Managed Detection and Response

Support

Support for business applications

Kaspersky Endpoint Security 12 for Mac

Advanced configuration of the application

Managed Detection and Response

December 7, 2023

ID 216980

The Managed Detection and Response component was added in Kaspersky Endpoint Security in version 11.2. This component interacts with a solution known as Kaspersky Managed Detection and Response. Kaspersky Managed Detection and Response (MDR) continuously searches for, detects, and eliminates threats aimed at your organization. For detailed information about how the solution works, please refer to the Kaspersky Managed Detection and Response Help.

When interacting with Kaspersky Managed Detection and Response, the application lets you perform the following functions:

Activate Managed Detection and Response using a BLOB configuration file.
Execute commands from Kaspersky Managed Detection and Response.
Send telemetry data to Kaspersky Managed Detection and Response for threat detection.

The Managed Detection and Response component has the following additional requirements:

macOS 12 or later
Intel-based Mac, Apple silicon
Active Kaspersky Endpoint Security license

Integration with Kaspersky Managed Detection and Response

To integrate with Kaspersky Managed Detection and Response do the following:

Configure the Kaspersky Security Network proxy server
The Kaspersky Security Network proxy server facilitates data exchange between computers and the Kaspersky Security Network cloud service infrastructure via the Administration Server instead of direct exchange.

Load the Kaspersky Security Network configuration file in the Administration Server properties. The Kaspersky Security Network configuration file is located in the ZIP archive of the MDR configuration file. You can get the ZIP archive in the Kaspersky Managed Detection and Response Console. For details on configuring the Kaspersky Security Network proxy server, please refer to the Kaspersky Security Center Help.

As a result, Kaspersky Endpoint Security will use Private KSN to determine the reputation of files, applications, and websites. The "Infrastructure: Kaspersky Private Security Network" operating status will be indicated in the policy settings in the Kaspersky Security Network section.

Usage of Private KSN with Kaspersky Managed Detection and Response ensures that telemetry is sent to GDPR (General Data Protection Regulation) compliant servers. If Private KSN is not used, telemetry can be sent to the Global KSN. This may violate the laws of your country.

Important: You must enable extended KSN mode for Managed Detection and Response to work.
Activate Managed Detection and Response
Load the BLOB configuration file in the Kaspersky Endpoint Security policy (see the instructions below). The BLOB file contains the client ID and information about the license for Kaspersky Managed Detection and Response. The BLOB file is located in the ZIP archive of the MDR configuration file. You can get the ZIP archive in the Kaspersky Managed Detection and Response Console. For detailed information about a BLOB file, please refer to the Kaspersky Managed Detection and Response Help.

Activate Managed Detection and Response in the Administration Console (MMC)
1. Start Kaspersky Security Center Administration Console.
2. Maximize the Administration Server <Server name> node.
3. In the console tree, click Managed devices.
4. In the workspace, select the Policies tab.
5. Right-click the policy you want to configure and choose Properties.
6. In the Properties window, select Detection and Response > Managed Detection and Response.
7. Select the Managed Detection and Response checkbox.
8. In the MDR configuration file block, click Import and select the BLOB file received in the Kaspersky Managed Detection and Response Console. The file has the P7 extension.
9. Click OK to save your changes.
Activate Managed Detection and Response in the Web Console and Cloud Console
1. In the main window of Web Console, select Devices > Policies and profiles.
2. Click the name of the Kaspersky Endpoint Security for Mac policy.
3. The policy properties window opens.
4. Select the Application settings tab.
5. Select Detection and Response > Managed Detection and Response.
6. Turn on the Managed Detection and Response toggle switch.
7. Click Import and select the BLOB file that was obtained in the Kaspersky Managed Detection and Response Console. The file has the P7 extension.
8. Save your changes.
As a result, Kaspersky Endpoint Security will verify the BLOB file. BLOB file verification includes checking the digital signature and the license term. If the BLOB file is successfully verified, Kaspersky Endpoint Security will load the file and send the file to the computer during the next synchronization with Kaspersky Security Center.

Kaspersky Endpoint Security for Mac: Convenient management via a single console

High-performance protection of your data and business continuity. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.