Advanced settings after installation of the Application Console on another device

Support

Support for business applications

Kaspersky Security 11.x for Windows Server

Installing and removing the application

Installing and uninstalling the application using a wizard

Installing using the Setup Wizard

Advanced settings after installation of the Application Console on another device

June 10, 2022

ID 147650

Save as PDF

If the Application Console has been installed on any device in the network, other than a protected device, perform the following actions to allow users to manage Kaspersky Security for Windows Server remotely:

Add Kaspersky Security for Windows Server users to the KAVWSEE Administrators group on the protected device.
Allow network connections for the Kaspersky Security Management Service (kavfsgt.exe), if the protected device uses Windows Firewall or a third-party firewall.
If the Allow remote access check box is not selected during installation of the Application Console on a device running Microsoft Windows, manually allow network connections for the Application Console via the device's firewall.

The Application Console on the remote device uses the DCOM protocol to receive information about Kaspersky Security for Windows Server events (such as objects scanned, tasks completed, etc.) from the Kaspersky Security Management Service on the protected device. You need to allow network connections for the Application Console in the Windows Firewall settings in order to establish connections between the Application Console and the Kaspersky Security Management Service.

On the remote device, where the Application Console is installed, do the following:

Make sure that anonymous remote access to COM applications is allowed (but not remote start and activation of COM applications).
In Windows Firewall, open TCP port 135 and allow network connections for kavfsrcn.exe, the executable file of the Kaspersky Security for Windows Server remote management process.
The device where the Application Console is installed uses TCP port 135 to access the protected device and to receive a response.
Configure an outbound rule for Windows Firewall to allow the connection.
Unlike the traditional TCP/IP and UDP/IP services where a single protocol has a fixed port, DCOM dynamically assigns ports to remote COM objects. If a firewall exists between the client (where the Application Console is installed) and the DCOM endpoint (the protected device), a large range of ports must be opened.

The same steps should be applied to configure any other software or hardware firewall.

If the Application Console is open while you configure the connection between the protected device and the device on which the Application Console is installed:

Close the Application Console.
Wait until the Kaspersky Security for Windows Server remote management process kavfsrcn.exe is finished.
Restart the Application Console.
The new connection settings will be applied.

In this section

Allowing anonymous remote access to COM applications

Allowing network connections for the Kaspersky Security for Windows Server remote management process

Adding outbound rule for Windows Firewall

Kaspersky Security for Windows Server: Prompt detection of all kinds of threats

Launch control and exploit prevention for businesses of all sizes. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.