Kaspersky Security Center 14

Network Agent policy settings

Dec 4, 2023

ID 158030

Expand all | Collapse all

To configure the Network Agent policy:

  1. In the console tree, select the Policies folder.
  2. In the workspace of the folder, select the Network Agent policy.
  3. In the context menu of the policy, select Properties.

The properties window of the Network Agent policy opens.

General

In the General section, you can modify the policy status and specify the inheritance of policy settings:

  • In the Policy status block, you can select one of the policy modes:
    • Active policy
    • Out-of-office policy
    • Inactive policy
  • In the Settings inheritance settings group, you can configure the policy inheritance:
    • Inherit settings from parent policy
    • Force inheritance of settings in child policies

Event configuration

The Event configuration section allows you to configure event logging and event notification. Events are distributed by importance level on the following tabs:

  • Critical

    The Critical tab is not displayed in the Network Agent policy properties.

  • Functional failure
  • Warning
  • Info

On each tab, the list shows the types of events and the default event storage term on the Administration Server (in days). Clicking the Properties button lets you specify the settings of event logging and notifications about events selected in the list. By default, common notification settings specified for the entire Administration Server are used for all event types. However, you can change specific settings for the required event types.

For example, on the Warning tab, you can configure the Incident has occurred event type. Such events may happen, for instance, when the free disk space of a distribution point is less than 2 GB (at least 4 GB are required to install applications and download updates remotely). To configure the Incident has occurred event, select it and click the Properties button. After that, you can specify where to store the occurred events and how to notify about them.

If Network Agent detected an incident, you can manage this incident by using the settings of a managed device.

To select multiple event types, use the Shift or Ctrl key; to select all types, use the Select all button.

Settings

In the Settings section, you can configure the Network Agent policy:

  • Distribute files through distribution points only
  • Maximum size of event queue, in MB
  • Application is allowed to retrieve policy's extended data on device
  • Protect Network Agent service against unauthorized removal or termination, and prevent changes to the settings
  • Use uninstallation password

Repositories

In the Repositories section, you can select the types of objects whose details will be sent from Network Agent to Administration Server. If modification of some settings in this section is prohibited by the Network Agent policy, you cannot modify these settings. The settings in the Repositories section are available only on devices running Windows:

  • Details of Windows Update updates
  • Details of software vulnerabilities and corresponding updates
  • Hardware registry details
  • Details of installed applications
  • Include information about patches

Software updates and vulnerabilities

In the Software updates and vulnerabilities section, you can configure search and distribution of Windows updates, as well as enable scanning of executable files for vulnerabilities. The settings in the Software updates and vulnerabilities section are available only on devices running Windows:

  • Use Administration Server as a WSUS server
  • Under Allow users to manage installation of Windows Update updates, you can limit Windows updates that users can install on their devices manually by using Windows Update.

    On devices running Windows 10, if Windows Update has already found updates for the device, the new option that you select under Allow users to manage installation of Windows Update updates will be applied only after the updates found are installed.

    Select an item in the drop-down list:

    • Allow users to install all applicable Windows Update updates
    • Allow users to install only approved Windows Update updates
    • Do not allow users to install Windows Update updates
  • In the Windows Update search mode settings group, you can select the update search mode:
    • Active
    • Passive
    • Disabled
  • Scan executable files for vulnerabilities when running them

Restart management

In the Restart management section, you can specify the action to be performed if the operating system of a managed device has to be restarted for correct use, installation, or uninstallation of an application. The settings in the Restart management section are available only on devices running Windows:

  • Do not restart the operating system
  • Restart the operating system automatically if necessary
  • Prompt user for action
    • Repeat the prompt every (min)
    • Force restart after (min)
    • Wait time before forced closure of applications in blocked sessions (min)

Windows Desktop sharing

In the Windows Desktop Sharing section, you can enable and configure the audit of the administrator's actions performed on a remote device when desktop access is shared. The settings in the Windows Desktop Sharing section are available only on devices running Windows:

  • Enable audit
  • Masks of files to monitor when read
  • Masks of files to monitor when modified

Manage patches and updates

In the Manage patches and updates section, you can configure download and distribution of updates, as well as installation of patches, on managed devices:

