Server and its objects
- Conditions of connection to an Administration Server over the internet
- Encrypted connection to an Administration Server
- Configuring an allowlist of IP addresses to connect to Administration Server
- Using the klscflag utility to close port 13291
- Disconnecting from an Administration Server
- Adding an Administration Server to the console tree
- Removing an Administration Server from the console tree
- Adding a virtual Administration Server to the console tree
- Changing an Administration Server service account. Utility tool klsrvswch
- Changing DBMS credentials
- Resolving issues with Administration Server nodes
- Viewing and modifying the settings of an Administration Server
- Adjusting the general settings of Administration Server
- Administration Console interface settings
- Event processing and storage on the Administration Server
- Viewing log of connections to the Administration Server
- Control of virus outbreaks
- Limiting traffic
- Configuring Web Server
- Working with internal users
- Backup and restoration of Administration Server settings
- Backup copying and restoration of Administration Server data
- Moving Administration Server and a database server to another device
- Avoiding conflicts between multiple Administration Servers
- Two-step verification
- About two-step verification
- Scenario: configuring two-step verification for all users
- Enabling two-step verification for your own account
- Enabling two-step verification for all users
- Disabling two-step verification for a user account
- Disabling required two-step verification for all users
- Excluding accounts from two-step verification
- Editing the name of a security code issuer
- Changing the Administration Server shared folder
- Managing administration groups
- Managing client devices
- Connecting client devices to the Administration Server
- Manually connecting a client device to the Administration Server. Klmover utility
- Tunneling the connection between a client device and the Administration Server
- Remotely connecting to the desktop of a client device
- Connecting to devices through Windows Desktop Sharing
- Configuring the restart of a client device
- Auditing actions on a remote client device
- Checking the connection between a client device and the Administration Server
- Identifying client devices on the Administration Server
- Moving devices to an administration group
- Changing the Administration Server for client devices
- Moving devices connected to Administration Server through connection gateways to another Administration Server
- Clusters and server arrays
- Turning on, turning off, and restarting client devices remotely
- About the usage of the continuous connection between a managed device and the Administration Server
- About forced synchronization
- About connection schedule
- Sending messages to device users
- Managing Kaspersky Security for Virtualization
- Configuring the switching of device statuses
- Tagging devices and viewing assigned tags
- Remote diagnostics of client devices. Kaspersky Security Center remote diagnostics utility
- Connecting the remote diagnostics utility to a client device
- Enabling and disabling tracing, downloading the trace file
- Downloading application settings
- Downloading event logs
- Downloading multiple diagnostic information items
- Starting diagnostics and downloading the results
- Starting, stopping, and restarting applications
- UEFI protection devices
- Settings of a managed device
- General policy settings
- Network Agent policy settings
- Managing user accounts
- Working with user accounts
- Adding an account of an internal user
- Editing an account of an internal user
- Changing the number of allowed password entry attempts
- Configuring the check of the name of an internal user for uniqueness
- Adding a security group
- Adding a user to a group
- Configuring access rights to application features. Role-based access control
- Assigning the user as a device owner
- Delivering messages to users
- Viewing the list of user mobile devices
- Installing a certificate for a user
- Viewing the list of certificates issued to a user
- About the administrator of a virtual Administration Server
- Remote installation of operating systems and applications
- Creating images of operating systems
- Installing images of operating systems
- Configuring the KSN proxy server address
- Adding drivers for Windows Preinstallation Environment (WinPE)
- Adding drivers to an installation package with an operating system image
- Configuring sysprep.exe utility
- Deploying operating systems on new networked devices
- Deploying operating systems on client devices
- Creating installation packages of applications
- Issuing a certificate for installation packages of applications
- Installing applications on client devices
- Managing object revisions
