Network Agent policy settings

February 5, 2024

ID 219894

Expand all | Collapse all

To configure the Network Agent policy:

  1. In the main menu, go to Assets (Devices)Policies & profiles.
  2. Click the name of the Network Agent policy.

    The properties window of the Network Agent policy opens.

Consider that for Windows, macOS, and Linux-based devices, various settings are available.

General tab

On this tab you can modify the policy status and specify the inheritance of policy settings:

  • In the Policy status block, you can select one of the policy modes:
    • Active
    • Inactive
  • In the Settings inheritance settings group, you can configure the policy inheritance:
    • Inherit settings from parent policy
    • Force inheritance of settings in child policies

Event configuration tab

This tab allows you to configure event logging and event notification. Events are distributed according to importance level in the following sections on the Event configuration tab:

  • Functional failure
  • Warning
  • Info

In each section, the event type list shows the types of events and the default event storage term on the Administration Server (in days). Clicking the Properties button lets you specify the settings of event logging and notifications about events selected in the list. By default, common notification settings specified for the entire Administration Server are used for all event types. However, you can change specific settings for required event types.

Application settings tab

Settings

In the Settings section, you can configure the Network Agent policy:

  • Distribute files through distribution points only
  • Maximum size of event queue, in MB
  • Application is allowed to retrieve policy's extended data on device
  • Protect Network Agent service against unauthorized removal or termination, and prevent changes to the settings
  • Use uninstallation password

Repositories

In the Repositories section, you can select the types of objects whose details will be sent from Network Agent to Administration Server. If modification of some settings in this section is prohibited by the Network Agent policy, you cannot modify these settings. The settings in the Repositories section are available only on devices running Windows:

  • Details of installed applications
  • Include information about patches
  • Details of Windows Update updates
  • Details of software vulnerabilities and corresponding updates
  • Hardware registry details

Software updates and vulnerabilities

In the Software updates and vulnerabilities section, you can configure search of Windows updates, as well as enable scanning of executable files for vulnerabilities. The settings in the Software updates and vulnerabilities section are available only on devices running Windows:

  • Under Allow users to manage installation of Windows Update updates, you can limit Windows updates that users can install on their devices manually by using Windows Update.

    On devices running Windows 10, if Windows Update has already found updates for the device, the new option that you select under Allow users to manage installation of Windows Update updates will be applied only after the updates found are installed.

    Select an item in the drop-down list:

    • Allow users to install all applicable Windows Update updates
    • Allow users to install only approved Windows Update updates
    • Do not allow users to install Windows Update updates
  • In the Windows Update search mode settings group, you can select the update search mode:
    • Active
    • Passive
    • Disabled
  • Scan executable files for vulnerabilities when running them

Restart management

In the Restart management section, you can specify the action to be performed if the operating system of a managed device has to be restarted for correct use, installation, or uninstallation of an application. The settings in the Restart management section are available only on devices running Windows:

  • Do not restart the operating system
  • Restart the operating system automatically if necessary
  • Prompt user for action
    • Repeat the prompt every (min)
    • Force restart after (min)
  • Force closure of applications in blocked sessions

Windows Desktop Sharing

In the Windows Desktop Sharing section, you can enable and configure the audit of the administrator's actions performed on a remote device when desktop access is shared. The settings in the Windows Desktop Sharing section are available only on devices running Windows:

  • Enable audit
  • Masks of files to monitor when read
  • Masks of files to monitor when modified

Manage patches and updates

In the Manage patches and updates section, you can configure download and distribution of updates, as well as installation of patches, on managed devices: enable or disable the Automatically install applicable updates and patches for components that have the Undefined status option.

Connectivity

The Connectivity section includes three subsections:

  • Network
  • Connection profiles
  • Connection schedule

In the Network subsection, you can configure the connection to Administration Server, enable the use of a UDP port, and specify the UDP port number.

  • In the Connection to Administration Server settings group, you can specify the following settings:
  • Use UDP port
  • UDP port number
  • Use the distribution point to force a connection to Administration Server

In the Connection profiles subsection, no new items can be added to the Administration Server connection profiles list so the Add button is inactive. The preset connection profiles cannot be modified, either.

In the Connection schedule subsection, you can specify the time intervals during which Network Agent sends data to the Administration Server:

  • Connect when necessary
  • Connect at specified time intervals

In the Connection schedule subsection, you can specify the time intervals during which Network Agent sends data to the Administration Server:

  • Connect when necessary
  • Connect at specified time intervals

Network polling by distribution points

In the Network polling by distribution points section, you can configure automatic polling of the network. The polling settings are available only on devices running Windows. You can use the following options to enable the polling and set its frequency:

  • Windows network
  • IP ranges
  • Domain controllers

Network settings for distribution points

In the Network settings for distribution points section, you can specify the internet access settings:

  • Use proxy server
  • Address
  • Port number
  • Bypass proxy server for local addresses
  • Proxy server authentication
  • User name
  • Password

KSN Proxy (distribution points)

In the KSN Proxy (distribution points) section, you can configure the application to use the distribution point to forward KSN requests from the managed devices:

  • Enable KSN Proxy on the distribution point side
  • Port
  • UDP port

In this section

Comparison of Network Agent policy settings by operating systems

See also:

Ports used by Kaspersky Security Center Cloud Console

Scenario: Kaspersky applications initial deployment

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.