About Kaspersky Endpoint Security usage modes

You can use Kaspersky Endpoint Security in one of the following modes:

• Standalone. Kaspersky Endpoint Security is used as a standalone application for protecting devices running Linux operating systems.
• In Light Agent mode to protect virtual environments (as part of Kaspersky Hybrid Cloud Security for Virtualization Light Agent). Kaspersky Endpoint Security is used as the Light Agent component of the Kaspersky Hybrid Cloud Security for Virtualization Light Agent solution to protect virtual machines running Linux guest operating systems.

  Kaspersky Endpoint Security for Virtualization Light Agent component. Installed on each virtual machine that needs to be protected.

The application is used in standalone mode by default.

If you want to use the application in Light Agent mode, you need to do the following:

1. Install Kaspersky Endpoint Security on each virtual machine that needs to be protected using Kaspersky Hybrid Cloud Security for Virtualization Light Agent. You can also install the application on a virtual machine template.

   During installation, you need to specify in one of the following ways that the application will be used in Light Agent mode:

   • During the post-installation configuration of the application in interactive or automatic mode (if installed using the command line);
   • in the autoinstall.ini configuration file, which is included in the application installation package (if installed using Kaspersky Security Center).

   After Kaspersky Endpoint Security is installed, you cannot change the application usage mode.

   When selecting Light Agent mode, you can also configure the following settings for Kaspersky Endpoint Security in Light Agent mode:

   • The role of the virtual machine that you want to protect in the virtual infrastructure: server or workstation. The role of a virtual machine determines the license under which the application will be used on this virtual machine as well as the available functionality.
   • VDI protection mode. It is recommended to enable this mode if you are installing the application on a virtual machine template that will be used to create temporary virtual machines. VDI protection mode optimizes the operation of Kaspersky Endpoint Security on temporary virtual machines.
2. Configure the settings for connecting Light Agent to SVMs and the settings for connecting Light Agent to the Integration Server.

   Kaspersky Endpoint Security for Virtualization Light Agent component. Interacts between Kaspersky Endpoint Security components and the virtual infrastructure.

   Secure virtual machine – a special virtual machine on which the scanserver service (Protection Server, a component of Kaspersky Endpoint Security for Virtualization Light Agent) is installed.

   Kaspersky Endpoint Security in Light Agent mode interacts with other components of the Kaspersky Hybrid Cloud Security for Virtualization Light Agent solution: the Integration Server and the Protection Server installed on the SVM (for more information, see the Kaspersky Endpoint Security for Virtualization Light Agent Help). To interact with the Protection Server, Kaspersky Endpoint Security establishes and maintains a connection to the SVM on which this Protection Server is installed.

   A connection to the Integration Server is required if you want Light Agents to receive information about the SVM through the Integration Server, or if you want to protect the connection between the Protection Server and the Light Agent.

   You can configure the connection settings in a Kaspersky Endpoint Security policy using Kaspersky Security Center Administration Console or using Kaspersky Security Center Web Console.

You can obtain information about application operation in Light Agent mode, as well as information about the connection to the Integration Server and SVMs, by using the following commands: --ksvla-info, --viis-info, and --svm-info.

Information about the application usage mode is displayed in Kaspersky Security Center in the properties of Kaspersky Endpoint Security on the managed device in the Components section. Information is displayed in the Light Agent mode for protecting virtual environments line as follows:

• The Running status means that the application is being used in Light Agent mode;
• The Not installed status means that the application is being used in standalone mode.

About activating the application in Light Agent mode

If Kaspersky Endpoint Security is used in Light Agent mode, the application does not need to be activated separately. You activate Kaspersky Hybrid Cloud Security for Virtualization Light Agent; activation is performed on the Protection Server (a component of Kaspersky Hybrid Cloud Security for Virtualization Light Agent) by adding a license key to the SVM. For more details, refer to the Help for Kaspersky Hybrid Cloud Security for Virtualization Light Agent.

After activating the solution and connecting the Light Agent to the SVM, the Protection Server component sends license information to the Light Agent. When selecting an SVM to connect to, Light Agent considers, among other settings, the type of license key added to the SVM. The Light Agent does not connect to the SVM if the type of key added to the SVM does not match the role of the protected virtual machine in the virtual infrastructure (server or workstation). For more details, refer to the Help for Kaspersky Hybrid Cloud Security for Virtualization Light Agent.

You can view information about the license used by Light Agent for Linux on the protected virtual machine with the Light Agent using the -L --query command.

License keys cannot be managed using the Add key task or via the Kaspersky Endpoint Security command for adding and deleting license keys.

About updating application databases and modules in Light Agent mode

Kaspersky Endpoint Security in Light Agent mode uses malware databases, which are required for the application to work as part of Kaspersky Hybrid Cloud Security for Virtualization Light Agent. Kaspersky Endpoint Security receives application database and module updates from the Protection Server. For more details, refer to the Help for Kaspersky Hybrid Cloud Security for Virtualization Light Agent.

Databases on protected virtual machines are updated using a special Update local task of Kaspersky Endpoint Security, where the folder on the SVM is specified as the update source. The update task starts automatically. You cannot delete this task or change its settings.

Update sources other than a folder on SVMs are not supported. The use of group update tasks is not supported.

The last application database and module update is also rolled back on the Protection Server. After rolling back the application database and module update on the SVMs, a special Update local task is automatically started on the protected virtual machine. The task causes the Light Agent to return to using the previous set of application database and modules.

The use of Rollback local and group tasks of Kaspersky Endpoint Security is not supported.

Other features of using the application in Light Agent mode

If Kaspersky Endpoint Security is used in Light Agent mode:

• The KESL container functionality is not supported.
• Application management using Kaspersky Security Center Cloud Console and the graphical user interface is not available.
• iChecker technology is not used for scanning and protection. Scan optimization is implemented by means of the Protection Server.
• The use of cloud databases is not supported.
• Kaspersky Endpoint Security can interact with KSN servers using a KSN proxy server. Direct interaction with KSN is not supported.
• A proxy server is not used when connecting to the Integration Server or KSN servers.