- About this Help Guide
- About Kaspersky Security for Virtualization 5.2 Light Agent
- Distribution kit
- Hardware and software requirements
- Requirements for Kaspersky Security Center components
- Requirements for the Integration Server installation
- Requirements for the virtual infrastructure
- Requirements for SVM resources with Kaspersky Security Protection Server
- Virtual machine requirements for installing the Light Agent for Windows
- Virtual machine requirements for installing the Light Agent for Linux
- Light Agent functional components
- Advanced features of the application
- What’s new
- Application architecture
- Preparing for application installation
- Installing the application
- Considerations for deploying the application when using Kaspersky Security Center 15 Linux
- Installing Kaspersky Security management MMC plug-ins and the Integration Server
- Automatic creating of tasks and default policy for Protection Server
- Starting the Integration Server Console
- Installing the Protection Server
- Selecting an action
- Selecting infrastructure for SVM deployment
- Selecting the SVM image
- Selecting the number of SVMs for deployment (infrastructures based on OpenStack)
- Specifying SVM settings
- Specifying SVM settings (infrastructures based on OpenStack)
- Configuring SVM network settings (infrastructures based on OpenStack)
- Configuring IP address settings for SVM
- Specifying Kaspersky Security Center connection settings
- Creating the configuration password and the root account password
- Starting SVM deployment
- Starting SVM deployment (infrastructures based on OpenStack)
- SVM deployment
- Finishing SVM deployment
- Preparing the Protection Server for operation
- Installing Kaspersky Security Center Network Agent on virtual machines
- Installing Light Agent for Windows
- Installing Light Agent for Windows via Kaspersky Security Center
- Installing Light Agent for Windows using the Installation Wizard
- The Start window of the Installation wizard
- Viewing Kaspersky Security End User License Agreement
- Selecting the type of installation
- Selecting installation components
- Selecting the installation folder
- Configuring the trusted zone
- Starting the installation
- Installing components
- Finishing the installation
- Installing Light Agent for Windows from the command line
- Installing Light Agent for Windows using Active Directory Group Policies
- Installing Light Agent for Windows on the virtual machine template
- Compatibility with Citrix App Layering technology
- Compatibility with Citrix Provisioning (Citrix Provisioning Services) technology
- Compatibility with VMware App Volumes technology
- Changing the composition of installed Light Agent for Windows components
- Installing Light Agent for Linux
- Preparing Light Agents for operation
- Changes in the Kaspersky Security Center Administration Console after installing Kaspersky Security
- Installing Kaspersky Security web plug-ins
- Viewing the list of SVMs connected to the Integration Server
- Viewing the list of Light Agents connected to SVMs
- Upgrading from a previous version of the application
- Removing the application
- Removing the Protection Server component
- Uninstalling the Light Agent for Windows component
- Uninstalling the Light Agent for Linux component
- Removing Kaspersky Security Center Network Agent on virtual machines
- Removing Kaspersky Security management plug-ins and the Integration Server
- Application management concept
- About managing the application using Kaspersky Security Center
- About managing the application using the Light Agent for Windows local interface
- Managing the application using Kaspersky Security Center policies
- Managing the application using tasks
- Manage tasks via Kaspersky Security Center
- Manage tasks via Light Agent for Windows local interface
- Managing Light Agent for Linux tasks from the command line
- Creating tasks
- Modifying task settings
- Starting and stopping tasks
- Configuring automatic pausing of scan tasks
- Viewing information on the progress and results of task execution
- Managing the application using Kaspersky Security Center Web Console
- About access rights to the settings of policies and tasks in Kaspersky Security Center
- About Integration Server Console
- Licensing of the application
- About the End User License Agreement
- About data provision
- About the license
- About the License Certificate
- About license key
- About the activation code
- About the key file
- About subscription
- About application activation
- Application activation procedure
- Renewing a license
- Renewing subscription
- Viewing information about the license keys used in Kaspersky Security Center
- Viewing information about the license key in a local interface
- Starting and stopping the application
- Virtual machine protection status
- Configuring the Integration Server connection settings
- Configuring the settings for connecting Light Agents to SVMs
