Kaspersky Security Center 14

Configuring the Administration Server with internet access to fix vulnerabilities in an isolated network

February 19, 2024

ID 230729

To prepare for fixing vulnerabilities and transmitting patches in an isolated network, first configure an Administration Server with internet access, and then configure the isolated Administration Servers.

To configure an Administration Server with internet access:

  1. Create two folders on a disk where Administration Server is installed:
    • Folder for the list of required updates
    • Folder for patches

    You can name these folders whatever you like.

  2. Grant the Modify access rights to the KLAdmins group in the created folders, by using the standard administrative tools of the operating system.
  3. Use the klscflag utility to write the paths to the folders in the Administration Server properties.

    Run the Windows command prompt by using administrator rights, and then change your current directory to the directory with the klscflag utility. The klscflag utility is located in the folder where Administration Server is installed. The default installation path is <Disk>:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Center.

  4. Enter the following commands at the Windows command prompt:
    • To set the path to the folder for patches:

      klscflag -fset -pv klserver -n VAPM_DATA_EXPORT_PATH -t s -v "<path to the folder>"

    • To set the path to the folder for the list of required updates:

      klscflag -fset -pv klserver -n VAPM_REQ_IMPORT_PATH -t s -v "<path to the folder>"

    Example: klscflag -fset -pv klserver -n VAPM_DATA_EXPORT_PATH -t s -v "C:\FolderForPatches"

  5. [Optional] Use the klscflag utility to specify how often the Administration Server should check for new patch requests:

    klscflag -fset -pv klserver -n VAPM_DATA_EXPORT_PERIOD_SEC -t d -v <value in seconds>

    The default value is 120 seconds.

    Example: klscflag -fset -pv klserver -n VAPM_DATA_EXPORT_PERIOD_SEC -t d -v 150

  6. Restart the Administration Server service.

Now, the Administration Server with internet access is ready to download and transmit updates to isolated Administration Servers. Before you start fixing vulnerabilities, configure the isolated Administration Servers.

See also:

Scenario: Fixing third-party software vulnerabilities in an isolated network

About fixing third-party software vulnerabilities in an isolated network

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.