  • Automatically install applicable updates and patches for components that have the Undefined status
  • Download updates and anti-virus databases from Administration Server in advance (recommended)

Connectivity

The Connectivity section includes three nested subsections:

  • Network
  • Connection profiles (only for Windows and macOS)
  • Connection schedule

In the Network subsection, you can configure the connection to Administration Server, enable the use of a UDP port, and specify its number. The following options are available:

  • In the Connection to Administration Server settings group, you can configure connection to the Administration Server and specify the time interval for synchronization between client devices and the Administration Server:
    • Compress network traffic
    • Open Network Agent ports in Microsoft Windows Firewall
    • Use SSL
    • Use connection gateway on distribution point (if available) under default connection settings
  • Use UDP port
  • UDP port number
  • Use distribution point to force connection to the Administration Server

In the Connection profiles subsection, you can specify the network location settings, configure connection profiles for Administration Server, and enable out-of-office mode when Administration Server is not available. The settings in the Connection profiles section are available only on devices running Windows and macOS:

  • Network location settings
  • Administration Server connection profiles
  • Enable out-of-office mode when Administration Server is not available

In the Connection schedule subsection, you can specify the time intervals during which Network Agent sends data to the Administration Server:

  • Connect when necessary
  • Connect at specified time intervals

Distribution points

The Distribution points section includes four nested subsections:

  • Network polling
  • Internet connection settings
  • KSN Proxy
  • Updates

In the Network polling subsection, you can configure automatic polling of the network. You can enable three types of polling, that is, network polling, IP range polling, and Active Directory polling:

  • Enable network polling
  • Enable IP range polling
  • Use Zeroconf polling (on Linux platforms only; manually specified IP ranges will be ignored)
  • Enable Active Directory polling

In the Internet connection settings subsection, you can specify the internet access settings:

  • Use proxy server
  • Proxy server address
  • Port number
  • Bypass proxy server for local addresses
  • Proxy server authentication
  • User name
  • Password

In the KSN Proxy subsection, you can configure the application to use the distribution point to forward KSN requests from the managed devices:

  • Enable KSN Proxy on distribution point side
  • Forward KSN requests to Administration Server
  • Access KSN Cloud/Private KSN directly over the internet
  • TCP port
  • Use UDP port

In the Updates subsection, you can specify whether Network Agent should download diff files by enabling or disabling the Download diff files option. (By default, this option is enabled.)

Revision history

On the Revision history tab, you can view the history of Network Agent policy revisions. You can compare revisions, view revisions, and perform advanced operations, such as save revisions to a file, roll back to a revision, and add and edit revision descriptions.

Feature comparison by the Network Agent operating systems

The table below shows which Network Agent policy settings you can use to configure Network Agent with a specific operating system.

Network Agent policy settings: comparison by operating systems

Policy section

Windows

Mac

Linux

General

Yes.

Yes.

Yes.

Event configuration

Yes.

Yes.

Yes.

Settings

Yes.

Yes.

Yes.

The following options are available:

  • Distribute files through distribution points only
  • Maximum size of event queue, in MB
  • Application is allowed to retrieve policy's extended data on device

Repositories

Yes.

No.

Yes.

The following options are available:

  • Details of installed applications
  • Hardware registry details

Software updates and vulnerabilities

Yes.

No.

No.

Restart management

Yes.

No.

No.

Windows Desktop Sharing

Yes.

No.

No.

Manage patches and updates

Yes.

No.

No.

ConnectivityNetwork

Yes.

Yes.

Yes.

Except the Open Network Agent ports in Microsoft Windows Firewall option.

ConnectivityConnection profiles

Yes.

Yes.

No.

ConnectivityConnection schedule

Yes.

Yes.

Yes.

Distribution pointsNetwork polling

Yes.

No.

Yes.

The following options are available:

  • Zeroconf
  • IP ranges

Distribution pointsInternet connection settings

Yes.

Yes.

Yes.

Distribution pointsKSN Proxy

Yes.

No.

Yes.

Distribution pointsUpdates

Yes.

No.

Yes.

Revision history

Yes.

Yes.

Yes.

See also:

Scenario: Regular updating Kaspersky databases and applications

About third-party software updates

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.