- Configuring the general anti-virus protection settings
- Selecting types of detectable objects
- Configuring the trusted zone
- Configuring a trusted zone of Light Agent for Windows
- Creating an exclusion
- Enabling and disabling the use of an exclusion or exclusion category
- Deleting an exclusion or exclusion category
- Adding an application to the list of trusted applications
- Including or excluding a trusted application or category of trusted applications from scans
- Deleting a trusted application or category of trusted applications
- Creating the Light Agent for Linux exclusions
- Configuring a trusted zone of Light Agent for Windows
- Advanced Disinfection technology
- Protecting the file system of a virtual machine. File Anti-Virus
- Configuring File Anti-Virus of Light Agent for Windows
- Enabling and disabling of File Anti-Virus for Windows
- Automatically pausing File Anti-Virus
- Changing the file security level
- Changing the File Anti-Virus action to take on infected files
- Editing the protection scope of File Anti-Virus
- Scanning of compound files by File Anti-Virus
- Optimizing file scanning by File Anti-Virus
- Changing the scan mode
- Using of Heuristic Analyzer with File Anti-Virus
- Using of iSwift technology in the operation of File Anti-Virus
- Configuring File Anti-Virus of Light Agent for Linux via Kaspersky Security Center
- Enabling and disabling of File Anti-Virus for Linux
- Changing the file security level
- Changing the File Anti-Virus action to take on infected files
- Editing the protection scope of File Anti-Virus
- Scanning of compound files by File Anti-Virus
- Changing the scan mode
- Using of Heuristic Analyzer with File Anti-Virus
- Using of iChecker technology in the operation of File Anti-Virus
- Configuring File Anti-Virus of Light Agent for Windows
- AMSI Protection
- Mail protection. Mail Anti-Virus
- Enabling and disabling Mail Anti-Virus
- Changing the mail security level
- Changing the action to take on infected email messages
- Editing the protection scope of Mail Anti-Virus
- Scan compound files that are attached to messages
- Filtering attachments in messages
- Using Heuristic Analyzer with Mail Anti-Virus
- Scanning emails in Microsoft Office Outlook
- Protecting virtual machine web traffic. Web Anti-Virus
- Enabling and disabling Web Anti-Virus
- Changing the web traffic security level
- Changing the action to take on malicious web traffic objects
- Checking web addresses against the database of phishing and malicious web addresses
- Using Heuristic Analyzer with Web Anti-Virus
- Editing the list of trusted web addresses
- Monitoring network traffic
- Firewall
- Enabling or disabling Firewall
- Changing the network connection status
- Managing network packet rules
- Managing network rules for applications and application groups
- Creating and editing a network rule for an application or an application group
- Changing the Firewall action for network rules of an application group via Kaspersky Security Center
- Changing the Firewall action for network rules in a local interface
- Changing the priority of a network rule for an application or an application group
- Enabling or disabling a network rule for an application or an application group
- Removing a network rule for an application or an application group
- Network Attack Blocker
- System Watcher
- Application Startup Control
- About Application Startup Control rules
- Enabling and disabling Application Startup Control
- Getting information about applications that are installed on protected virtual machines
- Creating the Inventory task
- Creating and editing the Application Startup Control rule
- Changing the operating status of an Application Startup Control rule
- Removing the Application Startup Control rule
- Configuring startup control of executable modules and drivers
- Editing Application Startup Control message templates
- Application Privilege Control
- Enabling and disabling Application Privilege Control
- Managing trust groups
- Working with application control rules
- Changing application control rules for trust groups and groups of applications
- Editing an application control rule in a local interface
- Disabling downloads and updates of application control rules from the Kaspersky Security Network database
- Disabling inheritance of restrictions from the parent process in a local interface
- Excluding specific application actions from application control rules in a local interface
- Configuring storage settings for control rules that govern unused applications
- Protecting operating system resources and personal data
- Device Control
- About rules of access to devices and connection buses
- Standard decisions on access to devices
- Enabling and disabling Device Control
- Editing a device access rule
- Editing a connection bus access rule
- Actions with trusted devices
- Editing templates of Device Control messages
- Providing access to a blocked device