- Deletion of objects
- Mobile Device Management
- Scenario: Mobile Device Management deployment
- About group policy for managing EAS and iOS MDM devices
- Enabling Mobile Device Management
- Modifying the Mobile Device Management settings
- Disabling Mobile Device Management
- Working with commands for mobile devices
- Working with certificates of mobile devices
- Starting the Certificate Installation Wizard
- Step 1. Selecting certificate type
- Step 2. Selecting device type
- Step 3. Selecting a user
- Step 4. Selecting certificate source
- Step 5. Assigning a tag to the certificate
- Step 6. Specifying certificate publishing settings
- Step 7. Selecting user notification method
- Step 8. Generating the certificate
- Configuring certificate issuance rules
- Integration with public key infrastructure
- Enabling support of Kerberos Constrained Delegation
- Adding iOS mobile devices to the list of managed devices
- Adding Android mobile devices to the list of managed devices
- Managing Exchange ActiveSync mobile devices
- Managing iOS MDM devices
- Signing an iOS MDM profile by a certificate
- Adding a configuration profile
- Installing a configuration profile on a device
- Removing the configuration profile from a device
- Adding a new device by publishing a link to a profile
- Adding a new device through profile installation by the administrator
- Adding a provisioning profile
- Installing a provisioning profile to a device
- Removing a provisioning profile from a device
- Adding a managed application
- Installing an app on a mobile device
- Removing an app from a device
- Configuring roaming on an iOS MDM mobile device
- Viewing information about an iOS MDM device
- Disconnecting an iOS MDM device from management
- Sending commands to a device
- Checking the execution status of commands sent
- Managing KES devices
- Data encryption and protection
- Data repositories
- Kaspersky Security Network (KSN)
- About KSN
- Setting up access to Kaspersky Security Network
- Enabling and disabling KSN
- Viewing the accepted KSN Statement
- Viewing the KSN proxy server statistics
- Accepting an updated KSN Statement
- Enhanced protection with Kaspersky Security Network
- Checking whether the distribution point works as KSN proxy server
- Switching between Online Help and Offline Help
- Managing Administration Servers
- Export of events to SIEM systems
- Scenario: Configuring event export to SIEM systems
- Before you begin
- About events in Kaspersky Security Center
- About event export
- About configuring event export in a SIEM system
- Marking of events for export to SIEM systems in Syslog format
- About exporting events using Syslog format
- About exporting events using CEF and LEEF formats
- Configuring Kaspersky Security Center for export of events to a SIEM system
- Exporting events directly from the database
- Viewing export results
- Using SNMP for sending statistics to third-party applications
- Working in a cloud environment
- About work in a cloud environment
- Scenario: Deployment for cloud environment
- Prerequisites for deploying Kaspersky Security Center in a cloud environment
- Hardware requirements for the Administration Server in a cloud environment
- Licensing options in a cloud environment
- Database options for work in a cloud environment
- Working in Amazon Web Services cloud environment
- About work in Amazon Web Services cloud environment
- Creating IAM roles and IAM user accounts for Amazon EC2 instances
- Ensuring that the Kaspersky Security Center Administration Server has the permissions to work with AWS
- Creating an IAM role for the Administration Server
- Creating an IAM user account for work with Kaspersky Security Center
- Creating an IAM role for installation of applications on Amazon EC2 instances
- Working with Amazon RDS
- Working in Microsoft Azure cloud environment
- Working in Google Cloud
- Prerequisites for client devices in a cloud environment necessary for work with Kaspersky Security Center
- Creating installation packages required for Cloud Environment Configuration Wizard
- Cloud Environment Configuration Wizard
- About the Cloud Environment Configuration Wizard
- Step 1. Selecting the application activation method
- Step 2. Selecting the cloud environment
- Step 3. Authorization in the cloud environment
- Step 4. Configuring synchronization with Cloud and choosing further actions
- Step 5. Configuring Kaspersky Security Network in the cloud environment
- Step 6. Configuring email notifications in the cloud environment
- Step 7. Creating an initial configuration of the protection of the cloud environment
- Step 8. Selecting the action when the operating system must be restarted during installation (for the cloud environment)
- Step 9. Receiving updates by the Administration Server
- Checking configuration
- Cloud device group
