Creating and updating the baseline

You can create and then update the baseline of protected virtual machines by using the baseline update task.

You can create and configure the baseline update task for protected virtual machines that are included in the administration group, using Kaspersky Security Center Administration Console or using the Web Console. You can configure the baseline update task for one virtual machine in the local interface of Light Agent for Windows.

The task is run on the virtual machine and uses a special format to save information about the status of monitored objects that you included in the System Integrity Check scope. If you have not defined the System Integrity Check scope, the scope of objects is determined by the System Integrity Monitoring scope. The System Integrity Check scope and System Integrity Monitoring scope are configured in the policy that is applied on the virtual machine, or in the local interface of Light Agent for Windows.

To create or update the baseline on virtual machines using the Administration Console:

1. Open Kaspersky Security Center Administration Console.
2. Do one of the following:
   • To create a task for the virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree, and in the workspace, select the Tasks tab.
   • To create a task for one or more virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
3. Click the New task button to start the New Task Wizard.
4. At the first step of the Wizard, select the type of task. To do so, in the Kaspersky Security for Virtualization 5.2 Light Agent for Windows list, select Baseline update.

   Proceed to the next step of the New Task Wizard.

5. If you started the New Task Wizard from the Tasks folder, specify the method of selecting the virtual machines for which you are creating the task. You can select virtual machines from the list of virtual machines discovered by the Administration Server, manually specify the addresses of virtual machines, import a list of virtual machines from a file, or specify a previously configured selection of devices (for details, please refer to the Kaspersky Security Center help). Depending on the specified method of selection of virtual machines, perform one of the following operations in the window that opens:
   • In the list of detected virtual machines, specify the virtual machines for which you want to create the task. To do so, select check boxes in the list on the left of the name of the relevant virtual machine.
   • Click the Add or Add IP range button and enter the addresses of virtual machines manually.
   • Click the Import button, and in the window that opens select a TXT file with the list of addresses of virtual machines.
   • Click Browse and in the window that opens specify the name of the selection containing the virtual machines for which you want to create the task.

   Proceed to the next step of the New Task Wizard.

6. In the Name field, enter the name of the baseline update task.

   Proceed to the next step of the New Task Wizard.

7. If you want the task to start as soon as the New Task Wizard finishes, select the Run task when the wizard is complete checkbox.

   When the task is run with the default settings, the application updates the baseline only for new or modified objects within the monitoring scope (incremental update).

   Finish the wizard.

   The created custom scan task appears in the list of tasks.

8. If you want to perform a full baseline update, change the task settings as follows:
   1. Double-click to open the properties window of the created task.
   2. Go to the Settings section and select the Full update option.
   3. Click OK.
9. Start the baseline update task.

When the task is run, a baseline will be created or a previously created baseline will be updated on each virtual machine that you specified in task settings.

To create or update the baseline on virtual machines using the Web Console:

1. Create a task of the Baseline update type following the instructions of the wizard. The task is created with the default settings.

   As a result of the task execution, the application updates the baseline only for the new or modified objects in the monitoring scope (incremental update).

2. To perform a full baseline update, at the last step of the wizard, select the Open task properties window after creation check box and close the wizard.
3. In the task properties window, on the Application settings tab, select the Full update option and click the Save button to save the changes.
4. Start the baseline update task.

To create or update the baseline on a virtual machine using the Light Agent for Windows local interface:

1. If necessary, configure the settings of the baseline update task. To do this, perform the following actions:
   1. On the protected virtual machine, open the application settings window.
   2. In the left part of the window, in the Scheduled tasks section, select Baseline update.

      The right part of the window displays the settings of the baseline update task.

      If the Baseline update section is absent, this means that the display and management of local tasks is denied by the policy for all protected virtual machines of the administration group. You can enable or disable the display and management of local tasks in the Light Agent for Windows policy (Advanced settings subsection in the Other settings) section.

   3. Select the baseline update mode:
      • Full update – for all objects in the monitoring scope.
      • Incremental update – only for modified or new objects from the monitoring scope.
   4. To save changes, click the Save button.
2. Start the baseline update task.