- Web Control
- System Integrity Monitoring
- Enabling and disabling Real-Time System Integrity Monitoring
- Configuring the system integrity monitoring scope and the System Integrity Check scope
- Creating and updating the baseline
- Checking system integrity by schedule or on demand
- Viewing information about system integrity on a virtual machine
- System integrity status reset
- Network Monitor
- Scanning the virtual machine
- Creating a Virus scan task
- Configuring virus scan task settings for Light Agent for Windows
- Configuring virus scan task settings for Light Agent for Linux
- Configuring scan task settings in a local interface
- Specifics of scanning symbolic and hard links
- Scanning removable drives when they are connected to the virtual machine
- Managing unprocessed objects
- Interaction with other Kaspersky solutions
- Updating databases and application modules
- Enabling and disabling application module updates
- Automatically downloading the application module and database update package to SVMs
- Creating a Protection Server database update task
- Creating an SVM application module update task
- Configuring the update task run mode in a local interface
- Updating Light Agent for Windows databases and modules on a virtual machine template
- Rolling back the last update of databases and application modules
- Participating in Kaspersky Security Network
- Configuration of additional application settings
- Configuring the display of advanced policy properties for the Protection Server
- Configuring advanced settings of SVM operation
- Application Self-Defense
- Password-protecting access to application settings in a local interface
- Specifying a reason when terminating the application or disabling protection components in a local interface
- Configuring user interaction with the local interface
- Restoring the standard application settings in a local interface
- Using a configuration file
- Backup
- Reports and notifications
- SVM reconfiguration
- Selecting an action
- Selecting SVM for reconfiguration
- Entering the configuration password
- Editing SVM network settings
- Editing SVM network settings (infrastructures based on OpenStack)
- Changing SVM IP settings
- Changing Kaspersky Security Center connection settings
- Changing the configuration password and root account settings
- Starting SVM reconfiguration
- Starting SVM reconfiguration (infrastructures based on OpenStack)
- SVM reconfiguration
- Finishing SVM reconfiguration
- Viewing and editing Integration Server settings
- Monitoring SVM status
- Application components integrity check
- Using Kaspersky Security for Virtualization 5.2 Light Agent in multitenancy mode
- Deploying tenant protection infrastructure
- Configuring the Integration Server connection settings to the Kaspersky Security Center Administration Server
- Creating a tenant and a virtual Administration Server
- Configuring SVM location and Protection Server settings
- Configuring SVM discovery settings for Light Agents and general tenant protection settings
- Installing Light Agent on tenant virtual machines
- Registering tenant virtual machines
- Activating the tenant
- Registering existing tenants and their virtual machines
- Enabling and disabling tenant protection
- Getting tenant information
- Receiving tenant protection reports
- Removing virtual machines from the protected infrastructure
- Removing tenants
- Using Integration Server REST API in multi-tenancy scenarios
- Deploying tenant protection infrastructure
- Managing Light Agent for Linux from the command line
- Managing Light Agent for Windows from the command line
- Contacting Technical Support
- How to get technical support
- Technical Support via Kaspersky CompanyAccount
- Getting information for Technical Support
- About Protection Server and Light Agent dump files
- About the Kaspersky Security components installation Wizard trace files
- About Light Agent for Windows Installation Wizard trace files
- About trace files of the Integration Server and Integration Server Console
- Trace files of SVMs, Light Agent, and Kaspersky Security management plug-ins
- The SVM Management Wizard log
- Using the utilities and scripts from the Kaspersky Security distribution kit
- Appendices
- Using the klconfig script API to define SVM configuration settings
- Executing configuration commands
- Using the SVM first startup script
- Configuring SVM configuration settings
- Description of commands
- accept_eula_and_privacypolicy
- apiversion
- checkconfig
- check_viis_infra_accessibility
- connectorlang
- dhcp
- dhcprenew
- dns
- dnslookup
- dnssearch
- dnsshow
- getdnshostname
- gethypervisordetails
- hostname
- listpatches
- manageservices
- nagent
- network
- ntp
- passwd
- permitrootlogin
- productinstall
- reboot
- resetnetwork
- rollbackpatch
- setsshkey
- settracelevel
- test
- timezone
- version
- Settings in the setup.ini file
- Settings in the ScanServer.conf file