- Network segment polling
- Installing applications on devices in a cloud environment
- Viewing the properties of cloud devices
- Synchronization with cloud
- Using deployment scripts for deploying security applications
- Deployment of Kaspersky Security Center in Yandex.Cloud
- Appendices
- Advanced features
- Kaspersky Security Center operation automation. klakaut utility
- Custom tools
- Network Agent disk cloning mode
- Preparing a reference device with Network Agent installed for creating an image of operating system
- Configuring receipt of messages from File Integrity Monitor
- Administration Server maintenance
- User notification method window
- General section
- Device selection window
- Define the name of the new object window
- Application categories section
- Features of using the management interface
- Reference information
- Searching and exporting data
- Settings of tasks
- Global list of subnets
- Usage of Network Agent for Windows, for macOS and for Linux: Comparison
- Advanced features
- Basic concepts
- Kaspersky Security Center Web Console
- About Kaspersky Security Center Web Console
- Hardware and software requirements for Kaspersky Security Center Web Console
- Deployment diagram of Kaspersky Security Center Administration Server and Kaspersky Security Center Web Console
- Ports used by Kaspersky Security Center Web Console
- Scenario: Installation and initial setup of Kaspersky Security Center Web Console
- Installation
- Configuring the MariaDB x64 server for working with Kaspersky Security Center 14
- Configuring the MySQL x64 server for working with Kaspersky Security Center 14
- Installing Kaspersky Security Center Web Console
- Installation of Kaspersky Security Center Web Console on Linux platforms
- Installing Kaspersky Security Center Web Console connected to Administration Server installed on failover cluster nodes
- Upgrading Kaspersky Security Center Web Console
- Certificates for work with Kaspersky Security Center Web Console
- About migration to Kaspersky Security Center Cloud Console
- Signing in to Kaspersky Security Center Web Console and signing out
- Identity and Access Manager in Kaspersky Security Center Web Console
- About Identity and Access Manager
- Enabling Identity and Access Manager: scenario
- Configuring Identity and Access Manager in Kaspersky Security Center Web Console
- Registering Kaspersky Industrial CyberSecurity for Networks application in Kaspersky Security Center Web Console
- Lifetime of tokens and authorization timeout for Identity and Access Manager
- Downloading and distributing the IAM certificates
- Disabling Identity and Access Manager
- Configuring domain authentication by using the NTLM and Kerberos protocols
- Initial setup of Kaspersky Security Center Web Console
- Quick Start Wizard (Kaspersky Security Center Web Console)
- Step 1. Specifying the internet connection settings
- Step 2. Downloading required updates
- Step 3. Selecting the assets to secure
- Step 4. Selecting encryption in solutions
- Step 5. Configuring installation of plug-ins for managed applications
- Step 6. Downloading distribution packages and creating installation packages
- Step 7. Configuring Kaspersky Security Network
- Step 8. Selecting the application activation method
- Step 9. Specifying the third-party update management settings
- Step 10. Creating a basic network protection configuration
- Step 11. Configuring email notifications
- Step 12. Performing a network poll
- Step 13. Closing the Quick Start Wizard
- Connecting out-of-office devices
- Scenario: Connecting out-of-office devices through a connection gateway
- Scenario: Connecting out-of-office devices through a secondary Administration Server in DMZ
- About connecting out-of-office devices
- Connecting external desktop computers to Administration Server
- About connection profiles for out-of-office users
- Creating a connection profile for out-of-office users
- About switching Network Agent to other Administration Servers
- Creating a Network Agent switching rule by network location
- Quick Start Wizard (Kaspersky Security Center Web Console)
- Protection Deployment Wizard
- Starting Protection Deployment Wizard
- Step 1. Selecting the installation package
- Step 2. Selecting a method for distribution of key file or activation code
- Step 3. Selecting Network Agent version
- Step 4. Selecting devices
- Step 5. Specifying the remote installation task settings
- Step 6. Restart management
- Step 7. Removing incompatible applications before installation
- Step 8. Moving devices to Managed devices
- Step 9. Selecting accounts to access devices
- Step 10. Starting installation
- Configuring Administration Server
- Configuring the connection of Kaspersky Security Center Web Console to Administration Server
- Configuring Administration Server connection events logging
