Adding Kaspersky Sandbox servers to Kaspersky Endpoint Agent list

If you use Nginx as a proxy server between a device with Kaspersky Endpoint Agent installed and Kaspersky Sandbox server, configure the client_max_body_size setting. The value of the client_max_body_size setting must be equal to the maximum size of the object sent by Kaspersky Endpoint Agent to Kaspersky Sandbox for processing. Otherwise, Nginx will not send objects whose size exceeds the specified value. The default value is 1 MB.

If you enabled the integration with Kaspersky Sandbox, you can add Kaspersky Sandbox servers to Kaspersky Endpoint Agent's list. You can add several Kaspersky Sandbox servers.

We recommend to add servers that are part of the same cluster to the same policy. If servers belong to different clusters, the results will be unpredictable.

All servers in the cluster are peers regardless of which server was used as the base for creating the cluster. Processing the same object on any server in the cluster will yield the same result.

Kaspersky Sandbox balances the load across the servers. Objects that Kaspersky Endpoint Agent sends for processing to Kaspersky Sandbox are processed on the least busy server.

To make the Kaspersky Sandbox cluster process objects from Kaspersky Endpoint Agent, add to Kaspersky Endpoint Agent at least one server that is part of the cluster while integrating Kaspersky Endpoint Agent with Kaspersky Sandbox.

The list of Kaspersky Sandbox servers of Kaspersky Endpoint Agent displays only the servers that you added to this list. Nevertheless, objects can be processed by any server in the cluster thanks to load balancing. The current list of servers in the cluster is displayed in the web interface of Kaspersky Sandbox.

It is recommended to add all servers of the cluster to Kaspersky Endpoint Agent.

Kaspersky Endpoint Agent can connect to a different Kaspersky Sandbox server in the list if one of the following errors occurs:

• Kaspersky Sandbox response timeout (connection timeout).
• Kaspersky Sandbox unavailable (error code 503 or 504).
• Self-diagnosis problem other than a license problem (error code 500).

When removing a server from the cluster, the following object processing scenarios are possible:

• If there is at least one server from this cluster with a valid IP address or fully qualified domain name (FQDN) in the list of Kaspersky Sandbox servers of Kaspersky Endpoint Agent, Kaspersky Sandbox continues to process objects from Kaspersky Endpoint Agent.
• If no servers from this cluster remain in the list of Kaspersky Sandbox servers of Kaspersky Endpoint Agent, or if IP addresses or fully qualified domain names of cluster servers are not valid, Kaspersky Sandbox cannot receive and process objects from Kaspersky Endpoint Agent.

  For the correct processing of objects, at least one server from Kaspersky Sandbox cluster must be added to Kaspersky Endpoint Agent.

To add Kaspersky Sandbox servers to the Kaspersky Endpoint Agent list:

1. Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
2. Select the administration group for which you want to configure application settings.
3. Perform one of the following actions in the details pane of the selected administration group:
   • To configure application settings for a group of protected devices, select the Policies tab and open the Properties: <Policy name> window.
     1. In the tree of Kaspersky Security Center Administration Console, expand the Managed devices node.
     2. Expand the administration group whose policy settings you want to configure, and select the Policies tab in the results pane.
     3. Select the policy you want to configure.
     4. Open the Properties: <Policy name> window in one of the following ways:
        • Select the Properties option in the context menu of the policy.
        • Click the Configure policy settings link in the results pane of the selected policy.
        • Double-click the required policy.

        The Properties: <Policy name> window opens.

   • To configure the settings of a task or application for an individual protected device, select the Devices tab and go to the settings of a local task or the application settings.
4. In the Kaspersky Sandbox integration section select the Kaspersky Sandbox integration settings subsection.
5. In the Kaspersky Sandbox integration settings group of settings, enable the Enable Kaspersky Sandbox integration setting.
6. In the Kaspersky Sandbox integration settings group of settings, enable or disable the Connect through a proxy server if specified in the general settings option.

   This option is disabled by default. The application only connects to Kaspersky Sandbox directly and does not use the general proxy server connection settings. You can enable this option if you want the application to use the general proxy server connection settings when connecting to Kaspersky Sandbox server.

7. In the List of Kaspersky Sandbox servers group of settings, click Add.

   The Server properties window will open.

8. Enter the IP address or fully qualified domain name of the Kaspersky Sandbox server and the port used to connect to the server.
9. Click Add.

   The added server will be listed in the server table.

10. Repeat the steps to add each Kaspersky Sandbox server to the list.
11. In the upper right corner of the settings group, change the switch from Policy not enforced to Under policy.
12. Click OK.

Kaspersky Sandbox servers have been added to the Kaspersky Endpoint Agent list.