- Settings in the LightAgent.conf file
- Object ID values for SNMP
- Using the klconfig script API to define SVM configuration settings
- Sources of information about the application
- Glossary
- Activation code
- Active key
- Administration Server
- Application activation
- Application databases
- Backup
- Backup copy of a file
- Compound file
- Database of malicious web addresses
- Database of phishing web addresses
- Desktop key
- End User License Agreement
- Heuristic Analysis
- Infectable file
- Integration Server
- Kaspersky CompanyAccount
- Kaspersky Security Network (KSN)
- Key file
- Key with a limitation on the number of processor cores
- Key with a limitation on the number of processors
- Keylogger
- License
- License certificate
- License key (key)
- Light Agent
- OLE object
- OpenStack domain
- OpenStack project
- Phishing
- Protected virtual machine
- Reserve key
- Server key
- Signature Analysis
- Startup objects
- SVM
- SVM Management Wizard
- Update source
- Information about third-party code
- Trademark notices
Considerations for deploying the application when using Kaspersky Security Center 15 Linux
If you are planning to use Kaspersky Security Center 15 Linux to manage Kaspersky Security for Virtualization 5.2 Light Agent, the process of installing the application in a virtual infrastructure includes the following steps:
- Installing Kaspersky Security management web plug-ins
The web plug-ins provide an interface for managing Kaspersky Security with Kaspersky Security Center Web Console. Kaspersky Security Center 15 Linux does not support Kaspersky Security Center Administration Console and management MMC plug-ins.
How to install Kaspersky Security web plug-ins
- In the Kaspersky Security Center Web Console main window, select Console settings → Web plug-ins.
The list of installed web plug-ins opens.
- Click the Add button.
A list of all available Kaspersky web plug-ins opens. The list is updated automatically as new web plug-in versions are released.
- Find the required web plug-in in the list and click the plug-in name. Install the following plug-ins, in this order:
- Kaspersky Security for Virtualization 5.2 Light Agent—Protection Server—Protection Server management web plug-in
- Kaspersky Security for Virtualization 5.2 Light Agent for Windows—Light Agent for Windows management web plug-in
- Kaspersky Security for Virtualization 5.2 Light Agent for Linux—Light Agent for Linux management web plug-in
- In the web plug-in description window that opens, click Install plug-in.
- Wait for the installation process to finish and click OK in the information window.
Newly installed plug-ins are displayed in the list of installed web plug-ins.
- In the Kaspersky Security Center Web Console main window, select Console settings → Web plug-ins.
- Installing Integration Server and Integration Server Console.
Installing and running Integration Server and Integration Server Console requires a device with a Windows OS. The installation process should be run under a local administrator account.
You will need a ksvla-components_5.2.X.X_mlg.exe file, where 5.2.X.X is the application version number. The file is available from the Kaspersky website, in the Kaspersky Security for Virtualization | Light Agent section (Build → Kaspersky Security Components Installation Wizard).
How to install Integration Server and Integration Server Console
- Extract files required for installing Integration Server and Integration Server Console by running:
ksvla-components_5.2.X.X_mlg.exe -layout [folder] --accept-EulaAndPrivacyPolicy=yeswhere:
5.2.X.Xis the solution version number.[folder]is the path to the folder to extract the Integration Server and Integration Server Console installation files into. In the absence of a path, the files will be extracted into the data subfolder inside the folder containing ksvla-components_5.2.X.X_mlg.exe.accept-EulaAndPrivacyPolicy=yesmeans that you accept the terms of the Kaspersky Security End User License Agreement between you and Kaspersky and the Privacy Policy that describes processing and transmission of data. By setting this parameter toyes, you confirm the following:- You have fully read, understood and accept the terms and conditions of the Kaspersky Security End User License Agreement.
- You have fully read and understood the Privacy Policy, you are aware and agree that your data will be handled and transmitted (including to third countries) as described in the Privacy Policy.
Accepting the terms of the End User License Agreement and Privacy Policy is a prerequisite for installing Integration Server and Integration Server Console. You can read the text of the End User License Agreement and the Privacy Policy by executing the following command:
ksvla-components_5.2.X.X_mlg.exe --lang=<language ID> --show-EulaAndPrivacyPolicyThe text of the End User License Agreement and the Privacy Policy is output to the license_<language ID>.txt file in the tmp folder.
