Creating a default policy for the Protection Server and tasks

When the Kaspersky Security Center Administration Console starts for the first time after the Kaspersky Security administration plug-ins are installed, the Quick Start Wizard for the managed application is started. The wizard automatically starts three consecutive times and lets you create a virus scan task for Light Agent for Windows, a virus scan task for Light Agent for Linux, a Protection Server database update task, and a default policy for the Protection Server.

Virus scan tasks and the database update task are created automatically. Your participation in the wizard is not required.

A virus scan task for Light Agent for Windows is created for the Managed devices administration group and can be started on all virtual machines with the Light Agent for Windows component installed that will be moved to the Managed devices administration group or to any nested administration group. You can change the task settings that were configured by default.

A virus scan task for Light Agent for Linux is created for the Managed devices administration group and can be started on all virtual machines with the Light Agent for Linux component installed that will be moved to the Managed devices administration group or to any nested administration group. You can change the task settings that were configured by default.

A database update task on the Protection Server is created for the Managed devices administration group and lets you download the application module and database update package to all SVMs that will be moved to the Managed devices administration group or to any nested administration group. This task is started every time an update package is downloaded to the Kaspersky Security Center Administration Server repository.

A default policy for the Protection Server is created for the Managed devices administration group under the name Kaspersky Security for Virtualization 5.0 Light Agent – Protection Server and is applied on all SVMs that will be moved to the Managed devices administration group or to any nested administration group.

When creating a default policy for the Protection Server, the wizard prompts you to configure the following settings:

1. Make a decision regarding participation in KSN.

   Kaspersky Security Network (KSN) is an infrastructure of cloud services providing access to Kaspersky Lab's online knowledge base with information about the reputation of files, web resources, and software. Data from Kaspersky Security Network ensures faster response by Kaspersky Security to unknown threats, improves the performance of some protection components, and reduces the risk of false positive.

   The following types are differentiated depending on the location of the infrastructure:

   • Global KSN – this infrastructure is hosted by Kaspersky Lab servers.
   • Private KSN – this infrastructure is hosted by third-party servers of the service provider, for example, on the Internet service provider's network.

   Participation in Kaspersky Security Network is voluntary. Before deciding on whether to participate in Kaspersky Security Network, carefully read the KSN Statement, then perform one of the following actions:

   • If you accept all the terms of the Statement and want the application to use KSN, select the I have read, understand, and accept the terms of this Kaspersky Security Network Statement option.
   • If you do not want to participate in KSN, select the I do not accept the terms of this Kaspersky Security Network Statement option.

   If necessary, you will be able to change your decision later.

   If you want to use Kaspersky Security Network with Kaspersky Security, make sure that the KSN Proxy service is enabled in Kaspersky Security Center (see Kaspersky Security Center manuals).

2. If the computer hosting the Kaspersky Security Center Administration Console does not belong to a domain or your account does not belong to the KLAdmins group or to the group of local administrators, specify the settings for connecting SVMs to the Integration Server:
   1. Check the address and port used for connecting to the Integration Server in the Settings for connecting SVMs to the Integration Server window. The fields show the default port (7271) and the domain name of the computer on which the Kaspersky Security Center Administration Console is installed. You can change the port and specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the Integration Server.
   2. In the Settings for connecting SVMs to the Integration Server window, click OK. In the Connection to Integration Server window that appears, specify the Integration Server administrator password (admin account password).

      The New Policy Wizard checks the SSL certificate received from the Integration Server. If the certificate contains an error or is not trusted, the Integration Server certificate verification window opens. You can click the button in the window to view the details of the received certificate. To continue connecting to the Integration Server, click the Ignore button. The received certificate will be installed as a trusted certificate on the computer where the Kaspersky Security Center Administration Console is installed.

      After a connection has been established to the Integration Server under the administrator account, the account password is automatically relayed to the policy in order to connect SVM to the Integration Server.

The other policy settings take the default values. You can configure them later.

If you have not configured the settings for connecting SVMs to the Integration Server or cannot connect with the specified settings, the policy is created with the Inactive policy status. Later you can configure the settings of this policy and activate it.

Page top