- Setting the maximum number of events in the event repository
- Connection settings of UEFI protection devices
- Creating a hierarchy of Administration Servers: adding a secondary Administration Server
- Viewing the list of secondary Administration Servers
- Deleting a hierarchy of Administration Servers
- Administration Server maintenance
- Configuring the interface
- Managing virtual Administration Servers
- Enabling account protection from unauthorized modification
- Two-step verification
- About two-step verification
- Scenario: Configuring two-step verification for all users
- Enabling two-step verification for your own account
- Enabling required two-step verification for all users
- Disabling two-step verification for a user account
- Disabling required two-step verification for all users
- Excluding accounts from two-step verification
- Generating a new secret key
- Editing the name of a security code issuer
- Backup copying and restoration of Administration Server data
- Creating a data backup task
- Moving Administration Server to another device
- Kaspersky applications deployment through Kaspersky Security Center Web Console
- Scenario: Kaspersky applications deployment through Kaspersky Security Center Web Console
- Getting plug-ins for Kaspersky applications
- Updating plug-ins for Kaspersky applications
- Downloading and creating installation packages for Kaspersky applications
- Changing the limit on the size of custom installation package data
- Downloading distribution packages for Kaspersky applications
- Checking that Kaspersky Endpoint Security is deployed successfully
- Creating stand-alone installation packages
- Viewing the list of stand-alone installation packages
- Creating custom installation packages
- Distributing installation packages to secondary Administration Servers
- Installing applications using a remote installation task
- Specifying settings for remote installation on Unix devices
- Starting and stopping Kaspersky applications
- Mobile Device Management
- Replacing third-party security applications
- Discovering networked devices
- Kaspersky applications: licensing and activation
- Licensing of managed applications
- Adding a license key to the Administration Server repository
- Deploying a license key to client devices
- Automatic distribution of a license key
- Viewing information about license keys in use
- Deleting a license key from the repository
- Revoking consent with an End User License Agreement
- Renewing licenses for Kaspersky applications
- Using Kaspersky Marketplace to choose Kaspersky business solutions
- Configuring network protection
- Scenario: Configuring network protection
- About device-centric and user-centric security management approaches
- Policy setup and propagation: Device-centric approach
- Policy setup and propagation: User-centric approach
- Network Agent policy settings
- Manual setup of Kaspersky Endpoint Security policy
- Manual setup of the group update task for Kaspersky Endpoint Security
- Granting offline access to the external device blocked by Device Control
- Removing applications or software updates remotely
- Rolling back an object to a previous revision
- Tasks
- Managing client devices
- Settings of a managed device
- Creating administration groups
- Adding devices to an administration group manually
- Moving devices to an administration group manually
- Creating device moving rules
- Copying device moving rules
- Conditions for a device moving rule
- Viewing and configuring the actions when devices show inactivity
- About device statuses
- Configuring the switching of device statuses
- Remotely connecting to the desktop of a client device
- Connecting to devices through Windows Desktop Sharing
- Device selections
- Device tags
- Device tags
- Creating a device tag
- Renaming a device tag
- Deleting a device tag
- Viewing devices to which a tag is assigned
- Viewing tags assigned to a device
- Tagging a device manually
- Removing an assigned tag from a device
- Viewing rules for tagging devices automatically
- Editing a rule for tagging devices automatically
- Creating a rule for tagging devices automatically
- Running rules for auto-tagging devices
- Deleting a rule for tagging devices automatically
- Managing device tags by using the klscflag utility
- Policies and policy profiles
- Data encryption and protection
- Users and user roles
- About user roles
- Configuring access rights to application features. Role-based access control
- Adding an account of an internal user
- Creating a security group
- Editing an account of an internal user
- Editing a security group
- Adding user accounts to an internal group
- Assigning a user as a device owner
- Deleting a user or a security group
- Creating a user role
- Editing a user role
- Editing the scope of a user role
- Deleting a user role
