You can create and then update the baseline of protected virtual machines by using the baseline update task.
You can create and configure the baseline update task for protected virtual machines that are part of an administration group through Kaspersky Security Center. You can also configure the baseline update task for one virtual machine in the local interface of Light Agent for Windows.
The task is run on the virtual machine and uses a special format to save information about the status of monitored objects that you included in the integrity check scope. If you have not defined the integrity check scope, the scope of objects is determined by the integrity monitoring scope. The integrity check scope and integrity monitoring scope are configured in the policy that is applied on the virtual machine, or in the local interface of Light Agent for Windows.
To create or update the baseline on virtual machines through Kaspersky Security Center:
Open Kaspersky Security Center Administration Console.
Do one of the following:
Select the Managed devices folder in the console tree to create a task for virtual machines belonging to all administration groups. In the workspace, select the Tasks tab.
If you want to create a task for all virtual machines in an administration group, select the folder with the name of this group in the Managed devices folder of the console tree. In the workspace, select the Tasks tab.
Open the Tasks folder in the console tree to create a task for one or several virtual machines.
Click the Create task button to launch the New Task Wizard.
At the first step of the Wizard, select the type of task. To do so, in the Kaspersky Security for Virtualization 5.0 Light Agent for Windows list, select Baseline update.
Proceed to the next step of the New Task Wizard.
If you started the New Task Wizard from the Tasks folder, specify the method of selecting the virtual machines for which you are creating the task. You can select virtual machines from the list of virtual machines discovered by the Administration Server, manually specify the addresses of virtual machines, import a list of virtual machines from a file, or specify a previously configured selection of devices (for details, please refer to the Kaspersky Security Center documentation). Depending on the specified method of selection of virtual machines, perform one of the following operations in the window that opens:
In the list of detected virtual machines, specify the virtual machines for which you want to create the task. To do so, select check boxes in the list on the left of the name of the relevant virtual machine.
Click the Add or Add IP range button and enter the addresses of virtual machines manually.
Click the Import button, and in the window that opens select a TXT file with the list of addresses of virtual machines.
Click the Select button and in the opened window specify the name of the selection containing the virtual machines for which you want to create the task.
Proceed to the next step of the New Task Wizard.
In the Name field, enter the name of the baseline update task.
Proceed to the next step of the New Task Wizard.
If you want the task to start as soon as the New Task Wizard finishes, select the Run task when the wizard is complete check box.
When the task is run with the default settings, the application updates the baseline only for new or modified objects within the integrity monitoring scope (incremental update).
Finish the wizard.
The created custom scan task appears in the list of tasks.
If you want to perform a full baseline update, change the task settings as follows:
Double-click to open the properties window of the created task.
Go to the Settings section and select the Full update option.
When the task is run, a baseline will be created or a previously created baseline will be updated on each virtual machine that you specified in task settings.
To create or update the baseline on a virtual machine through the local interface of Light Agent for Windows:
If necessary, configure the settings of the baseline update task. To do this, perform the following actions:
In the left part of the window, in the Scheduled tasks section, select Baseline update.
The right part of the window displays the settings of the baseline update task.
If the Baseline update section is absent, this means that the display and management of local tasks is denied by the policy for all protected virtual machines of the administration group. You can enable or disable the display and management of local tasks in the Light Agent for Windows policy (Application settings subsection in the Advanced settings) section.
Select the baseline update mode:
Full update – for all objects in the integrity monitoring scope.
Incremental update – only for modified or new objects from the integrity monitoring scope.