Installation of Kaspersky Endpoint Security for Android in device owner mode in a closed network
When deploying Kaspersky Endpoint Security for Android in device owner mode via QR code on devices with pre-installed Google Mobile Services (GMS), their connectivity to certain Google endpoints via Wi-Fi networks is checked. If a Wi-Fi network has no access to the internet, the connectivity check fails and the deployment finishes with an error.
To avoid the connectivity check, you can deploy the Kaspersky Endpoint Security for Android app in device owner mode in a closed network by using a Proxy Auto-Configuration (PAC) file.
To use a PAC file for Kaspersky Endpoint Security for Android app deployment:
- Create a PAC file (for example, proxy.pac) with the following contents:
function FindProxyForURL(url, host) {
return "DIRECT";
} - Publish the created PAC file on a resource which will be available within the closed network (for example, on the IIS Web server).
Save the link to the PAC file (for example, https://intranet.mycompany.com/files/proxy.pac).
- Make sure the APK file of the Kaspersky Endpoint Security for Android app being deployed is available within the closed network. To do this, use one of the methods below:
- Download the app installation package from the Kaspersky Security Center server. If the server is accessible, the installation packages will be available there.
- Download the APK installation file from the Kaspersky website and upload it to the closed network.
Choose the general version of the app as a source.
- Generate the QR code for app installation in device owner mode and forward it to the user by following the instructions of the New Mobile Device Connection Wizard.
When connecting the device to Kaspersky Security Center, you will be asked to specify the network for downloading the Kaspersky Endpoint Security for Android app. At this step, configure the use of the previously created PAC file for network connection by linking it to the Wi-Fi network settings on a device. To do this, use one of the methods below:
- In the Network for downloading the Kaspersky Endpoint Security for Android section, choose Prompt the user to select a Wi-Fi network on the device. While deploying the app, the user will need to specify the link to the PAC file (step 2) in the network settings while choosing a Wi-Fi network on the device. After the connection is established, the user will be able to continue the device setup and activate the app by following the instructions of the app's Initial Configuration Wizard.
- In the Network for downloading the Kaspersky Endpoint Security for Android section, choose Use only the specified Wi-Fi network (Android 9.0+), click the Specify network button, insert the link to the previously created PAC file (step 2) in the PAC file URL field, and then click OK.
If the APK installation file has been downloaded from the Kaspersky website (step 3), you need to change the link in the QR code by specifying the closed network link address.
For more information about configuring the Kaspersky Endpoint Security for Android app in device owner mode, please refer to the Installing the app in device owner mode section.
When deploying the app via the installation package downloaded from Kaspersky Security Center, after the device is reset to factory settings and the QR code is scanned, the Blocked by Play Protect message may appear on the device. The issue is caused by the installation package signing certificate being different from the one specified in Google Play. The user should continue the installation by choosing Install anyway. If OK is selected, the installation process will be interrupted and the device will be reset to factory settings.
The Kaspersky Endpoint Security for Android app is installed on the device in device owner mode in a closed network.