- Associating policy profiles with roles
- Managing objects in Kaspersky Security Center Web Console
- Adding a revision description
- Deleting an object
- Kaspersky Security Network (KSN)
- Scenario: Upgrading Kaspersky Security Center and managed security applications
- Updating Kaspersky databases and applications
- Scenario: Regular updating Kaspersky databases and applications
- About updating Kaspersky databases, software modules, and applications
- Creating the Download updates to the Administration Server repository task
- Viewing downloaded updates
- Verifying downloaded updates
- Creating the task for downloading updates to the repositories of distribution points
- Enabling and disabling automatic updating and patching for Kaspersky Security Center components
- Automatic installation of updates for Kaspersky Endpoint Security for Windows
- Approving and declining software updates
- Updating Administration Server
- Enabling and disabling the offline model of update download
- Updating Kaspersky databases and software modules on offline devices
- Backing up and restoring web plug-ins
- Adjustment of distribution points and connection gateways
- Standard configuration of distribution points: Single office
- Standard configuration of distribution points: Multiple small remote offices
- About assigning distribution points
- Assigning distribution points automatically
- Assigning distribution points manually
- Modifying the list of distribution points for an administration group
- Forced synchronization
- Enabling a push server
- Managing third-party applications on client devices
- About third-party applications
- Installing third-party software updates
- Scenario: Updating third-party software
- About third-party software updates
- Installing third-party software updates
- Creating the Find vulnerabilities and required updates task
- Find vulnerabilities and required updates task settings
- Creating the Install required updates and fix vulnerabilities task
- Adding rules for update installation
- Creating the Install Windows Update updates task
- Viewing information about available third-party software updates
- Exporting the list of available software updates to a file
- Approving and declining third-party software updates
- Creating the Perform Windows Update synchronization task
- Updating third-party applications automatically
- Fixing third-party software vulnerabilities
- Scenario: Finding and fixing third-party software vulnerabilities
- About finding and fixing software vulnerabilities
- Fixing third-party software vulnerabilities
- Creating the Fix vulnerabilities task
- Creating the Install required updates and fix vulnerabilities task
- Adding rules for update installation
- Selecting user fixes for vulnerabilities in third-party software
- Viewing information about software vulnerabilities detected on all managed devices
- Viewing information about software vulnerabilities detected on the selected managed device
- Viewing statistics of vulnerabilities on managed devices
- Exporting the list of software vulnerabilities to a file
- Ignoring software vulnerabilities
- Managing applications run on client devices
- Using Application Control to manage executable files
- Application Control modes and categories
- Obtaining and viewing a list of applications installed on client devices
- Obtaining and viewing a list of executable files stored on client devices
- Creating application category with content added manually
- Creating application category that includes executable files from selected devices
- Creating application category that includes executable files from selected folder
- Viewing the list of application categories
- Configuring Application Control in the Kaspersky Endpoint Security for Windows policy
- Adding event-related executable files to the application category
- Creating an installation package of a third-party application from the Kaspersky database
- Viewing and modifying the settings of an installation package of a third-party application from the Kaspersky database
- Settings of an installation package of a third-party application from the Kaspersky database
- Application tags
- Monitoring and reporting
- Scenario: Monitoring and reporting
- About types of monitoring and reporting
- Dashboard and widgets
- Reports
- Events and event selections
- Using event selections
- Creating an event selection
- Editing an event selection
- Viewing a list of an event selection
- Viewing details of an event
- Exporting events to a file
- Viewing an object history from an event
- Deleting events
- Deleting event selections
- Setting the storage term for an event
- Event types
- Blocking frequent events
- Receiving events from Kaspersky Security for Microsoft Exchange Servers
- Notifications and device statuses
- Kaspersky announcements
