Kaspersky Security 9.0 for Microsoft Exchange Servers Maintenance Release 4 Help
- About Kaspersky Security 9.0 for Microsoft Exchange Servers
- Application architecture
- Common application deployment scenarios
- Upgrading the application to version 9.0 Maintenance Release 4
- Installing and removing the application
- Application setup
- Step 1. Checking the availability of the required components and installing them
- Step 2. Viewing information about the start of the installation and reviewing the End User License Agreement
- Step 3. Selecting the installation type
- Step 4. Selecting application components and modules
- Step 5. Creating a database and configuring the application connection to the SQL server
- Step 6. Selecting an account for launching the Kaspersky Security service
- Step 7. Completing installation
- Application Configuration Wizard
- Step 1. Activating the application
- Step 2. Configuring the Microsoft Exchange server protection
- Step 3. Enabling the KSN service
- Step 4. Configuring the proxy server settings
- Step 5. Configuring notification delivery
- Step 6. Completing the configuration
- Application Activation window
- Protection settings window
- Use Kaspersky Security Network services window
- Proxy server settings window
- Notification settings window
- Configuration node
- Restoring the application
- Removing the application
- Application setup
- To administrator
- Role-based user access control for the application features and services
- Application licensing
- Licensing models. License restrictions
- About the End User License Agreement
- About the license certificate
- About the license
- About the key
- About the key file
- About the activation code
- About the subscription
- Special considerations when activating the application using an activation code
- Special considerations of activating the application when using profiles
- Special considerations of activating the application when using the key for the DLP Module
- Activating the application with a key for a Security Server and DLP Module
- Activating the application using an activation code
- About notifications related to the license
- Configuring the license expiry term notification
- About data provision
- Viewing information about installed keys
- Replacing a key
- Removing a key
- Licensing node
- Add License window
- Viewing the number of mailboxes
- Starting and stopping the application
- Default Microsoft Exchange Server protection
- About Kaspersky Security Network
- About Kaspersky Private Security Network
- Configuring the settings for connecting to Kaspersky Private Security Network
- About Anti-Virus protection
- Enabling and disabling anti-virus server protection
- Configuring anti-virus processing of objects: Anti-Virus for the Mailbox role
- Configuring anti-virus scan exclusions
- Configuring anti-virus object processing: Anti-Virus for the Hub Transport role
- How to prevent detainment when sending messages through the Anti-Virus module
- Types of attachment files window
- Names of attachment files window
- Protection against spam and phishing
- Enabling and disabling anti-spam protection of a server
- About anti-phishing scans
- Enabling and disabling message scanning for phishing
- Configuring spam and phishing scan settings
- Configuring additional settings of spam and phishing scans
- Configuring an increase in the spam rating of messages
- About additional services, features, and anti-spam technologies
- Using external anti-spam message scanning services
- About the white and black lists of email addresses
- Creating the white list of Anti-Spam addresses
- Creating the black list of Anti-Spam addresses
- White list record settings window
- Black list record settings window
- Informing Kaspersky Lab of false alerts returned by Anti-Spam
- Improving the accuracy of spam detection on Microsoft Exchange 2013 servers
- About scanning outgoing mail for spam and phishing content
- Enabling and disabling the scanning of outgoing messages for spam and phishing content
- Configuring mailbox and public folder protection settings
- Background scan and on-demand scan
- Filtering of attachments
- Managing profiles
- Creating a profile
- Configuring Security Servers in a profile
- Specifics of managing profiles in a Microsoft Exchange database availability group
- Adding Security Servers to a profile
- Removing a Security Server from a profile
- Removing a profile
- Profiles node
- <Profile name> node
- Servers node
- <DAG name> node
- Create new profile window
- Add server to <Profile name> profile window (Step 1)
- Add server to <Profile name> profile window (Step 2)
- Rename existing profile window
- DLP Module settings
- Updates
- About update centers
- About database updates in configurations with a DAG of Microsoft Exchange servers
- Updating databases manually
- Configuring scheduled application database updates
- Select update source
- Configuring the connection to the update source
- Configuring the proxy server settings
- Designating a server as an update center and configuring its settings
- Updates node
- Notifications
- About Backup
- Viewing Backup objects
- Viewing the properties of objects in Backup
- Filtering the list of Backup objects
- Saving objects from Backup to disk
- Sending an objects from Backup to recipients
- Deleting objects from Backup
- Configuring Backup settings
- Selecting Backup database for viewing its contents from the profile
- Database window
- Send object to Kaspersky Lab window
- Backup node
- About application reports
- Anti-Virus activity report for the Mailbox role
- Anti-Virus activity report for the Hub Transport role
- Report of Anti-Spam activity
- Generating a report manually
- Creating a report generation task
- Viewing the list of report generation tasks
- Editing the settings of a report generation task
- Starting a report generation task
- Deleting a report generation task
- Viewing a report
- Saving a report to disk
- Deleting a report
- Report generation settings window
- Task settings window
- Reports node
- About application logs
- Using Kaspersky Security in Windows PowerShell
- About Windows PowerShell commands