Running the command creates two subfolders with files inside the specified folder. The AttachedContainer subfolder contains, among others, files required for installing Integration Server and Integration Server Console:
- viis_service.msi
- viis_console.msi
- Start the Integration Server installation process by running:
viis_service.msi ADMIN_VIIS_PASSWORD=<password>where:
<password>is the password of the Integration Server administrator account (admin). Theadminaccount is used for connecting Integration Server Console to Integration Server.A password must be no longer than 60 characters. You can use only letters of the Latin alphabet (uppercase and lowercase letters), numerals, and the following special characters:
! # $ % & ' ( ) * " + , - . / \ : ; < = > _ ? @ [ ] ^ ` { | } ~. For security purposes, you are advised to set a password that is at least 8 characters long and use at least three of the four categories of characters: lowercase letters, uppercase letters, numerals, and special characters.
- Launch the Integration Server Console installation process by running:
viis_console.msi
After the installation process is completed, you can start Integration Server Console by opening Kaspersky.VIISConsole.UI.exe, which is located in %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA Console\.
To start Integration Server Console, run:
- Run the following command:
Kaspersky.VIISConsole.UI.exe /lang:<language ID>where:
- Kaspersky.VIISConsole.UI.exe is a file located in the %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA Console\ folder on the device where you installed the Integration Server and Integration Server Console.
- <language ID> – Integration Server Console language identifier formatted as follows: ru, en, de, fr, zh-Hans, zh-Hant, ja. It is case-sensitive.
- Specify the following connection settings:
- Address and port of the Integration Server to which the connection is established.
For the address, you can specify the IP address in IPv4 format or fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
If the address is specified as a NetBIOS name, localhost or 127.0.0.1, connection to the Integration Server completes with an error.
- The Integration Server administrator password that you set when installing Integration Server.
- Address and port of the Integration Server to which the connection is established.
- The Console checks the SSL certificate received from the Integration Server. If the received certificate is not trusted or does not match the previously installed certificate, the Verify certificate window with the appropriate message opens. Click the link in this window to view the details of the received certificate. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure.
To continue connecting to the Integration Server, click the Trust the certificate button in the Verify certificate window. The certificate that has been received is installed as a trusted certificate. The certificate is saved in the registry of the operating system on the device hosting the Integration Server Console.
The Integration Server Console opens.
- Extract files required for installing Integration Server and Integration Server Console by running:
- The Kaspersky Security Protection Servers installation by deploying SVMs on hypervisors.
To Install Protection Server, you need an SVM image file and an image description XML file. You can download archives that contain these files with the help of Kaspersky Security Components Installation Wizard or on the Kaspersky website in the Kaspersky Security for Virtualization | Light Agent section.
SVMs are deployed with the help of the SVM installation wizard, which is started from Integration Server Console.
- If you are installing the application in an infrastructure managed by a VMware vCenter Server and VMware NSX Manager, you need to configure the connection of the Integration Server to VMware NSX Manager in the Integration Server Console after completion of SVM deployment.
- Preparing Protection Servers for operation. To prepare Protection Servers for operation, complete the following actions:
- Create a policy for Protection Server in Kaspersky Security Center Web Console and configure the policy settings for connecting SVMs to Integration Server.
- Activate the application on all new SVMs. To do this, create an application activation task in Kaspersky Security Center Web Console and start the task.
- Update the application databases on all new SVMs. To do this, create a Protection Server database update task in Kaspersky Security Center Web Console and start the task.
- Installing Light Agent for Windows and/or Light Agent for Linux on virtual machines.
The installation is performed remotely, with the help of Kaspersky Security Center Web Console, and consists of the following steps:
- Preparing installation packages.
The remote installation process uses installation packages, which you need to prepare in advance.
- Installing on Windows virtual machines requires a Light Agent for Windows installation package and a Kaspersky Security Center Network Agent installation package.
- Installing on Linux virtual machines requires a Light Agent for Linux installation package. A separate Kaspersky Security Center Network Agent installation package is not required, as Network Agent is part of a Light Agent for Linux installation package.