- Viewing information about the detects of threats
- Downloading and deleting files from Quarantine and Backup
- Kaspersky Security Center Web Console activity logging
- Integration between Kaspersky Security Center and other solutions
- Configuring access to KATA/KEDR Web Console
- Establishing a background connection
- Exporting events to SIEM systems
- Scenario: Configuring event export to SIEM systems
- Before you begin
- About events in Kaspersky Security Center
- About event export
- About configuring event export in a SIEM system
- Marking of events for export to SIEM systems in Syslog format
- About exporting events using CEF and LEEF formats
- About exporting events using Syslog format
- Configuring Kaspersky Security Center for export of events to a SIEM system
- Exporting events directly from the database
- Viewing export results
- Working with Kaspersky Security Center Web Console in a cloud environment
- Cloud Environment Configuration Wizard in Kaspersky Security Center Web Console
- Step 1. Licensing the application
- Step 2. Selecting the cloud environment and authorization
- Step 3. Segment polling, configuring synchronization with Cloud and choosing further actions
- Step 4. Configuring Kaspersky Security Network for Kaspersky Security Center
- Step 5. Creating an initial configuration of protection
- Network segment polling via Kaspersky Security Center Web Console
- Adding connections for cloud segment polling
- Deleting a connection for cloud segment polling
- Configuring the polling schedule via Kaspersky Security Center Web Console
- Viewing the results of cloud segment polling via Kaspersky Security Center Web Console
- Viewing the properties of cloud devices via Kaspersky Security Center Web Console
- Synchronization with Cloud: Configuring the moving rule
- Creating Backup of the Administration Server data task by using a cloud DBMS
- Cloud Environment Configuration Wizard in Kaspersky Security Center Web Console
- Remote diagnostics of client devices
- Opening the remote diagnostics window
- Enabling and disabling tracing for applications
- Downloading trace files of an application
- Deleting trace files
- Downloading application settings
- Downloading event logs
- Starting, stopping, restarting the application
- Running the remote diagnostics of Kaspersky Security Center Network Agent and downloading the results
- Running an application on a client device
- Generating a dump file for an application
- Changing the language of the Kaspersky Security Center Web Console interface
- API Reference Guide
- Best Practices for Service Providers
- Planning Kaspersky Security Center deployment
- Deployment and initial setup
- Recommendations on Administration Server installation
- Configuring protection on a client organization's network
- Manual setup of Kaspersky Endpoint Security policy
- Manual setup of the group update task for Kaspersky Endpoint Security
- Manual setup of the group task for scanning a device with Kaspersky Endpoint Security
- Scheduling the Find vulnerabilities and required updates task
- Manual setup of the group task for updates installation and vulnerabilities fix
- Building a structure of administration groups and assigning distribution points
- Hierarchy of policies, using policy profiles
- Tasks
- Device moving rules
- Software categorization
- About multi-tenant applications
- Backup and restoration of Administration Server settings
- Deploying Network Agent and the security application
- Initial deployment
- Configuring installers
- Installation packages
- MSI properties and transform files
- Deployment with third-party tools for remote installation of applications
- General information about the remote installation tasks in Kaspersky Security Center
- Deployment using group policies of Microsoft Windows
- Forced deployment through the remote installation task of Kaspersky Security Center
- Running stand-alone packages created by Kaspersky Security Center
- Options for manual installation of applications
- Creating an MST file
- Remote installation of applications on devices with Network Agent installed
- Managing device restarts in the remote installation task
- Suitability of databases updating in an installation package of an anti-virus application
- Removing incompatible third-party security applications
- Removing password-protected Network Agent using the command prompt
- Using tools for remote installation of applications in Kaspersky Security Center for running relevant executable files on managed devices
- Monitoring the deployment
- Configuring installers
- Virtual infrastructure
- Support of file system rollback for devices with Network Agent
- Initial deployment
- About connection profiles for out-of-office users
- Deploying the Mobile Device Management feature
- Other routine work
- Sizing Guide
- About this Guide