- Connecting the Kse.Powershell library
- Viewing the protection status of a Microsoft Exchange server
- Viewing the statistics of Anti-Virus and Attachment Filtering modules
- Viewing the statistics of the Anti-Spam module
- Viewing the white list of Anti-Spam addresses
- Viewing the black list of Anti-Spam addresses
- Adding addresses to the white list of Anti-Spam addresses
- Adding addresses to the black list of Anti-Spam addresses
- Deleting addresses from the white list of Anti-Spam addresses
- Deleting addresses from the black list of Anti-Spam addresses
- Synchronizing black / white lists of Anti-Spam addresses
- Exporting and importing the application configuration
- Managing the application using the Kaspersky Security Center
- Installing the Kaspersky Security administration plug-in
- About application activation via Kaspersky Security Center
- Updating application databases via Kaspersky Security Center
- Kaspersky Security events in Kaspersky Security Center
- Viewing Microsoft Exchange Server protection status details
- Application operation statistics in Kaspersky Security Center
- Monitor the application's operation via System Center - Operations Manager
- Appendix. Script for sending spam for analysis
- To security officer
- Running and stopping the Management Console
- About the DLP Module
- Scanning messages with the DLP Module
- Default status of Data Leak Protection
- Viewing Data Leak Protection status details
- Managing categories
- Managing policies
- Managing incidents
- Viewing the list of incidents
- Viewing incident details
- Searching for similar incidents
- Adding comments to incidents
- Changing incident status
- Archiving incidents
- Restoring incidents from the archive
- Deleting archived incidents
- Incidents node
- View tab
- History tab
- Changing status window
- Incident Archiving Wizard window
- Incident Recovery Wizard window
- Handling the DLP Module reports
- Generating a report manually
- Creating a report generation task
- Starting a report creation task
- Deleting report generation task
- Viewing a report
- Saving reports to disk
- Deleting reports
- “Incidents by policies” report
- “User statistics” report
- “System KPI” report
- “Incident status statistics” report
- Reports (DLP) node
- Task settings window ("Incidents by policies" report)
- Task settings window ("Statistics on users" report)
- Task settings window ("System KPI" report)
- Task settings window ("Statistics on statuses of incidents" report)
- Report generation settings window ("Incidents by policies" report)
- Report generation settings window ("Statistics on users" report)
- Report generation settings window ("System KPI" report)
- Report generation settings window ("Statistics on statuses of incidents" report)
- Configure notifications
- Contacting the Technical Support Service
- Sources of information about the application
- Glossary
- Active key
- Active policy
- Additional key
- Anti-virus databases
- Archived incident
- Archiving
- Background scan
- Backup
- Black list of key files
- Closed incident
- Confidential data
- Container object
- Corporate security
- Data category
- Data leak
- Data leak prevention
- Data subcategory
- Disinfection
- DLP Module (Data Leak Prevention)
- DLP Module status
- Domain Name System Block List (DNSBL).
- Enforced Anti-Spam Updates Service
- False positive incident
- File mask
- Formal message
- Incident
- Incident status
- Infected object
- Kaspersky CompanyAccount
- Kaspersky Lab categories
- Kaspersky Private Security Network
- Kaspersky Security Network (KSN).
- Kaspersky update servers
- Keywords
- License certificate
- License term
- Malicious URLs
- Managed device
- Management Console
- Mass mail
- Match level
- Message deletion
- Object removal
- Opened incident
- PCL rating
- Personal data
- Phishing
- Policy
- Policy violation
- Potential spam
- Probably infected object
- Profile
- Proxy server
- SCL rating
- Security Officer
- Security Server
- Simple object
- Spam
- Spam URI Realtime Block Lists (SURBL)
- Special recipients
- Storage scan
- System KPI (Key Performance Indicators)
- Table data
- Unknown virus
- Update
- Violation context
- Virus
- Kaspersky Lab AO
- Information about third-party code
- Trademark notice
Application logs
Application logs
Kaspersky Security records its operation details (such as error messages or warnings) to Windows Event Log and Kaspersky Security event logs.
About Windows Event Log
Windows Event Log contains the details of the Kaspersky Security operation that the Kaspersky Security administrator or the security officer can use to monitor the application operation.
Events related to the Kaspersky Security operation are recorded to Windows Event Log by KSCM8 (Kaspersky Security service). Each basic events related to the application operation has a respective fixed event code. You can use an event code to find and filter events in a log.
About event logs in Kaspersky Security
Kaspersky Security event logs are files in TXT format that are stored locally in the folder <Application installation folder>\logs. You can specify a different folder to store logs.
The detail level of application event logs depends on the current settings of log detail level.
Kaspersky Security maintains event logs according to the following algorithm:
- The application records information to the end of the most recent log.
- When the log's size reaches 100 MB, the application archives it and creates a new one.
- By default, the application stores log files for 14 days since the last modification, and then deletes them. You can set a different term for log storage.
Separate logs are created individually for each Security Server irrespectively of the application deployment variant.
The folder with logs and the folder with the application data (<Application installation folder>\data) may contain confidential data. The application does not ensure protection against unauthorized access to data in those folders. You should take your own steps to protect the data in those folders against unauthorized access.
|
In this Help section Kaspersky Security events in Windows Event Log |
Article ID: 28868, Last review: Apr 2, 2018