Automatic creating of tasks and default policy for Protection Server

When the Kaspersky Security Center Administration Console starts for the first time after the Kaspersky Security MMC plug-ins are installed, the Initial Configuration Wizard for the managed application is automatically started. The Wizard is started three consecutive times and lets you create a default Protection Server policy and the following tasks:

If the Initial Configuration Wizard for the managed application was not started automatically, you can manually start it.

To manually start the Initial Configuration Wizard:

  1. Open Kaspersky Security Center Administration Console.
  2. In the console tree, select the Administration Server node, open the context menu and select All tasksManaged Application Initial Configuration Wizard.
  3. Click Next on the welcome screen and at the next step select one of the following values for the managed application:
    • Kaspersky Security for Virtualization 5.1 Light Agent – Protection Server, if you want to create a default Protection Server policy and a Protection Server database update task.
    • Kaspersky Security for Virtualization 5.1 Light Agent for Linux, if you want to create a virus scan task for Light Agent for Linux.
    • Kaspersky Security for Virtualization 5.1 Light Agent for Windows, if you want to create a virus scan task for Light Agent for Windows.

The Kaspersky Security Initial Configuration Wizard starts.

To create a default Protection Server policy and all the tasks listed above, you need to start the Initial Configuration Wizard for the managed application three times consecutively.

Creating tasks

Tasks are created automatically. Your participation in the wizard is not required.

A virus scan task for Light Agent for Windows is created for the Managed devices administration group and can be started on all virtual machines with the Light Agent for Windows component installed that will be moved to the Managed devices administration group or to any nested administration group. You can change the task settings that were configured by default.

A virus scan task for Light Agent for Linux is created for the Managed devices administration group and can be started on all virtual machines with the Light Agent for Linux component installed that will be moved to the Managed devices administration group or to any nested administration group. You can change the task settings that were configured by default.

A database update task on the Protection Server is created for the Managed devices administration group and lets you download the application module and database update package to all SVMs that will be moved to the Managed devices administration group or to any nested administration group. This task is started every time an update package is downloaded to the Kaspersky Security Center Administration Server repository.

Creating default policy for Protection Server

A default Protection Server policy is created for the Managed devices administration group with the Kaspersky Security for Virtualization 5.1 Light Agent – Protection Server name and is applied on all SVMs that will be moved to the Managed devices administration group or to any nested administration group.

When creating a default Protection Server policy, the wizard prompts you to configure the following settings:

  1. Decide on whether or not to participate in Kaspersky Security Network.

    Kaspersky Security Network (KSN) is an infrastructure of cloud services providing access to Kaspersky online knowledge base with information about the reputation of files, web resources, and software. Data from Kaspersky Security Network ensures faster response by Kaspersky Security to unknown threats, improves the performance of some protection components, and reduces the risk of false positive.

    The following types are differentiated depending on the location of the infrastructure:

    • Global KSN – this infrastructure is hosted by Kaspersky Lab servers.
    • Private KSN – the infrastructure is located within the corporate network or hosted by third-party servers of the service provider, for example on the Internet service provider's network.

    Participation in KSN is voluntary. Before deciding on whether to participate in KSN, carefully read the Kaspersky Security Network Statement, then perform one of the following actions:

    • If you accept all the terms of the Statement and want the application to use KSN, select the I have read, understand, and accept the terms of this Kaspersky Security Network Statement option.
    • If you do not want to participate in KSN, select the I do not accept the terms of this Kaspersky Security Network Statement option.

    All data transmission and processing conditions set forth in the Kaspersky Security Network Statement for Kaspersky Security for Virtualization 5.1 Light Agent also apply to the following Kaspersky Security updates: 5.1.1, 5.1.2 and 5.1.3.

    If necessary, you can change your decision regarding KSN participation later.

    If you want Kaspersky Security to use the KSN, please make sure the required KSN type is configured in Kaspersky Security Center. To use Global KSN, the KSN proxy server service must be enabled in Kaspersky Security Center. To use Local KSN, it must be enabled and configured in Kaspersky Security Center. See Kaspersky Security Center documentation for more information.

  2. If the computer hosting Kaspersky Security Center Administration Console does not belong to a domain or your account does not belong to a local or domain KLAdmins group or to the group of local administrators, specify the settings for connecting SVMs to the Integration Server:
    1. Check the address and port used for connecting to the Integration Server in the Settings for connecting SVMs to the Integration Server window. The fields show the default port (7271) and the domain name of the computer on which the Kaspersky Security Center Administration Console is installed. You can change the port and specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the computer on which the Integration Server is installed.

      If the address is specified as localhost or 127.0.0.1, connection to the Integration Server ends with an error.

    2. In the Settings for connecting SVMs to the Integration Server window, click OK. In the Connection to Integration Server window that appears, specify the Integration Server administrator password (admin account password).

      The New Policy Wizard checks the SSL certificate received from the Integration Server. If the certificate contains an error or is not trusted, the Integration Server certificate verification window opens. You can click the button in the window to view the details of the received certificate. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure. To continue connecting to the Integration Server, click the Ignore button. The received certificate will be installed as a trusted certificate on the computer where the Kaspersky Security Center Administration Console is installed.

      After a connection has been established to the Integration Server under the administrator account, the account password is automatically relayed to the policy in order to connect SVM to the Integration Server.

The other policy settings take the default values. You can configure them later.

If you have not configured the settings for connecting SVMs to the Integration Server or cannot connect with the specified settings, the policy is created with the Inactive policy status. Later you can configure the settings of this policy and activate it.

Page top