- Information about limitations of Kaspersky Security Center
- Calculations for Administration Servers
- Calculations for distribution points and connection gateways
- Logging of information about events for tasks and policies
- Specific considerations and optimal settings of certain tasks
- Details of network load spread among Administration Server and protected devices
- Contact Technical Support
- Sources of information about the application
- Glossary
- Active key
- Additional (or reserve) license key
- Administration Console
- Administration group
- Administration Server
- Administration Server certificate
- Administration Server client (Client device)
- Administration Server data backup
- Administrator rights
- Administrator's workstation
- Amazon EC2 instance
- Amazon Machine Image (AMI)
- Android device
- Anti-virus databases
- Anti-virus protection service provider
- Application Shop
- Authentication Agent
- Available update
- AWS Application Program Interface (AWS API)
- AWS IAM access key
- AWS Management Console
- Backup folder
- Broadcast domain
- Centralized application management
- Client administrator
- Cloud environment
- Configuration profile
- Connection gateway
- Demilitarized zone (DMZ)
- Device owner
- Direct application management
- Distribution point
- EAS device
- Event repository
- Event severity
- Exchange Mobile Device Server
- Forced installation
- Group task
- Home Administration Server
- HTTPS
- IAM role
- IAM user
- Identity and Access Management (IAM)
- Incompatible application
- Installation package
- Internal users
- iOS MDM device
- iOS MDM profile
- iOS MDM Server
- JavaScript
- Kaspersky Private Security Network (KPSN)
- Kaspersky Security Center Administrator
- Kaspersky Security Center Operator
- Kaspersky Security Center System Health Validator (SHV)
- Kaspersky Security Center Web Server
- Kaspersky Security Network (KSN)
- Kaspersky update servers
- KES device
- Key file
- License term
- Licensed applications group
- Local installation
- Local task
- Managed devices
- Management plug-in
- Manual installation
- MITM attack
- Mobile Device Server
- Network Agent
- Network anti-virus protection
- Network protection status
- Patch importance level
- Policy
- Profile
- Program settings
- Protection status
- Provisioning profile
- Remote installation
- Restoration
- Restoration of Administration Server data
- Role group
- Service provider's administrator
- Shared certificate
- SSL
- Task
- Task for specific devices
- Task settings
- UEFI protection device
- Update
- Virtual Administration Server
- Virus activity threshold
- Virus outbreak
- Vulnerability
- Windows Server Update Services (WSUS)
- Information about third-party code
- Trademark notices
- Known issues
Scenario: Finding and fixing third-party software vulnerabilities
This section provides a scenario for finding and fixing vulnerabilities on the managed devices running Windows. You can find and fix software vulnerabilities in the operating system and in third-party software, including Microsoft software.
Prerequisites
- Kaspersky Security Center is deployed in your organization.
- There are managed devices running Windows in your organization.
- Internet connection is required for Administration Server to perform the following tasks:
- To make a list of recommended fixes for vulnerabilities in Microsoft software. The list is created and regularly updated by Kaspersky specialists.
- To fix vulnerabilities in third-part software other than Microsoft software.
Stages
Finding and fixing software vulnerabilities proceeds in stages:
- Scanning for vulnerabilities in the software installed on the managed devices
To find vulnerabilities in the software installed on the managed devices, run the Find vulnerabilities and required updates task. When this task is complete, Kaspersky Security Center receives the lists of detected vulnerabilities and required updates for the third-party software installed on the devices that you specified in the task properties.
The Find vulnerabilities and required updates task is created automatically by Kaspersky Security Center Quick Start Wizard. If you did not run the Wizard, start it now or create the task manually.
How-to instructions:
- Administration Console: Scanning applications for vulnerabilities, Scheduling the Find vulnerabilities and required updates task
- Kaspersky Security Center Web Console: Creating the Find vulnerabilities and required updates task, Find vulnerabilities and required updates task settings
- Analyzing the list of detected software vulnerabilities
View the Software vulnerabilities list and decide which vulnerabilities are to be fixed. To view detailed information about each vulnerability, click the vulnerability name in the list. For each vulnerability in the list, you can also view the statistics on the vulnerability on managed devices.