How to prepare a Light Agent for Windows installation package
- On a Windows device, unpack the Light Agent distribution kit by opening ksvla-components_5.2.X.X_mlg.exe, where 5.2.X.X is the application version number.
- Copy the WindowsAgent folder located in the unpacked folder to a ZIP archive.
- In the Kaspersky Security Center Web Console main window, select Device discovery and deployment → Deploy and assign → Installation packages.
A list of installation packages available on Administration Server opens.
- Click the Add button.
The New Package Wizard starts.
- On the first wizard page, select a method for creating an installation package: Create installation package from file.
- Enter a package name, click Browse and select the prepared archive.
- While creating an installation package, you will need to accept the terms of the End User License Agreement and the Privacy Policy. When prompted by the wizard, read the End User License Agreement between you and Kaspersky, and the Privacy Policy that describes the processing and transmission of data. To continue creating the installation package, you must confirm that you have fully read and accept the terms of the End User License Agreement and the Privacy Policy.
The newly created installation package is displayed in the list of installation packages. You can use the installation package to install Light Agent for Windows remotely.
How to prepare a Network Agent for Windows installation package
- In the Kaspersky Security Center Web Console main window, select Device discovery and deployment → Deploy and assign → Installation packages.
A list of installation packages available on Administration Server opens.
- Click the Add button.
The New Package Wizard starts.
- On the first wizard page, select a method for creating an installation package: Create a Kaspersky application installation package.
A list of distribution kits available on Kaspersky servers opens.
- Select a Kaspersky Security Center Network Agent for Windows distribution kit and click its name.
- In the window on the right, review the kit details and click Download and create installation package. The process of creating a new installation package starts.
- While creating an installation package, you will need to accept the terms of the End User License Agreement. Click Show End User License Agreement. To continue creating the installation package, you have to confirm that you have fully read and accept the terms of the End User License Agreement.
- Close the kit details window.
The newly created installation package is displayed in the list of installation packages. You can use the installation package to install Light Agent for Windows remotely.
How to prepare a Light Agent for Linux installation package
- On a Windows device, unpack the Light Agent distribution kit by opening ksvla-components_5.2.X.X_mlg.exe, where 5.2.X.X is the application version number.
- Copy the LinuxAgent folder located in the unpacked folder to a ZIP archive.
- In the Kaspersky Security Center Web Console main window, select Device discovery and deployment → Deploy and assign → Installation packages.
A list of installation packages available on Administration Server opens.
- Click the Add button.
The New Package Wizard starts.
- On the first wizard page, select a method for creating an installation package: Create installation package from file.
- Enter a package name, click Browse and select the prepared archive.
- While creating an installation package, you will need to accept the terms of the End User License Agreement and the Privacy Policy. When prompted by the wizard, read the End User License Agreement between you and Kaspersky, and the Privacy Policy that describes the processing and transmission of data. To continue creating the installation package, you must confirm that you have fully read and accept the terms of the End User License Agreement and the Privacy Policy.
The newly created installation package is displayed in the list of installation packages.
- After the Light Agent for Linux installation package is created, you need to configure the settings for connecting Network Agent, which will be installed on the virtual machine together with Light Agent for Linux, to Kaspersky Security Center Administration Server.
To do this:
- On the device with Kaspersky Security Center 15 Linux installed, locate the folder that contains the files of the newly created installation package. The path to the folder is displayed in Path, in the package properties window that opens from the list of installation packages in Kaspersky Security Center Web Console.
- In klnagent.ini, in the KLNAGENT_SERVERS key, specify the IP address in IPv4 format or fully qualified domain name (FQDN) of the device where Kaspersky Security Center Administration Server is installed.
- Save klnagent.ini.
You can use the installation package to install Light Agent for Linux remotely.
- Starting a remote installation task in Kaspersky Security Center Web Console.
Specify the prepared Network Agent installation package in the properties of the Light Agent for Windows remote installation task. For more information about the remote installation task, see the Kaspersky Security Center Help.
- Preparing installation packages.
- Preparing Light Agents for operation.
To prepare Light Agents for operation, Create a policy for Light Agent for Windows and/or a policy for Light Agent for Linux in Kaspersky Security Center Web Console and configure the policy settings for connecting Light Agents to SVMs: