Creating Light Agent for Linux policy in the Administration Console

To create a Light Agent for Linux policy in the Administration Console:

1. Open Kaspersky Security Center Administration Console.
2. In the Managed devices folder of the console tree, select the folder with the name of the administration group for whose protected virtual machines you want to create a policy.

   On the Devices tab of the folder with the name of the administration group, you can view a list of protected virtual machines that belong to this administration group.

3. In the workspace, select the Policies tab.
4. Click the New policy button to start the New Policy Wizard.

   You can also start the wizard using the New → Policy option in the context menu of the policy list.

5. At the first step of the Wizard, select Kaspersky Security for Virtualization 5.2 Light Agent for Linux from the list.

   Proceed to the next step of the Policy Wizard.

6. Enter a name for the new policy.
7. If you want to migrate the settings from a Light Agent for Linux policy of a previous version of Kaspersky Security into the policy being created, select the Use settings from policy for previous application version check box.

   You can migrate the settings from a policy that was created in Kaspersky Security for Virtualization 4.0 Light Agent or a later version of the application.

   Proceed to the next step of the wizard.

8. At this step, you can import Light Agent for Linux settings previously saved on a protected virtual machine into the policy you are creating. Settings are imported using a configuration file in CFG format that you can create by using commands from the command line of Light Agent for Linux.

   To import settings, click the Select button and, in the Please select a configuration file window that opens, select a file with the .cfg extension. The path to the configuration file is shown in the Configuration file field.

   You can use a configuration file created only by Kaspersky Security for Virtualization 5.2 Light Agent application version.

   You can edit these settings imported from the configuration file at subsequent steps of the Policy Wizard.

   Proceed to the next step of the Policy Wizard.

9. Configure the virtual machine protection settings. You can perform the following actions:
   • Configure the general protection settings: select the types of objects that must be detected by Kaspersky Security, and configure the trusted zone.
   • Enable or disable the File Anti-Virus by using the check box to the left of the component name in the list. By default, the File Anti-Virus is enabled.
   • Configure the File Anti-Virus settings. To do so, select the File Anti-Virus in the list and click the Edit button located above the list. In the window that opens, configure the File Anti-Virus settings and click OK.

   Proceed to the next step of the Policy Wizard.

10. Configure the SVM discovery settings for Light Agents:
    • If you want to use the Integration Server, check the address and port used for connecting SVMs to the Integration Server. The fields show the default port (7271) and the domain name of the device on which the Kaspersky Security Center Administration Console is installed. You can change the port and specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device on which the Integration Server is installed.

      If the address is specified as a NetBIOS name, localhost or 127.0.0.1, connection to the Integration Server completes with an error.

      If the device hosting Kaspersky Security Center Administration Console does not belong to a domain or your account does not belong to the local or domain KLAdmins group or to the group of local administrators, when proceeding to the next step of the wizard specify the Integration Server administrator password (password of the admin account) in the window that opens.

      The New Policy Wizard checks the SSL certificate received from the Integration Server. If the certificate contains an error or is not trusted, the Integration Server certificate verification window opens. You can view the details of the certificate received. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure. To continue connecting to the Integration Server, click the Ignore button. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed.

    • If you want to use a list of SVM addresses, use the Add button to enter one or several addresses.

      If you selected the Use a custom list of SVM addresses option and the extended SVM selection algorithm is used, the value of the SVM path parameter in the SVM selection algorithm section must be set to Ignore SVM path. If any other value is set, the Light Agents will not be available to connect to SVM.

    Proceed to the next step of the wizard.

11. Exit the Policy Wizard.

The created policy will be displayed in the list of policies of the administration group on the Policies tab and in the Policies folder of the console tree.

The policy will be applied to protected virtual machines after the Kaspersky Security Center Administration Server relays the information to Kaspersky Security. Kaspersky Security starts protecting virtual machines according to the policy settings.

If Network Agent is not running on a protected virtual machine, the created policy is not applied on this protected virtual machine.

If you chose the Inactive policy option during the previous step of the New Policy Wizard, the created policy is not applied on the protected virtual machines.