Prior to installing a KUMA agent to a Windows asset, the server administrator must create a user account with the EventLogReaders and Log on as a service permissions on the Windows asset. This user account must be used to start the agent.
To install a KUMA agent to a Windows asset:
C:\Users\<User name>\Desktop\KUMA
folder is recommended for installation.The kuma.exe file is located inside the installer in the /kuma-ansible-installer/roles/kuma/files/ folder.
kuma agent --core https://<fullly qualified domain name of the KUMA Core server>:<port used by the KUMA Core server for internal communications (port 7210 by default)> --id <
ID of the agent service that was created in KUMA> --user <name of the user account used to run the agent, including the domain> --install
Example: kuma agent --core https://kuma.example.com:7210 --id XXXXX --user domain\username --install
You can get help information by executing the kuma help agent
command.
The C:\ProgramData\Kaspersky Lab\KUMA\agent\<Agent ID>
folder is created in which the KUMA agent service is installed. The agent forwards Windows events to KUMA, and you can set up a collector to receive them.
When the agent service is installed, it starts automatically. The service is also configured to restart in case of any failures. The agent can be restarted from the KUMA web interface, but only when the service is active. Otherwise, the service needs to be manually restarted on the Windows asset.
Removing a KUMA agent from Windows assets
When configuring services, you can test the configuration for errors before installation by running the agent with the following command: kuma agent --core https://<fully qualified domain name of the KUMA Core server>:<port used by the KUMA Core server for internal communications (port 7210 by default)> --id <
.ID of the agent service that was created in KUMA> --user <name of the user account used to run the agent, including the domain>