How-to instructions:
- Administration Console: Viewing information about software vulnerabilities, Viewing statistics of vulnerabilities on managed devices
- Kaspersky Security Center Web Console: Viewing information about software vulnerabilities, Viewing statistics of vulnerabilities on managed devices
- Configuring vulnerabilities fix
When the software vulnerabilities are detected, you can fix the software vulnerabilities on the managed devices by using the Install required updates and fix vulnerabilities task or the Fix vulnerabilities task.
The Install required updates and fix vulnerabilities task is used to update and fix vulnerabilities in third-party software, including Microsoft software, installed on the managed devices. This task allows you to install multiple updates and fix multiple vulnerabilities according to certain rules. Note that this task can be created only if you have the license for the Vulnerability and Patch Management feature. To fix software vulnerabilities the Install required updates and fix vulnerabilities task uses recommended software updates.
The Fix vulnerabilities task does not require the license option for the Vulnerability and Patch Management feature. To use this task, you must manually specify user fixes for vulnerabilities in third-party software listed in the task settings. The Fix vulnerabilities task uses recommended fixes for Microsoft software and user fixes for third-party software.
You can start Vulnerabilities Fix Wizard that creates one of these tasks automatically, or you can create one of these tasks manually.
How-to instructions:
- Administration Console: Selecting user fixes for vulnerabilities in third-party software, Fixing vulnerabilities in applications
- Kaspersky Security Center Web Console: Selecting user fixes for vulnerabilities in third-party software, Fixing vulnerabilities in third-party software, Creating the Install required updates and fix vulnerabilities task
- Scheduling the tasks
To be sure that the vulnerabilities list is always up-to-date, schedule the Find vulnerabilities and required updates task to run it automatically from time to time. The recommended average frequency is once a week.
If you have created the Install required updates and fix vulnerabilities task, you can schedule it to run with the same frequency as the Find vulnerabilities and required updates task or less often. When scheduling the Fix vulnerabilities task, note that you have to select fixes for Microsoft software or specify user fixes for third-party software every time before starting the task.
When scheduling the tasks, make sure that a task to fix vulnerability starts after the Find vulnerabilities and required updates task is complete.
- Ignoring software vulnerabilities (optional)
If you want, you can ignore software vulnerabilities to be fixed on all managed devices or only on the selected managed devices.
How-to instructions:
- Administration Console: Ignoring software vulnerabilities
- Kaspersky Security Center Web Console: Ignoring software vulnerabilities
- Running a vulnerability fix task
Start the Install required updates and fix vulnerabilities task or the Fix vulnerability task. When the task is complete, make sure that it has the Completed successfully status in the task list.
- Create the report on results of fixing software vulnerabilities (optional)
To view detailed statistics on the vulnerabilities fix, generate the Report on vulnerabilities. The report displays information about software vulnerabilities that are not fixed. Thus you can have an idea about finding and fixing vulnerabilities in third-party software, including Microsoft software, in your organization.
How-to instructions:
- Administration Console: Creating and viewing a report
- Kaspersky Security Center Web Console: Generating and viewing a report
- Checking configuration of finding and fixing vulnerabilities in third-party software
Be sure that you have done the following:
- Obtained and reviewed the list of software vulnerabilities on managed devices
- Ignored software vulnerabilities if you wanted
- Configured the task to fix vulnerabilities
- Scheduled the tasks to find and to fix software vulnerabilities so that they start sequentially
- Checked that the task to fix software vulnerabilities was run
Results
If you have created and configured the Install required updates and fix vulnerabilities task, the vulnerabilities are fixed on the managed devices automatically. When the task is run, it correlates the list of available software updates to the rules specified in the task settings. All software updates that meet the criteria in the rules will be downloaded to the Administration Server repository and will be installed to fix software vulnerabilities.
If you have created the Fix vulnerabilities task, only software vulnerabilities in Microsoft software are fixed.
See also: |