Kaspersky Security Center

Disabling the option to transmit patches and install updates in an isolated network

July 8, 2024

ID 230869

You can disable transmitting patches on isolated Administration Servers, for example, if you decided to take one or more Administration Servers out of an isolated network. Thus, you can reduce the number of patches and time to download them.

To disable the option to transmit patches on isolated Administration Servers:

  1. If you want to take all Administration Servers out of isolation, in the properties of the Administration Server with internet access, delete the paths to the folders for patches and the list of required updates. If you want to keep some Administration Servers in an isolated network, skip this step.

    Run the Windows command prompt by using administrator rights, and then change your current directory to the directory with the klscflag utility. The klscflag utility is located in the folder where Administration Server is installed. The default installation path is <Disk>:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Center.

    Enter the following commands at the command prompt:

    • To delete the path to the folder for patches:

      klscflag -fset -pv klserver -n VAPM_DATA_EXPORT_PATH -t s -v ""

    • To delete the path to the folder for the list of required updates:

      klscflag -fset -pv klserver -n VAPM_REQ_IMPORT_PATH -t s -v ""

  2. Restart the Administration Server service if you deleted the paths to the folders on this Administration Server.
  3. In the properties of every Administration Server that you want to take out of isolation, delete the paths to the folders for patches and the list of required updates.

    Enter the following commands at the Windows command prompt, using administrator rights:

    • To delete the path to the folder for patches:

      klscflag -fset -pv klserver -n VAPM_DATA_IMPORT_PATH -t s -v ""

    • To delete the path to the folder for the list of required updates:

      klscflag -fset -pv klserver -n VAPM_REQ_EXPORT_PATH -t s -v ""

  4. Restart the service of every Administration Server on which you deleted the paths to the folders.

As a result, if you reconfigured the Administration Server with internet access, you will no longer receive patches through Kaspersky Security Center. If you reconfigured only some isolated Administration Servers, for example, taking some of them out of the isolated network, you will get patches only for the remaining isolated Administration Servers.

If you want to start fixing vulnerabilities on disabled isolated Administration Servers in the future, you have to configure these Administration Servers and the Administration Server with internet access once again.

See also:

Scenario: Fixing third-party software vulnerabilities in an isolated network

About fixing third-party software vulnerabilities in an isolated network

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.